gravatar

Edmonds Commerce are a UK based E-Commerce web development agency. We are based in Shipley which is in Yorkshire near Leeds and Bradford.

Our primary specialism is Magento and Magento2 and other PHP based E-Commerce platforms such as OpenCart.

In terms of technology we are very strong in PHP, MySQL, Linux, HTML, CSS and Javascript.

Easy Security for PHP Scripts

Dec 19, 2008 · 1 minute read
Category: phpsecurity

This is post is now quite old and the the information it contains may be out of date or innacurate.

If you find any errors or have any suggestions to update the information please let us know or create a pull request on GitHub

If you have a script, admin area or whatever that you would like to make a bit more secure, you can use the following chunk of code to do this. If you don’t have SSL (HTTPS) set up then you would need to get this sorted first.

This isn’t bullet proof protection, but it helps.

//IP addresses that you would like to be able to access the system
$allowed_ips[] = '99.99.99.01';
$allowed_ips[] = '99.99.99.02';
$allowed_ips[] = '99.99.99.03';
if(!in_array($_SERVER['REMOTE_ADDR'], $allowed_ips)){
	header('HTTP/1.1 500 Internal Server Error');
	exit();
}

//Force SSL Usage
if($_SERVER['SERVER_PORT'] != 443){ //assuming your server is running SSL on port 443
	$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
   	header('Location: '.$url);
}