w34u / ssp
Secure login system for php frameworks, applications and sites
Requires
- php: ^7.4 || ^8.0
- ext-mbstring: *
- adodb/adodb-php: ^5.0
- php-di/php-di: ^7.0
- ruckusing/ruckusing-migrations: ^1.1
- slim/psr7: ^1.7
- slim/slim: ^4.14
Requires (Dev)
- codeception/codeception: 5.1.*
- codeception/specify: ^2.0
- dev-master
- v3.3.0
- v3.2.28
- v3.2.27
- v3.2.26
- v3.2.25
- v3.2.24
- v3.2.23
- v3.2.22
- v3.2.21
- v3.2.20
- v3.2.19
- v3.2.18
- v3.2.17
- v3.2.16
- v3.2.15
- v3.2.14
- v3.2.13
- v3.2.12
- v3.2.11
- v3.2.10
- v3.2.9
- v3.2.8
- v3.2.7
- v3.2.6
- v3.2.5
- v3.2.4
- v3.2.3
- v3.2.2
- v3.2.1
- v3.2.0
- v3.1.6
- v3.1.5
- v3.1.4
- v3.1.3
- v3.1.2
- v3.1.1
- v3.1.0
- v3.0.9
- v3.0.8
- v3.0.7
- v3.0.6
- v3.0.5
- v3.0.4
- v3.0.3
- v3.0.2
- v3.0.1
- v3.0.0
- dev-dependabot/composer/guzzlehttp/psr7-1.9.1
- dev-dependabot/composer/guzzlehttp/guzzle-6.5.8
- dev-dependabot/composer/codeception/codeception-3.1.3
- dev-improved_user_id
- dev-version_3.0_dev
This package is auto-updated.
Last update: 2024-12-02 13:01:09 UTC
README
Secure login system for php frameworks, applications and sites
These set of php routines are designed to allow php developers to easily secure a site or an application.
Based on the ideas and information written about in [Innocent Code] (http:///www.amazon.co.uk/Innocent-Code-Security-Wake-up-Programmers/dp/0470857447/ref=sr_1_1?ie=UTF8&s=books&qid=1266594625&sr=1-1) by the security consultant [Sverre H. Huseby] (http://shh.thathost.com/) the code attempts to make the site resilient against most forms of attack.
Installation
composer require w34u/ssp
-
Move vendor/w34u/ssp/cfg to version controlled part of your project, preferably outside the browser viewable part of your project.
-
Rename vendor/w34u/ssp/cfg/Configuration.change.php to Configuration.php and assign values to all the properties to do the database connection and secure your site.
-
Add "autoload": { "psr-4": { "w34u\\ssp\\": "cfg/" } }, to composer.json so that the configurations load and then run 'composer dumpautoload' to refresh the loader.
-
Move vendor/w34u/ssp/cfg/sspadmin to a browser viewable area and ensure sspadmin/includeheader.php requires the composer autoloader in vendor.
-
Point your favourite browser at sspadmin/setup and follow the instructions to create the database and your first admin login.
[Originally hosted on source forge for old versions] (https://sourceforge.net/projects/ssprotection/)
System requirements
PHP >= 5.5 and up.
adodb/adodb-php >= 5.0
mbstring
mcrypt
Attacks hardened against are:
- Sql injection.
- Invalid character injection in forms.
- Javascript injection in forms.
- Sesson theft.
- Session takeover.
- One forms out put being used into another.
- Designed to be used with ssl thus helping to prevent man in the middle type attacks.
Facilities provided by this set of libraries and routines:
- Basic joinup routine.
- Password recovery.
- User admin.
- User self admin.
- Fully templated using fast simple template class.
- Powerful (and paranoid) form building class.
- Data checking class.
- Useful lister and html menu list generation classes
- Works with php 5.0 upwards
- Uses database abstraction to work with most databases, has been used with MySql, Access and MS Sql Server.
- Multi lingual capability with browser language checking.
Highly configurable session, login and debug:
- Http or Https.
- Variable number of actals for ip checking.
- Fully configurable on types of checks to be done.
- Login by email or username.
- Extend the login for other user inputs.
- Error output either to screen or log file for live sites.