Projects / phpSecureSite


phpSecureSite is a modular authentication, session handling and security system for Web applications that was built using PHP. It features a stripped-down core that takes care of basic session handling, and modules for other functionality like brute force protection, session variables, and access control lists.

Operating Systems

Recent releases

  •  15 Nov 2003 20:41

    Release Notes: This is primarily a bugfix release. The most notable bug completely broke the database log module, but it is now working again. A few minor security issues have also been fixed. In addition, an LDAP authentication module has been added, and all the modules now set default configuration values which are used as fallbacks if the option is not set in the configuration files.

    •  14 Oct 2003 03:46

      Release Notes: Several critical security problems have been fixed, all related to unescaped data being placed directly in database queries. A new internal cache system has also been added, which should help reduce database load.

      •  12 Aug 2003 19:49

        Release Notes: This is the first semi-stable release of phpSecureSite. Most of the essential module infrastructure has been implemented, the API should be more or less stable for some time now, and most important modules are in place. To mention only a few changes: the author has added classes to the log system, greatly enhanced module infrastructure, added additional error information, allowed changing of the configuration file path, added support for SHA1 and Unix crypt() passwords and Microsoft SQL Server, added a new tool for cleaning up the database, added a log module for plain text files, made security and bug fixes, and cleaned the code.

        •  08 May 2003 13:00

          Release Notes: The big change in this version is the new and improved configuration system, which should make phpSecureSite a lot easier to set up. A few new modules have also been added: cachecontrol (for controlling caching policies), ipaccess (source IP based access control), and syslog logging module (for logging to the UNIX syslog). A couple of new options were added to the bruteforce module to set time limits. Some bugs and security problems have been fixed, and some internal changes were made.

          •  29 Jan 2003 22:09

            Release Notes: The most fundamental change is the complete modularization of the system. It now consists of a very stripped down core, which takes care of session handling and provides the module infrastructure, and various modules handling database communication, authentication, logging, ACLs (access control lists), brute force password guessing protection, session variables, session hijacking protection, session timeouts, and more.

            Recent comments

            25 Jun 2003 13:04 dorogoy

            PHPSecureSite is on it's early development but it is indeed a good job. I implemented the system on the admin section of my website in less than two hours. The flexibility and features are amazing and not having a front-end but explaining instead how to code one is a must if you know a little bit of PHP!! That means total integration with a website and that was exactly what I was looking. Thank you very much Erik.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.