thehippy

Bruce Schneier has some test vectors for the algorithm on his site. You could write some tests to verify your usage. Whenever docs are not explaining how to use a function its best to download the source and view the tests and those will show you how to use it. The mcrypt extension tests actually uses Schneier's vectors. See ./php-5.4.9-src/ext/mcrypt/tests/blowfish.phpt As for transmitting and receiving data just make sure keep an eye on encoding, the web stack tends to be loose and wild with it, that is character encoding, server-side gzip and so on. You may want to put in checks to make sure outdated versions of SSL/TLS are not being used. As for communicating with a shared server, you may want to include checks on where you put your data, make sure the file or database doesn't have shared or group read permissions, make sure not to use temporary directories as they can be shared locations, use secure network connection to the database, et cetera. Trust but verify.

I would just like to thank all the programmers out there that write tests for their code. I think its only happened two or three times now with medium to large existing applications, but to get a job to work on that's actually been unit tested is near bliss. To me well written tests are better than external documentation, better than autogenerated documentation, each test is a usage case that show me the previous coder's intent, damn near priceless.

I was not trying to say a view was a vote they are of course vastly different rule-based counting systems. I was attempting to point out the engineering problem of the detection of erroneous data that they had similarities, that there may be invalid views as there may be invalid votes. My bad if I confused anyone, I'm not a man gifted with words.

To be perfectly honest, its not worth investing the time to allow anonymous voting. The amount of time you invest in detecting erroneous voting outweighs the usability benefit. IPs can be proxies for an entire ISP. IPs, cookies, http headers can be faked, botnet's can artificially inflate voting results, most captcha services have been cracked and so on. Ask Amazon or Youtube how they deal with voting, they won't because they've invested so much time in it. Ever wonder why YT vids get stuck at 300 or so views? Because YT has to start validating a simple view so videos don't get artificially inflated view counts.

The Computer Security Resource Center (CSRC) at the National Institute of Standards and Technology (NIST) has many publications on all aspects of computer security. They are an USA Government working group that provides recommendations on such things as computer security for nearly all the government branches. A Listing of the publications - IIRC I'm not allowed to link directly to PDFs on this board I picked out a few that are relevant to website security. Take into consideration the date of publication on some of the articles, while the important ones are updated regularly the more obscure publications are not, but still have valuable information. Guide to Intrusion Detection and Prevention Systems (IDPS) Recommended Security Controls for Federal Information Systems and Organizations Guidelines on Securing Public Web Servers Guidelines on Firewalls and Firewall Policy Creating a Patch and Vulnerability Management Program Managing Information Security Risk: Organization, Mission, and Information System View Engineering Principles for Information Technology Security (A Baseline for Achieving Security) Generally Accepted Principles and Practices for Securing Information Technology Systems Given that you've stated 'I am not an IT/Internet specialist,' hire a professional if its important.

If you have a spare comp lying around, you could install your favorite *nix flavour then setup Samba to act as a PDC (Primary Domain Controller) and setup your roaming profile in Windows to sync to/from the PDC. Samba-HOWTO I used to use an application called GoodSync which might helpful. It has pretty good feature set. I could envision a login script that would sync up things or some such. Or use some cloud service to store settings too... lots of possibilities

Data integrity is at the core of design for critical application architecture. Data loss is simply unacceptable. As such a critical application needs to be highly testable to certify the integrity of the system handling the data. The system for storing the data (RDBMS) must be highly tested and have the features for authenticating the integrity of the data. Also, though I'm not positive you should have to follow the International Financial Reporting Standard (IFRS) in order to have your application be insurable. There is no way I'd hand this off to a student to design if it is a such an application. On the the other hand if I'm looking at this a bit too deeply, if you're to design a stock/bond monitor, while the data integrity is important its probably something a grad should be able to do. As for what to use, a RDBMS that supports ACID, Data Integrity (Triggers, Constraints, Foreign Keys, etc), Transactions is essential. Oh look I found a >list<. I won't go out of my way to support one or another, but know as a developer you won't have to buy an expensive license to develop the application, there is a free version nearly all the big guys, Oracle with their Oracle Database Express, Microsoft with SQL Server Express, IBM with DB2 Express and so on. Also, there is Postgres, Ingres and others in the FOSS world without any end costs other than learning them. RDBMS were made to, well most are made and excel at handling financial datasets, most of the project should be done with the RDBMS, your application should largely just be a way to view the data, manipulation should happen at the database, imports should happen at the database, calculations should happen at the database and so on. The front end is nearly irrelevant and up to choice, lots of enterprises have used web-front-ends for a good long time now and that may be an avenue for you, but most likely the decision will be the preference of the client/employer.

Get an unmanaged server or your own colocated server, one all your own none of that shared reseller garbage, get WHM/cPanel & WHMCS licenses, an authorize.net account, install, configure and you're a happy monkey, until things start to go wrong. There are less stream-lined ways to do it, there are web hosting panel alternatives, billing alternatives, panel-less webhosting setups and so on but if you're looking to do it like every other guy who thought it would be a good idea to setup a web hosting biz in the last decade, that's the way to do it.

Pro PHP: Patterns, Frameworks, Testing and More by Kevin McArthur is pretty good, explanations of design patterns which lead to practical usage with Zend Framework. I'm not sure if that's acceptable to you. OOA/D and design pattern books abound, but are largely language agnostic as they are a core concept to programming most modern programming, not specificly to PHP. Martin Fowler, et al - Patterns of Enterprise Application Architecture Jason Sweat - php|architect's Guide to PHP Design Patterns Eric Freeman, et al - Head First Design Patterns [Obligatory O'Reilly Book and really good] Zend Framework 1 is a behemoth, but at its core its a very well written object oriented framework, read it. ZF2 is under active development and might be a bit confusing, beta4 was just released just recently. Symfony2 is another good code read. Lithium, Solar, micromvc, even tools like phing have a good or decent design you might want to read through.

http://book.cakephp.org/2.0/en/models/callback-methods.html#afterfind

You may be looking to use the underlying SQL functionality of BETWEEN or you may be able to get away with LIMIT depending on your needs.

From the CakePHP Cookbook

Been using Virtualbox the last few months. For a quick setup just using an existing image like you'll get from here or setting up my own as similar to the production server as possible. There are tools like vagrant around to make managing things a bit easier as well.

Making use of design patterns in your code. Identifying patterns in existing code will help you learn them quickly or at least I found so. After you've coded for awhile you may get to the point where you think, well I know how lots of this stuff works but how do I put it all together well. That's where and when you should starting researching application analysis and design (OOA/D) principles. Write code, lots and lots of code. Understand that most of what you write you will toss away down the road. Get used to prototyping abstract designs and iterating over and over until you have a working and coherent design. Write and contribute with others, go to your local PUG (PHP User Group) and learn what others are doing, help, contribute and participate it will progress your understanding or at least expose you to more ideas. If you don't have a formal education in computer science or engineering consider things like MIT's OpenCourseWare to help structure an informal education. Learn some other languages. Never stop learning.

First Page of the Zend_Db documentation... http://framework.zend.com/manual/en/zend.db.adapter.html

Coming off Eclipse PDT then NetBeans to phpStorm has been a pleasure. NetBeans took a great deal for me to setup the way I wanted it to work, debugger, command line php tools, et cetera. phpStorm on the other hand is about as ready to go as an IDE can be, notably has integration with PHPUnit, phing, phpdoc and github, has good XML tools and works as a JS editor. If you find NetBeans a bit of a memory hog, phpStorm is a bit better and more responsive, not as good as the jump from Eclipse to NetBeans, but noticeable none the less. The code inspection is much more robust in phpStorm, not only will it autocomplete down to the array key but it does a fantastic job in mixed code situations (PHP, HTML, and JS all in the same view for instance). Another thing that not everyone will take into account is that the devs are fairly responsive with bugs, their tracker is public and things tend to get attention quickly. Feature requests on the other hand seem to take a major version release or someone to write a plugin as a work around. The downside is the extra functionality phpStorm provides might not be worth it, NetBeans is free and phpStorm is $100-200 USD, you'll really have to give the trial a shot and see if its worth it to you. Having my IDE be less of a headache made purchasing a license worth it to me, though I haven't upgraded to 3.0 yet which was only released a couple of days ago.

Been using NetBeans for awhile but I thought I'd give JetBrains PHPStorm a try. Its a very nice product, quick, excellent code completion and does double duty as a js/css IDE which I find myself using more and more lately. I may actually pay for an IDE, didn't think I'd ever say that. JetBrains made IntelliJ IDEA the Java IDE if anyone is familiar with it, good quality products out of that company.