WeBid - auction script
Description
Open source php/mysql fully featured auction script. Perfect for those who want to start their own auction site.
WeBid - auction script Web SiteFeatures
- Fees (paypal/authorize.net gateways bult in)
- Standard/Normal Auctions
- Easily editable templates
- Multilingual
User Ratings
User Reviews
-
very good project
-
Thanks simpleauction
-
Nice features.
-
Nice software, does what it's supposed to do.
-
A fine project with many bugs - but rome was not buildet in one day!
-
Found a lot of problems with WeBid: 1. The organization of UI messages is terrible: some data are kept in the database, some on the disk in the message file, some inside the PHP scripts. 2. Storing logs on the disk in predefined location allows anybody see them. Storage in database would allow better control/analysis/management(removal of old entries etc). 3. Javascript issues: a) About half of the pages do not work if JS is completely disabled, while should. b) Care is not taken about possible XSS. About 20% of all <input type="text"> and <input type="hidden"> do not filter <script>. The quotes are filtered, but one can easily overcome this using String.fromCharCode(...). In the web search for Webid + XSS gives a few of them, but there is MUCH more. For example, when submititng auction, in auction submission (sell.php) user may insert arbitary code in several ways. 4. WeBid logs only user logins, it does not log what exactly the users are doing. This is necessary to detect testers of SQL injection, popularity of different items etc. 5. Financial part: if You are going to run a legal website and would like to accept money for using it, You MUST make different financial reports for paying taxes. In WeBid this possibility is absent. In general I do not think this code may be used for serious commercial project, it is still too raw.