Starting a project, need some direction please

[Vapor]

I am starting a project that will encompass the following-

 

A forum script that will later be tied into it's own custom content management system.

 

But I have some questions before I get too deep into starting:

 

1. What is the "most" secure way to code a forum system?

2. Shall I rely on 1 person to code or open it to the public to help too (open source)?

3. Which features of forum scripts do you like and why?

4. How should the plugin system (hooks) be designed?

5. Template system - what is the easiest way to make theming simple?

 

These are just some of the basics that I am pondering at the moment. I know these may sound noobish but I would rather start this project the right way, instead of having it coded wrong etc.....and having to re-do everything down the road.

[The Letter E]

Here's some ideas to get you started:

 

1. If you want security you should store your sessions in a DB instead of the global $_SESSION - You should also make sure to properly encode/hash all data, keys, sensitive user info, etc...

 

2. Open source is going to give you a much larger knowledge base, since anyone can contribute, but you will also be giving up your ideas as open property, which means anyone can easily use/modify them to meet their own needs or create their own project.

 

3. I like forums that allow you to rate comments. There needs to be public and private ways for users to communicate. I have some other more personal touches that I might be willing to share if you would like some help.

 

4. All of your plugins and pretty much the entire site for that matter, should be Object Oriented, and you should store all of  your objects in a database.

 

5. Template system - You can use PHP in your CSS or use PHP to call different linked stylesheets based on the users choice.

 

I've been getting more involved with creative/web direction and would be willing to consult with you more in private if you'd like. Just shoot me a PM if you're interested. I work with all levels of web design, front and back.

[BlueSkyIS]

I don't know why storing sessions in a DB would be more secure. But it sure would be a pain in the butt. Can you shed some light?

[BlueSkyIS]

hm, maybe not such a pain according to this article: http://blog.peterhaza.no/session-security-in-php-and-how-to-improve-it/

 

interesting! I'd like to hear more opinions/reasons for/against storing sessions in various ways.

[The Letter E]

I don't know why storing sessions in a DB would be more secure. But it sure would be a pain in the butt. Can you shed some light?

 

Sure!

 

I guess I could have been slightly more detailed about this since it is a newer practice.

 

Pros to storing sessions in DB(some security related, others not):

1. If you need sessions to carry over across multiple servers <---this is helpful

2. Easier to check the state of your sessions

3. Increased performance on large frameworks with many users (scaleable)

4. On shared servers storing sessions in the $_SESSION array does present some very real security risks. For example, using basic shell commands on a hostmonster server I can view every username stored on that machine, which give me a great place to start hacking(I don't mess around with stuff like this *my safety* and would recommend you don't try and hack your shared server either

 

That is a little snippet about the sessions. I hope it was useful.

 

FYI, I know it's a pain, but I'm sure once people start doing it more we will start seeing more support from PHP and our relational dB products as well.

[Vapor]

I guess I should of added this will be developed on:

 

Mysql 5+

Linux web server

Php (obviously)

[The Letter E]

I guess I should of added this will be developed on:

 

Mysql 5+

Linux web server

Php (obviously)

 

Everything I suggested fits your environment.

[Vapor]

Great !

 

Thank you for the ideas "E" I will def. take these into consideration!