CodeIgniter L5 email & user agent & security
-
Upload
mohammad-tahsin-al-shalabi -
Category
Technology
-
view
343 -
download
0
Transcript of CodeIgniter L5 email & user agent & security
Codeigniter Framework
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
5. Email & User agent & Security
Agenda
• Email.
• User agent.
• Security.
• Conclusion.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
• Email class.
• Sending Email.
• Email class functions.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Email class
• supports the following features.
- Multiple Protocols: Mail, Sendmail, and
SMTP.
- Multiple recipients.
- HTML or Plaintext email.
- Attachments
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Sending Email
$this->load->library('email');
$this->email->from('[email protected]',
'Your Name');
$this->email->to('[email protected]');
$this->email->subject('Email Test');
$this->email->message('Testing the email
class.');
$this->email->send();
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Email class functions
• from() Sets the email address and name
of the person sending the email.
• to() Sets the email address(s) of the
recipient(s).
• subject() Sets the email subject.
• message() Sets the email message body.
• send() The Email sending function.
Returns boolean TRUE or FALSE.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Let’s Try It
Live!
User agent
• User agent class.
• Class functions.
• Example.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
User agent class
• provides functions that help identify
information about the browser, mobile
device, or robot visiting your site.
• Agent class is must initialize in your
controller using as following:
$this->load->library('user_agent');
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Class functions
• $this->agent->is_browser()
• $this->agent->is_mobile()
• $this->agent->is_robot()
• $this->agent->browser()
• $this->agent->mobile()
• $this->agent->robot()
• $this->agent->platform()
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Example
$this->load->library('user_agent');
if ($this->agent->is_browser()){
$agent = $this->agent->browser();
}elseif ($this->agent->is_robot()){
$agent = $this->agent->robot();
}
echo $agent;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Let’s Try It
Live!
Security
• URI Security
• Error reporting
• XSS Filtering
• Data escape
• Data validation
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
URI Security
• minimize the possibility that malicious data
can be passed to your application.
• URIs may only contain the following:
Alpha-numeric text
Tilde: ~ Period: .
Colon: : Underscore: _
Dash: -
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Error reporting
• it is typically desirable to disable PHP's
error reporting by setting the internal
error_reporting flag to a value of 0.
• This disables native PHP errors from
being rendered as output, which may
potentially contain sensitive information.
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
XSS Filtering
• CodeIgniter comes with a Cross Site
Scripting Hack prevention filter which can
either run automatically to filter all POST
and COOKIE data that is encountered, or
you can run it on a per item basis
• Loading security helper
$this->load->helper('security');
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
XSS Filtering
• xss_clean():
Provides Cross Site Script Hack filtering.
to run automatically every time it
encounters POST or COOKIE data you
can enable it by set this in config file
$config['global_xss_filtering'] = TRUE;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
XSS Filtering
• sanitize_filename():
Provides protection against directory
traversal.
• Enable csrf protection:
by setting this in config file
$config['csrf_protection'] = TRUE;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Data escape
• Escape data before inserting it into
database.
• $this->db->escape()
This function determines the data type so
that it can escape only string data.
• $this->db->escape_like_str()
This method should be used when strings are to
be used in LIKE conditions
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Data validation
• Validating, Filtering, and Prepping data
• We saw this in session 2 : )
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Let’s Try It
Live!
Conclusion
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
THANK YOU
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
Questions?