[shire]

This made me laugh, Is true everyone hates PHP on here but in my hometown Seattle all the jobs on craigslist or anything other domain is mostly populated by PHP requests for a lot of jobs. How long does it take to get into PHP freelancing for someone who has experience with some Java.

[roansh]

If you are familiar with another programming language, and able to DO programming, then, on average, it wouldn't take longer than a month. That would be sufficient, I GUESS. I built a social networking site in PHP in the last semester. And it was my first PHP web-application! I did learn PHP (and Relational databases) in a month before that. I made a post about it, if you want to see (http://xworkspace.blogspot.in/2013/01/build-your-own-social-...)

But it all really depends on the amount of time (with brain) you spend on learning. :)

[krapp]

    $email = $_POST['email'];
    $password = $_POST['password'];
    $query = "SELECT emailAddress, password, userID FROM users
    WHERE emailAddress = '$email' AND password = '$password'";
    $result = $db->query($query);

Um... not to digress but it looks to me like there's a SQL injection hole here. Please use PDO and a bit more validation, this doesn't properly escape anything. You could validate the email address with filter_var, for instance.

Otherwise, it looks neat, good job. You might want to learn to code more defensively though. Especially if you're putting something up on Github.

Refer to: - https://www.owasp.org/index.php/SQL_Injection_Prevention_Che...

- http://stackoverflow.com/questions/60174/how-to-prevent-sql-...

for some direction towards better practices.

[roansh]

Hey krapp, thanks for your input :D It's a great example of quick & dirty job. There's still a LOT of work to do, I accept. The images are not scaled, passwords are not `hashed', and no validation, of course. I should have had worked on it later on, but I really didn't look in to it later.

I guess, I am also on the same path as with the author of this post. But yeah, thanks again, I will improve it as soon as I can. :-)

[krapp]

Bear in mind, that since it's on github, even though it's a 'quick and dirty job', people WILL just download it, run it and expect it to work, and if it works, not care about auditing the code.

Those people deserve what they get, maybe, but still. Getting into a habit of never releasing anything that doesn't at least have basic security is a good idea.

When you come around to hashing the passwords consider https://github.com/rchouinard/phpass

[roansh]

Right krapp. I will absolutely take care of that from now on, and also, I will fix that code ASAP. :)