Leaderboard

SaranacLake, even though I am probably the worst PHP person on this whole forum, I was fascinated with encryption and hashes, and a few months ago, I spent almost a full month studying PHP encryption! I don't need it for my own site, I just studied it for the same reason I read this forum -- it is fascinating! I learned how to do lots and lots of encryption, very secure encryption, but I also learned that with ONE little mistake, one slip of the code, ONE server misconfiguration, and you might open yourself up to some big lawsuit (ook at all the big multibazillion dollar companies that have been IN THE NEWS for their stupid data breaches! And they TEAMS of encryption geniuses, working for them, and they STILL couldn't get it right. So, it is a fascinating topic! It's fun to learn! But in my opinion, just my opinion, it would be better to hire a reputable first rate security company to do the credit card portion of the code you require. Then, if worse came to worse, and for whatever reason you had a data breach, you won't be in the awkward position of having to say, "well, I proudly did all the security coding myself, all the forums said my algorithm was secure..." :-) Again, just my opinion.

Given your comments, I understand your concern. If you get to the point where your community is successful enough to have the issues you describe then you can pay people (or in some cases entice them to moderate for free) your community. This is how this forum works. The forum software does have tools that will blacklist emails and ip's, but neither of those are fool proof. They still make it an annoyance for anyone who has not automated signups. The average crackpot will simply move on. The other thing that we face like most sites with any significant user base, is attempts to spam or advertise. Again our small volunteer moderation group, along with the forum's ability for people to report posts they think violate our rules insures that we have almost no spam or abuse presence on the forum lasting for any significant amount of time. More often than not, if I see a report, it has already been handled by one of the other volunteers. Again, having too many users with some that won't follow the rules is a good problem to have. I simply happen to believe strongly that it's more important to concentrate on your MVP, and building your traffic and user base than it is to try and engineer a solution to a problem you don't yet have, when you haven't implemented the tried and true, if imperfect, controls that other sites utilize first.