Secure web application (blog) written in PHP
JavaScript PHP CSS Other
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
classes
css
includes
js
recaptcha
.gitignore
README.md
comments.php
confirm.php
delete.php
detail.php
doRecovery.php
edit.php
index.php
login.php
logout.php
post.php
rapport.odt
rapport.pdf
recover.php
signup.php
wasp.sql

README.md

Secure PHP Blog

About

Student project aiming to develop a secure PHP application (blog), developed with Roman MKRTCHIAN as part of the WASP (Web Application Security) course at Polytech Nice Sophia (5th year, 2012-2013).

The project is written using HTML5 and CSS3 so be sure to use a recent web browser for the best experience.

The project makes use of:

For detailed information (in French), you can read this document.

Setup

All the configuration is done by editing the file named setup.php in the includes directory.

First, you need to create a database. By default, this is a MySQL database, though you can change this by editing the DB_DSN_PDO variable. Edit the DB_HOST, DB_NAME, DB_USER and DB_PASSWORD variables to match your configuration.

The project comes with a wasp.sql sample database dump which you can import using a tool such as PHPMyAdmin or by running a command such as mysql -p -u root database_name < wasp.sql. This dump contains a test user (login: user@yopmail.com, password: password) and a few post so that you can quickly see what the blog posts look like.

Create a ReCaptcha account and update the RECAPTCHA_PUBLICKEY and RECAPTCHA_PRIVATEKEY variables with the public and private key provided by the ReCaptcha service.

By default, the comments you will see are those associated with the Disqus shortname 'waspblog'. You can change this by creating an account on Disqus and setting your own shortname in the DISQUS_SHORTNAME variable. Please note that Disqus comments will not appear when running locally.

You must then configure the SMTP server that will be used to send emails to the users of the blog. The default setup.php file is configured to use a GMail account but you will need to update the SMTP_LOGIN and SMTP_PASSWORD variables with your GMail login and password.

You will probably need to update the DOMAIN and ROOTPATH variables. For instance if you wish to make the project available at http://domain.com/blog/, set DOMAIN to 'http://domain.com' and ROOTPATH to '/blog/'.

If you want this blog to really be secure, you need to change the SALT variable since the default one is published publicly. However, if you do this, previously created account will become invalid, including the one from the sample database.

Authors

François CHAPUIS - Afnarel

Roman MKRTCHIAN - nam0r

License

This project is distributed under the terms of the Creative Commons CC-BY-SA license.

Contribution

If you wish to contribute some code, you are welcome to submit pull requests.