Preview of the NEW ArizonaShooting.ORG classifieds and auctions

Having trouble with something related to the site? Have a good suggestion on how we can improve? Feel free to post it here. We can't guarantee we'll get to it, but we will read it! Site code of conduct and use agreement/rules also here.
User avatar
admin
Site Admin
Site Admin
Posts: 947
Joined: April 30th, 2018, 7:39 pm
Reputation: 9
Location: Far North Phoenix
Contact:

Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#1

Post by admin »

UPDATE: The site is live now - https://www.arizonashooting.org/forum/v ... =4&t=14323



Patrons have been providing feedback and thoughts, and I am now on version 2 of the site, which has taken months to get going and I am opening it up for a short time for some general feedback to the broader group.

The intent with the site will be to replace the traditional forum-based classifieds here and open things up to more people, more areas and a dedicated site for buy, sell and trade that allows firearms. If there is one thing I've learned from operating gun forums for >20 years, some people want to be as anonymous as possible, while some people are the opposite and want to ensure they are dealing with someone who is trusted. "Trusted" can be someone they know personally, or could be someone who is willing to be 'verified' by a 3rd party in the sense that their identity is knows and they are a real person. To that end, I have encoded in the site, a buyer and seller verification option so that people can choose to remain as anonymous as the internet allows, or can deal with verified users, meaning that they have put in a CC and had an address verified so they are legit - one of the test user accounts (jtb33) is verified, so you can see how it would look. However, a user (seller or buyer) doesn't NEED to be verified - they can remain anonymous/unverified if they wish - they just won't have the "verified" icon next to their username. It doesn't affect what they can do on the site.

The site's purpose is simply to connect a willing buyer with a willing seller. I do not plan on brokering any transactions like eBay or GunBroker. Thus, selling options are geared towards face-to-face cash purchases, though I have put in the option for shipping and paying with other mechanisms that a seller can optionally choose (Zelle, Venmo, PayPal and some payment gateways) because sometimes it's easier to ship that AR barrel to Tucson for $10 rather than spend 2 hours and 3 gallons of gas trying to meet up. In the dev/test site, I also have a dummy payment gateway that will simulate a transaction if you want to play with that as well.

Costs: I intend for the site to be free. However, I would like to eventually generate some revenue for my time, effort and the costs to run it, so my plan is to have up-charges for optional things like highlighting an ad, or featuring it on the home page, etc - stuff that isn't necessary to list or sell an item. Basic auctions and classifieds are free to list and buy. I am not planning on instituting a listing fee or final value fee. If the site grows enough where I have to generate more revenue to cover operational costs, there will be ample notice on fee changes. This is all a hobby for me, and I do it because I enjoy it (both the coding and firearm stuff). My day job lets me live a very comfortable life - I just don't want this aspect of my hobby to become a drain such that it needs to be a line item in my monthly budget; that's all.

NOTES:
  1. - The branding on the site will change; I am working on logos, etc. It will be quietly branded to AZS, though it will have its own separate domain.
  2. - If you find errors, please post them here so I can try to fix them. I'm sure I missed some along the way.
  3. - Play around on the site responsibly. PLEASE go ahead and submit fake items for auction, bid on existing items for auction, "buy" items - nothing you do on the dev/test site will result in any transaction actually occurring unless you actually use your REAL PayPal account for example. Submit a classified ad, buy a classified ad. Submit a "make offer". Leave feedback for a seller. Ask a seller a question. Look at the settings in your profile. I'm looking for general feedback. There is a reason for everything I've enabled and left off the site. I will consider all feedback, but am mainly looking for stuff that doesn't work properly that I've missed.
  4. - While I've asked you to post fake items, DO NOT POST ILLEGAL ITEMS or BORDERLINE stuff. If you do, you will be banned from the site when it does go live as well as banned from ArizonaShooting.ORG. There will NOT be any "Adult" section of the site - ever.
  5. - The gun stuff is listed under "Sporting Goods" and then "Shooting" for now. I am debating moving it from "Shooting" to "Firearms" instead - but open to other suggestions on the most appropriate sub-section name.
  6. - I have disabled 'proxy' bidding. That's the feature that if an auction is currently at, say $10, and I bid $20, I will be the high bidder at at $11 until someone else comes along and bids $15, then it automatically bumps my bid up to $16 and I remain the high bidder. Then he comes back and bids $25 and it puts his bid at $21 as the current high bidder. Once the site gets more traffic, I will think about enabling it, but it's not a great feature if you're a seller on a new site with very little traffic.
  7. - You'll note that address, DoB and phone numbers are required in registration. Nothing prevents a user from entering anything they want (other than geolocation services), but it's required if a user wants to get verified and helps prevent spam. The data, of course, is not visible to other users unless you allow them to see it.
Anyway, here you go... I will leave the site up for about a few weeks for some testing and evaluation. Note that you may want to use a real email address so you can see the notification features and test those.

https://www.azsauctions.com/DEV/

Anyway, this post is long enough... give it a look, register, bid on things (again, it's a TEST environment, so no real transactions or auctions) and let me know what you think!

***Note that anything and everything you do on the demo/test/dev site above will be removed, deleted, erased, including any user account you create - none will be migrated to the real site when it goes live!


User avatar
XJThrottle
ArizonaShooting.org Bronze Supporter
ArizonaShooting.org Bronze Supporter
Posts: 2883
Joined: June 26th, 2018, 5:43 pm
Reputation: 7
Location: Phoemex

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#2

Post by XJThrottle »

I'll go first...

I was gonna bid on the mini gun, but it said pick-up only. There is no way to tell the location that I could see. If the pick-up option is selected, make the general location a mandatory entry.
User avatar
admin
Site Admin
Site Admin
Posts: 947
Joined: April 30th, 2018, 7:39 pm
Reputation: 9
Location: Far North Phoenix
Contact:

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#3

Post by admin »

XJThrottle wrote: October 9th, 2021, 10:22 am I'll go first...

I was gonna bid on the mini gun, but it said pick-up only. There is no way to tell the location that I could see. If the pick-up option is selected, make the general location a mandatory entry.
It's there. Click on the "Shipping & Returns" to see the seller's location. Maybe I change the label to read Shipping, Location & Returns... or I may just add it as a field in the item details regardless of it being a pickup or shipping.

Good feedback.
User avatar
Suck My Glock
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 8816
Joined: May 25th, 2018, 3:01 pm
Reputation: 8
Location: Peoria

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#4

Post by Suck My Glock »

I find the password requirements to be the same lame-assed schit so many others continue to push on folks. The special characters BS sucks, has always sucked and will forever suck.

I use certain words because I can remember them. The don't have 7 or # attached to them. Having to remember THOSE things makes it more difficult and a pain in the azz. In fact more likely I have to write it down somewhere, which makes the whole thing LESS secure, not more so.

Can we please be able to use whatever the hell combination of letters or whatever the f@#k we want for a password? That would be sooooooo much more enlightened.
User avatar
admin
Site Admin
Site Admin
Posts: 947
Joined: April 30th, 2018, 7:39 pm
Reputation: 9
Location: Far North Phoenix
Contact:

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#5

Post by admin »

Suck My Glock wrote: October 9th, 2021, 10:58 am I find the password requirements to be the same lame-assed schit so many others continue to push on folks. The special characters BS sucks, has always sucked and will forever suck.

I use certain words because I can remember them. The don't have 7 or # attached to them. Having to remember THOSE things makes it more difficult and a pain in the azz. In fact more likely I have to write it down somewhere, which makes the whole thing LESS secure, not more so.

Can we please be able to use whatever the hell combination of letters or whatever the f@#k we want for a password? That would be sooooooo much more enlightened.
I understand what you're saying, but removing my usability hat for a minute, from someone in the IT industry for my day job: Allowing anything-goes passwords will invite a LOT of "my account got hacked" simply because Joe decided to use "password123" or "Joe123" so he could remember it as his password and now he's got 300 items listed for sale and has bid $8000 on everything on the site. I've learned NOT to allow that after having to do a lot of cleanups from people who do exactly that - and it's time-consuming and messy.

There are a LOT of free password vaults and safes that are super-easy to use and allow you to securely store and access passwords so that you don't have to remember them or allow your browser to remember them (which also isn't secure).

Further, if you forget your password, you can simply use the "Forgot password" link (or the "Forgot Username") on the login page. You can use that every time you want to log in if you'd like. Even so, you won't need to log in unless you want to place a bid, buy something or list something for sale.

That's my $0.02 on passwords. I don't think I am going to compromise on security for a site that has to do with buying/selling - but do appreciate the feedback.
User avatar
XJThrottle
ArizonaShooting.org Bronze Supporter
ArizonaShooting.org Bronze Supporter
Posts: 2883
Joined: June 26th, 2018, 5:43 pm
Reputation: 7
Location: Phoemex

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#6

Post by XJThrottle »

admin wrote: October 9th, 2021, 10:40 am
XJThrottle wrote: October 9th, 2021, 10:22 am I'll go first...

I was gonna bid on the mini gun, but it said pick-up only. There is no way to tell the location that I could see. If the pick-up option is selected, make the general location a mandatory entry.
It's there. Click on the "Shipping & Returns" to see the seller's location. Maybe I change the label to read Shipping, Location & Returns... or I may just add it as a field in the item details regardless of it being a pickup or shipping.

Good feedback.
Ah...yep
User avatar
XJThrottle
ArizonaShooting.org Bronze Supporter
ArizonaShooting.org Bronze Supporter
Posts: 2883
Joined: June 26th, 2018, 5:43 pm
Reputation: 7
Location: Phoemex

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#7

Post by XJThrottle »

admin wrote: October 9th, 2021, 11:11 am
Suck My Glock wrote: October 9th, 2021, 10:58 am I find the password requirements to be the same lame-assed schit so many others continue to push on folks. The special characters BS sucks, has always sucked and will forever suck.

I use certain words because I can remember them. The don't have 7 or # attached to them. Having to remember THOSE things makes it more difficult and a pain in the azz. In fact more likely I have to write it down somewhere, which makes the whole thing LESS secure, not more so.

Can we please be able to use whatever the hell combination of letters or whatever the f@#k we want for a password? That would be sooooooo much more enlightened.
I understand what you're saying, but removing my usability hat for a minute, from someone in the IT industry for my day job: Allowing anything-goes passwords will invite a LOT of "my account got hacked" simply because Joe decided to use "password123" or "Joe123" so he could remember it as his password and now he's got 300 items listed for sale and has bid $8000 on everything on the site. I've learned NOT to allow that after having to do a lot of cleanups from people who do exactly that - and it's time-consuming and messy.

There are a LOT of free password vaults and safes that are super-easy to use and allow you to securely store and access passwords so that you don't have to remember them or allow your browser to remember them (which also isn't secure).

Further, if you forget your password, you can simply use the "Forgot password" link (or the "Forgot Username") on the login page. You can use that every time you want to log in if you'd like. Even so, you won't need to log in unless you want to place a bid, buy something or list something for sale.

That's my $0.02 on passwords. I don't think I am going to compromise on security for a site that has to do with buying/selling - but do appreciate the feedback.
It's really not that hard to remember a multi-digit password with a number and special character.

Yourwifesname1$ Pick any 8 letter word and remember it. Birdseed, newspaper, walkingstick, wheelchair, pacemaker, fixodent, hearingaid, Walgreens, ect..

And, if you have to write it down who would "steal" it? Your wife? Or, someone breaks into your house, logs into your AZS classified site and puts out ridiculous bids on sht.

What is Bullsht is the requirement to change passwords every 90 days or so. Don't do that...
User avatar
admin
Site Admin
Site Admin
Posts: 947
Joined: April 30th, 2018, 7:39 pm
Reputation: 9
Location: Far North Phoenix
Contact:

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#8

Post by admin »

XJThrottle wrote: October 9th, 2021, 2:38 pm What is Bullsht is the requirement to change passwords every 90 days or so. Don't do that...
Are you suggesting that I should rethink the policy of forcing a PW change every 4 days?
User avatar
baja
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 812
Joined: June 25th, 2018, 10:18 am
Reputation: 12
Location: Mesa

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#9

Post by baja »

admin wrote: October 9th, 2021, 3:07 pm Are you suggesting that I should rethink the policy of forcing a PW change every 4 days?
Ah, humour, I like it.
User avatar
baja
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 812
Joined: June 25th, 2018, 10:18 am
Reputation: 12
Location: Mesa

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#10

Post by baja »

PS

+1 'special characters' suck.
User avatar
cool arrow
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 1783
Joined: June 23rd, 2018, 8:06 am
Reputation: 11
Location: Tucson

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#11

Post by cool arrow »

I want that SCAR...trade options?
User avatar
ducatilover
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 188
Joined: May 18th, 2018, 6:47 pm
Reputation: 2
Location: Surprise

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#12

Post by ducatilover »

Looks cool. I like it. Will take some getting used to.
User avatar
Desert Rat
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 221
Joined: May 14th, 2018, 10:07 pm
Reputation: 4
Location: 100 miles from water, 3 feet from hell.

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#13

Post by Desert Rat »

I went to the Classified ads and selected a category and saw the sub-categories with the [Reset] at the top.
I did not realize at first what the [Reset] meant. Maybe the word "Menu" or "Back to Category" might explain it better?
Just my 2 cents.
User avatar
DoubleAlpha
ArizonaShooting.org Member
ArizonaShooting.org Member
Posts: 38
Joined: September 23rd, 2021, 10:11 pm
Reputation: 0
Location: Scottsdale

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#14

Post by DoubleAlpha »

The overall GUI and user experience appears first class. I am curious if it is an off the shelf template?
User avatar
cpoakes
New to ArizonaShooting.org
New to ArizonaShooting.org
Posts: 2
Joined: July 18th, 2021, 12:46 pm
Reputation: 0
Location: Elgin

Re: Preview of the NEW ArizonaShooting.ORG classifieds and auctions

#15

Post by cpoakes »

admin wrote: October 9th, 2021, 11:11 am
Suck My Glock wrote: October 9th, 2021, 10:58 am I find the password requirements to be the same lame-assed schit so many others continue to push on folks. The special characters BS sucks, has always sucked and will forever suck.

I use certain words because I can remember them. The don't have 7 or # attached to them. Having to remember THOSE things makes it more difficult and a pain in the azz. In fact more likely I have to write it down somewhere, which makes the whole thing LESS secure, not more so.

Can we please be able to use whatever the hell combination of letters or whatever the f@#k we want for a password? That would be sooooooo much more enlightened.
I understand what you're saying, but removing my usability hat for a minute, from someone in the IT industry for my day job: Allowing anything-goes passwords will invite a LOT of "my account got hacked" simply because Joe decided to use "password123" or "Joe123" so he could remember it as his password and now he's got 300 items listed for sale and has bid $8000 on everything on the site. I've learned NOT to allow that after having to do a lot of cleanups from people who do exactly that - and it's time-consuming and messy.

There are a LOT of free password vaults and safes that are super-easy to use and allow you to securely store and access passwords so that you don't have to remember them or allow your browser to remember them (which also isn't secure).

Further, if you forget your password, you can simply use the "Forgot password" link (or the "Forgot Username") on the login page. You can use that every time you want to log in if you'd like. Even so, you won't need to log in unless you want to place a bid, buy something or list something for sale.

That's my $0.02 on passwords. I don't think I am going to compromise on security for a site that has to do with buying/selling - but do appreciate the feedback.
Respectfully, too much is made of the uppercase/special character password solution; it adds trivial security. The tendency of most users is to capitalize the first letter of a dictionary word, add a special symbol at the end and do a single leet/1337 orthographic substitution. Knowing this you can craft a dictionary attack for these restrictions. From a mathematical standpoint, "Passw0rd$" (from a universe of 52 upper/lowercase, 10 digits, and 10 specials) is less secure than "password1234" (from a universe of 26 lowercase and 10 digits) simply because of the length. Yet, both are weak passwords because they are dictionary words (including dictionaries of leaked passwords) or the common permutations of dictionary words. A system which screened out dictionary words, their permutations, and already leaked passwords would provide better security than special character requirements (assuming a reasonable length requirement).

As a former sysadmin, I understand the maintenance concern. The better solution would be a system designed to easily to delete or disable a compromised account. "Secure" passwords are still shared, leaked, and/or stolen to cause havoc anyway.
Locked