PHP Ninja

PHP: Object-Oriented Programming

Chapter 1

1. OOP defines objects that contain values and functions.
2. The code can be grouped up by a theme or purpose.
3. Object properties describes what the object is that you're trying to program.
4. Object methods allows the object to know how perform a task within a single function.

Chapter 2

1. Class Example
2. Class Instances
3. Class Methods
4. Class Properties
5. Challenge 1

Chapter 3

1. Class Inheritance
2. Challenge 2

Chapter 4

1. Class Visibility
2. Challenge 3

Chapter 5

1. Static Modifiers
2. Class Constants
3. Late Static Bindings
4. Challenge 4

Chapter 6

1. Class Visibility
2. Cloning

PHP: Object-Oriented Programming with Databases

Chapter 2

1. Bicycle Inventory

Chapter 3

1. View Page
2. Detail Page

Chapter 4

1. CRUD Application
2. Edit Page
3. Delete Page

Chapter 5

1. Login Page
2. Admin Page
3. Add Admin Page

Chapter 6

1. Pagination Next
2. Pagination Previous

PHP: Creating Secure Websites

Chapter 1

1. Web Applications are big targets becuase they can contain valuable data.


2. With PHP being the most used language its also become one of the biggest targets.


3. By granting the least amount of privileges to users and adding layers of redundant measures will help deter hackers from getting in.

Chapter 2

1. Version updates can contain patches and bug fixes needed to increase security measures.


2. When your site goes into production it is best practice NOT to use PHPInfo and phpMyAdmin which could expose valuable settings and databases information.


3. In the latest PHP updates configuring register globals is turned off. You'll have to use superglobals from now on.


4. Magic Quotes and Safe Mode is also turned off as well.

Chapter 3

1. Validation Tests


2. Processing the data so it can be neutralized and rendered harmless is called 'sanitizing' the data. It can be used in HTML, SQL, JavaScript, etc.
3. 
   
4. It is good practice to separate you files through a public (files users going to see) and private (any functions and programming files) folders.

Chapter 4

1. Cross-site scripting is when a hacker injects JavaScript code into the webpage tricking someone to running it. Any output data must be sanitized.


2. SQL Injection is an attack that allows a hacker to input SQL commands to manipulate your database.


3. Faked forms are duplicated HTML forms that can be resubmitted to expose data. Do not rely on the form structure or JavaScript for validation but rather use PHP measures to do so.


4. If you site is going to use cookie data then the data needs to be set and then excrypted so to protect any data thats contained.


5. Signing Cookies


6. Session Hijacking and fixation


7. Avoid running any remote system commands as it can expose critical data and the hacker will gain unfettered control over the web server.


8. When you have a file upload it is important that it isn't open to the public and has authenticated users. You can prevent file upload abuse by setting file permissions on the users, limiting their file sizes, etc.


9. Validating File Types

Chapter 5

1. Never store passwords in plain text and make sure to use one-was encryption.


2. The best way to keep a password safe is through user authentication and password hashing.


3. Brute-Force Attack is when a hacker attempts many password combinations at an extremely fast pace.


4. Blacklisting an IP address is last resort method to preventing hackers from accessing the page at all. It would require a database logging in hundreds of addresses if necessary.


5. Password Reset Tokens