New here! So many questions.....

Beginners - Learning PHP
#1

Hey - names Dan…

I’ve never really done anything with PHP, but now have the need to get a website happening.

Anyhow I kind have done myself in by volunteering, and at first I was just offering to provide a space for people to upload, but then I got dumped with requests for custom pages, and so I promptly came here in the hopes that I could do it with PHP.

I think if I do searches I could find most of this stuff, but one thing eludes me, and this is why I make this post, mainly because I don’t even know what to search for - or even if it can be done with PHP.

Among the one(s) I am setting this page up for, I have been asked to make it so images can be viewed prior to downloading a file, and I don’t know what search to type on this, since it will involve upload of picture, resizing of picture, and then what (I’m not sure) erase of larger/smaller picture.

In essence the web page is supposed to have a shout box, a comment box, a description feild, a file download, a star style’d vote (0-5 stars, including .5 stars), as well as regular html components, such as a banner style logo, etc… and the image that is to be tied to the file. There is a lot more to this then the ones asking realise also, there will need to be a login in section also, along with upload permissions, and edit boxes for the messages. All in all - I am not certain what I have gotten myself in for…

Getting back to my questions though - Is it possible to resize images with PHP? Just how much power is under the hood of PHP, and when do I have to go looking for other programs to fill in?

I understand the basic syntax of PHP, having done quite a few edits in the past with things like phpbb, I also can program in C#, and stand my ground with MSSQL, though I will likely this time be using MySQL, so while I am aproaching this challenge with a bit of scurvy, I don’t think that the final result is truely beyond my capability, care to point out where I am wrong?

Thanks for reading this, I’ll use this thread for any remaining questions, or stuck points I come across while I try to get this page happening.

1st EDIT:I got a basic login going, its pretty neat - was based upon this tutorial! I thought it was a fairly easy 1st step, next I will work on the shout box, as it presents itself as the next easy option.

2nd EDIT:I am thinking of using TinyMCE as my text input method.

#2

One thing I seem to miss in the tutorial you’re pointing out, is password encryption. Not only does it give sniffers the chance to intercept the password, a database leak will reveal all user accounts, including their passwords, to the public. Please take a look at our Tutorials section as well. Also, keep in mind that tutorials are generic, and will probably always contain at least some bugs. No script is 100% secure.

Is it possible to resize images with PHP?
Yes, that is indeed possible. However, you’re going to need an additional library called GD.

Just how much power is under the hood of PHP?
Depending on your application or project, it could be a marvelous tool or a useless one. Webbased applications will benefit greatly from using PHP, mainly because it’s simple, doesn’t require a lot of resources or dependencies, and is interpreted. These are all both pros and cons, depending on what you wish to do with it. One of the generic cons however is the myriad of functions PHP provides by default, and it’s lack of proper OOP support (which is greatly improving, I must say).

when do I have to go looking for other programs to fill in?
Again, this is greatly dependant on what you want to do. PHP provides a lot of functionality, and as such it belongs in the functionality tier. It does not provide support for multithreading (mainly because of its webbased character), it doesn’t allow for GUI development, but I think that for all lacks, plugins and libraries are available (PHP-GTK for GUIs for example). “Use the right tool for the right job” however, C# would be my first choice when developing a desktop application. But if I had to create a dynamic page and had the choice between JSP and PHP, PHP would definately be it.

Also, you say you’re experienced in MSSQL and are going to use MySQL for this project. Keep in mind that there are differences between these two products. For example, MySQL is not the kind of heavy-duty database engine that MSSQL (and Oracle, for example) are.

#3

Being the first web page that I have ever developed - I can imagine a lot of flaws, any number of which a hacker could jump on, tbh - I don’t want a full time job in this field, but have been enjoying a great deal of satisfaction so far.
The passwords are MD5 encrypted into the database, but as you say, sniffers could intercept the password, so I will definately check out the tutorials section in regaurds to this.

TBH - I think that experienced is too strong a word, I can stand my ground with it yes, but I have never really done anything remotely as large as a simple web site, mostly just toyed with it in my spare time, I only know enough to use it in it’s basic essence, not really the ins and outs of large scale DBs. (from memory the largest one I have ever made was only around 1-2 MB)

#4

Getting back to the login…

I have spent some time doing some reading, and am now looking at SSL with a $75 price tag from my host, which I might add I am not overly amused with.
Anyhow, looking now for alternatives.
I found this interesting page SHA-256.
I am compleatly captivated by it, and would like to implement it in the authentication challenge.
I got a few questions now about public/private keys, anyway, what I really want to know is how do I do this.
I had been thinking along the lines of sending the public-key, something based on a session ID to the client through the web page, encrypting the password with the public-key, sending the hash, and then decrypting it server side with the private key, and matching it with the db, guess I want to know if I am moving forward, or just getting lost in all this…
I am also half tempted to just scrap the public/private key and just go for the one public key, based on session ID, because this public/private key math stuff is really bogging me down, and no doubt it will bog down my server also (not that I expect high volumes of traffic - but one can not be too certain).
Right now looking for a thumbs up/thumbs down on this, just so I know…
Would also like to keep peps passwords encrypted in the database, rather than just plain text, so I guess that should be integrated here as well somehow, but right now, it is getting very close to bed time here :wink:

#5

I’m not familiar with SSL (mainly because of the price tag), nor with a cryptologist’s view on security (public/private key stuff). The main reason I’m criticizing the tutorial you’ve used is because it’s from 2004 … a lot has changed in the meantime, also in the PHP language and libraries. It’s okay to use tutorials, just make sure they’re up-to-date ;)

Sponsor our Newsletter | Privacy Policy | Terms of Service