Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara's Blog:
Security Review: Creating a Secure PHP Login Script
Aug 03, 2011 @ 17:02:19

In response to this article from DevShed about creating a "simple and secure login script", Anthony Ferrara has written up this post to help dispel some of the inaccuracies, bad practices and security issues that could result from DevShed's code.

I decided to click the link [in my feed reader] and give the article a read. Not overly shocking was the fact that I didn’t find the content of the article to be, how shall I say this..., overly factual. It’s not really a "tutorial", but more of a "here’s some code that’s secure". A quick review of the code found more than one vulnerability, and some significant things that I would change about it (as well as a few "really bad practices").

He walks through each of the files included in the original tutorial - Authenticate.php, Register.php and Logout.php - and talks about things like brute force detection, password verification, registration handling and session serialization. He finishes it off with a list of twelve overall issues he noticed during his work along with solutions for each (usually very simple ones too).

tagged: security review response devshed secure login tutorial

Link:

Evert Pot's Blog:
Devshed article about SQL Injection
Jan 08, 2009 @ 13:51:43

Evert Pot responds to a recent DevShed article in a new post to his blog today.

The one major flaw in the article is that it is suggested input validation is enough protection. This is not the case.

He notes that their solution just isn't enough to really protect much of anything in your scripts. He corrects the articles where it says that mysql_real_escape_string is a good secondary line of defense by suggesting that you always use it. It is a much more effective way to remove potentially harmful characters than a regular expression of your own devise.

tagged: sql injection devshed security mysqlrealescapestring experience

Link:

DevShed:
Building a Logout Class
Sep 05, 2007 @ 17:36:00

DevShed has posted a new tutorial today about building another common component of a website - the logout component.

The main function of the logout class is to log out a user and then redirect the user to the login page. On a programmatic level, the logout class terminates and destroys the session variables that the login class created for the user and also logs the exit time to the database. This article will show you how to create a logout class. It is part of a series on application framework components.

They build out the simple part of the class first, handling the variables and all and then move on to handling the logout and updating the database to reflect the user's status. They finish the tutorial off by giving both the database structure for the component and an example of it in action.

tagged: devshed logout class tutorial database login devshed logout class tutorial database login

Link:

DevShed:
Building a Logout Class
Sep 05, 2007 @ 17:36:00

DevShed has posted a new tutorial today about building another common component of a website - the logout component.

The main function of the logout class is to log out a user and then redirect the user to the login page. On a programmatic level, the logout class terminates and destroys the session variables that the login class created for the user and also logs the exit time to the database. This article will show you how to create a logout class. It is part of a series on application framework components.

They build out the simple part of the class first, handling the variables and all and then move on to handling the logout and updating the database to reflect the user's status. They finish the tutorial off by giving both the database structure for the component and an example of it in action.

tagged: devshed logout class tutorial database login devshed logout class tutorial database login

Link:

Codewalkers.com:
Site Changes Ownership
Apr 21, 2007 @ 16:16:00

In a release on the main page of Codewalkers.com today, Matt Wade announced that he and those involved with the Codewalkers website are stepping down and handing the site off to other hands.

It's with mixed emotions that I make this announcement. Codewalkers has officially changed ownership. I feel a great sense of loss handing the site over to someone else, but I know it is going into good hands. Over the years, I've become attached to both the site and the people that make up the community. As I've stated many times before, without the people (that's you!) that come here and contribute, this site would be nothing at all. So, once again, thanks!

Matt will still be participating in the site, just not in such a prominent roll. The group taking over the main roles in the site is the grup from DeveloperShed who also run the DevShed and DevArticles websites.

tagged: change ownership devshed developershed change ownership devshed developershed

Link:

Codewalkers.com:
Site Changes Ownership
Apr 21, 2007 @ 16:16:00

In a release on the main page of Codewalkers.com today, Matt Wade announced that he and those involved with the Codewalkers website are stepping down and handing the site off to other hands.

It's with mixed emotions that I make this announcement. Codewalkers has officially changed ownership. I feel a great sense of loss handing the site over to someone else, but I know it is going into good hands. Over the years, I've become attached to both the site and the people that make up the community. As I've stated many times before, without the people (that's you!) that come here and contribute, this site would be nothing at all. So, once again, thanks!

Matt will still be participating in the site, just not in such a prominent roll. The group taking over the main roles in the site is the grup from DeveloperShed who also run the DevShed and DevArticles websites.

tagged: change ownership devshed developershed change ownership devshed developershed

Link:

DevShed.com:
Building a Simple Affiliate System in PHP/MySQL
Nov 10, 2005 @ 19:04:43

New from DevShed today, there's this article that seeks to help you build an affiliate system for your site in PHP.

Today, we're going to discuss building a simple Affiliate System. Affiliate Systems are useful for people who want to have affiliates on their sites to help boost sales.

Affiliates sign up and are given a link that they can use to redirect visitors to your site. The script will track clicks from each affiliate and also record any sales that come out of those clicks.

In the article they go all the way from explaining what an affiliate system is and how its used all the way out to how to integrate all of the code they give you into their site. It's a comprehensive look, giving you plenty of code and matching HTML to work with as well...

tagged: devshed affiliate system mysql devshed affiliate system mysql

Link:

DevShed.com:
Building a Simple Affiliate System in PHP/MySQL
Nov 10, 2005 @ 19:04:43

New from DevShed today, there's this article that seeks to help you build an affiliate system for your site in PHP.

Today, we're going to discuss building a simple Affiliate System. Affiliate Systems are useful for people who want to have affiliates on their sites to help boost sales.

Affiliates sign up and are given a link that they can use to redirect visitors to your site. The script will track clicks from each affiliate and also record any sales that come out of those clicks.

In the article they go all the way from explaining what an affiliate system is and how its used all the way out to how to integrate all of the code they give you into their site. It's a comprehensive look, giving you plenty of code and matching HTML to work with as well...

tagged: devshed affiliate system mysql devshed affiliate system mysql

Link:


Trending Topics: