#1
  1. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,965
    Rep Power
    9397

    Post LIST OF PHP GUIDES AND FAQs (updated 27-Jan-2014)


    New User Guide & Frequently Asked Questions


    ____________________________________________________________________________________________________


    HOW-TO



    OBJECT-ORIENTED PROGRAMMING



    DATABASE


    SECURITY



    ERROR HANDLING



    MISCELLANEOUS




    ____________________________________________________________________________________________________


    OLDER GUIDES

    These guides are outdated and kept for historical purposes.

    Last edited by requinix; May 17th, 2014 at 11:27 PM. Reason: new forum broke my clever links
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,965
    Rep Power
    9397
    META-FAQ

    Q: What is this?
    A: PHP is a complicated language. Sure it looks easy, but there's quite a lot to learn about and it's easy to not know something important.

    We have a subforum where we will collect as much useful information as possible, but it won't help you if you don't know about what's available. So there's this thread, hopefully a one-stop shop to find the threads we've gathered.

    Q: Can I write something?
    A: Sure. Pick a subject you know well and write about it. Post a link to it in here and we'll take a look at it. Keep in mind that moderators may edit your posts now or in the future, but we'll probably stay mostly hands-off (so long as you don't give out bad advice ).

    If you're brand new then consider holding off a bit until we can get to know you first.

    Q: What should I write about?
    A: PHP is very diverse. It has many extensions and many libraries covering many, many different topics. Anything works.

    Good ideas:
    • Sticky forms
    • Session management
    • AJAX
    • Database best practices* - as they relate to PHP, of course
    • Caching*, with or without PHP extensions (apc and memcached to name a couple)
    • Debugging problems with your code
    • Security principles and practices*
    • Primers to WordPress/Drupal/Joomla/etc.
    • Primers to Zend Framework/Symfony/etc.


    * Threads about these subjects will undergo more scrutiny: bad advice is worse than no advice

    Try to pick topics that aren't already discussed to death - imagine 10 threads on database normalization that all say slightly different things.

    Comments on this post

    • richpri agrees : Thanks for these links!
    Last edited by requinix; January 29th, 2013 at 06:23 PM.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Location
    Blackburn, Lancashire.
    Posts
    8
    Rep Power
    0

    PHP GD Library Bundled Version


    Hi,

    I have put together a tutorial for compiling the bundled version of the PHP GD Library for Debian based Linux systems.

    www.maxiwebs.co.uk/gd-bundled

    There are also pre-compiled DEB and RPM files. Check these first, to see if there's a version for you, as compiling takes quite a while.

    Hope this is of use!

    Regards,

    petemaxi.
  6. #4
  7. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2014
    Posts
    114
    Rep Power
    1
    all the Tut's are 404, and i think that e-oreos tutorial was misleading anyway. its still vulnerable to MITM, so why not hash the password with javascript, then submit the login form with ajax. just a thought.

    Comments on this post

    • Jacques1 disagrees : Yet another clueless loudmouth ...
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by r3wt
    all the Tut's are 404
    Indeed. I'll ask requinix to update the links.



    Originally Posted by r3wt
    and i think that e-oreos tutorial was misleading anyway. its still vulnerable to MITM, so why not hash the password with javascript, then submit the login form with ajax. just a thought.
    What on earth are you talking about?

    Hashing the password client-side instead of server-side would be a disaster, because this degrades the whole thing to a plaintext password scheme with the hash being the plaintext password. An attacker is now free to either fetch the password in transit or steal it from the server.

    I also have no idea how this is supposed to prevent a man-in-the-middle attack. The only way to a protect against this threat is to use HTTPS. Trying it with JavaScript shows a deep misunderstanding of the underlying technics. Do you realize that your JavaScript code comes from the very source you're trying to protect against? Don't you think the first action of a MITM would be to manipulate your code?

    There's a reason why we hash the passwords on the server. It's not because we're all stupid. So please get the basics right before you claim that somebody else's work is misleading. And don't try to invent your own security protocol. Use proven schemes like HTTPS for the communication and bcrypt for the password hashes.

    No wonder your “trading platform” ended up with people making their own money.
    Last edited by Jacques1; March 19th, 2014 at 05:42 AM.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2014
    Posts
    114
    Rep Power
    1
    hash it on both client and server, and use ssl.
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by r3wt
    hash it on both client and server
    Nonsense. Then you again store the plaintext passwords on the server.

    Please, stop it. This is the FAQ section, so people come here to get solid advice. It's not the place for writing down random ideas.

    Read up on the basics of web security (the FAQ actually has several entries about that). If you have any questions, create your own thread.

    Comments on this post

    • r3wt disagrees : hashing clientside + hashing server side != storing password in plaintext. FAIL
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo