CodeIgniter L5 email & user agent & security
Download as PPSX, PDF1 like882 views
The document discusses various features of the Codeigniter framework related to email, user agents, and security. It describes the email class and how to send emails, the user agent class and how to identify browser/device information, and security measures like URI filtering, error reporting, XSS filtering, and data validation/escaping. The document contains examples and instructions for utilizing these Codeigniter classes and features.
![XSS Filtering
• xss_clean():
Provides Cross Site Script Hack filtering.
to run automatically every time it
encounters POST or COOKIE data you
can enable it by set this in config file
$config['global_xss_filtering'] = TRUE;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi](https://image.slidesharecdn.com/5-150409144143-conversion-gate01/85/CodeIgniter-L5-email-user-agent-security-17-320.jpg)
![XSS Filtering
• sanitize_filename():
Provides protection against directory
traversal.
• Enable csrf protection:
by setting this in config file
$config['csrf_protection'] = TRUE;
Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi](https://image.slidesharecdn.com/5-150409144143-conversion-gate01/85/CodeIgniter-L5-email-user-agent-security-18-320.jpg)
CodeIgniter L5 email & user agent & security
- 1. Codeigniter Framework Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi 5. Email & User agent & Security
- 2. Agenda • Email. • User agent. • Security. • Conclusion. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 3. Email • Email class. • Sending Email. • Email class functions. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 4. Email class • supports the following features. - Multiple Protocols: Mail, Sendmail, and SMTP. - Multiple recipients. - HTML or Plaintext email. - Attachments Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 5. Sending Email $this->load->library('email'); $this->email->from('[email protected]', 'Your Name'); $this->email->to('[email protected]'); $this->email->subject('Email Test'); $this->email->message('Testing the email class.'); $this->email->send(); Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 6. Email class functions • from() Sets the email address and name of the person sending the email. • to() Sets the email address(s) of the recipient(s). • subject() Sets the email subject. • message() Sets the email message body. • send() The Email sending function. Returns boolean TRUE or FALSE. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 7. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi Let’s Try It Live!
- 8. User agent • User agent class. • Class functions. • Example. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 9. User agent class • provides functions that help identify information about the browser, mobile device, or robot visiting your site. • Agent class is must initialize in your controller using as following: $this->load->library('user_agent'); Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 10. Class functions • $this->agent->is_browser() • $this->agent->is_mobile() • $this->agent->is_robot() • $this->agent->browser() • $this->agent->mobile() • $this->agent->robot() • $this->agent->platform() Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 11. Example $this->load->library('user_agent'); if ($this->agent->is_browser()){ $agent = $this->agent->browser(); }elseif ($this->agent->is_robot()){ $agent = $this->agent->robot(); } echo $agent; Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 12. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi Let’s Try It Live!
- 13. Security • URI Security • Error reporting • XSS Filtering • Data escape • Data validation Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 14. URI Security • minimize the possibility that malicious data can be passed to your application. • URIs may only contain the following: Alpha-numeric text Tilde: ~ Period: . Colon: : Underscore: _ Dash: - Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 15. Error reporting • it is typically desirable to disable PHP's error reporting by setting the internal error_reporting flag to a value of 0. • This disables native PHP errors from being rendered as output, which may potentially contain sensitive information. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 16. XSS Filtering • CodeIgniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter all POST and COOKIE data that is encountered, or you can run it on a per item basis • Loading security helper $this->load->helper('security'); Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 17. XSS Filtering • xss_clean(): Provides Cross Site Script Hack filtering. to run automatically every time it encounters POST or COOKIE data you can enable it by set this in config file $config['global_xss_filtering'] = TRUE; Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 18. XSS Filtering • sanitize_filename(): Provides protection against directory traversal. • Enable csrf protection: by setting this in config file $config['csrf_protection'] = TRUE; Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 19. Data escape • Escape data before inserting it into database. • $this->db->escape() This function determines the data type so that it can escape only string data. • $this->db->escape_like_str() This method should be used when strings are to be used in LIKE conditions Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 20. Data validation • Validating, Filtering, and Prepping data • We saw this in session 2 : ) Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 21. Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi Let’s Try It Live!
- 22. Conclusion Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi
- 23. THANK YOU Mhd Opada Al-Bosh & Mhd Tahsin Al-Shalabi Questions?