Simple Site Protection

These set of php routines are designed to allow php developers to easily secure a site or an application.

Based on the ideas and information written about in Innocent Code by the security consultant Sverre H. Huseby the code attepts to make the site resiliant against most forms of attack.

Attacks hardened against are:

  • Sql injection.
  • Invalid character injection in forms.
  • Javascript injection in forms.
  • Sesson theft.
  • Session takeover.
  • One forms out put being used into another.
  • Designed to be used with ssl thus helping to prevent man in the middle type attacks.

Facilities provided by this set of libraries and routines:

  • Basic joinup routine.
  • Password recovery.
  • User admin.
  • User self admin.
  • Fully templated using fast simple template class.
  • Powerful (and paranoid) form building class.
  • Data checking class.
  • Useful lister and html menu list generation classes
  • Works with php 4.1 upwards
  • Uses database abstraction to work with most databases, has been used with MySql, Access and MS Sql Server.

Highly configurable session, login and debug:

  • Http or Https.
  • Variable number of actals for ip checking.
  • Fully configurable on types of checks to be done.
  • Login by email or username.
  • Extend the login for other user inputs.
  • Error output either to screen or log file for live sites.