473,326 Members | 2,173 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

PHP-guru estimation??

Hello everyone.

If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).

How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know

I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?

Thanks in advance
Gabriel
Jul 17 '05 #1
8 2238

"Gabriel" <en**************@hotmail.com> wrote in message news:c1*************************@posting.google.co m...
Hello everyone.

If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).

How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know

I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?

Thanks in advance
Gabriel

I've been doing quite a bit of PHP coding lately - but I still rely on PHP.net and occasionally the news-groups. There is no way
that I or anyone else can tell you if it's possible for YOU to finish this project in 10 weeks.

Aside from the security issues for money handling, the interface as you described it could be implemented in a short period of time.
Developers who have implemented login mechanisms/password recovery in PHP for three or more web sites could probably have that
portion of the site done in just a few days with code-reuse.

I think the security issues here are beyond PHP. Not that PHP can't handle them - it can - but there are other security concerns
outside of the user/database interface that would need to be addressed. For instance PHP can't help you if your system leaves
telnet available to the outside.

Making the content look pretty is a whole different issue, and can take endless amount of time. But you didn't say much about that.

For what you did say I think 10 weeks (400 hours) is adequate.

-CF
Jul 17 '05 #2
Gabriel wrote:
Hello everyone.

If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
Up to this pint, I would estimate approx. 3 hrs - programming and
testing only, but I already have done this before and have existing
frameworks in place.
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
Depends on the implementation... I would NOT store credit card info in
the database, but the amount the user currently has is ok.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).
Simple form filed that updates the user's balance.

This brings up the total to approx 4 hrs, but that isn't including all
the design, betting and game stuff that you'd also need to do...
How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know
7
I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?


10 weeks sounds like a good timeline to me, even with a couple other
projects going on at the same time.

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Jul 17 '05 #3
Gabriel wrote:
Hello everyone.

If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).

How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know

I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?

Thanks in advance
Gabriel


10 weeks? Shoot, if that's your job and you're devoting 40hrs/wk (or more)
to it, you should be able to do it in ten days and not break a sweat. (and
btw, I would rate myself at 10 in all categories.)
Jul 17 '05 #4
Building the system you described is easy. I would put coding time at around
a week, and another week for setting up the server. The tough thing is
proving that the system works correctly. In order to perform proper and
thorough QA testing on the site, you'd need a complete functional specs and
a complete technical specs. From these you develop test cases covering all
possible scenarios. And then you need to analyse the system to see how it
can withstand different types of attacks. Finally, internal policy has to be
developed controlling who has access to the database, encryption keys, SSL
certificates and so forth.

If you're the only member of your development team, there's no way you can
do all that in 10 weeks.

Uzytkownik "Gabriel" <en**************@hotmail.com> napisal w wiadomosci
news:c1*************************@posting.google.co m...
Hello everyone.

If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).

How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know

I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?

Thanks in advance
Gabriel

Jul 17 '05 #5
Chung Leong wrote:
Building the system you described is easy. I would put coding time at
around a week, and another week for setting up the server. The tough
thing is proving that the system works correctly. In order to perform
proper and thorough QA testing on the site, you'd need a complete
functional specs and a complete technical specs. From these you
develop test cases covering all possible scenarios. And then you need
to analyse the system to see how it can withstand different types of
attacks. Finally, internal policy has to be developed controlling who
has access to the database, encryption keys, SSL certificates and so
forth.

If you're the only member of your development team, there's no way
you can do all that in 10 weeks.
10 weeks is extremely generous. Personally, my opinion is that if you're
going to do attack testing, sure - do a bit yourself, but get an external
person / group to try and hack the system. You don't have a fresh
perspective, they do. As for everything else, this really is not that
complicated, and should be doable within a two week period. Anyone saying10wk is either a really poor coder, has time management issues, lies to

their employer about how long their work takes, or some combination of those
three.
Jul 17 '05 #6
For a time I was working as a QA analyst. We used to say that QA is about
checking for compliance, not correctness. Without detailed documentation you
really can't test anything. Say you hire this external person to test your
site. How do you know he/she did anything? As the result that pleases is no
results, you'll end up with just that.

Uzytkownik "Agelmar" <if**********@comcast.net> napisal w wiadomosci
news:bt************@ID-30799.news.uni-berlin.de...
10 weeks is extremely generous. Personally, my opinion is that if you're
going to do attack testing, sure - do a bit yourself, but get an external
person / group to try and hack the system. You don't have a fresh
perspective, they do. As for everything else, this really is not that
complicated, and should be doable within a two week period. Anyone saying
10wk is either a really poor coder, has time management issues, lies to their employer about how long their work takes, or some combination of

those three.

Jul 17 '05 #7
"Gabriel" <en**************@hotmail.com> wrote in message
news:c1*************************@posting.google.co m...
Hello everyone.

If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools
* a system for secure-cookies
* each player can se change his own data and see other members game
stats
* the system is supposed to handle real money for every user that the
user can bet in different board games. Which means that security is a
BIG issue.
* a "side-system" for the administrators of the site to use when they
need to add money to a users account (money that the user has paid
through a VISA transaction).

How long would you estimate that it would take? If possible I would
also like you to rate you own PHP, MySQL skills from 1-10.
1=what is PHP?
5=I know my way around PHP and MySQL pretty good
10= PHP-MySQL-guru. There is nothing I do not know

I am aware of the fact that this question is a bit strange, but my
employer has asked me this question and my experience with PHP and
MySQL is about a year old, but I've been programming other things in
C++ and Java for a couple of years and my knowledge about security is
average. He gave me 10 weeks to finish this project. Is this possible?

Thanks in advance
Gabriel


rating PHP 4 Mysql 5 Project planning 9

This project should be able to be at the 90% stage in under 40 hours time
using unique code and combining it with available code.

It would work and do what you want, but it may or may not be secure or
pretty.

The reason I used 90% was the 90/10 rule that has seemed to dog me since I
started programming back in 1966. That is the first 90% of any software
project seems to take 10% of the time and the last 10% takes 90% of the
time.

The only way to beat this that I have found is to take the first 5 to 7% of
the projected time and not start on the project but use it to develop a very
detailed plan and very specific specifications. Then I seem to only spend
about 70 of the total projected time completing the entire project.

--
God Bless you,
Al Kolff

"There is a God we want, and there is a God who is. They are not the same
God. The turning point of our lives is when we stop seeking the God we want
and start seeking the God who is."
Patrick Morley
Seven Seasons of the Man in the Mirror
p184
Jul 17 '05 #8
I noticed that Message-ID:
<c1*************************@posting.google.com> from Gabriel contained
the following:
If you were to code a secure membership system in PHP using MySQL with
the follwing features:
* a signup function where the user gets an email with a random
password
* passwords stored encrypted in database
* login-system
* password recovery tools


I thought the idea of an encrypted password was that no one, other than
the user, would know what it is?

Or do you mean the things that ask a security question and then allocate
a new random password?

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: lawrence | last post by:
I haven't been able to reach www.php.net for days. Most of the rest of the web is working for me, though I've bad trouble reaching any English sites. Anyone else having trouble?
9
by: Bartosz Wegrzyn | last post by:
I need help with sessions. I createt set of web site for nav with authorization. first I go into main.php which looks like this: <?php //common functions include_once '../login/common.php';...
4
by: Japhy | last post by:
Hello, I'm am pulling data from a mysql db and want to use the data to populate a <ul. Here are relavent parts of my code : $wohdate = mysql_result($wohRS,$wohndx,woh_date); $woh_display...
3
by: Chris Paul | last post by:
I'm having trouble with PHP & PostgreSQL/OpenLDAP/Apache on Windows. I've set this up countless times on BSD (piece of cake) but I'm trying to do this on Windows now so that my developer can work...
59
by: Lennart Björk | last post by:
Hi All, I have a tiny program: <!doctype HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>MyTitle</title> <meta...
1
by: laredotornado | last post by:
Hi, I'm using PHP 4.4.4 on Apache 2 on Fedora Core 5. PHP was installed using Apache's apxs and the php library was installed to /usr/local/php. However, when I set my "error_reporting"...
1
by: ansc1 | last post by:
Hello, I'm new to using php coding. I need help with the following: 1. There is a submit button on the form and is saves information to my database. After clicking on "Save Measurement" it...
0
by: tsivaraman | last post by:
I am trying to build php-5.2.1 in RedHat Linux 9. I have installed libxml2-2.6.11,mysql-5.0.33,httpd-2.2.4(apache) successfully.When i do 'make' from the php directory,i get the following...
0
by: Benjamin Grieshaber | last post by:
Hi, I´m on SuSE 9.3 with xmlrpc-c and xmlrpc-c-devel installed (ver. 0.9.10) I tried to compile php with xmlrpc support and got the following errors: ...
4
by: mechphisto | last post by:
I'm working on a friend's box, Fedora Core 6. It has PHP 5.1.6. I need to install mcrypt into it, and the only way I can find to do it is from source then recompile PHP. So I did all that, and got...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.