Need advice/knowledge of experienced professionals.

arconis

arconis

Used Receptacle
Oct 30, 2008
114
0
0
40
Hey all,

I have a site in mind that I would like users to register, post a article with word count, put the article up for approval/denial and if approved automatically increase the users account (based on word count) and once the account reaches say $20 use a merchant API to send payment.

I have not developed anything yet and am wondering the best way to go? It's almost a wiki-like deal isn't it? Does anyone have an helpful advice for what CMS to use to automate processes like this? I like Joomla, but don't think it has everything I need...Is the encryption abilities of Joomla suitable for sensitive information or is the fact that Joomla is open source make me a target? I imagine no matter what one uses they would remain a target...

Does anyone have any experience with Tiki Wiki? What about something like MicroWorkers? Maybe I'll e-mail them...hopefully not get bitched out for trying to weasel a proprietary setup, lol

I realize what I'm explaining is a custom solution of its own, but any help is GREATLY appreciated! Thx
 
Last edited:


I don't think it would be smart to go with an existing platform for this. Way too much overhead and things will break much easier.

This sounds pretty straight forward, user system with 2 user levels, one for submitting and one for approving. Plus the api stuff.

Just get a coder or even do it yourself.
 
hehejo said:
I don't think it would be smart to go with an existing platform for this. Way too much overhead and things will break much easier.

This sounds pretty straight forward, user system with 2 user levels, one for submitting and one for approving. Plus the api stuff.

Just get a coder or even do it yourself.
Click to expand...

hehejo nailed it. Honestly sounds like a good project to low how to code with
 
Appreciate it guys, it does seem that a custom coded solution would be best...and you've convinced me to at least try it myself hehejo. Thanks :)

Ty dchuk, this is a watered down idea of a bigger type of crowd-sourcing website I'm thinking about... I'm gonna need a CopyScape Premium membership for the QC, hehe
 
Yah tell me about, I just learned passing variables and its a lifesaver...much better than the .shtml days, rofl

Are cronjobs considered safe? I supposed I can put sensitive information in there but just dont put it in the public_html folder right?

One would probably put a cronjob for once a day to select all rows with > $20 and send a merchant API request right?

Also, and probably the most important, I should look out for XSS and SQL injection, but is there anything else that I'm overlooking?

EDIT:

I can't help but notice that cookie stuffing is one of the top keywords for WickedFire...should I take that into consideration? Are there preventative measures?
 
Last edited:
arconis said:
Yah tell me about, I just learned passing variables and its a lifesaver...much better than the .shtml days, rofl

Are cronjobs considered safe? I supposed I can put sensitive information in there but just dont put it in the public_html folder right?

One would probably put a cronjob for once a day to select all rows with > $20 and send a merchant API request right?

Also, and probably the most important, I should look out for XSS and SQL injection, but is there anything else that I'm overlooking?

EDIT:

I can't help but notice that cookie stuffing is one of the top keywords for WickedFire...should I take that into consideration? Are there preventative measures?
Click to expand...

Updated: Who Needs University? The Best Nettuts+ Screencast Training Courses | Nettuts+

Work through the php tutorial series, then work through the whole codeigniter series. By using a framework, you'll be able to avoid a lot of the risks of writing everything from scratch like XSS and stuff.
 
Code: 
// Sanitize Variables
array_walk_recursive($_POST, 'sanitize_variables');
array_walk_recursive($_GET, 'sanitize_variables');
array_walk_recursive($_COOKIE, 'sanitize_variables');
array_walk_recursive($_REQUEST, 'sanitize_variables'); 

// Sanitize Variables
  function sanitize_variables(&$item, $key) {
      if (!is_array($item)){
          $item = sanitize_text($item);
      }
  }
  
// Sanitize text
  function sanitize_text($text){
      $text = preg_replace("/[^A-Za-z0-9?!\n\r. ]/","",$text);
      return $text;
  }
Just do whitelisting instead of backlisting. So you can be certain that nothing slips through. Only allow the characters that you need for you application in the sanitize_text function (and stay away from unsafe characters).

It's quite easy and I think CodeIgniter does it the same way. It only gets complicated when you need the characters that are used in injections.

But I would also recommend CodeIgniter.
 
You must log in or register to reply here.
Top Bottom
Back