Also it's worth noting that if you do want to do PHP "right" and use a framework like Zend or Cake you will probably still be shopping around a bit because you're not going to get the ability to use those frameworks out of the box on most hosting providers.
I've not really found this to be the case with Cake (which I like and use a fair bit) ... even if .htaccess is disabled for some reason, there is an alternate way to get it to run just fine ... generally though ... I can just put my cake file folder on the server and its good to go.
I would especially like to be able to check potential new people to follow against my current list of followers to see what I'm getting into. Sorry, not helping :-)
If I understand the question correctly, you are asking what's to stop someone from changing the UID, etc when the user is redirected from auth.com to coolstuff.com?
From my understanding of OAuth, when the uid, first_name and last_name are sent by auth.com it also sends a cryptographic hash of everything. So if you change the uid, you would also have to change the hash and you can't change the hash without knowing the shared secret that the auth.com and coolstuff.com have decided on prior to your request.
so what you are saying is that coolstuff.com's servers must always look for a signature from auth.com when they are accepting user data, they cannot trust the user input. That makes sense. So does facebook connect, google, etc. have this? I assume not.
OAuth 2.0 login providers use an access token that is user specific for all subsequent interaction.
For example, with Facebook, once a user has logged in and given Application X permission to access their details, FB will send the user's id, name, etc. (whatever data the user has granted access to) along with a unique access token. The next time, and every subsequent time Application X wants to access the FB API on the user's behalf it is required to send that access token. From javascript you might be able to change the token, however, Application X's next interaction with the FB API will fail if the token is invalid and there is no way to derive a token value from a FB user's id.
I don't have to change the token. I just have to change the data given by facebook (including the uid) before the website's dumb javascript uses it in a post back to the server. Since it's not signed by Facebook, how can the website's server trust the uid? Never trust your user input.
The user logs in on Facebook's server, there is no opportunity to change a uid. Facebook might return the logged in user's id, however that's not useful, the only way to interact with their API will be with the access token (which only grants you access to the logged in user's scope).
I am not talking about interacting with their API.
Facebook returns a uid.
When the user takes an action, this uid is sent to the server.
The server trusts the uid, and saves this action as taken by the user identified by this uid.
And let's say it's not the uid. Let's say it's the user's name.
It trusts the user input basically. But it should probably be getting it directly from facebook, or in a signed structure, right?
How much time did you spend creating the layer styles before you started selling them? It sounds like you put a lot of effort into it and I'm wondering if you considered yourself done once you launched the site?
Several months. I probably spent too much time on the product, and not enough on the site. I originally launched with just the wood and marble styles, the metal and glass ones came later. I'm still not done, I have a bunch of other style packs in development.
I've been using 1password on my mac, but I'm not using it's full capabilities yet. To use it with the iPhone do you sync your passwords using Dropbox or anything?
It took me a while to remember mine. It was my first introduction to functional programming using JavaScript. I didn't even realize that's what I was doing but when I realized that I could write a function that returned a function my brain damn near exploded with possibilities.
In my opinion whether you're wasting time comes down to how you're solving the problem. You shouldn't be doing the same thing over and over again. If possible you should be learning something new about your application or the libraries you are using. You should be taking notes because you will probably run into this problem again.
I don't think it's that intuitive. After see the awesome shark picture I went looking for more and clicked the T-Shirts link under invincibilitee.
If you're not going to put something under the first link in your side bar maybe you should have a message on that page directing the user to the non immortal tees.
Also it's worth noting that if you do want to do PHP "right" and use a framework like Zend or Cake you will probably still be shopping around a bit because you're not going to get the ability to use those frameworks out of the box on most hosting providers.