Read the article on No Framework PHP MVC framework written by Rasmus Lerdof (he doesn't need an introduction!) who explains on how we could gear a simple, yet easy to manage framework with bells and whistles of Web2.0 features. Re-read the disclaimer after you finish reading the article on the framework and the comments, so you can understand the essence of the article. Link to No Framework http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html

CakePHP Steps involved in Baking Scripts: i) Setup cakephp by ensuring that there is no warning message in the index page after initial installation. (for this you need to change salt value in /app/config/core.php, enable /app/config/database.php) ii) Create a database and a user for the database. After this apply the database configuration parameters to /app/config/database.php If you are running the bake for the first time, it will ask you to create database configuration for the first time. iii) Ensure that the path or the environment variable is set with access to PHP, MySQL executables c:/> PATH or $ echo $PATH (more…)

Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website. For e.g. an intruder may create a link to a site called samplesite.com as <a href="http://samplesite.com/cart.php?PHPSESSID=Ax23mDud" />Sample Site<a> When a user clicks on this link the session id gets carried on to the site 'samplesite.com'. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user's activity on samplesite.com. (more…)

Consider the following scenario where we have a database table:users and that we need carry the validations for the following forms i) Login ii) Change password iii) Add/Edit user records iv) Forgot password You can either write separate controllers and have each controller call a model based on table: users to validate each input field or use the same user model to carry out different validations which sounds logical. It is easy to carry out different validations in a cakephp model by using the Multi-validatable Behavior by having different validation sets for different testing conditions. Key things to note here ... i) Download the code for Multivalidatable Behavior and have it placed under /models/behaviors/ folder ii) In the model where you want to have multi validation, you need to include multivalidatable behavior like var $actsAs = array("Multivalidatable"); iii) Add validation rulesets array like var $validationSets = array('login' => array('name'=>array('rule'=>'alphanumeric')), 'changepassword' => array('password'=>array('rule'=>'notEmpty')) ); iv) In the controller where you want to apply the validation rule set, you need to add the respective validation like function login(){ $this->User->setValidation('login'); } function changepassword(){ $this->User->setValidation('changepassword'); } For more info visit CakePHP Bakery

It is always secured to turn OFF register_globals in PHP applications. Earlier, we have seen how to turn OFF register_globals setting via .htaccess file and in this blog we will use php.ini instead. Using a text editor create a file called php.ini. This will be our first step. Next, we need to add the following line of code in php.ini register_globals = off Upload php.ini file to the root folder where your application resides.

List of steps to take care when using PHP to upload images or documents i) use is_uploaded() function to check if the file is uploaded before moving the file from temporary location ii) sanitize the name of the file before moving the file from the temporary location by executing the 'mv' system command (use escapeshellargs, escapeshellcmd as needed) iii) chmod the file setting to 644 if needed iv) the directory from where the file will be moved and the destination directory should be initialized beforehand in order to prevent users from altering the path where the files could be stored