Page 1 of 1

advice on codin a forum....

Posted: Wed Aug 28, 2002 3:11 am
by m3mn0n
Here is the game plan....

I am an administrator for an online game, what i am trying to develop is a inner-game forum, so all the people who have accounts can post, everyones own clan would have there own board, and it would save the trouble of setting up phpBB on my server and having everyone to make another account there also.

I have made a very primative board for this feature i'm developing but it seems to be not enough to function properly within the game enviroment.

Any suggestions on functions i should look into? Or if ya got a tutorial avalible for this kinda thing plz gimmie a link...

thx

Posted: Wed Aug 28, 2002 3:25 am
by hob_goblin
passwords:
http://www.php.net/md5

look into all of the string functions
http://www.php.net/strings

do it in mysql..
http://www.php.net/mysql

a security tip i know
http://www.vexdev.com/viewnews.php?postid=4

Posted: Wed Aug 28, 2002 9:08 am
by gotDNS
Hob_Goblin has the right idea.....also, feel free to ask me if you need any help:

AIM: randempedestrian

Posted: Wed Aug 28, 2002 9:15 am
by nielsene
Yeah, thats a great security tip. adding a 1-2 second delay on every login attempt is trivial and people won't even notice the delay.

More sophisticated approaches will use an [linear|quadreatic|exponential|factorial] increase in the delay with the number of retries. Still using the base 1-2 second starting point. You can't give a free zero seconf first try 'cuz a smart attacker will just make sure each attempt is a new session. Also make sure you put the delay before the password test comparision, you don't want the attacker to be able to tell that the test failed by detecting the wait.

Posted: Wed Aug 28, 2002 4:27 pm
by Takuma
I'm making the forum as well... You just plan it before you code it!

Posted: Wed Aug 28, 2002 7:06 pm
by fatalcure
i've actually coded a forum myself, and made it look similar to the phpBB forums, its functionality and look basically.
It seems to work pretty well, but i dunno how it will perform when the board is full.

you can go see it here: http://aim.alanpowell.net/messageboard/

still in development, its on the alanpowell.net domain, which is just a test site that will be ported to another domain once finished :)

Posted: Wed Aug 28, 2002 8:33 pm
by m3mn0n
thx much hob! 8)

btw fatalcure phat forum!! :D