Chapter 16. Using the Feedback Module

Previous page
Table of content
Next page


The Feedback module is one of the very few modules that require no administration. It does, however, offer a minor security-related issue. As shown in Figure 16.1, the module allows users to send feedback to you regarding your site.

Figure 16.1. Asking your users for their feedback.


The main problem with this module is that it provides no verification or validation of anything the user types in, including the Your Name and Your E-mail fields. In other words, anyone with access to the module can type anything they like. Because the form accepts data through the standard HTTP protocol form-handling techniques, it's possible for someone to write a small script or program that automatically submits multiple bogus feedback messages. The end result? Your administrative e-mail box fills up with spam, and you won't even know who's doing it.

As written, there's not much you can do to improve the Feedback module. However, there are some things you can do to minimize the chances for its abuse:

  • Don't use it. Many administrators prefer to provide a Web site feedback forum in the Forums module, where users can leave feedback and receive replies from you. For example, Figure 16.2 shows a forum used for this purpose on my Web site, www.scriptinganswers.com. A benefit of this technique is that I can post replies to my users' feedback, allowing everyone to see.

    Figure 16.2. Using a discussion forum to solicit feedback.


  • Restrict access. You can configure the Feedback module to be accessible only by registered members of the site. This won't eliminate any of the module's problems, but it may reduce the chances that the module will be abused to spam you. To restrict access, simply modify the module in the Modules item of the Administrative menu.

  • Make the module invisible. Again, this is a form of "security through obscurity," which means that it isn't helping to fix the Feedback module's problems, but it is making the module slightly more difficult to abuse. If you edit the module's properties so that it isn't visible, it won't appear on the Modules block (which acts as sort of a main menu). You can provide links to the module yourself by accessing http://yoursite/modules.php?name=Feedback, providing your users with access to the module.

My recommendation? Disable the module completely. Users are better served by a "feedback" discussion forum, which gives you much more flexibility for replying to them, discussing their suggestions, and so forthall of which makes you a more visible, caring Webmaster who'll earn your users' loyalty.


    Previous page
    Table of content
    Next page
    PHP-Nuke Garage
    PHP-Nuke Garage
    ISBN: 0131855166
    EAN: 2147483647
    Year: 2006
    Pages: 235
    Authors: Don Jones
    BUY ON AMAZON
    Managing Enterprise Systems with the Windows Script Host
    Mastering Delphi 7
    After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
    Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
    Extending and Embedding PHP
    DNS & BIND Cookbook
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy