Jump to content

thehippy

Members
  • Posts

    209
  • Joined

  • Last visited

Everything posted by thehippy

  1. Bruce Schneier has some test vectors for the algorithm on his site. You could write some tests to verify your usage. Whenever docs are not explaining how to use a function its best to download the source and view the tests and those will show you how to use it. The mcrypt extension tests actually uses Schneier's vectors. See ./php-5.4.9-src/ext/mcrypt/tests/blowfish.phpt As for transmitting and receiving data just make sure keep an eye on encoding, the web stack tends to be loose and wild with it, that is character encoding, server-side gzip and so on. You may want to put in checks to make sure outdated versions of SSL/TLS are not being used. As for communicating with a shared server, you may want to include checks on where you put your data, make sure the file or database doesn't have shared or group read permissions, make sure not to use temporary directories as they can be shared locations, use secure network connection to the database, et cetera. Trust but verify.
  2. I would just like to thank all the programmers out there that write tests for their code. I think its only happened two or three times now with medium to large existing applications, but to get a job to work on that's actually been unit tested is near bliss. To me well written tests are better than external documentation, better than autogenerated documentation, each test is a usage case that show me the previous coder's intent, damn near priceless.
  3. I was not trying to say a view was a vote they are of course vastly different rule-based counting systems. I was attempting to point out the engineering problem of the detection of erroneous data that they had similarities, that there may be invalid views as there may be invalid votes. My bad if I confused anyone, I'm not a man gifted with words.
  4. To be perfectly honest, its not worth investing the time to allow anonymous voting. The amount of time you invest in detecting erroneous voting outweighs the usability benefit. IPs can be proxies for an entire ISP. IPs, cookies, http headers can be faked, botnet's can artificially inflate voting results, most captcha services have been cracked and so on. Ask Amazon or Youtube how they deal with voting, they won't because they've invested so much time in it. Ever wonder why YT vids get stuck at 300 or so views? Because YT has to start validating a simple view so videos don't get artificially inflated view counts.
  5. The Computer Security Resource Center (CSRC) at the National Institute of Standards and Technology (NIST) has many publications on all aspects of computer security. They are an USA Government working group that provides recommendations on such things as computer security for nearly all the government branches. A Listing of the publications - IIRC I'm not allowed to link directly to PDFs on this board I picked out a few that are relevant to website security. Take into consideration the date of publication on some of the articles, while the important ones are updated regularly the more obscure publications are not, but still have valuable information. Guide to Intrusion Detection and Prevention Systems (IDPS) Recommended Security Controls for Federal Information Systems and Organizations Guidelines on Securing Public Web Servers Guidelines on Firewalls and Firewall Policy Creating a Patch and Vulnerability Management Program Managing Information Security Risk: Organization, Mission, and Information System View Engineering Principles for Information Technology Security (A Baseline for Achieving Security) Generally Accepted Principles and Practices for Securing Information Technology Systems Given that you've stated 'I am not an IT/Internet specialist,' hire a professional if its important.
  6. If you have a spare comp lying around, you could install your favorite *nix flavour then setup Samba to act as a PDC (Primary Domain Controller) and setup your roaming profile in Windows to sync to/from the PDC. Samba-HOWTO I used to use an application called GoodSync which might helpful. It has pretty good feature set. I could envision a login script that would sync up things or some such. Or use some cloud service to store settings too... lots of possibilities
  7. Data integrity is at the core of design for critical application architecture. Data loss is simply unacceptable. As such a critical application needs to be highly testable to certify the integrity of the system handling the data. The system for storing the data (RDBMS) must be highly tested and have the features for authenticating the integrity of the data. Also, though I'm not positive you should have to follow the International Financial Reporting Standard (IFRS) in order to have your application be insurable. There is no way I'd hand this off to a student to design if it is a such an application. On the the other hand if I'm looking at this a bit too deeply, if you're to design a stock/bond monitor, while the data integrity is important its probably something a grad should be able to do. As for what to use, a RDBMS that supports ACID, Data Integrity (Triggers, Constraints, Foreign Keys, etc), Transactions is essential. Oh look I found a >list<. I won't go out of my way to support one or another, but know as a developer you won't have to buy an expensive license to develop the application, there is a free version nearly all the big guys, Oracle with their Oracle Database Express, Microsoft with SQL Server Express, IBM with DB2 Express and so on. Also, there is Postgres, Ingres and others in the FOSS world without any end costs other than learning them. RDBMS were made to, well most are made and excel at handling financial datasets, most of the project should be done with the RDBMS, your application should largely just be a way to view the data, manipulation should happen at the database, imports should happen at the database, calculations should happen at the database and so on. The front end is nearly irrelevant and up to choice, lots of enterprises have used web-front-ends for a good long time now and that may be an avenue for you, but most likely the decision will be the preference of the client/employer.
  8. Get an unmanaged server or your own colocated server, one all your own none of that shared reseller garbage, get WHM/cPanel & WHMCS licenses, an authorize.net account, install, configure and you're a happy monkey, until things start to go wrong. There are less stream-lined ways to do it, there are web hosting panel alternatives, billing alternatives, panel-less webhosting setups and so on but if you're looking to do it like every other guy who thought it would be a good idea to setup a web hosting biz in the last decade, that's the way to do it.
  9. Pro PHP: Patterns, Frameworks, Testing and More by Kevin McArthur is pretty good, explanations of design patterns which lead to practical usage with Zend Framework. I'm not sure if that's acceptable to you. OOA/D and design pattern books abound, but are largely language agnostic as they are a core concept to programming most modern programming, not specificly to PHP. Martin Fowler, et al - Patterns of Enterprise Application Architecture Jason Sweat - php|architect's Guide to PHP Design Patterns Eric Freeman, et al - Head First Design Patterns [Obligatory O'Reilly Book and really good] Zend Framework 1 is a behemoth, but at its core its a very well written object oriented framework, read it. ZF2 is under active development and might be a bit confusing, beta4 was just released just recently. Symfony2 is another good code read. Lithium, Solar, micromvc, even tools like phing have a good or decent design you might want to read through.
  10. http://book.cakephp.org/2.0/en/models/callback-methods.html#afterfind
  11. You may be looking to use the underlying SQL functionality of BETWEEN or you may be able to get away with LIMIT depending on your needs.
  12. Been using Virtualbox the last few months. For a quick setup just using an existing image like you'll get from here or setting up my own as similar to the production server as possible. There are tools like vagrant around to make managing things a bit easier as well.
  13. Making use of design patterns in your code. Identifying patterns in existing code will help you learn them quickly or at least I found so. After you've coded for awhile you may get to the point where you think, well I know how lots of this stuff works but how do I put it all together well. That's where and when you should starting researching application analysis and design (OOA/D) principles. Write code, lots and lots of code. Understand that most of what you write you will toss away down the road. Get used to prototyping abstract designs and iterating over and over until you have a working and coherent design. Write and contribute with others, go to your local PUG (PHP User Group) and learn what others are doing, help, contribute and participate it will progress your understanding or at least expose you to more ideas. If you don't have a formal education in computer science or engineering consider things like MIT's OpenCourseWare to help structure an informal education. Learn some other languages. Never stop learning.
  14. First Page of the Zend_Db documentation... http://framework.zend.com/manual/en/zend.db.adapter.html
  15. This sounds like a good place to make a little AMF (Action Message Format) server, Zend_Amf has a good implementation that supports AMF3 which has much better compression options. Server side, this would get rid of the XML generation step as it's a matter of binding a class with RPC-like methods. And be honest Ender does your solution scale very well. Three files per flash file and per user, if you have 100 flash files, when you get 1000 users you have 300000 files floating around, it gets worse as you get more users. Also you're sending all those files to your users, that's a headache in of itself. Read up on AMF to see if it is applicable to your situation.
  16. You could look at PEAR/HTML_Table for some inspiration. Personally the hard-coded styles I dislike very much, perhaps some default CSS classes would be alright, even better if those could be overridden. Leave it up to the designer how it should look.
  17. Most of my code tends to follow the Zend coding standard, which is to say the PEAR coding standard with a few minor differences. I even have a pre-commit check with phpcs to ensure I'm not being lazy.
  18. The PHP fig (framework interop group) that was formed to help flush out some common standards between the big frameworks has and is still having a discussion over a common coding style. As part of the discussion a survey was made of some of the projects of how they format their code. Here is a google spreadsheet with what they've collected. While most people... err I mean developers use spaces there is still a tab following.
  19. The most common method is to use the Myers-Briggs (Personality) Type Indicator to evaluate a person. Compatibilities are allocated according to MBTI and so is a matter of pairing compatible results. Read up on it, there's a lot of criticisms about it, especially of its reliability.
  20. What you want to calculate will never be accurate due to the request/response nature of HTTP. When a browswer requests a page, it opens a connection sends the request, the webserver figures out a response and sends you that response, connection is closed. That's it. So figuring out how long a user had a particular web page open will always be an estimate. For instance, user goes to a website in which the index page is requested, user knows what they want on your website, so they quickly click on "login", fills in a form, "submit"s, gets redirected to a user page, clicks on messages-list link and so on. In this example we can extrapolate the time at the login page by calculating the time at which the request for the login page was made and the time the form was submitted. In a strive for more accuracy there have been some tricks made over the years. Lately the trend has been to setup a heartbeat javascript to constantly make requests to an XML-RPC/AJAX controller. So while a user has a particular page open, every N seconds a request is made to a controller which records the activity. You can also track mouse clicks in the same manner. Also be aware not all browsers reliable support javascript, lots of mobile users nowadays in which this solution doesn't pan out. There is also the problem that if minimized some browsers will pause or throttle everything in that particular window/session which may cause you problems. To my knowledge there is no reliable way to tell exactly when a user has left, closed, or exited. With PHP we can set a callback to run when a session expires, but session expiration times are usually long as not to annoy users too much. Due to the limitations I've mentioned you'll see variations in the calculations between tracking implementations, between which browser clients are using, between same browser on different platforms and other various situations. Google Analytics was written with the intention of tracking trends with less focus on finite numbers, you're not the first person I've encountered that dislikes it, though I find what it does offer very telling. You might not have to write a tracking and analytics from scratch, piwik is FOSS, check the demo out it may be more to your liking.
  21. Do you always need all fields for your purposes? NO its a waste of memory, start using $find(,array('fields'=>'') for better efficacy foreach($departments as $departments) and foreach($franchises as $franchises)? NO Do not load the same model on each iteration of the foreach loop. Waste of time/memory Stop doing this single line nonsense "$this->loadmodel('Department'); /**/ $departments = $this->Department->find('all');" Break up the code by putting it on another line, use vertical spacing to group similar code. Error out or make use of a logger, echo'ing is only good for debugging. Document what you're doing with this function, in a month will you really understand what this does? As for your main concern, you need to reread the Models documentation, especially the section concerning associations.
  22. Digital archiving if that's what you're talking about is a bit of a niche. There are standards available for digital archives, long term storage and preservation if you google around for them. You'd probably be better off contacting the tech department of a large library, they would I assume be far more versed with such things.
  23. I would also recommend putting some effort into learning MySQL. One of the few things I agree with what Oracle has done for the MySQL community is to put some dev time with the MySQL Workbench application. An application that is used to administer, model and interact with MySQL databases. MySQL for the most part installs like any other software, using MySQL Workbench eases the learning curve of interacting with it, which beginners seem to see as the biggest hurdle. You mentioned XML, its a fine technology on its own but PHP's support for it has been, let me say inconsistent in the most tactful way possible. It is certainly possible for PHP and XML to work, there are just so many deficiencies in its usage I cannot recommend it. sqlite is a fine database, has a small footprint, its quick but its a bit old school in its usage, you may find MySQL easier to grasp given that you're an excel user. I do not believe there is a similar tool to MySQL Workbench for sqlite either, perhaps some commercial software but I've seen nothing free or open source.
  24. How does the profile page retrieve data? Does it grab from a cache or use data that was in the session like Adam suggested? You say your profile edit page is edit.php, is that doing the form processing or is loginsuccess.php? If loginsuccess.php is doing form processing is it retrieving the profile view data before or after the profile table is updated with the processed form data?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.