Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.
-
04-05-2015, 02:34 PM
#101
Web Guru
-
04-05-2015, 02:48 PM
#102
Web Guru
Admin username and password are plaint text in the database...shouldn't these be salted and / or md5 hashed?
The readme says there's no need to add http:// to the base URL....what happens if you want to use HTTPS? I'd recommend changing this so the whole URL (including http or https) has to be entered...
-
04-05-2015, 04:29 PM
#103
Originally Posted by
Marc J
Admin username and password are plaint text in the database...shouldn't these be salted and / or md5 hashed?
The readme says there's no need to add http:// to the base URL....what happens if you want to use HTTPS? I'd recommend changing this so the whole URL (including http or https) has to be entered...
I thought about salting the passwords but is it really necessary? Maybe, and not much work to fix.
As for mysqli, I ain't budging on that. MySQL is deprecated & its use is actively discouraged. I started out using mysql as you'll see in the commit logs (maybe).
The rest of the issues you've flagged, I'll get onto soon.
By the way, thanks for your help so far :beer:
-
04-05-2015, 06:04 PM
#104
Web Guru
Originally Posted by
juski
As for mysqli, I ain't budging on that. MySQL is deprecated & its use is actively discouraged. I started out using mysql as you'll see in the commit logs (maybe).
Haha, that's the answer I was expecting! I think a firmware update might give me mysqli on the QNAP....will have a look.
-
04-05-2015, 07:18 PM
#105
Originally Posted by
Marc J
Haha, that's the answer I was expecting! I think a firmware update might give me mysqli on the QNAP....will have a look.
If the older method wasn't so actively discouraged & you were willing to lend a hand in abstracting the db code out to functions I'd definitely work with you on making it either/or - make no mistake on that score. I'm starting to think that abstraction is going to be a good idea anyway.
Oh, and anybody worried about anybody aggregating your requests data.. the app can't do that. When you delete an event, the requests go byebyes too. At least they should.. maybe I've forgotten to put that line in 
It would definitely be interesting to be able to collect request data for our own uses, and indeed for multi-op bosses to check up on their minions (insert evil laugh emoticon here). That would be a piece of cake to do.. rather than simply deleting requests associated with an event, copy those request table entries into a 'master request history' table.
Please feel free to help me out & hammer the living daylights out of the test account. It seems to do what it's supposed to do in a roundabout way, but as any fule know there are always what devs call 'corner cases' lurking so the more live testing this gets the better.
Anyone else lurking with any PHP coding chops, help yourself to studying the code & making suggestions to improve it - be critical if you like so long as it's constructive (i.e. don't just say it's crap. Say "that's crap, but if you did this...").
-
04-05-2015, 07:56 PM
#106
Web Guru
Originally Posted by
juski
If the older method wasn't so actively discouraged & you were willing to lend a hand in abstracting the db code out to functions I'd definitely work with you on making it either/or - make no mistake on that score. I'm starting to think that abstraction is going to be a good idea anyway.
Looking at some software I've got that gives the option between MySQL and mysqli, they do it by changing the included file, e.g.: -
include("./functions/dbAccess_".$databaseType.".php");
with 2 files - dbAccess_mysql.php & dbAccess_mysqli.php...both with all the functions required for each method.
To do the same would be a lot of work, especially considering you've done the exact opposite already to remove mysql! I don't mind lending a hand (time permitting) but as you say, mysql is deprecated and so we should really be moving away from it...
-
05-05-2015, 09:22 PM
#107
Originally Posted by
Marc J
Looking at some software I've got that gives the option between MySQL and mysqli, they do it by changing the included file, e.g.: -
include("./functions/dbAccess_".$databaseType.".php");
with 2 files - dbAccess_mysql.php & dbAccess_mysqli.php...both with all the functions required for each method.
To do the same would be a lot of work, especially considering you've done the exact opposite already to remove mysql! I don't mind lending a hand (time permitting) but as you say, mysql is deprecated and so we should really be moving away from it...
Marc, I'm looking to start abstracting out the database stuff before I go putting any more db code in there. Do you have any ideas where I should look for a ready made class or other DB wrapper? PDO seems like a good idea, but I'm just wondering about your thoughts on this. I'm going to take a look at Prestashop (the other thing I look after) & see what they use. If it's simples enough I'll 'borrow' it
-
05-05-2015, 10:02 PM
#108
Originally Posted by
Marc J
Looking at some software I've got that gives the option between MySQL and mysqli, they do it by changing the included file, e.g.: -
include("./functions/dbAccess_".$databaseType.".php");
with 2 files - dbAccess_mysql.php & dbAccess_mysqli.php...both with all the functions required for each method.
Swahili....people talking Swahili everywhere I look. 
-
06-05-2015, 08:28 AM
#109
Web Guru
Originally Posted by
juski
Marc, I'm looking to start abstracting out the database stuff before I go putting any more db code in there. Do you have any ideas where I should look for a ready made class or other DB wrapper? PDO seems like a good idea, but I'm just wondering about your thoughts on this. I'm going to take a look at Prestashop (the other thing I look after) & see what they use. If it's simples enough I'll 'borrow' it
The example I've got is from the ecommerce package I use. It creates a dbAccess class which has all the functions needed...the only difference between the two files are the mysql and mysqli differences.
It's probably a bit late in the day to be changing stuff on this app? Unless you're planning to add more to it, I'd say it's probably not worth it if it works as it is. BTW a firmware update will give me mysqli on my QNAP (dev server), and I doubt there are any live servers running less than PHP 5.2.9 - so doing any extra work just to support mysql is probably a waste of time (IMHO).
By all means PM me if you want to take a look at what I've got, I can email it over to you...
-
06-05-2015, 08:48 AM
#110
I'm looking at this from the angle of maintainability. A couple of DB functions will be easier to maintain. It should be fairly easy to port the code to using a DB class once I've cracked it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
).
Reply With Quote