thehippy

phpBB4 is going to be a from scratch rewrite, there hasn't been much progress from what I'm aware of though. There have been discussions about them making use of a framework, symfony comes up a lot and sometimes ZF. area51 is their dev portal, their wiki has some basic info on phpBB4 as well.

Zend_Loader and/or Zend_Controller Plugins maybe are what you're going for.

POST, GET, COOKIE and SESSION are all in the input object Please encapsulate your code in php or code bbcode tags in the future.

Got this from someone on twitter, Mike Monterio's talk named "F*ck you, Pay Me" Its hilarious, informative and full of cursing.

I used to be a programmer on a forum site well known for its (NSFW) gallery. If you host the images on your web (application) hosting account you can run into problems with disc space, bandwidth and resource usage. The load on the webserver from distributing images can take up significant resources. What we ended up doing is setting up an nginx webserver on a colo box hosted at peer1 dedicated to just image serving and resizing (making thumbs). From what I was told we pushed out 1.2TB from the image server and maybe only a few gigs from the application server a day. As for the premium image hosting, I don't have experience with that, the NSFW nature of the content we had made such things unavailable. Splitting up the load definitely was the right choice in our situation. I can see a problem though with what you said, having your users go offsite to upload pictures is clumsy, I wonder what impact it would have on your users' attention. Some transparency by integrating an upload mechanism might be beneficial. Be wary of the image hosting sites as well by reading over user agreement closely. Some sneak in things like giving rights to reuse images which may be a problem for you. Another thing came to mind, you also said your images were small, could you knit them together into a sprite and have CSS sort it out displaying them? It would cut down on the number of requests to the server. There are many things you can do to speed up your website, google has a whole section of articles and talks about the subject. I don't know if I said anything useful.

If you take up the replicated MySQL environment you propose you will have some modification to do. The Model Layer is part of your application and will have to be modified to utilize multiple database connections. To scale it out you would have to load balance (like with ldirectord/heartbeat) a write and read pool, which would be transparent to the application apart from still needing read and write connections in your application. Connection groups, or having your application select which pool member to use is problematic as its unaware of the load that node is under and if your application needs to scale more there may be multiple PHP/web/application servers that are selecting from the pool. If your application write heavy your setup probably wont scale very well because of data stagnation and high resource usage due to write replication. A MySQL cluster (NDBCLUSTER) would be the preferable setup. Be wary of info you read on MySQL cluster there is lots of misinformation and old tutorials with out of date comments around, the cluster has evolved quite a bit since the 5.x series. One of the good things about a cluster is that its a transparent change to your application as load balancing is done transparently via DNS to the SQL nodes. Note: Application level is not in an application, its the application as a whole. cat, ssh, mysql, bind all are applications, interacting with them is said to be happening at the application level.

For the most part its his and fighting with a client never leads to good. There is something to be said about having your own library of common classes/methods that you use to build applications. I think of it in terms of 'common knowledge' if something many of my peers have similarly implemented, its common knowledge. That said it should be reusable and is definitely something not specific to a project. I probably wouldn't put a whole authentication system in my library but most of it, maybe just the core (roles, ACLs) and I'd certainly add something like a session class. Here's an essay on being a consultant, jump down to the 'Intellectual Property' section, it might be relevant. *Warning: written while half asleep*

UpTheTailpipe.net

Some background on the setup would be nice, which DBMS, physical location, if its a single storefront, local, international, multilingual, ties into external sources (inventory, CRM), etc. I'm not a fan of abbreviations in column names, pd* and ct* and hinted names such as cname and sname are useless as their full names are categories.cname and subCategories.sname which is a bit ridiculous, trim it up and make it cleaner. I think this is a preference but I know it annoys the hell out of real DBAs are table names should be named what a single row of the table is. A user record should come from the 'user' table, an order should be in the 'order' table. I say its up to you though. users can have many addresses (billing/home, work, friend/gift) then you can link to it (like in your orders table) users can have many payment methods (multiple credit cards, debit cards, payment gateways) some products have many options (ex. a shirt can have gender, size and colour) how are you dealing with that? make a table for all images, not a fan of n-number columns (ex. pd_img_n), less work if you need to edit image paths I also seperate out product and stock to allow the store owner to track stock a little more visibly. Stock can possibly be supplied by different distributors, its good to see where you're running low from who. Really depends on how much inventory management you want though. table for suppliers/distributors would be good and a m2m linking to which products they sell Storing credit card info is bad (a liability), avoid when you can. My country has privacy standards and as such credit card info needs to be encrypted and not in plain text it falls under 'reasonable protection'. PCI Compliance is becomming more important, check out the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS) and PIN Transaction Security (PTS) documents. They cover a lot, but its always good to be aware. Put indexes on all your columns you sort by, if you can sort a result listing by price, weight, manufacturer, etc put an index on it. There are a couple of little things, column names are a bit inconsistent, you use 'description' and 'specifications' but later you have 'ct_qty' and 'ship_amt'. Some DBMS dont allow capitals in table names, might want to lower-case those. Taxes are a bit queer, they can be where the seller is, where the buyer is, there can be no tax and there can be customs/broker fees. Kind of depends where you are and where you're selling to. Have I mentioned I dislike dealing with them? password_md5 or password_sha1 may be more descriptive and appropriate I think that's all I have to say for now.

<?php $dir = new DirectoryIterator('C:\\MP3'); foreach ($dir as $fileinfo) { if ($fileinfo->isFile()){ $mp3s[] = $fileinfo->getFilename(); } } print_r($mp3s); Do I really need to?

ProgrammableWeb has a fairly big directory of web APIs and Mashups of them. (PW's Ranking Page rated by Popularity/Usage)

The sender of your message encrypted the message with his private key and your public key. If you want to decrypt the message you need to decrypt it with your private key (and his public key, but that usually is done transparently by the software). If you use Thunderbird, I'd recommend Enigmail Asuming you're using windows and want the whole encryption suite go with Gpg4win which is based on GnuPG. It also has an outlook plugin IIRC. See the related documentation on how to decrypt a message.

You can skip the temp password part if you generate a unique token. [*]User goes to password reset page. [*]User enters email address [*]Check valid email address [*]Generate and save token [*]Email User with URI including the token (ex. Goto mysite.com/passwordreset/d93jd993jjda9/) [*]User goes to password reset page with token [*]User enters new password and confirmation

From php.net/manual/en/ini.core.php Default value was "8M" before PHP 5.2.0, "16M" in PHP 5.2.0 and "128M" in PHP 5.3.0 Anyone whose stupidly SELECTed * without a LIMIT will know all about resource limitations in PHP.

Nowadays with University courses online you have some great resources to point you in the right direction and give you solid foundation. For example... MIT OpenCourseWare - OS Engineering A couple books that come up for these courses. OS Concepts OS Design and Implementation In my electrical engineering classes we would program microcontrollers and small microprocessor boards, I found it a great introduction to core hardware/software interaction. There are microcontroller and microprocessor kits you can buy and you can make small useful electronics, might be an interesting stepping stone for you. A good first project would be to make a simple calculator then move on to other things like a keyboard logger or a network blackbox (hardware network sniffer). Its an interesting approach, fun and could help you with programming the basics of a OS.

To be perfectly honest this sounds like a task of system administration rather than application programming. All the tools are available and open source for doing this on Linux, the BSDs and other unix OSs, it would just be a matter of configuring and possibly scripting them into a single management interface if its not done already. Basic practice with backups are full backups weekly, with incremental backups on everyday not a full backup day, thats fairly conservative and changes depending how often data is changed and the value of the data. Compression: zip/gzip or lzma are lossless and common. Encryption: PKI using gnupg, make sure to have several backup copies of your private key. Backup/Restore systems are complex and there are many methods from live to offline backups and a variety of different software. Over the wire (network) restorations, which you alluded to are very costly in terms of time. You'll need a definitive strategy to work with and you'll probably have to change it to get the results you want. I'd suggest digging into the research, tldp.org is a good place to start with this I think, learning what methodologies are out there now. Don't be afraid of older documentation in the case of backups, it hasn't changed much with the exception stemmed from the popularization of virtualization. http://tldp.org/REF/INTRO/Backup-INTRO/ http://tldp.org/HOWTO/Linux-Complete-Backup-and-Recovery-HOWTO/ http://tldp.org/LDP/lame/LAME/linux-admin-made-easy/server-backup.html http://tldp.org/HOWTO/LVM-HOWTO/snapshots_backup.html

Zend_Exception extends SPL Exception, where cloning is finalized, if your application is trying to override it you'll get such an error. class My_Exception extends Zend_Translate_Exception { private function __clone() { // will not work } } The PHP error is just pointing out this fact, you're going to have to hunt down the real problem where someone is doing something wrong. Nothing is wrong with Zend its just being misused.

Head on over to nist.gov, they have some publications, papers, standard practices and policies on desktop security. I don't believe the FDCC (Federal Desktop Core Configuration) has established profiles/policies for Windows 7 yet, there is a policy available for Vista though which I'm sure you can use as a guideline. Firewall security is good, but to secure the OS itself or rather use the OS in secure manner takes some discipline. Strict filesystem permissions, patching within reasonable times from release, using a good AV/Spyware scanner (MS Security Essentials is good), limiting running services, requiring increased password complexity, removing administrative privileges for any regular user account (I always want to log in as admin but its naughty), not using unsigned driver or software, being a bit stricter with browser control, limiting software installation, securing communications between your computer and others (email, ftps, etc), securing data/harddrive encryption (ex. bitlocker), and the list goes on and on. You can continue to harden a computer until its unusable, so beware. Get familiar with group policy, Windows has lots of security features which most people never see. Get familiar with Windows command line tools, cacls, netsh, etc, they're helpful and the CLI is not just for Linux geeks! If you want to be in the know and or conscientious, signup on mailing lists for the software you use, Microsoft has a security bulletin mailing list and a Patch release mailing list. Get on a few security mailing lists, vulnerability and bug notices will give you some insight into what exploits people will be using (usually within days of their appearance on such lists). Security is a vast topic, so I'll stop with this. If you want to browse the web anonymously you can use a free service like Tor but you'll never get great speeds with it, so its up to you. You can pay for a web proxy service as mentioned. If you want to access the internet (all protocols/services) anonymously use a private VPN service. I say anonymous, but those paid service providers know who you are and a court order can breach that anonymity. A credit card gift card and a fake name may shelter you a bit, but if they keep logs... I'm getting off topic. Oh yes, purchase some tinfoil and wrap your keyboard and mouse in it.

I've had this problem crop up many times with custom PHP mailers, there are so many things that can possibly trigger spam filtering its a bit monotonous. SpamAssassin has a tip/advice page for such people though. Its a good place to start, its not a proper article explaining everything but with a bit of thought you should figure it out what problems your mail may be having.

MrAdam beat me out in helping you with your problem, but if you're struggling I have a couple of things you may want to look at. The two resources that have helped me out immensely with regular expressions are first a book Mastering Regular Expressions and the second is an application called RegExBuddy, its named a bit ridiculous but the free trial and $40 price tag are well worth it.

You would need a HTML rendering engine (ex. Gecko, WebKit being OSS) to render the page then you would need to convert the render into an image format. Something already exists for doing such a thing, CutyCapt

Zend Framework Manual Zend Framework APIDOC Apress Books Zend Training PHP Architect Books ZendCasts Video Tutorials Vikram Vaswani's Zend Framework A Beginner's Guide Rob Allen's Zend Framework in Action his website with updated material If you want help Zend Framework's General Mailing List Zend Framework IRC channel - #zftalk on freenode.net (link) If you have an existing project, converting it and refactoring it would be a good basic project

Something like this perhaps? product id, vis_id, name, desc, msrp, ... storeHasInventory or maybe storeHasPrice store_id, product_id, quantity, price, ...

Given that you have a fresh VPS to start with, here are a few things you can do. Restrict network access with a firewall, block all services that don't need to be public and only allow access to services from where you want. For example only allow access from your IP/subnet to the service only you use (ssh/sftp) Backup! Down all the services you don't need or use, better yet uninstall everything you don't need. Deny local access to services except for the users that need them. Does bob need to access to mysql locally? no, deny him then OS hardening, use chroot jails for everything you can restricting what your webserver process has access to or your smtp server has access to can make a difference. One of the simpler things you can do is to force complex passwords on the server. Try hardening the OS with something like grsecurity and/or the bastille hardening tool, it'll be a headache until you get used to a more restrictive environment but well worth it. Don't trust anyone with access to anything, give them access to their own little places if you have to. Become a permissions ninja, know who and what has access to what and who. Install a host intrusion detection system, which is mostly a fancy file integrity monitor, if file.ext changes, alert the admin. Samhain is nice for this, has some other good features aswell. Backup regularly! Your webserver is probably the most public service you have so harden your webserver, trim down its loaded extensions, be a bit stricter with file/directory access. mod_security is pretty standard extension you can add to apache, configuration can be a bit crazy and over zealous at times, you'll need to test out your webapp against its configuration to make sure everything works okay. Next up harden PHP, suhosin is a good patch for this. Configure PHP to not display errors to users, log everything privately. Give yourself the tools to monitor who's accessing your webserver, enable verbose access logging on Apache for instance. You might give thought to using a network intrusion detection/prevention system (like snort); it'll give you a bunch of cpu overhead but it'll give you a clear idea of who/what is trying to access your server. Keep current with patches and security announcements, get on announcement and security mailing lists for the applications your server uses so you can get info quickly and can patch your server quicker. As for PHP security, here's a pretty good intro to php security. You might look at the security related classes such as session management, validation, filtering, etc from existing sources (PEAR, ZF, etc) to give you a jump ahead in your coding. Have you made a backup today yet?

If you can make your project with what CI has to offer I say go for it. I had a hell of a time integrating external libraries when I tried it (1.2 & 1.3). I was also going to have to write a RBAC and ACL system from scratch. With regards to the 'framework' itself, I'd say the core is too encapsulated, its not simple to extend features to suit your own needs and its not as loosely coupled as advertised. I had the impression when I tried it that it was more like an existing application I was adding on to than a framework I was using to build my own application. Might have changed since I tried it though.