Securing page requests – Phramework::findRequestedPage()
The central idea behind this framework is to have each request handled by a centralised and secure core that manages repetitive tasks for us. In order to achieve this we redirected all requests to a single index.php file by implementing .htaccess RewriteRules to set the value of $_GET['page']. While these rules will only pass secure values to our script it is always possible to bypass them by directly accessing index.php?page=some-malicious-path and we therefore need to address this threat.
Phramework class & extending the define function
The core of the framework will be focused around a single object, an instance of the Phramework class. Admittedly, this first post regarding the class is quite tedious however it is nonetheless quite essential. Read more…
mod_rewrite & .htaccess
In order to achieve the centralised (it’s not a typo, I’m an Aussie) parser outlined in the framework architecture we will need to have all relevant requests directed to index.php and block direct requests to any PHP page. For this, Apache’s mod_rewrite is a perfect tool and I will assume that you have some knowledge of regular expressions (there are great cheat sheets available for both mod_rewrite and regular expressions). Read more…
Framework Architecture
There are numerous repetitive tasks that need to be processed for every request to a PHP based website. Thus the architecture of the framework needs to encompass this. All requests will be parsed through a single file to handle these repetitive tasks before handling those specific to the request. Read more…
Project Goals
For the past 2 years I have iteratively built a PHP framework for use across all of my projects. It has now reached the point at which, in the spirit of FOSS, I believe it would be beneficial for both the framework and the wider PHP community if I were to release the code publicly. Read more…
