Development Lithium PHP Security

Lithium CSRF Protection

CSRF attacks are among the most common security threats that affect web applications. The details of how CSRF attacks work have been covered extensively around the web. If you want to learn more, I strongly recommend reading Chris Shiflett’s popular…


FTP File Downloads with Auto Resume in PHP

I recently battled downloading a large (500+ MB) file via PHP’s native FTP functions. I tried several methods, including ftp_get and ftp_nb_continue, but I was continuously receiving error messages. The messages themselves are next to useless in determining the root…


Make Composer Globally Available

This is just a friendly tip on how to make Composer (a PHP dependency manager) globally available on your machine. All you really need to do is make sure to place the composer.phar file to a directory contained within your…

MySQL PHP Security

Escaping MySQL ‘LIKE’ Queries in PHP

Unlike most common MySQL escaping scenarios in PHP, one needs to take extra precautionary measures when implementing a LIKE query. LIKE queries contain special qualifiers for term matching, % and _, which the user could maliciously include in their search…

Development Lithium PHP

Lithium PHP Method Filters

A unique feature of Lithium is its method filter system. To summarize, it allows for intercepting method calls as well as modifying arguments and return values. This not only makes for some interesting ways to extend the framework but also helps maintain better separation of cross-cutting concerns.

Development PHP Security

Secure PHP Authentication Revisited

Awhile back I had posted on the topic of Securing PHP User Authentication, Login, and Sessions. While the majority of methods for increasing obscurity remain true, the hashing algorithms used have become increasingly insecure. If you have not done so,…

Development PHP Zend Framework

Override the Default Zend Escape Method

By default, using $this->escape() in your view files makes a call to Zend_View_Abstract::escape(). The problem with the implementation of Zend’s default escape method is that it’s a little lackluster in terms of security. It does not have any exception handling…

Development Performance PHP

PHP Memcache vs. Memcached

You may or may not be aware, but PHP has two separate module implementations wrapping the memcached (as in memcache daemon) server. The memcache module utilizes this daemon directly, whereas the memcached module wraps the libMemcached client library and contains…

Database Development MongoDB PHP

Important MongoSession Updates

I have posted a couple of important updates to MongoSession (a PHP MongoDB Session Handler) that I’d like to share with you. I have removed the secondary indexed id field which should speed up operations as well as reduce the…


Dear Kohana, I Detest Your 3.x Website

I’ve got a bone to pick with the Kohana development team. I just wasted a couple hours out of my day adding functionality to their core Validate class only to find that the functionality had already been added in a…

Facebook Security

“Likejacking” Term Catches On

Back in late April, following Facebook’s f8 conference, a few articles began trickling out regarding possible security concerns with the new “Like” button. I had, at that time, unknowingly positioned myself as the potential originator of the term “likejacking.” In…

Development PHP

A Quick Implementation of String Sort in PHP

There’s not a whole lot of PHP algorithms floating around. Perhaps people just rely upon the SPL. I had a curiosity to find a string sorting algorithm written in PHP and I didn’t find any non array-based solutions. The implementation…

Development PHP

Advanced Method to Retrieve the Client IP in PHP

There are perhaps hundreds if not thousands of articles on obtaining your visitor’s IP address. The majority if these entries will refer to a small subset of global $_SERVER variables (HTTP_X_FORWARDED_FOR, HTTP_CLIENT_IP, and REMOTE_ADDR). Although both fast and simple solutions…