one step closer - an Indexu Delux review in detail

[Paps]

Hi there,

first of all, this review has no intension to blame anyone who is working for nicecoder or Indexu. Indexu is one of the best link indexing scripts I've seen so far an I really love using it.

Some words about me. I'm familiar with php(5), mysql, smarty, jquery and other components Indexu is build on. I'm working as an system engineer and my business is to build high performance websites (up to 6.000.000 page impressions daily) based on the components mentioned above. So yes, I know what I'm talking about

After I purchased some new Indexu licenses I started to build some plugins, own templates, and some core modifications. I knew, Indexu would fit my needs but I found so many design and coding flaws. I would say, Indexu is a great script for Average Joes webmaster, but it is not a "premier" portal script or a solid business application. If you want to use Indexu as a real business application or in a business enviroment you have to spend hours of modification and optimisation.

Well, let's start with the templates.
Most of the standard templates can be optimised. For example - actual Kosmos main.css

Code:

#footer_menu a {
  color: #000;
  text-decoration: none;
}

#footer_menu a:active, #footer_menu a:link, #footer_menu a:visited {
  color: #000;
}

#footer_menu a:hover {
  color: #000;
  text-decoration: underline;
}

so many unnecessary code. You can turn it into:

Code:

#footer_menu a {
  color: #000;
  text-decoration: none;
}

#footer_menu a:hover {
  text-decoration: underline;
}

Some other optimisations (still Kosmos) are the inline css definitions like

Code:

<ul class="ajax-rating-indexu" style="width:74px;">
<span id="price_message_place" style="clear:both;display:block;text-align:center;"></span>        
<div style="background:#A3BDD4">(portaldex)
...

The main advantage about css is to separate content and styles. There is no reason to mix it, if you build a template. It is even more work for webdesigners.

I wonder about the nicecoder team. Why you don't use a CSS Framework at all? F.e. the 960 Grid System (960 Grid System) is a very powerful library. It would make building new templates so easy. Please have a look on it.

Some other reasons are the updates. Do you really check everything before you release new files in svn or in updates? F.e. the Indexu 1.3.3 release. So many people said, there are wrong / old files in it, but it took about 2 days to fix it. Same goes for the password reset function where so many users have problems with it. Even today you submitted new files to SVN. Do you checked them? No. Looks like you only used a search & replace software.
When you use the egold payment, you will get a error message:

PHP Code:

<?phpphp echo $egold_payee_account ?>">

Now you know why.

Compared Indexu, a expensive software, to other free open source scripts, you've failed. You will never see such bugs on a real professional script like wordpress, phpbb, drupal, ... Because, Indexu is a paid script, you'll have a higher responsibility to your customers. So please be more careful and test everything twice.

Error messages are the next point on my list. In a real business enviroment you will never get any error messages. In application.php you are setting

PHP Code:

error_reporting(E_ALL ^ E_NOTICE); 


the right way is to set:

PHP Code:

error_reporting(0); 


When a error is displayed, there is always the true server path. Bad guys can use this to gather informations about your server. Luckily there are so many ways a user can generate an error. I only found out, you can generate an error, if you are calling a non existent block file via browser.
F.e. http://www.example.com/blocks/123456.php

Code:

Warning: Smarty error: unable to read resource: "/var/www/www.example.com/themes/generic.html" in /var/www/www.example.com/lib/smarty/Smarty.class.php on line 1088

Better use an exeption handling system to log or mail the errors and turn the build in error_reporrting OFF.

The last point is something, I got a bad headache when I saw it. This IS a real problem. Indexu is using some 3rd party script. That's no problem at all, because there are many useful helpers. But please, PLEASE update them to the latest version.

F.e. you are using Smarty 2.6.10. Release date was 5-August-2005. A nearly 4 years (!!!) old script. There were so many bugfixes, security fixes and performance improvements I could not understand why you dont upgraded it. Some words from the Smarty Homepage: "you should upgrade immediately". Actual Version is 2.6.22 and v3 is on its way.

Same goes for the phpMailer class. Not even a stable version. You are using Version: 2.0.0 rc1. - a release candidate. Actual Version is PHPMailer version 5.0.0
"All new class.smtp.php that smaller and fast. The package is a signficant release that fully exploits PHP5/6 Exception Handling with exceptional ability to pass back the captured errors to your own scripts."
Do you remember what I said about exeption handling? That's the way you have to go.

You cant say, Indexu is hacker proof, when your using old, buggy libraries with confirmed security holes.

There are some more coding flaws but since I don't get paid to do the NC teams job...

Let me go back to my first sentence. I have no intension to blame anyone but I think it is about time to fix some things.

Indexu is a nice script, but if you don't do your work properly, Indexu will never get to a higher, really professional level. And that is, what we're all want to.

thanks for reading

[Dr. Jekyll]

thanks for reading

Thank you!

It was very interesting read it

[Voyageur]

IndexU is not expensive compared to other softwares.

See how Bruceper do a fantastic job, he do his maximum to maintain the software and help users, just wait and you'll see an IndexU working 100% in the near future.

[Paps]

I know Bruce and the NC team do a great job. Thats the reason why i use Indexu and the reason why I wrote this thread.
But there ARE some flaws, which must be fixed. Now or in the near future and there is no way to stay at the same level if you want to build a really "high end" script.

[Dr. Jekyll]

Bruceper do a fantastic job

In fact Bruce has been the first to point out that from now IndexU will first solve the bugs and only later will add new features

[Bruceper]

Allow me to clear the air, without trying to offend anyone. Please remember my job is to be an ass and it's a job I like

No seriously, I'm not trying to offend with my responses even if they do sound cavalier. I'm just being matter of fact.

Code optimization? Honestly at this time I'm not interested. Why? Because I want the bugs fixed that have been hanging around for a while. One of our owners who was recently let go did not see any benefit in fixing bugs. Well sorry, but I do.

And for at least the next month and a half, that's all we're doing except for two security features I requested (which have caused one other bug to pop up).

My theory is, if we can't fix our bugs, then we have no right to be releasing new features.

CSS Framework and templates - I won't get into that now except to say I'm looking at options for the future (3-6 months). As I said above we have issues to work out first and that's my priority.

Check updates? Oh my god why bother? No seriously, about 3 months ago I started a beta tester programme. The problem is, our ex partner saw fit to release software without sending it to me or the beta testers first. That made beta testing pointless so it was closed. Now that he's no longer with the company, beta testing will resume soon.

Yes IndexU is using old tech. I know it, but in regards to the ex partner, he was rogue and wouldn't listen. Add to the fact that he was in the office with the programmers and I'm 5000 miles away and he controlled the candy, not me.

Well now it's the other way around, and I'm making things happen as fast as I can. One of our programmers has a six month backlog of work to do on projects that were shelved by Dody that should never have been.

Now to be fair, the ex partner is still a partner in the company, he just no longer works on the product or has any say in development.

So yes, we will update the 3rd party scripts, but it's been a battle. I'm not trying to make excuses, I'm just telling it like it is.

Exception handling? WHOA there! You mean that code should have error checking? I've only been asking for it for 2 years now.

You'll see a LOT of changes in the next few months to Nicecoders code. Users might not see any difference, but they will be there, and they will exist.

I can accept some blame for dumb mistakes, I have no problem with that. But I'm doing my best to fix the issues.

[Paps]

As mentioned above, we all know that you do a great job. No question about it.
There is also no question about the "bugs first, features later" thing. Thats the right way.
You dont need any beta testers, if the coders double check their code modifications properly. I don't call things like

PHP Code:

<?phpphp echo $egold_payee_account ?>">

as a bug. I would say, the coder is not working accurately for me.
Yes, bug fixing first, but why there a new bugs when those could be avoid by just looking into the modified files? They are so unnecessary. You know what I meen?

And yes, I asked for exception handling because it IS coding standard nowadays like many other thing I didn't see on indexu

[Bruceper]

I agree, it's a stupid mistake. But they do happen.

Yes I do know exactly what you mean. I hope you know what I mean when I say that I'm doing the best with what I've got.

As for exception handling I hope you realize I was being extremely sarcastic with my reply. I want some too, and it'll come as soon as we can.

[Paps]

Sure, I know what you meen and I know about your sarcasm, because I know whats your job. To be an ass