Swiftlet 3.0

Posted on January 26, 2012

Three years ago I released an early version of Swiftlet, a light-weight PHP framework built for speed and security. Over time however, a lot of functionality was added and started to suffer from feature creep. My original intention of creating a maintainable framework that was easy to pick up was a bit lost.

Last Sunday I had a spur of inspiration and decided to start over. With a slightly different vision, a better understanding of MVC and experience gained with the project I managed to finish it the same day. The result is about 150kB of code including documentation.

If you’re unfamiliar with the model-view-controller approach to programming Swiftlet might be a good starting point. The code is quite simple and hopefully the documentation makes the concept understandable.

Source code

Swiftlet on GitHub

Swiftlet is released under the GNU Public License.

Scroll to top

Escaping and sanitizing user input in PHP

Posted on July 23, 2010

I recently answered a question on Quora, a questions and answers website that I frequent. The poster asked “what are best practices for escaping or sanitizing user input in PHP?” People seemed to appreciate the answer I wrote so I’ll post it here and elaborate on it a bit more.

Why is it important to sanitize user input?

If you’re not careful with user input your website might be open to code injection, directory traversal or similar attacks. Information supplied by users can never be assumed safe.

Examples of user input are submitted forms (e.g. comments), URL parameters (?q=example) and server-side scripts pulling in third-party data, such as an RSS feed importer.

Read more…

Scroll to top

How to store passwords safely with PHP and MySQL

Posted on January 31, 2010

First, let me tell you how not to store passwords and why.

Do not store password as plain text

This should be obvious. If someone gains access to your database then all user accounts are compromised. And not only that, people tend to use the same password on different sites so those accounts will be compromised as well. Your site doesn’t even need to be hacked; a system administrator could easily browse your database.

Do not try to invent your own password security

Chances are that you’re no security expert. You’re better off using a solution that has been proven to work instead of coming up with something yourself.

Do not encrypt passwords

Encryption may seem like a good idea but the process is reversible. Anyone with access to your code would have no trouble transforming the passwords back to their originals. Security through obscurity is not sufficient!

Read more…

Scroll to top

Swiftlet 1.0.0 Stable

Posted on May 08, 2009

Swiftlet logoSwiftlet, the light-weight PHP framework that I’ve been working on for a while, is now stable.

Feature-wise not much has changed since the Beta and Release Candidate cycles but the code has been thoroughly tested and improved where possible. If you’re planning on building a PHP website, give Swiftlet a try.

I moved the project page and documentation away from Google Code, if you go to swiftlet.org you’ll find the new page. It’s powered by a documentation system that I custom coded (dubbed Pintail). If there is any interest I will release the code behind it as Open-Source as well.

Scroll to top

Swiftlet Beta

Posted on May 02, 2009

Swiftlet logoSwiftlet is now in beta, after 15 alpha cycles I’m confident that it’s now pretty much feature complete (there core that is, there will be plenty more plug-ins) and relatively stable.

One of the most important recently added features is the plug-in installer. It checks for compatibility with the core code and creates and populates database tables with a click of the mouse. Plug-ins that don’t require a database connection don’t need to be installed; they’re plug-and-play (and Swiftlet runs fine without a database).

I also added plug-ins to handle user sessions and authorization. This should make it easy to create a website that requires a login system.

Download: code.google.com/p/swiftlet/downloads/list

Scroll to top

Swiftlet — light-weight PHP framework

Posted on April 25, 2009

Swiftlet logoI just released an early alpha version of Swiftlet, an Open Source, light-weight PHP framework released under the GPL license.

It’s targeted at developers who want to built simple websites that don’t require large and complex frameworks, but do want a solid base to work from. Swiftlet provides basic security features such as user input sanitizing, is highly extensible thanks to the deeply integrated hook system, completely Object Oriented and separates logic from design (MVC).

Even the most basic features such as connecting to a database and output buffering are implemented as plug-ins. This means they can be modified, extended and removed without hacking into the core code.

Website: http://swiftlet.org

Scroll to top

PHP: How not to pollute the global scope

Posted on March 28, 2009

An emerging trend in JavaScript is to wrap entire programs in a single object to prevent conflicts with other scripts. The same can be done with PHP, something I haven’t seen done very often.

Read more…

Scroll to top

Tips for writing compact PHP code

Posted on March 25, 2009

Writing compact code can save you time. It’s not always recommended and often even strongly discouraged as it makes your code less readable, but for simple operations it can be more efficient. In this post I will give a few examples.

Read more…

Scroll to top

Fork me on GitHub