PHP Source Code

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by webschool, Sep 30, 2008.

  1. mattura

    mattura Member

    Messages:
    570
    Likes Received:
    2
    Trophy Points:
    18
    Yes I believe it is pretty cool! I'm always adding new features to it and because I know how it works, and have made it very modular, this process is not difficult.

    Yeah, for that kind of application, I would think a CMS is highly unsuitable.
    I started on something like that (a pirate game) a while ago, never finished :p, time just disappeared! But the registration and login system is still there and works like a dream. In fact it really helped with my current custom CMS.

    (In case anyone goes looking, neither of these are on my x10 website)
     
  2. freecrm

    freecrm New Member

    Messages:
    629
    Likes Received:
    0
    Trophy Points:
    0
    I must admit, I have phpBB3 forums on my site and it is sooooo complex I wouldn't know where to start with customising it!

    The number of includes and cross refrences to db values mean you have to have developed it to understand it!!

    V Good though and I've ustomised the theme to fit in with the rest of the site.

    Fortunately, this is not the main part of the site and only supports it.

    Loving the RPG idea - my stepson would be a major supporter!

    Trés bien mon ami.
     
  3. Salvatos

    Salvatos Member Prime Account

    Messages:
    562
    Likes Received:
    1
    Trophy Points:
    18
    Yep, that bloody time is always somewhere else, or so it seems...

    I wish I knew how to use cookies, though (not cookie dough XD). I'm grateful that I can rely on phpBB's login and session systems, since it allows me to skip the auto-login and preferences saving processes. But someday it would be useful to know how to change them myself as well...
    Edit:
    See, that's why I need to figure out a way to make it bilingual ^^

    And you even speak French! :cool:
     
    Last edited: Oct 4, 2008
  4. xPlozion

    xPlozion New Member

    Messages:
    868
    Likes Received:
    1
    Trophy Points:
    0
    Try fluxbb. It's very easy to customize, and they have a good user base. btw, 1.20 is the current version, but 1.3 is in beta and should be out in a few months (maybe less)... I was able to very easily modify it to fit into my site with minimal headaches.

    -xP

    btw, if you need any help, just shoot me a pm.
     
    Last edited: Oct 4, 2008
  5. mattura

    mattura Member

    Messages:
    570
    Likes Received:
    2
    Trophy Points:
    18
    What do you want the cookies for (apart from eating)?
    Are you looking to keep the user logged-in ('remember me'), or include more information here? I have done this sort of thing before (as probably many other here have), so drop me a line if you need a hand.

    Making a secure log-in procedure is quite a big task. Not for the faint-hearted.
     
  6. xPlozion

    xPlozion New Member

    Messages:
    868
    Likes Received:
    1
    Trophy Points:
    0
    well, a good idea for a secure login is to have what the cookie has for a password to be different than what's in the db. an easy way to achieve this is to encrypt the password db with a string that no one else will know. this way, if somebody does somehow manage to get hold of the database passwords, they can't really do any harm to them. also, always add a string when you encrypt it, so `md5(elephant)` can't be unencrypted using the database decoding. make it `md5(tilkjoitja.elephant)` or whatever you want, just don't put the password directly from the md5 of elephant into the db. then the cookie password would be `md5(oautadrj.md5(tilkjoitja.elephant))`. that way, if somebody does gain access to the db, if they inject the db password into the cookie it still doesn't do anything ;). That's how I used to do it before switching to fluxbb for my forum and user needs ;)
     
    Last edited: Oct 4, 2008
  7. mattura

    mattura Member

    Messages:
    570
    Likes Received:
    2
    Trophy Points:
    18
    indeed xPlozion is correct.
    If you have user and password cookies, the password should NOT be the same. You might use multiple hashes, with salt (the added string mentioned above). Something like:

    cookie_user="user1"
    cookie_pass=md5(salt+"password")

    db_pass=md5($salt.md5($salt."password"))

    when you test the cookie, all you need to do is md5("salt".cookie)

    Make sure the users cannot find out the salt.
    Edit:
    hmm xPlozion was editing whilst I was typing, a bit of redundancy there I'm afraid.
     
    Last edited: Oct 4, 2008
  8. Salvatos

    Salvatos Member Prime Account

    Messages:
    562
    Likes Received:
    1
    Trophy Points:
    18
    Well for now I'm settled with phpBB's system, but I'm afraid I'll have to admit I haven't done anything related to md5-ing and cookies yet, which explains why I was grateful to rely on a pre-made system.

    I wouldn't know where to start if I were to change this, but hopefully phpBB is secure enough (I can already see someone saying "OMG no it's not!!"). But while I am worried for my users' info safety, I'd much rather have it checked and done by someone else than going into that myself...
    If need be, I might find a co-developer at some point who will have more knowledge than me in all areas concerned and be able to deal with them when I can't. I'm still in development/alpha test anyway...
     
  9. mattura

    mattura Member

    Messages:
    570
    Likes Received:
    2
    Trophy Points:
    18
    Presumably you mean professionals.

    I know many people who just think "omg I is the bestest coderz everz" and don't do the research and testing, and have no idea how many holes are in their software.

    It's good to see some responsibility being taken for your user's protection.
     
    Last edited: Oct 5, 2008
  10. Salvatos

    Salvatos Member Prime Account

    Messages:
    562
    Likes Received:
    1
    Trophy Points:
    18
    Well I personally consider myself like the worstest coder ever, who happens to be able to do some stuff, but who doesn't know just how many holes are in my software :D

    Since I've had no training whatsoever, I would definitely need to have someone else go through my code and make it secure before opening the game to a large audience.
     
    Last edited: Oct 5, 2008

Share This Page