Secure PHP Blog
The project is written using HTML5 and CSS3 so be sure to use a recent web browser for the best experience.
The project makes use of:
- Disqus for comments
- ReCaptcha to prevent robots from spamming the blog with unwanted comments
- Redbean for Object-Relational Mapping
- CKEditor for WYSIWYG edition of blog entries
- HTML Purifier for malicious code filtering
- Bootstrap for the layout
For detailed information (in French), you can read this document.
All the configuration is done by editing the file named
setup.php in the
First, you need to create a database. By default, this is a MySQL database,
though you can change this by editing the
DB_DSN_PDO variable. Edit the
DB_PASSWORD variables to match your
The project comes with a wasp.sql sample database dump which you can import using
a tool such as PHPMyAdmin or by running a command such as
mysql -p -u root database_name < wasp.sql.
This dump contains a test user (login: firstname.lastname@example.org, password: password)
and a few post so that you can quickly see what the blog posts look like.
Create a ReCaptcha account and update the
RECAPTCHA_PRIVATEKEY variables with the public and private key provided by
the ReCaptcha service.
By default, the comments you will see are those associated with the Disqus
shortname 'waspblog'. You can change this by creating an account on Disqus
and setting your own shortname in the
DISQUS_SHORTNAME variable. Please note
that Disqus comments will not appear when running locally.
You must then configure the SMTP server that will be used to send emails to
the users of the blog. The default setup.php file is configured to use a GMail
account but you will need to update the
variables with your GMail login and password.
You will probably need to update the
ROOTPATH variables. For
instance if you wish to make the project available at http://domain.com/blog/,
set DOMAIN to 'http://domain.com' and ROOTPATH to '/blog/'.
If you want this blog to really be secure, you need to change the
variable since the default one is published publicly. However, if you do
this, previously created account will become invalid, including the one
from the sample database.
François CHAPUIS - Afnarel
Roman MKRTCHIAN - nam0r
This project is distributed under the terms of the Creative Commons CC-BY-SA license.
If you wish to contribute some code, you are welcome to submit pull requests.