PDA

View Full Version : Building a new site and I would like to add an option for users to leave a review



Russ in Vancouver
02-15-2014, 11:56 PM
Hello all,

I am working an a new web site that involves info about schools and I would like to add a way to leave a review of teachers. At the same time the user can create a profile and take part in community talk on a forum. Does anyone know of an add on script or app that could resolve my criteria?

Thanks for any help or direction you can give!

Russ in Vancouver
02-16-2014, 02:31 AM
I just read a thread I started months ago, I think I will check vbulletin

billbenson
02-16-2014, 06:32 AM
Check hotscripts and see if they don't have something close to what you need.

Harold Mansfield
02-17-2014, 01:02 PM
What are you building the website on? A CMS like WordPress or Joomla?

Radion
02-18-2014, 01:05 AM
Hi there Russ

Are you using a CMS or a blogging engine such as Wordpress or are you building it in pure HTML?

The answer to your question would be to simply use a pre rolled CMS and add functionality that would acomplish the tasks you are having a challange with, this almost comes out of the box with the good ones.

billbenson
02-18-2014, 01:55 AM
Check Hotscripts. I did a search on google for 'hotscripts poll review' and this is one of the results: hotscripts poll review

If a script doesn't exactly meet your needs, you can frequently modify them to meet your needs.

Brian Altenhofel
02-18-2014, 02:07 AM
If using a random script from a place like Hotscripts, you should thoroughly review the code before using it. Many scripts have SQL injection issues.

Russ in Vancouver
02-18-2014, 12:33 PM
What are you building the website on? A CMS like WordPress or Joomla?

Hi there Russ

Are you using a CMS or a blogging engine such as Wordpress or are you building it in pure HTML?


Hi, I am building it in pure html, its a responsive website.


Check Hotscripts. I did a search on google for 'hotscripts poll review' and this is one of the results: hotscripts poll review

If a script doesn't exactly meet your needs, you can frequently modify them to meet your needs.

Thanks for the link Bill this looks interesting. I found a couple other simlar widget type plugins, Star Rating System for Websites | Rating-Widget (http://rating-widget.com/) and Customer Ratings and Reviews | Website Rating Tool | Review Software (http://www.re-vu.com/) but still researching.


If using a random script from a place like Hotscripts, you should thoroughly review the code before using it. Many scripts have SQL injection issues.

Hi Brian, is this because of possible conflicts?



Thanks all for your help

Brian Altenhofel
02-18-2014, 07:00 PM
Hi Brian, is this because of possible conflicts?


Nope. Security.

SQL injection is one of the most common ways to exploit a website. Some scripts will, for example, send a request to example.com/poll.php?id=24 without filtering those query string values. If one of those is not filtered (say, the id), then a malicious user or script could do something like dropping your database. They could also do a cross-site scripting attack.

billbenson
02-18-2014, 07:12 PM
Makes sense although I never thought to check for that. Write most of my own stuff anyway.

What do you mean by a cross scripting attack?

Brian Altenhofel
02-18-2014, 07:26 PM
Cross-site scripting would be where someone can put client-side Javascript into a request for a web page in violation of the same-origin policy that generally governs script access. Another less common possibility (but also works in the same sort of manner) could be a cross-site request forgery.

These types of vulnerabilities are why I strongly encourage people to use widely-used CMSes, especially those that have enterprise or .gov live deployments. Sure, you get a lot of extra overhead... but you also get a large community that audits these sorts of things. Plus, if you ever have to deal with anything that has compliance issues (PCI, HIPAA, FISMA, etc), most of the burden comes off of you.

I know of a great story about migrating a website away from a stonewalling developer for a client via a contact form on a custom CMS...