Essential PHP Security Book Cover
Essential PHP Security by Chris Shiflett
About | Contents | Buy Now | Reviews | Errata | Code
  1. Foreword
  2. Preface
  1. Introduction
  2. Forms and URLs
          ch02.pdf
  3. Databases and SQL
  4. Sessions and Cookies
          ch04.pdf
  5. Includes
  6. Files and Commands
  7. Authentication and Authorization
  8. Shared Hosting
  1. Configuration Directives
  2. Functions
  3. Cryptography
  4. Index

Code Repository

Chapter 1, Introduction

Set Error Reporting Directives (Pg 3)
Create a Custom Error Handler (Pg 3)
Escape Output (Pg 13-14)

Chapter 2, Forms and URLs

Raw POST Request with File Upload (Pg 21-22)
Use is_uploaded_file() (Pg 22)
Use move_uploaded_file() (Pg 22)
Use filesize() (Pg 23)
Add a Token to a Form (Pg 28)
Check a Token in a Form (Pg 28)
Send a Raw HTTP Request (Pg 31-32)

Chapter 4, Sessions and Cookies

Enforce User-Agent Consistency (Pg 48)
Create an Auth Token (Pg 49)

Chapter 7, Authentication and Authorization

Brute Force an Authentication Form (Pg 65)
Throttle an Authentication Form (Pg 66-67)
Create a Persistent Login Cookie (Pg 71)
Check a Persistent Login Cookie (Pg 71-73)

Chapter 8, Shared Hosting

Read Session Data (Pg 77)
Store Session Data in a MySQL Database (Pg 78-80)
Edit Session Data (edit.php) (Pg 81-82)
Edit Session Data (inject.php) (Pg 82)
Browse the Filesystem (Pg 82-83)
Bypass Safe Mode (Pg 85)

Appendix C, Cryptography

Hash a Password (Pg 98)
Check a Password (Pg 98)
List Available Algorithms (Pg 99)
Create a Cryptography Class (Pg 99-100)
Use a Cryptography Class (Pg 100)
Decrypt Data (Pg 101-102)
Encrypt Session Data (Pg 102-103)