Building a social network using php/mysql server side. It is my first "big" project for college

Building a social network using php/mysql server side. It is my first "big" project for college.
What should i be worried about and not forget to do? Security issues?

Other urls found in this thread:

blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
php.net/manual/en/function.password-hash.php
theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw
twitter.com/NSFWRedditGif

Cool, me too! Not for school though.

The only thing I can think of is to properly sanitize user input and validate data formatting.

SALT YOUR HASHES

I have some question user:
1) PDO or Mysqli ?
2) Is is a good method using tokens for authentication and storing them in cookies?

What I've done is just sha1 the passwords in my database. Not enough?

Not first user, but PHP makes it easy to write shitty code.
1) Use mysqli and all mysqli funcitons (mysqli_real_escape_string, mysqli_connect etc.)
2) Don't forget about XSS injection; sanitize with html_entities()
3) Use password_hash() for passwords, No need to use salt and is forward compatible with new versions of PHP
4) Use PHP7 it is considerably faster all things being equal
5) Learn a different server language (NodeJS, Python, Ruby)

Wow, how awesome, op. I think you ought to include a VR feature with a large male negro raping your butt.

watch out for Zuckerberg

Thiz

wtf r u using php for? if you want a social network you better start mobile and it has to be cross platform; i suggest xamarin

Also figure out a way to do real-time content updates, no one wants to have to refresh the page anymore.

And just use PDO for database stuff.

ur pissin me off

dont make it raid proof

I will take a look at websockets for that.

Why faggot i said it is just a project for my college it's not something special

Xamarin has to be the worst cross-platform framework. It does everything but isn't good at anything and you have to use C# which is arcane by more agile frameworks' standards.

Also OP only mentioned what they were doing for the server and database, they might not be retarded and think they can use PHP on iOS and Android.

Otherwise OP you should use React Native for mobile if you don't want to also write an app in Java and Swift

I am using PDO. Instead of using mysqli functions, i am using my own function.

don't use SHA1, even for college work

go take a look at password_hash()

reference:
1. blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
2. php.net/manual/en/function.password-hash.php

No plans to make a mobile app at the moment.

I will take a look, thank you

1. When I started to work on my site (self-taught), I was using MySQL. Although I began to switch to MySQLi, many many people have recommended PDO as it can be used a lot more extensively and a lot better. Object-oriented, yo
2. I don't know

React is p sick tho. but i think xamarin is going in a good direction and it has the money to do it.

i just hope we can agree op is retarded for trying to create a social network with php

>AJAX

But I don't know shit about this stuff, really.

This.

Everytime you use SHA1, a puppy dies and Mark Cuckerberg grows stronger.

Microsoft, Google, and Apple all won't be using SHA1 anymore due to security issues you retarded nigger

Stop asking Sup Forums for help on your homework and go hang yourself if you're so retarded

Nah, he can do it in php but it won't be easy to produce a good system in it. For college project it's enough.

Ajax is easy, trust me. Take a look at some Ajax + jQuery tutorial and you will learn it in no time. It's pretty neat thing, worth spending your time on.

...and then ditching for a modern JavaScript framework. You'll save yourself a headache if you learn how front-end development is done nowadays. React, Angular, Ionic, Mithril etc. Even if it's just a college project you wont have to re-learn everything.

What's with zuckerberg? i don't like him, but probably for different reasons. why do you guys not? do a lot of devs not?

>php
>mysql

Your problems don't end at PHP. Both MariaDB and MySQL have their own server-side security issues if public-facing. Using Apache? Triple-check your Apache confs e.g. *.ht* should 404, not 503; forbidden tells the audience they're there. they don't need to know they're there if you're hiding them.

However you're in college, so your prof. prob won't care about the other crap as long as it gets you the fuck out of his class.

Use PDO for every query, ever.

Oh, you need subqueries? No you don't.

Hash passwords.

Use auth tokens for all user access. Even your site is an app on your site.

Feeling paranoid? Encrypt cookies.

Feeling more paranoid? Cookies are just a sesh token.

Facebook hires hackers.

Facebook doesn't just hire hackers for guaranteed high-quality, secure code.

Imagine you were the retard who decided to invent something as stupidly simple as bottled water, but managed to fuck everyone else out of the rights to it and built an exponential marketing and surveillance monster out of it. He inadvertently created thousands of delusional millennials who think they can "be the next facebook" and making another fucking social network with PHP and mySQL because that's what they did a decade ago.

this

also this, to a lesser extent

what are you even implying?
>that FB is actively hacking other social networks?
what a load of shit. ofc the only reason they hire hackers is to secure their shit, what kind red pills are you swallowing

lulz

Google recently exposed an 0day in Windows. How would they know this exploit existed if they weren't actively pentesting the Windows OS?

theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw

The reason they publicized this is to gain the trust of users in their competing Chrome OS.

There's a war going on behind the scenes of competing tech companies, in inexplicit terms. This is why they're hiring hackers.

Make no mistake, Google would try Ormandy themselves if they didn't intend to back him in court.

Employment contracts make sure employees can't perform stunts like this while maintaining employment, without explicit exemption.

what's so unlikely about this? they're competing with eachother so it seems like an obvious way to do it