Preparation!?

[Shex]

So I decided to try again to make a petsite with use of the Mysidia script, because I can't code anything myself. But I don't want to just take the script as it is and maybe just tweak the css, I want to make real changes in design and function, so I really want to know:
How can I prepare myself?
Especially: Which programming languages should I learn or take a look at?
What about MYSQL and php frameworks? Anything else that can help me understand the script and code myself?

What I already did is installing WAMP with the guide by Kyttias and install the script, also I started brushing up my html and css on codecademy

Thanks a lot in advance :)

[Kyttias]

Mmm, well the Mysidia framework is quite advanced! It's built with a term known in programming languages as 'object orientation' which is a bit more advanced that just going at it. In 'Object Oriented Programming' styles [OOP] everything works with 'classes' in mind - and this saves the effort of typing in redundant code all over the place. Inside classes, functions are known as methods, etc etc -- so your best bet for helpful reading would be to look into object oriented PHP guides, in addition to standard introductory courses. There's actually quite a number of good videos on YouTube that I've found quite helpful, so hunting around there might be good, too. (And luckily Codecademy does have a run through for Object Oriented PHP during its normal PHP course!)

The existing classes for the framework aren't particularly well documented at this stage, unfortunately, but with the next major release HoF says they will be! (<3)

I've jotted down a few notes (mostly for myself) that sort of count as some basic documentation... so they might be helpful!

I'll also start in by saying I recommend making new pages manually (and not through the AdminCP). To use the stats page as example, there's a stats.php in the root directory, but inside the view folder, there's a statsview.php - and this is how pages work. (I think this is known as a 'Model View Controller' [MVC] technique.) In both files, you'll see things contain matching naming conventions (StatsController and StatsView) and it's got to be strictly adhered to:

stats.php -

PHP Code:

class StatsController extends AppController{ ... } 


statsview.php -

PHP Code:

 class StatsView extends View{ ... } 


And at this point I'll recommend you get yourself a nice text editor to program in! I personally recommend Sublime Text, because editing multiple lines simultaneously and searching all files in a project for a single word or function name has been such a blessing for making changes and cross referencing. I also really like the color scheme options of this program in general. Alternatively, I've also had great experiences with Notepad++. In both cases the reason for having a text editor like these comes down to syntax highlighting so the code is colored informatively for easier reading.

[Shex]

Thanks a lot already, I'll especially take a look at OOP
I already had a short course on OOP with blueJ and javascript, but that's years ago and I really didn't understand most things, I hope that will be better now :)

Another aspect I really have problems with: How do I learn to make a secure page? I read about sql injections and exploits, is there a way to check those things or any information on how to code secure stuff?
I'm really concerned about that but haven't found useful sources yet

[Kyttias]

I feel ya there. Security is really tough. The best way to learn how to make a secure page is to learn how to check if a page is insecure. There are a lot of security holes in the script currently. For example [ x ].

If you can right click on an element an inspect it, you might find data in form input elements that you can manually change. If the operation still goes through, there's definitely a security flaw. There's no magical cure-all to input validation, as you have to know what kind of data you want when and where and make checks manually that no one can abuse it. Any form data is suspect!

I once heard someone complain they could change their gender to anything they wanted. While I doubt anyone is going to just willy-nilly do that, it's the sort of thing you have to think of fixes for.

While the days of SQL injection is mostly safely behind us (database tables aren't just going to vanish), a user can still manipulate the data already in front of them (say, changing what item they're attempting to buy because they know its name or id or whatever).

Learn how to manipulate forms how a hacker would, find the problems, jot them down, and then report them and we can all work on making the script better. ^^;; Even if you can't immediately propose a way to fix a security hole, you're still capable of finding them.