|
|
Posted by Steve on 03/24/07 21:35
| > if you have no idea how to do this, i'd be happy to post a couple of
pages
| > of code that integrates security.
|
| Yes, please!
ok, well i just posted the email class and gave a script for maintaing
'people'. here is a configuration script that is included in every page.
i'll post the subsequent scripts it includes as replies to this post.
======= site.cfg.php
<?
ini_set('error_reporting' , E_ERROR & E_WARNING );
ini_set('display_errors' , true );
ini_set('max_execution_time' , 0 );
ini_set('memory_limit' , '100M' );
session_start();
// site basic information
$rootDirectory = '/var/www/html/demo/';
require_once $rootDirectory . 'classes/application.class.php';
$site = application::getInstance();
$site->rootDirectory = $rootDirectory;
$site->uri = 'http' . ($securityEnabled ? 's' : '') .
'://' . $_SERVER['HTTP_HOST'];
$site->uri = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$site->uploadBaseDirectory = $site->rootDirectory . 'data/';
$site->mailDropDirectory = $site->rootDirectory . 'data/mail/';
$site->adminEmail = 'Web Administrator <some.one@example.com>';
$site->title = 'Your Web Site';
$site->description = 'A Sample Of PHP In Action';
$site->currentPage = basename($_SERVER['PHP_SELF']);
$site->classDirectory = $site->rootDirectory . 'classes/';
$site->cssDirectory = $site->uri . 'css/';
$site->errorLogFile = $site->rootDirectory . $siteHost .
'.errors.log';
$site->fontDirectory = '/var/www/fonts/';
$site->homePage = $site->uri . 'index.php';
$site->host = 'Progress Rail Services';
$site->htdocsDirectory = $site->rootDirectory;
$site->imagesDirectory = $site->uri . 'images/';
$site->includeDirectory = $site->rootDirectory . 'inc/';
$site->jscriptDirectory = $site->uri . 'jscript/';
$site->logo = $site->imagesDirectory . 'logo.jpg';
$site->PopUpAttributes = 'dependent,height=475,width=600'; //
"channelmode=no,directories=no,fullscreen=no,location=no,menubar=no,resizable=no,status=no,titlebar=no,toolbar=no,";
// common php functionality
require_once $site->includeDirectory . 'functions.inc.php';
// source code security
$enableContextMenu = true;
// site database information
require_once $site->classDirectory . 'db.class.php';
try
{
db::connect('localhost', 'someUser', 'somePassword', 'yourDb');
} catch (exception $ex) {
print "<pre>\r\n" . $ex->getMessage() . "\r\n" .
' in file ' . $ex->getFile() . "\r\n" .
' on line ' . $ex->getLine() . "\r\n" .
'</pre>';
}
// site notifcations
$emailNotify['TO'] = $site->adminEmail;
$emailNotify['CC'] = $site->adminEmail;
$emailNotify['BCC'] = '';
// archives
$wsArchive = 'error.log.xml';
// get relative font sizes for the browser if not set
require_once $site->classDirectory . 'browser.class.php';
$browser = browser::getInstance();
$sessionFonts = $browser->getFonts();
// user interaction
$logOut = isset($_REQUEST['logOut']);
if ($logOut)
{
$userName = '';
$userPassword = '';
$userVerified = false;
$_SESSION['securityAttempts'] = 0;
$_SESSION['userName'] = '';
$_SESSION['userPassword'] = '';
$_SESSION['userFullName'] = '';
header('location:' . $site->uri);
exit;
}
$userName = $_SESSION['userName'];
$userPassword = $_SESSION['userPassword'];
$userFullName = $_SESSION['userFullName'];
$site->lastSecurityCode = $_SESSION['securityCode'];
$alphabet = '2347ACEFHJKLMNPRTWXYZ'; // removed 0, 1, I,
O, Q, D, 8, 9, B, 5, S, 6, G, U, V - look too similar
$alphabetLength = strlen($alphabet) - 1;
$site->securityCode = '';
for ($i = 0; $i < 6; $i++)
{
$site->securityCode .= $alphabet[mt_rand(0, $alphabetLength)];
}
$_SESSION['securityCode'] = strtoupper($site->securityCode);
if (!isset($site->lastSecurityCode)){ $site->lastSecurityCode =
$_SESSION['securityCode']; }
?>
Navigation:
[Reply to this message]
|