[PHP5] A Smart Forum? In search of Beta Testers!

[inumedia]

-I'm currently in the beginning stages of developing a what I like to call a "Smart forum."
-Though it is supposed to be a "Smart Forum" it'll begin as a simple forum. Everything gets encrypted multiple times.
-The database's structure is encrypted ( Uniquely ) making it hard to hack into the database and almost impossible to use SQL Injections.
-After I have the basic forum and the functions complete the "Smart" part will start to be implemented.
The idea is that the forum will read everything you say and try to find and match nicknames to names. And then the more people talk a bout you the more "Fame" you get.
-The more people view your posts and your threads; the more "Fame" you get.
-The more people talk about you; the more "Fame" you get.
-A few other things will be implemented like rankings and groups.
-I need people to help me test it all out!
-I will be coding every drop of it.
-Everything will be very customizable.

I need ideas, opinions, beta testers, admins, moderators, section names, everything you would see at a forum.

PM With applications.
Post opinions and ideas here.
Beta testers just post here. =D
Once I'm done with beta testing I will be releasing the source on sourceforge.net

[X] Database Structure Encryption
[X] Account table access class
[X] Virtualid table access class
[X] Virtualidtoaccount table access class
[X] Hits table access class
[X] Links table access class
[X] Banreasons table access class
[X] Group table access class
[X] Groupmembers access class
[ ] Nickname access class
[ ] Namesays access class
[ / ] Sections access class
[ ] Threads access class
[ ] Posts access class
[ ] Sectionmoderators class
[X] Session encryption ( $_SESSION[hash("sha512","THISSESSION" . $key)] = "THISSESSION" )
[X] Session get
[X] Session set
[X] Load account to session
[X] Login
[X] Register
[X] Links
[X] Stats
[ / ] Forum
More to come...

There will be a LOT more added. ( Profiles, information, etc. )

 

[s-p-n]

What's the point of an encryption on everything? If done correctly, the encryption should not have a "decryption" engine to make the text readable again. If it is done correctly, then how do you expect to get the data for the user names, threads, comments... anything? The way an encryption works (in most cases these days) is a one-way street. If it's ever a two-way street, the encryption may be breached, thus is absolutely pointless.

The only thing I use an encryption for is a password. In My Opinion, It should only be used for sensitive data that never needs to be accessed and displayed back to anyone. Not even the administrator in PhpMyAdmin. Even the engines transferring the data back and forth do not hold answers for encrypted data with my engines.

I suggest you bring on those practices, because if you think about it, what's the point of an encryption if it can be hijacked? Then if/when it is hijacked, you'll have a hell of allot of work and explaining to do to your users and clients. If malicious user gets passed the encryption, they can do SQL injections. If they get passed that, they can make themselves admin. Now they can decrypt your data and, they're admin. So they have access to everyone's private data on you're whole site! Including your password which was also stored under a reversible encryption! Ahh sh*t!!

Also, I see forums all the time with rep points or "Fame", if you will. It may not be done exactly how you propose, but many existing systems are pretty efficient in terms of distinguishing between popular & non-popular users. Take for instance this forum. Everyone here knows that Frag-Frog is more reputable than me, not just by his post count, but by how others perceive him. Allot of those decisions are straight up best left to the users. In the end, it's their decision anyway, so just keep it simple

I'm not saying you should stop working on this project, it sounds like a wonderful milestone! Just don't forget simple is usually best. You'll probably see why when Bing fails to surpass Google. :laugh:

Anyway, good luck man, just trying to make it easier on ya

 

[Elite149]

well i can get a vbulletin forum (ill buy)
or maybe mybb (

You must be registered to see links

that one is mine)

and i can help with stuff if your devoloping a "smart forum":

heres my application of admin:

name: Elite149
reason:im good with coding,forums and stuff like that and this sounds nice
comments:i can code in java,c#,visual basic,php,html
age:19
email: EliteHacker@live.ca

 

[Nuklear]

If the only "Smart" thing is the Fame system, you're better off making mods for forum softwares such as IPB or vBulletin.

 

[Zen]

if this works, count me in as a beta tester.

i have a few free servers and a lot of free time lol. i can code basic PHP, but nothing too advanced (im getting into ASP.NET now)

add me on msn if you're interested.

(msn is on my profile)

 

[inumedia]

What's the point of an encryption on everything? If done correctly, the encryption should not have a "decryption" engine to make the text readable again. If it is done correctly, then how do you expect to get the data for the user names, threads, comments... anything? The way an encryption works (in most cases these days) is a one-way street. If it's ever a two-way street, the encryption may be breached, thus is absolutely pointless.

The only thing I use an encryption for is a password. In My Opinion, It should only be used for sensitive data that never needs to be accessed and displayed back to anyone. Not even the administrator in PhpMyAdmin. Even the engines transferring the data back and forth do not hold answers for encrypted data with my engines.

I suggest you bring on those practices, because if you think about it, what's the point of an encryption if it can be hijacked? Then if/when it is hijacked, you'll have a hell of allot of work and explaining to do to your users and clients. If malicious user gets passed the encryption, they can do SQL injections. If they get passed that, they can make themselves admin. Now they can decrypt your data and, they're admin. So they have access to everyone's private data on you're whole site! Including your password which was also stored under a reversible encryption! Ahh sh*t!!

Also, I see forums all the time with rep points or "Fame", if you will. It may not be done exactly how you propose, but many existing systems are pretty efficient in terms of distinguishing between popular & non-popular users. Take for instance this forum. Everyone here knows that Frag-Frog is more reputable than me, not just by his post count, but by how others perceive him. Allot of those decisions are straight up best left to the users. In the end, it's their decision anyway, so just keep it simple

I'm not saying you should stop working on this project, it sounds like a wonderful milestone! Just don't forget simple is usually best. You'll probably see why when Bing fails to surpass Google. :laugh:

Anyway, good luck man, just trying to make it easier on ya

The text it's self won't be encrypted just the database structure ( Which makes it virtually impossible to SQL Inject )

The database won't have any SQL commands done through the pages them selves but rather through a function that has escaped all variables.

I know how there are fame systems on other forums but thats mostly done by posts ( But I do see what your getting at )

Nothing will ever need to be decrypted.

No there won't be an on going struggle of memorizing what columns are what because all the functions that do the work is in a class that has the name of the column as a variable and it's content is the encrypted column name.

( Ex: Column: id FROM accounts = `$this->id` FROM `$this->accounts` )
See no encryption but rather call to variables to get the encryption.

There won't be a long wait to encrypt the database simply because I created an install wizard that will encrypt the database as it writes ( It will begin with the SQL Code, making it easier to modify the database, or for reference )

I am in the process of creating a class for every table and functions that seem to fit the use of the table.
So far I've gone 3/5 of the tables done and I'm still working.

There will be an easy way to add and change themes ( Yes you guys could create your own themes and implement them. No I'm not going to code your themes and integrate them for beta testing until I get some of the major stuff done. )

I'm debating on this:
I have coded a very good image creation script using PHP that since it's so heavy of a script has quite a few options that even lets it cut back on memory along with all it's other functions ( Color changes, Random fonts, Random Colors, A blur, A few other things. )

It uses a base ( Blank ) Image and writes text using information from an ini in the theme folder.

( I've already coded this and can easily integrate it )

It's heavy but it makes it easy for people that don't like photoshop or even those that don't like photo editing to put their name.

When the script generates the image it will output it to a folder ( "./themes/THISISMYTHEME/images/saved/")
and it will hash all the information about it hash("sha512",$color.$font.$text") and use that as it's name.
Then when the script gets executed again it'll look for specifically that file and if it's not there it'll generate another. ( Eventually this script will stop working and will simply output the saved image. =D )

If the only "Smart" thing is the Fame system, you're better off making mods for forum softwares such as IPB or vBulletin.

A Fame System won't be the ONLY thing about the forum. I'm going to slowly be branching off of everything to work toward ideas and hopefully on the way I'll get more ideas.

 

[s-p-n]

You're not just going through all that encrypting for similar purposes as parametrized queries, are you? Because it can be done easier..

I'll be respectful and assume you're making something like "Encryption-GENERAL" -

You must be registered to see links

?

If so, maybe take a look at this article before going too far in. There are other important security issues to think about during database development. These rules should apply to everyone- especially MySQL developers.

You must be registered to see links

Again, good luck and press forward. I'll try it out when there's a link. I hope everything comes together nicely. When all is said and done, I hope I stand corrected from my last post

 

[inumedia]

Actually I'm hoping to release it for beta applications and section creating within the next week or 2.

Soon afterwards I'll start work on the "Smart" part and hopefully I'll have around at least 50 members. Once I have enough members I'll be able to actually analyze the info and find ways to make it smart ( Like looking at the way people say stuff ( Ex: s-p-n is The Programming Preacher ) and then the smart would kick in

Anyways I do need hosting and a server to use. Doesn't have to be a virtual server just needs to have a MySQL Database and a Web server. Preferably with good security