1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

what are thing to consider while programming a forum using php?

Discussion in 'PHP' started by ale_steve, Jan 12, 2017.

  1. #1
    hi there
    i'm working on a forum for my site. here is the thing:
    i'm using php as a language but it's my first time in such project i would love some advice in what are the security things i should consider while programing like "xxs", "csrf"
    thank you for the help :)
     
    ale_steve, Jan 12, 2017 IP
  2. sarahk

    sarahk iTamer Staff

    Messages:
    28,571
    Likes Received:
    4,472
    Best Answers:
    123
    Trophy Points:
    665
    #2
    My first question would be "why are you recreating the wheel"
    There are lots of free forum software available and you could learn as much PHP by extending their functionality and creating your own theme as by creating something that already exists.
     
    sarahk, Jan 12, 2017 IP
    NetStar likes this.
  3. ale_steve

    ale_steve Greenhorn

    Messages:
    12
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    13
    #3
    yes i know but i'm trying to expanse my knowledge by doing it from scratch
     
    ale_steve, Jan 12, 2017 IP
    pigpromoter likes this.
  4. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #4
    If so, you might want to take a look at the code for the forums that already exist. The security risks are the same as for any other sites that allow user-login and user-posts. Sanitize everything, run everything through a central point (load every file via index.php, use .htaccess / server config to disallow everything users don't need access to, and use things like modx-sendfile to provide downloadable files, or just fetching files for embedded use on the forum, since that will prevent a bit of trouble as well (it's not enabled by default, so you need to install it on the server / set it up in Apache config)).

    A forum isn't that hard to develop, but you'll need a bit of both database and extensive PHP-knowledge, and you should be well-versed in securing both the server and the user-credentials and setting up very distinct user-roles. The whole site needs to be designed from a bottom->up perspective (start with the basics, which all users have access to, then move up to the next level (for instance, moderators) and so on, making sure that you don't accidentally forget a role-check so users suddenly have access to deleting other user's threads, and so on).

    There are plenty of pitfalls, and even though it might be a learning experience, I cannot for the life of me recommend you do THIS for a learning experience, especially if it's supposed to go life. You WILL fuck it up, somewhere, and some, or all users will get pissed at you - either because their logins get compromised, the site goes down, their credentials get stolen, or any other possible outcome. Not that those things can't happen to pre-made forum-software; of course it can, but then you have someone to blame, and a better chance that at least most of the obvious holes have been patched up.
     
    PoPSiCLe, Jan 12, 2017 IP
    pigpromoter, sarahk and qwikad.com like this.
  5. ale_steve

    ale_steve Greenhorn

    Messages:
    12
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    13
    #5
    man that was very very helpful thank you for the clarification
     
    ale_steve, Jan 12, 2017 IP
  6. NetStar

    NetStar Notable Member

    Messages:
    2,471
    Likes Received:
    541
    Best Answers:
    21
    Trophy Points:
    245
    #6
    In my early days of creating web sites I had that "geek" mentality like deathshadow where I had too much pride to use code written by someone else. Then I learned a few valuable lessons... #1 I spent WAY too much time writing untested code that was already written and stable by someone else and #2. I delayed the launch of my projects so long that I either never finished them or released them so late that it was no longer a hot niche... If only I could turn back time I would be a millionaire and not traveling all over the country working for someone else.

    My best advice to you is to NOT reinvent the wheel like Sara pointed out. Get a stable forum that already exists and spend the time in to customizing and making it fit in to the theme of your web site. If you have a separate registration form it's pretty easy to integrate a forum registration in to the data base so your user will automatically have access to the forum.

    If all you want to do is enjoy programming then by all means hack away at the code. But if your goal is to be an efficient entrepreneur (and make $$$) then you need to manage risk vs reward with risk being time spent. If I can spend $250 for a delivered stable product and save 4 weeks of development for an untested product I'm going to spend the money every time.
     
    NetStar, Jan 16, 2017 IP
    pigpromoter and sarahk like this.