On Sun, Jan 13, 2013 at 11:05 AM, Stephen <stephen-d@xxxxxxxxxx> wrote: > I know there are existing solutions for this, but the ones I have found are > complex, turnkey and don't really facilitate learning. When learning is the goal, writing your own is probably the best course. When deploying a live site, go with something that is time tested and has had many eyes upon it. > And, of course, having sample code for functions like creating a new > account, sending the confirmation email, handling the response. Dealing with > forgotten passwords. I don't want to re-invent the wheel, but I don't want > to have to dissect the code for, say, phpBB to see how it is done there, > either. I'd be rather hesitant to look into phpBB as well; it's rather old, a lot of security has been bolted on, stuck in, and so on. Plus it has many known exploits. Drupal is somewhat better as it has had major rewrites and releases, but it's not the most accessible of code. Symfony is well written, but it seems to borrow quite a lot from Ruby's DSL concepts in PHP-land. (Incidently, Drupal will be using Symfony for Version 8.) Do spend time perusing the questions and answers at stackoverflow as well: http://stackoverflow.com/questions/tagged/security and this: http://www.owasp.org/index.php/Main_Page +1 for Essential PHP Security. Dated, but still very valid and useful in a learning context. Also, while not really tutorials or documentation, start following the hacker news to see what sorts of exploits are out there in the world. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
