PHP Forum Security Issues

[kool_samule]

Hi Chaps,

 

I'm about to start building a MySQL/PHP forum but would like to know what are the best administration steps to take.

 

Basically it'll be open to members of a site to share info (as like many forums out there), but obviously I don't want anybody to post either harmful content or offensive material.

 

Can someone point me in the right direction, or give me a basic outline of what I have to look out for?

 

Many thanks

[Zurev]

Are you talking about coding a forum from scratch, or installing vbulletin/php/mybb? Please specify - on here and sitepoint eh?

 

If it's the latter, security pretty much takes care of itself, and where it doesn't there are usually user submitted modifications that take care of it for you.

 

However for the former, you have a lot of work ahead of yourself. Due to the fact that you're entire project is based around user submitted content (user registration, login/logout, POSTS/THREADS, editting profile w/ avatar/other info) everything has to be filtered extremely well, implementation of bbcode, spam filters, using recaptcha, your own personal offensive language filter is nice. You'll have to be careful to work on filtering SQL Injection/XSS attacks extremely well, be aware of how to properly secure $_POST/$_GET AND $_COOKIE.