ignace

Sessions. Also don't store more in them then needed and don't make the mistake of storing username/password in the session as a means to re-login as it doesn't work just extend the lifetime of the session. de.monkeyz advices username/e-mail address I seriously discourage you to follow this because usually when I have forgotten my password I also can't remember my username (actually I press forgot password whenever I forgot my username due to my name seems to be popular around the web and I always have to go for ignace435, ignace67, ignace347, .. IF I EVER GET MY HANDS ON... ) The best is that any changes to an account have to be confirmed through e-mail. In all security is great but make sure you make it harder for hackers not for your users, if you do then they will just go to your competitor who's only one-click away.

Scenario #1: mySuperPassword -> sha1 -> e6fbf7ef9bfacf587a826bede3203aae8cd70d45 Rainbow Table or some other means tells the hacker this thisWorksToYouKnow -> sha1 -> e6fbf7ef9bfacf587a826bede3203aae8cd70d45 and he succesfully logs in. Scenario #2: mySuperPassword . WithSalt -> sha1 -> 542674b7c33a88e907348f2a82200173da9409ee Again the hacker looks up the string: thisWillWorkYouKnow -> sha1 -> 542674b7c33a88e907348f2a82200173da9409ee The hacker enters thisWillWorkYouKnow (the system adds) . WithSalt -> 26089a503756b435698137c041bbf20b867db080 (sha1(concat(sha1($password), password_salt))) Can't login username/password incorrect. Ofcourse this is not entirely 100% safe because the hacker then can try to find a password (or brute-force) that matches a string that when concatinated with the salt turns up as 542674b7c33a88e907348f2a82200173da9409ee. The thing however is that it will take longer then if he had to just use some sort of RainbowTable. Mchl would say security through obscurity

You speak of frames as if it doesn't exist (or isn't supported) anymore. While neither are true as some web-sites/-applications still make use of them. I'm not saying this is a good thing, I hate frames. I just wanted to point out they are still around.

I was never good at math but this is crazy $amount * 0.01

I have seen your work on "Gibson Heating & Cooling", "The Apple Tower" and now your portfolio and I must say that it again looks really great. The few remarks I have: - Website loads slow (but quite possibly due to my (Belgium) & your server's location) - The flash loads slow (same as before) - The separator on the "search site" stretches further down (FF3.6) - HTML&CSS aren't valid although your website states it does

Please keep to one thread: http://www.phpfreaks.com/forums/index.php/topic,295917.msg1401466.html#msg1401466

pics or it didn't happen

I'm not sure which is worse there: "learn yourself" or "21 hours" Classic ignace. Good craftsmanship takes practice

Man, I need to get that manual. I already got it, bought it last week. Learn yourself sexual intercourse in 21 hours

Badger Badger Badger BADGER! Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, MUSHROOM, MUSHROOM, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Badger, Snake, Oh.. Snake, Ooh it's a snake, Badger, Badger, Badger, Badger, Badger, Badger, .. http://www.badgerbadgerbadger.com Great a meeting in a few hours.. guess what will be going through my head the entire time?

Ok, lead by example:

You could extend your function like: function validNumber($number) { $number = (array) $number; $isValid = true; foreach ($number as $num) { if (!is_numeric($num)) { $isValid = false; break; } } return $isValid; }

Trust me, it wouldn't go as expected. Sorry, dating-freaks.com I couldn't edit my post anymore. English is not my native language so I'm prone to make errors

This thread was a failure from the start. Do you honestly think any girl would post in here?? We are talking here about women who make pro-active use of their brain, no way they fall for such an easy trap. You'll have to come up with a more sophisticated "trap" for which exposing themselves is beneficial for them not for us (men). How about all single men start posting some pictures of themselves that way single ladies can try to hook up. From what I heard nerds are hot (according to the Big Bang Theory). Now that I am thinking about it, how about datefreaks.com?

"Don't try to argue with idiots. They'll bring you down to their level and beat you with experience." -- Someone whose name I can't be bothered to look up. That would be my name Unless you meant the person who said it originally (which apparently was said by Mark Twain). Another I like is Never argue with an idiot. Bystanders won't be able to tell the difference. Source: http://answers.yahoo.com/question/index?qid=20090827000845AA5iTLE

"Don't try to argue with idiots. They'll bring you down to their level and beat you with experience." -- Someone whose name I can't be bothered to look up. That would be my name

Erm, sure. I'd say "quality over quantity" but you'd just reply with some smart-arsed remark, so lets stick with "erm, sure." Sorry I disagree not all who carry the Guru status deliver quality. I also don't understand how someone with very little posts can be promoted a Guru when his worth has yet to be proven (more on that follows). Actually, I don't understand the entire badge system as your promotion should follow your achievements in the community as in "how many people have you truly helped?" instead you get promoted by people who merely represent the community. IMO is a badge system a wrong solution to this problem (or the term Guru because of it's technical meaning) because those who receive the Guru status feel a certain pressure as their answers should be of equal quality all-the-time (not a problem of course for those that deliver the same quality most of the time). It also means that the ones who promoted him gain a certain power over that person which in turn means that he will be nice to however promoted him and possibly agree without questioning (not all of course there are exceptions but some have no spine and will just worship the promoter). What I'm trying to say is that a parent-child relation in a community is not a good thing. Personally, I like being badge-free as it allows me to reply without boundaries (and screw-up/learn as I go). Some forums apply a karma-system and I like it because your karma-level reflects how good or how bad you truly are in helping others which should be your eventual goal, to help. Not to impress.

Badger, Badger, Badger, Badger, Badger, Badger, .., Badger, .. http://www.badgerbadgerbadger.com/

http://www.phpfreaks.com/forums/index.php/topic,295435.msg1400105.html#msg1400105 read roopurt's comments from there on it's pretty straight forward

Front-end and back-end is separated whenever you perform maintenance this means that the front-end will get a page like "Website is undergoing maintenance". The back-end remains the same now to let admins view those changes you simply give the "Website is undergoing maintenance" to anyone that does not have an active session or has an active session but is not an admin. if (isset($_SESSION['user_role']) && $_SESSION['user_role'] === ROLE_ADMIN) { //show page } else { //show "website under maintenance" page }

You remind me of myself. Once I was also trying to follow a formal path but to be honest you need to follow whatever you are most comfortable with. There are a few rules I follow and I find very useful is: 1) Work in iterations, show your work (every 2 weeks for example) to your client so that he can correct any misunderstandings 2) If there is something that is new to you, start with that first and show it to your client to make sure you both are on the same page (high-risk, high-value) In an e-commerce this could mean to start out with the checkout process even before anything else has been developed, a sample prototype would do fine. 3) Adhere to software principles (SOLID) during software design 4) Keep It Simple (take the simplest that could possibly work)

You may want to let your tutorials be proof-read before you actually publish them on the net.

doctor and developer are quite similar as both are experts in inner workings and both diagnose a problem and prescribe/write a cure only the latter has a higher fail-rate in the actual problem-solving although the former can blame his failing on natural causes and exact numbers are therefor unknown. A developer is a Frankenstein version of a doctor as he can create something out of nothing. Something along the lines of: class Developer extends Doctor implements FrankensteinGene

I meant the SVN client not the server version. I forgot to mention that SVN (server binaries) is hosted on a separate server.

thanks, it's nice to know that what I say is appreciated. If you are interested in exploring this further I can recommend Applying UML and Patterns (Craig Larman), Domain-Driven Design (Eric Evans), Writing Effective Use-Cases (Alistair Cockburn) I want to elaborate on that. Like Andrew said you start out by drawing on paper, to be more precise you draw a domain model. This has no interface's, no abstract classes, just (early) concepts. If you were to model a dice game you would identify Dice, DiceGame, and Player. You would find that 1 Player plays 1 DiceGame, 1 DiceGame includes 2 Dice and 1 Player rolls 2 Dice. You have defined your concepts and their underlying relations. Finding the correct concepts is not always so obvious though, sometimes something that may seem relevant at first may turn out to be completely irrelevant later (as your knowledge of the (problem) domain grows and your model changes). A domain model is a handy tool during meetings while you gain a deeper understanding of the domain. When you explain the new model to your client he will hear when something you say sounds weird and correct you (and your model changes again). This entire process transfers the domain knowledge of your client onto you into the model, once you both agree on a model a prototype (production-quality) can be created and tested by the client to verify the correctness of the model. Important to realize is that domain modeling takes place whenever you are to create a system you know little about. For example when you are to create a e-commerce system with some very specific business rules that deviate from a standard e-commerce system (as most by now realize how one works) although you should be aware that the client can have a different understanding when he says e-commerce. A domain-model is to gain a deeper understanding of the domain before you start out to create your class diagram. It takes a lot more then this post to explain the entire UP (Unified Process) to explain OOA&D (OO Analysis & Design).