Www.acotis.co.uk

please leave me some comments and any recommendations as this is my first site.

//design:
nice design, apart of some minor CSS errors in Firefox.

//security:
you don't have SSL - you must not make this public until you get secure server,
people with keen eyes will notice you lack the SSL and report your website.
it's not safe to buy from website such as yours!

//general:
fatal bug: in the checkout page (basket.asp) if the user is from USA
he can't submit because your javascript validation is always telling
"you must enter valid state" - after selecting state too... this is really
bad, I hope you still don't have any visitors.

bottom line, this website is not good and must be fixed before you make it public.

cheers SHADOW, really appreaciate your Help.

I do have SSL when you enter your Credit Card Details (after checkout).

Any body else out there please feel free...

having the SSL there is pointless. the sensitive data has already been sent.
sorry for being harsh, but all those problems are better be found now than by visitors.

shadow is right, if shoppers feel anyway in secure, there is a billion other dropship based sites out there, selling the same

SSL 128 bit encryption is less than £30 a yr

and i would like to say one point

the bold: WE DO NOT ACCEPT ELECTRON VISA

why you say that??? and in bold?? it is a negative on the checkout, makes people think hmmmm why is that, strange thing to mention, whats wrong with visa electron ETC ETC

then they think no i think i will shop somewere else

Your shopping cart does one of the biggest "No-No's" possible, it stores and passes item prices in hidden fields on the page, which can be manipulated by a hacker.

See the attached image, I was able to manipulate the page and submit a purchase for a £30.00 watch, but my price is only £1.00.

Memnoch, you are good, very good! SQL injection I understand (and there are a surprising amount of sites out there that are vulnerable to it). I also understand how the use of hidden fields leaves open the possibility for a hack - but how exactly do you manipulate these hidden fields?

read the PM, we better not aid future hackers or make their job easier.
<rant>funny, I used to use such manipulation to enter into my
online bank account with one click, until they blocked it recently. </rant>

Hello, I've also been wondering how to manipulate hidden fields, can someone drop me a PM or something. Thanks
-alex

pilonull welcome to the forums
It's more polite for you to PM one of the users involved in such techniques rather than asking them to PM you the info.

Oh, Thanks for informing me, lol, that's new. Because all the forums i've ever been to have either flamed me for asking something, or told me without explaining things. Ha, well thanks, thats new. And Thanks for welcoming me too. I really like this forum as I'm browsing around. Thanks one more time,
-alex

There's nothing wrong with asking how things are done, and should not be reasons to flame over with.
These forums are an excellent resource, as well as a good place to hang out at.
Hopefully you'll stick around for a while

Yep, definately probably will, Nice people so far , hmm, for some reason it is