PHP Source Code

mattura

Member
Messages
570
Reaction score
2
Points
18
I bet you get a pretty cool result in the end, knowing exactly how everything works and how to add stuff if you want to.
Yes I believe it is pretty cool! I'm always adding new features to it and because I know how it works, and have made it very modular, this process is not difficult.

My personal website is pretty plain and simple in the end, but I'm also developing a PHP/MySQL RPG.
Yeah, for that kind of application, I would think a CMS is highly unsuitable.
I started on something like that (a pirate game) a while ago, never finished :p, time just disappeared! But the registration and login system is still there and works like a dream. In fact it really helped with my current custom CMS.

(In case anyone goes looking, neither of these are on my x10 website)
 

freecrm

New Member
Messages
629
Reaction score
0
Points
0
Well I have nothing against open source forums though, usually you can find one that corresponds to what you need, and making a forum by yourself seems quite a bit more difficult to me than a website. But I don't like the CMSes that do (or try to do) everything for you.

Also thanks for your interest in the RPG ^^
It's in French for now, but since I have a lot of English-speaking friends who are interested, I might try to make it bilingual at some point. Would be tricky, though, because of the player interaction.

I must admit, I have phpBB3 forums on my site and it is sooooo complex I wouldn't know where to start with customising it!

The number of includes and cross refrences to db values mean you have to have developed it to understand it!!

V Good though and I've ustomised the theme to fit in with the rest of the site.

Fortunately, this is not the main part of the site and only supports it.

Loving the RPG idea - my stepson would be a major supporter!

Trés bien mon ami.
 

Salvatos

Member
Prime Account
Messages
562
Reaction score
1
Points
18
Yep, that bloody time is always somewhere else, or so it seems...

I wish I knew how to use cookies, though (not cookie dough XD). I'm grateful that I can rely on phpBB's login and session systems, since it allows me to skip the auto-login and preferences saving processes. But someday it would be useful to know how to change them myself as well...
Edit:
Loving the RPG idea - my stepson would be a major supporter!

Trés bien mon ami.
See, that's why I need to figure out a way to make it bilingual ^^

And you even speak French! :cool:
 
Last edited:

xPlozion

New Member
Messages
868
Reaction score
1
Points
0
I must admit, I have phpBB3 forums on my site and it is sooooo complex I wouldn't know where to start with customising it!

The number of includes and cross refrences to db values mean you have to have developed it to understand it!!

Try fluxbb. It's very easy to customize, and they have a good user base. btw, 1.20 is the current version, but 1.3 is in beta and should be out in a few months (maybe less)... I was able to very easily modify it to fit into my site with minimal headaches.

-xP

btw, if you need any help, just shoot me a pm.
 
Last edited:

mattura

Member
Messages
570
Reaction score
2
Points
18
What do you want the cookies for (apart from eating)?
Are you looking to keep the user logged-in ('remember me'), or include more information here? I have done this sort of thing before (as probably many other here have), so drop me a line if you need a hand.

Making a secure log-in procedure is quite a big task. Not for the faint-hearted.
 

xPlozion

New Member
Messages
868
Reaction score
1
Points
0
well, a good idea for a secure login is to have what the cookie has for a password to be different than what's in the db. an easy way to achieve this is to encrypt the password db with a string that no one else will know. this way, if somebody does somehow manage to get hold of the database passwords, they can't really do any harm to them. also, always add a string when you encrypt it, so `md5(elephant)` can't be unencrypted using the database decoding. make it `md5(tilkjoitja.elephant)` or whatever you want, just don't put the password directly from the md5 of elephant into the db. then the cookie password would be `md5(oautadrj.md5(tilkjoitja.elephant))`. that way, if somebody does gain access to the db, if they inject the db password into the cookie it still doesn't do anything ;). That's how I used to do it before switching to fluxbb for my forum and user needs ;)
 
Last edited:

mattura

Member
Messages
570
Reaction score
2
Points
18
indeed xPlozion is correct.
If you have user and password cookies, the password should NOT be the same. You might use multiple hashes, with salt (the added string mentioned above). Something like:

cookie_user="user1"
cookie_pass=md5(salt+"password")

db_pass=md5($salt.md5($salt."password"))

when you test the cookie, all you need to do is md5("salt".cookie)

Make sure the users cannot find out the salt.
Edit:
hmm xPlozion was editing whilst I was typing, a bit of redundancy there I'm afraid.
 
Last edited:

Salvatos

Member
Prime Account
Messages
562
Reaction score
1
Points
18
What do you want the cookies for (apart from eating)?
Are you looking to keep the user logged-in ('remember me'), or include more information here? I have done this sort of thing before (as probably many other here have), so drop me a line if you need a hand.

Making a secure log-in procedure is quite a big task. Not for the faint-hearted.
Well for now I'm settled with phpBB's system, but I'm afraid I'll have to admit I haven't done anything related to md5-ing and cookies yet, which explains why I was grateful to rely on a pre-made system.

I wouldn't know where to start if I were to change this, but hopefully phpBB is secure enough (I can already see someone saying "OMG no it's not!!"). But while I am worried for my users' info safety, I'd much rather have it checked and done by someone else than going into that myself...
If need be, I might find a co-developer at some point who will have more knowledge than me in all areas concerned and be able to deal with them when I can't. I'm still in development/alpha test anyway...
 

mattura

Member
Messages
570
Reaction score
2
Points
18
But while I am worried for my users' info safety, I'd much rather have it checked and done by someone else than going into that myself...

Presumably you mean professionals.

I know many people who just think "omg I is the bestest coderz everz" and don't do the research and testing, and have no idea how many holes are in their software.

It's good to see some responsibility being taken for your user's protection.
 
Last edited:

Salvatos

Member
Prime Account
Messages
562
Reaction score
1
Points
18
Well I personally consider myself like the worstest coder ever, who happens to be able to do some stuff, but who doesn't know just how many holes are in my software :D

Since I've had no training whatsoever, I would definitely need to have someone else go through my code and make it secure before opening the game to a large audience.
 
Last edited:
Top