Tagged Questions
1
vote
1answer
30 views
Review of template parsing function
I am using preg_replace_callback(), and I am concerned that I might have some sort of security risk. I am hoping to get a review of the below substitute() function. The purpose of the function is to ...
1
vote
2answers
46 views
Wordpress php Contact Form - Security flaws
I have the following contact form included with my wordpress theme as a template.
Now a user on Stackoverflow pointed out that this form has some serious security vulnerabilities.
Could someone ...
1
vote
2answers
124 views
Basic PHP comment form: what ways can I improve security, efficiency/cleanliness, or conventionality?
I am a programming novice. I've written this simple PHP script to run a very basic comment form and would appreciate any feedback, especially on these three topics:
Efficiency (not sure the right ...
3
votes
1answer
82 views
how secure is this way of writing and reading with PHP and SQLite?
This is a security question.
I'm quite new to PHP and just a beginner in SQLite.
For practical, and educational reasons, I'm writing a small PHP site that will serve as one-threaded discussion ...
2
votes
2answers
105 views
Check the security of my image upload script
I am writing a basic image upload script in PHP, and am looking for critiques. The script below is the result of various suggestions I have found online... for now I am running it locally and it works ...
2
votes
2answers
59 views
Hasher class for PHP<5.3
I've constructed a simple class whose entire purpose is to hash passwords securely and simply.
The catch is the PHP version is probably going to be 5.2.x. This means:
No CRYPT_BLOWFISH
Obviously no ...
11
votes
3answers
2k views
PHP PDO Database Abstraction Layer
I'd like to get some feedback on a PHP Database Abstraction Layer I've created. It's a little long, but there really wasn't a way to just post part of it. Here is the base DBObject class for MySQL:
...
2
votes
2answers
178 views
Is this a secure and best-practice PHP mail() function?
Is the following PHP laid out fine to go inside the mail function?
$to = "My Name <[email protected]>";
$subject = "Contact Form: $name";
$message = "Name: $name\r\nEmail: ...
2
votes
1answer
252 views
PHP form XSS vulnerability
I'd like to ask if this PHP/HTML code has any flaws which can be exploited by the potential aggressor:
<form method='post' action='<?php echo $_SERVER['PHP_SELF']; ?>'>
<input ...
3
votes
1answer
67 views
Converting from MySQLi to PDO account activation
I had been working on a project for some time, and then it went on the way back burner after my daughter was born. I'm back to it, and now I discover that I'm best off using PDO over MySQLi. So, I'm ...
1
vote
1answer
143 views
Concept for PHP Controlled, Privileged Execution (for a cPanel knockoff on Ubuntu Server)
I was thinking of building a F/OSS project as a cPanel for Ubuntu Server, since Ubuntu doesn't have this, and yet making it easy for a hosting company to use this, where users will find it just as ...
3
votes
5answers
691 views
Authentication library
I am building a library I need suggestions on how to improve it (security, performance, etc).
<?php
/**
* Authentication Library
*
* @author John Svensson
*/
class Auth
{
public ...
1
vote
2answers
265 views
Basic user registration code in PHP: Part 2
Edit1: Edited in response to Corbin's feedback
This is an update of my user registration code. This is continuation and implementation of feedback found in this thread: Previous codereview post.
I ...
1
vote
1answer
180 views
PHP: Connect & login to MySQL database
I am new to PHP so this is largely compiled from examples around the web. It seems to work fine. Are there any ways in which it can be improved upon? Is it secure?
<?php
...
5
votes
1answer
310 views
MySQLi DB library - quality/security review?
This libray was written quite some time ago, and it has so far been used in all sorts of small-ish projects.
I'm about to base a more complex, security (Access Control) related, open-source project ...
