CodeIgniter L5 email & user agent & security

Codeigniter Framework

Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi

5. Email & User agent & Security

Agenda

• Email.

• User agent.

• Security.

• Conclusion.


Email

• Email class.

• Sending Email.

• Email class functions.


Email class

• supports the following features.

- Multiple Protocols: Mail, Sendmail, and

SMTP.

- Multiple recipients.

- HTML or Plaintext email.

- Attachments


Sending Email

$this->load->library('email');

$this->email->from('[email protected]',

'Your Name');

$this->email->to('[email protected]');

$this->email->subject('Email Test');

$this->email->message('Testing the email

class.');

$this->email->send();


Email class functions

• from() Sets the email address and name

of the person sending the email.

• to() Sets the email address(s) of the

recipient(s).

• subject() Sets the email subject.

• message() Sets the email message body.

• send() The Email sending function.

Returns boolean TRUE or FALSE.



Let’s Try It

Live!

User agent

• User agent class.

• Class functions.

• Example.


User agent class

• provides functions that help identify

information about the browser, mobile

device, or robot visiting your site.

• Agent class is must initialize in your

controller using as following:

$this->load->library('user_agent');


Class functions

• $this->agent->is_browser()

• $this->agent->is_mobile()

• $this->agent->is_robot()

• $this->agent->browser()

• $this->agent->mobile()

• $this->agent->robot()

• $this->agent->platform()


Example

$this->load->library('user_agent');

if ($this->agent->is_browser()){

$agent = $this->agent->browser();

}elseif ($this->agent->is_robot()){

$agent = $this->agent->robot();

}

echo $agent;



Let’s Try It

Live!

Security

• URI Security

• Error reporting

• XSS Filtering

• Data escape

• Data validation


URI Security

• minimize the possibility that malicious data

can be passed to your application.

• URIs may only contain the following:

Alpha-numeric text

Tilde: ~ Period: .

Colon: : Underscore: _

Dash: -


Error reporting

• it is typically desirable to disable PHP's

error reporting by setting the internal

error_reporting flag to a value of 0.

• This disables native PHP errors from

being rendered as output, which may

potentially contain sensitive information.


XSS Filtering

• CodeIgniter comes with a Cross Site

Scripting Hack prevention filter which can

either run automatically to filter all POST

and COOKIE data that is encountered, or

you can run it on a per item basis

• Loading security helper

$this->load->helper('security');


XSS Filtering

• xss_clean():

Provides Cross Site Script Hack filtering.

to run automatically every time it

encounters POST or COOKIE data you

can enable it by set this in config file

$config['global_xss_filtering'] = TRUE;


XSS Filtering

• sanitize_filename():

Provides protection against directory

traversal.

• Enable csrf protection:

by setting this in config file

$config['csrf_protection'] = TRUE;


Data escape

• Escape data before inserting it into

database.

• $this->db->escape()

This function determines the data type so

that it can escape only string data.

• $this->db->escape_like_str()

This method should be used when strings are to

be used in LIKE conditions


Data validation

• Validating, Filtering, and Prepping data

• We saw this in session 2 : )



Let’s Try It

Live!

Conclusion


THANK YOU


Questions?

CodeIgniter L5 email & user agent & security

Technology

Transcript of CodeIgniter L5 email & user agent & security