[Ahmad45123]

Hello,
I am planning to create an admin control panel for my coming server.

I am very great in PHP... But I am afraid about security...
I mean admins will be able to edit the users stats from the ACP...
I am afraid someone like hacks it.. or something.

So I am asking if is it worth learning Symfony or ZendFramework for this ? Or should I just use pure PHP and don't worry about it...

Quote:

I don't even know if there is any possible hack :P

EDIT:
Oh and also... I am sorry if this is the wrong section... I don't know where to post this type of threads.

[AlexSwezVotra]

If there are admins that are corrupt than yes, learn Symfony.

[ev0lution]

If you've never used a PHP framework before, the learning curve is quite steep. I've been messing around with Laravel recently and it's very confusing to me, having coded in PHP for years.

My advice would be not to try and learn a whole framework just for the auth features, because you'll find that you'll have to adapt a bunch of framework-specific conventions that'll dramatically increase your development time - basically, it's overkill if you just want to secure your control panel.

Instead, check out something like PHP-login.net. That site has awesome auth scripts that you can freely use and adapt - from a super simple register/login to a more feature-packed mini framework that isn't quite as intense as something like Laravel/Symfony. All of those scripts include instructions on how to get started.

[nGen.SoNNy]

I'm using pure php on my UCP/ACP and it's secured.

[Smally]

@nGen.SoNNy - Indeed it is secure, and I do not doubt that. I myself am a Laravel 4 and 5 user, and I must say the security features that the Laravel Team have put into the framework is amazing. The effort that Taylor and his team put in is great. If you were to rewrite your UCP over at Stunt Evo, I would suggest looking into a framework.

@ev0lution - I'm going to have to disagree with you there. Having coded in PHP for 4 years, when I started using Laravel it was so easy, so much simpler. I do agree that is a tad confusing but when you've got the hang of it, the potential is amazing.

@Ahmad45123 - As long as you keep your MySQL information stored, and with the correct file permissions and use secure passwords that's not an issue. As just like anything else your accounts can be vulnerable if your password is given out etc, so you can't prevent people logging in if they know the password. In terms of brute force and mysql injection, your best bet would be head over to w3schools, and get to grips with the basics of PHP.

[ev0lution]

Quote:

Originally Posted by Smally @ev0lution - I'm going to have to disagree with you there. Having coded in PHP for 4 years, when I started using Laravel it was so easy, so much simpler. I do agree that is a tad confusing but when you've got the hang of it, the potential is amazing.

I have no doubts that the potential is amazing but I just couldn't for the life of me understand it! I tried to get started with it a couple of weeks ago and found very little as far as beginner's tutorials go.

[mati233]

I like to keep it "raw". If you know you're away around PHP you shouldn't have big issues, just make sure you make all the mysql queries safe.

[Smally]

Quote:

Originally Posted by ev0lution I have no doubts that the potential is amazing but I just couldn't for the life of me understand it! I tried to get started with it a couple of weeks ago and found very little as far as beginner's tutorials go.

The beginner tutorials for Laravel are pretty rubbish, check out laracasts, he is quite good.