AUGUST 18TH, 2010
By MOHAMMAD SAJJAD HOSSAIN
In one of my previous
post I have shown how we can use both secure and non-secure URLs. Now I am going to show how we can do this, extending native libraries.
What we are going to do…
We will create secure version of some functions. For this we will create a helper file ‘my_url_helper.php’ and save it in ‘system/application/helpers’. We will be creating secure version of following functions:
- site_url()
- base_url()
- anchor()
- redirect()
Lets’ start…
First we will add the following config element in the config file:
$config['secure_base_url'] = 'https://example.com'; |
$config['secure_base_url'] = 'https://example.com';
Then, open the my_url_helper.php file (system/application/helpers/my_url_helper.php) and add the following codes.
if( ! function_exists('secure_site_url') )
{
function secure_site_url($uri = '')
{
$CI =& get_instance();
return $CI->config->secure_site_url($uri);
}
}
if( ! function_exists('secure_base_url') )
{
function secure_base_url()
{
$CI =& get_instance();
return $CI->config->slash_item('secure_base_url');
}
}
if ( ! function_exists('secure_anchor'))
{
function secure_anchor($uri = '', $title = '', $attributes = '')
{
$title = (string) $title;
if ( ! is_array($uri))
{
$secure_site_url = ( ! preg_match('!^\w+://! i', $uri)) ? secure_site_url($uri) : $uri;
}
else
{
$secure_site_url = secure_site_url($uri);
}
if ($title == '')
{
$title = $secure_site_url;
}
if ($attributes != '')
{
$attributes = _parse_attributes($attributes);
}
return '<a href="'.$secure_site_url.'" ' . $attributes . '>'.$title.'</a>';
}
}
if ( ! function_exists('secure_redirect'))
{
function secure_redirect($uri = '', $method = 'location', $http_response_code = 302)
{
switch($method)
{
case 'refresh' : header("Refresh:0;url=".secure_site_url($uri));
break;
default : header("Location: ".secure_site_url($uri), TRUE, $http_response_code);
break;
}
exit;
}
} |
if( ! function_exists('secure_site_url') )
{
function secure_site_url($uri = '')
{
$CI =& get_instance();
return $CI->config->secure_site_url($uri);
}
}
if( ! function_exists('secure_base_url') )
{
function secure_base_url()
{
$CI =& get_instance();
return $CI->config->slash_item('secure_base_url');
}
}
if ( ! function_exists('secure_anchor'))
{
function secure_anchor($uri = '', $title = '', $attributes = '')
{
$title = (string) $title;
if ( ! is_array($uri))
{
$secure_site_url = ( ! preg_match('!^\w+://! i', $uri)) ? secure_site_url($uri) : $uri;
}
else
{
$secure_site_url = secure_site_url($uri);
}
if ($title == '')
{
$title = $secure_site_url;
}
if ($attributes != '')
{
$attributes = _parse_attributes($attributes);
}
return '<a href="'.$secure_site_url.'" ' . $attributes . '>'.$title.'</a>';
}
}
if ( ! function_exists('secure_redirect'))
{
function secure_redirect($uri = '', $method = 'location', $http_response_code = 302)
{
switch($method)
{
case 'refresh' : header("Refresh:0;url=".secure_site_url($uri));
break;
default : header("Location: ".secure_site_url($uri), TRUE, $http_response_code);
break;
}
exit;
}
}
Now, I will extend the Config library (system/libraries/Config.php). I assume that the sub class prefix is set as ‘MY_’ in config file (system/application/config/config.php). Create a file ‘MY_Config.php’ in ‘system/application/libraries’ folder and save the file with following code.
class MY_Config extends CI_Config
{
function MY_Config()
{
parent::CI_Config();
}
function secure_site_url($uri = '')
{
if (is_array($uri))
{
$uri = implode('/', $uri);
}
if ($uri == '')
{
return $this->slash_item('secure_base_url').$this->item('index_page');
}
else
{
$suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix');
return $this->slash_item('secure_base_url').$this->slash_item('index_page').preg_replace("|^/*(.+?)/*$|", "\\1", $uri).$suffix;
}
}
} |
class MY_Config extends CI_Config
{
function MY_Config()
{
parent::CI_Config();
}
function secure_site_url($uri = '')
{
if (is_array($uri))
{
$uri = implode('/', $uri);
}
if ($uri == '')
{
return $this->slash_item('secure_base_url').$this->item('index_page');
}
else
{
$suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix');
return $this->slash_item('secure_base_url').$this->slash_item('index_page').preg_replace("|^/*(.+?)/*$|", "\\1", $uri).$suffix;
}
}
}
Now what we have…
Now we have secured versions of those function. You may now use them as their insecured version. Enjoy coding ;).
AUGUST 26TH, 2008
By MOHAMMAD SAJJAD HOSSAIN
PHP Security
PHP is a very flexible language. But sometimes this flexibility creates security flaws because of improper use of it. I had just read an article “Top 7 PHP Security Blunders” by Pax Dickinson. It shows top 7 mistakes or flaws that may break site security.
“Security is a process, not a product, and adopting a sound approach to security during the process of application development will allow you to produce tighter, more robust code.” – Pax Dickinson
In this article the author has shown how PHP application be infected and how to protect it. He has described the followings with reference to different articles:
- Unvalidated Input Errors
- Access Control Flaws
- Session ID Protection
- Cross Site Scripting (XSS) Flaws
- SQL Injection Vulnerabilities
- Error Reporting
- Data Handling Errors
- Configuring PHP For Security
I found this article knowledgeable. Hope you will like it. You may read it from here http://www.sitepoint.com/article/php-security-blunders.
I want to conclude with lines from this article…
“…there are many things to be aware of when programming secure PHP applications, though this is true with any language, and any server platform. PHP is no less secure than many other common development languages. The most important thing is to develop a proper security mindset and to know your tools well…”
JULY 15TH, 2008
By MOHAMMAD SAJJAD HOSSAIN
This class can be used to create email account and mail forwarders using PHP, without logging to cPanel. It is an extension of script made by www.zubrag.com. You can access the original link from here http://www.zubrag.com/scripts/cpanel-create-email-account.php. And it is also a modified version of the class “cpmail” which was coded by Md. Zakir Hossain (Raju), http://www.rajuru.xenexbd.com. How to configure:
- Download the zipped file.
- Unzip the file. This file contains the class file and an example file.
- Open the class file and change these variables –
- $currentTheme – Your cPanel theme
- $userName – Your cPanel user name
- $password – Your cPanel password
- $domain – Your cPanel domain
- $cPanelPort – Your cPanel port [optional]
- Include the class in the file where you want to use it.
Example:
// include the class file
include('class.cpmailmanager.php');
// create an instanse of the class
$cp = new CPMailManager();
// create an email account
$cp->createEmail('sadat', 'sadat123', 10);
if($cp->status) //account created successfully
{
echo 'Mail created successfully';
}
else
{
echo $cp->message;
}
// create mail forwarder
$cp->createForwarder('sadat', 'msh@example.com');
echo '' . $cp->message;
// delete mail forwarder
$cp->deleteForwarder('sadat', 'msh@example.com');
echo '' . $cp->message;
// delete email account
$cp->deleteEmail('sadat');
echo '' . $cp->message; |
// include the class file
include('class.cpmailmanager.php');
// create an instanse of the class
$cp = new CPMailManager();
// create an email account
$cp->createEmail('sadat', 'sadat123', 10);
if($cp->status) //account created successfully
{
echo 'Mail created successfully';
}
else
{
echo $cp->message;
}
// create mail forwarder
$cp->createForwarder('sadat', 'msh@example.com');
echo '' . $cp->message;
// delete mail forwarder
$cp->deleteForwarder('sadat', 'msh@example.com');
echo '' . $cp->message;
// delete email account
$cp->deleteEmail('sadat');
echo '' . $cp->message;
