advice on codin a forum....

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

advice on codin a forum....

Post by m3mn0n »

Here is the game plan....

I am an administrator for an online game, what i am trying to develop is a inner-game forum, so all the people who have accounts can post, everyones own clan would have there own board, and it would save the trouble of setting up phpBB on my server and having everyone to make another account there also.

I have made a very primative board for this feature i'm developing but it seems to be not enough to function properly within the game enviroment.

Any suggestions on functions i should look into? Or if ya got a tutorial avalible for this kinda thing plz gimmie a link...

thx
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

passwords:
http://www.php.net/md5

look into all of the string functions
http://www.php.net/strings

do it in mysql..
http://www.php.net/mysql

a security tip i know
http://www.vexdev.com/viewnews.php?postid=4
User avatar
gotDNS
Forum Contributor
Posts: 217
Joined: Tue May 07, 2002 5:53 pm
Location: West Chester, PA

Post by gotDNS »

Hob_Goblin has the right idea.....also, feel free to ask me if you need any help:

AIM: randempedestrian
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Yeah, thats a great security tip. adding a 1-2 second delay on every login attempt is trivial and people won't even notice the delay.

More sophisticated approaches will use an [linear|quadreatic|exponential|factorial] increase in the delay with the number of retries. Still using the base 1-2 second starting point. You can't give a free zero seconf first try 'cuz a smart attacker will just make sure each attempt is a new session. Also make sure you put the delay before the password test comparision, you don't want the attacker to be able to tell that the test failed by detecting the wait.
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

I'm making the forum as well... You just plan it before you code it!
fatalcure
Forum Contributor
Posts: 141
Joined: Thu Jul 04, 2002 12:57 pm
Contact:

Post by fatalcure »

i've actually coded a forum myself, and made it look similar to the phpBB forums, its functionality and look basically.
It seems to work pretty well, but i dunno how it will perform when the board is full.

you can go see it here: http://aim.alanpowell.net/messageboard/

still in development, its on the alanpowell.net domain, which is just a test site that will be ported to another domain once finished :)
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

thx much hob! 8)

btw fatalcure phat forum!! :D
Post Reply