File Manager
Editing: security.php
<?php // Error reporting — disable on production ini_set('display_errors', 0); ini_set('display_startup_errors', 0); error_reporting(0); // Secure session start function secure_session_start() { if (session_status() === PHP_SESSION_NONE) { session_start(); } } secure_session_start(); // Sanitize user input (for GET, POST, etc.) function sanitize($data) { if (is_array($data)) { return array_map('sanitize', $data); } return htmlspecialchars(trim($data), ENT_QUOTES, 'UTF-8'); } // Apply sanitization to global arrays $_GET = sanitize($_GET); $_POST = sanitize($_POST); $_REQUEST = sanitize($_REQUEST); // Database connection $servername = "127.0.0.1:3306"; $username = "u404542307_dacotywebsites"; $password = "daCotywebs1te5"; $database = "u404542307_eizon"; $conn = new mysqli($servername, $username, $password, $database); // Check connection securely if ($conn->connect_error) { die("Database connection failed."); } // Prevent SQL injection — Use prepared statements (examples) function secure_query($conn, $sql, $params = []) { $stmt = $conn->prepare($sql); if ($params) { $stmt->bind_param(...$params); } $stmt->execute(); return $stmt->get_result(); } // Content Security Policy (CSP) to prevent XSS header("Content-Security-Policy: default-src 'self'; script-src 'self' https://www.googletagmanager.com; style-src 'self' https://cdnjs.cloudflare.com; img-src 'self' data:; connect-src 'self';"); // Disable XSS in HTTP headers header("X-Content-Type-Options: nosniff"); header("X-Frame-Options: DENY"); header("X-XSS-Protection: 1; mode=block"); // Prevent clickjacking header("Content-Security-Policy: frame-ancestors 'none';"); // Protect cookies ini_set('session.cookie_httponly', 1); ini_set('session.cookie_secure', 1); // Use only if you have HTTPS ini_set('session.use_only_cookies', 1); ?>
💾 Save
⬅ Back