Saturday, November 19, 2011

How to Add Captcha in Php Form

Adding CAPTCHA to your form protects your site from spam bots. It is a program that generates colourful image with distorted text that human can read but current spam bots cannot figure out the text.


To add captcha to your php form, use reCaptcha. Your need to sign up to recaptcha using your google account. http://www.google.com/recaptcha


Go to my account and add your site. Once you have added your site, you will get the following details.


1) Public key


2) Private key


In addition, you need to get php recatpcha plugin from http://code.google.com/p/recaptcha/downloads/list?q=label:phplib-Latest


Once you have the Public key, Private key and recaptchalib.php file (Only this file is required for the recaptcha to work) from the plugin, you can start.


For details on the php programming side, please go to http://probyte2u.hubpages.com/hub/How-to-Add-Captcha-in-Php-Form



Thursday, November 10, 2011

Database Security Tips

When developing website or ecommerce solution, important aspect of the design is the database security. The database needs to be protected from any security loopholes. If you’re using MySQL, one way to protect your db is by using MySQL access privileges system. You create specific user type for different user activity.

For example, if you developing website where user can register and add content inside your website. You might have three type of users:

Public : general user who might just select and browse through your site.
Registered : User who can add content to your site.
Admin : User who manage your users and content. Ban the users and some other admin function.

Based on the user types , you create separate MySQL user accounts with the following permission.
Public : SELECT
Customer : SELECT, INSERT, UPDATE
Admin : SELECT, INSERT, UPDATE, DELETE

You could write your configuration file as follow:

DEFINE(‘DB_HOST’,’localhost’);
DEFINE(‘DB_NAME’,’databasename’);

If (isset($user) && ($user==’Admin’)) {
DEFINE(‘DB_USERNAME’,’usernameA’);
DEFINE(‘DB_PASSWORD’,’passwordA’);

elseif (isset($user) && ($user==’Customer’)) {
DEFINE(‘DB_USERNAME’,’usernameB’);
DEFINE(‘DB_PASSWORD’,’passwordB’);
}

else {
DEFINE(‘DB_USERNAME’,’usernameC’);
DEFINE(‘DB_PASSWORD’,’passwordC’);
}

Keep the connection file outside of your web root, in a private folder. This prevents outsider’s access to site. If you don’t have a private folder, then protect the file by using .htaccess

Try not to provide the following permissions to users who connect from website. If you got hacked, you will give lots of fire power to the hacker to do the damage.

PROCESS, FILE, SHUTDOWN, DROP, CREATE and ALTER.

By limiting the users’ permission you can protect your site from any harm. Even if you site has been hacked, the damage could be limited.

Credit: Effortless E-Commerce with Php and MySQL, Larry Ullman.
Related Posts Plugin for WordPress, Blogger...

ShareThis