evoCore - Framework PHP TYPOlight webCMS - Home Jelix, framework PHP Pxxo - Construire, utiliser et réutiliser des composants graphiques sur le Web Seagull - Framework PHP Chris Shiflett: Security Corner: Session Fixation Security is gaining more and more attention online. As PHP continues to be a key component of the web’s future, malicious attackers will begin to target weaknesses in PHP apps more frequently, and developers need to be ready. I am very pleased to introduce Security Corner, a new monthly column that is focused completely on web app security. Each month, I will discuss an important topic in great detail that can help you improve the security of your PHP apps and defend against various types of attacks. These topics will not be vague, general overviews, so if you are looking for an introduction to web app security, you will be better served by other sources of information such as the PHP manual's chapter on security. This month’s topic is session fixation, a method of obtaining a valid session identifier without the need for predicting or capturing one. Session Fixation Session security is a vast and complex topic. There are numerous types of session-based attacks. A Simple Attack Listing 1
R3 and Stickleback: Open Source Gold For PHP Developers (Yahoo! Developer Network Blog) hack_india_h_hackers The energy at the 6th edition of Yahoo! Hack in India was electrifying as we counted down to the close of hacking at Yahoo! Hack Hyderabad, 2013. The hackers downed over 1500 cups of coffee and tea, and 350 cans of Red Bull! Congratulations to all the hackers, especially the ones who took home the prizes. planman PlanMan! By Varunkumar Nagarajan, Arunkumar Nagarajan, Raghu Ram, Amit Bharti PlanMan is a mobile app that lets you do workflow management through SMS and missed calls. Read More »from Hack India: Hyderabad — It’s a Wrap! QPHP - Framework PHP
PHP best practices This guide will give you solutions to common PHP design problems. It also provides a sketch of an application layout that I developed during the implementation of some projects. php.ini quirks Some settings in the php.ini control how PHP interpretes your scripts. This can lead to unexpected behaviour when moving your application from development to the productive environment. The following measures reduce dependency of your code on php.ini settings. short_open_tag Always use the long PHP tags: <? asp_tags Do not use ASP like tags: <% echo "hello world"; %> gpc_magic_quotes I recommend that you include code in a global include file which is run before any $_GET or $_POST parameter or $_COOKIE is read. register_globals Never rely on this option beeing set. File uploads: The maximum size of an uploaded file is determined by the following parameters: Have one single configuration file You should define all configuration parameters of your application in a single (include) file. Generate code 1. <?
Limb PHP Framework