PHP Classes

Burge CMF

Recommend this page to a friend!

      Burge CMF  >  All threads  >  Burge CMF  >  (Un) Subscribe thread alerts  
Subject:Burge CMF
Summary:Installation
Messages:53
Author:Joseph Schembri
Date:2016-12-29 14:27:03
 
  1 - 10   11 - 20   21 - 30   31 - 40   41 - 50   51 - 53  

  51. Re: Burge CMF   Reply   Report abuse  
Picture of Burge Lab Burge Lab - 2017-01-03 04:41:21 - In reply to message 50 from Burge Lab
Hi Joseph,

Now, other things you should do to secure your app:

1) In line 30, file "application/helpers/constants_helper.php" , you see:

define("ADMIN_URL_FOLDER","admin");

you should change it to

define("ADMIN_URL_FOLDER","JosephSecureAdmin2017");

which "JosephSecureAdmin2017" can be each mixture such as "34tgfas43tgsd" or "dasf4tgdsg5tgrtbrth45" or every thing else,
and after that, your admin environment of your application, which had the address of "subdomain.domain/admin" will be chaged to "subdomain.domain/JosephSecureAdmin2017" or every other expression you have used in line 30 to define "ADMIN_URL_FOLDER" and you can login to it by "subdomain.domain/JosephSecureAdmin2017/login"


By doing so, you can be sure that the admin environment cant be reached by any people.

You can change it periodically.

2) There are some other constants that you should change them. Since they are the same in each installation of BurgeCMF, thus you need to change them, so it's unavailable for your visitors to find out web framework you use. Some of them is not sent to visitor but its better to be changed to randomize.

In constants_helper:

- COOKIE_PREFIX
- SESSION_VARS_PREFIX
- VISITOR_TRACKING_COOKIE_NAME
- TRACKING_ENCRYPTION_KEY
- TRACKING_IV

In "config/config.php":

- $config['encryption_key']
- second part of definition of $config['sess_cookie_name']
- $config['csrf_token_name']
- $config['csrf_cookie_name']

** Note that you have to replace them with a random expression with the same length.

3) There are some other changes that allow you to personalize your application:

- lines 3,and 4 of "application/language/en/ae_general_lang.php"
- lines 5-9 of "application/language/en/ce_general_lang.php"


  52. Re: Burge CMF   Reply   Report abuse  
Picture of Joseph Schembri Joseph Schembri - 2017-01-03 06:29:50 - In reply to message 51 from Burge Lab
Hi

I was having trouble with my email and finally got it going again.

Just a few questions to help get going again.:

You stated Access levels set the access of each user to modules, how do you set an access level?

I see users have a code, badmin (Code 10)
What is this Code and how do I assign. Can I just pick anything?

I sometimes have hard time reading captcha. How can I reduce the noise level (lines) to make it clearer. Sometimes cannot tell the difference between number 1 and capital I.
It looks like only capitals are used which helps.
Could I modify the sequence that is used to generate captcha.

After this, I will start with the other suggestions you have made.

Thanks

  53. Re: Burge CMF   Reply   Report abuse  
Picture of Burge Lab Burge Lab - 2017-01-03 06:41:28 - In reply to message 52 from Joseph Schembri
1) You need just to visit "Access Levels" page to set access level of each user/user-group

2) User code is just a simple field. In many organizations, each employee has a code, so that it is easier to find him/her, and customers know people they are talking with their code.

3) You can change captcha algorith, in "init_helpers" in function get_captcha(). It's easy and you can change it.

Please send me email (koohi@burge.ir). That's easier to respond.

 
  1 - 10   11 - 20   21 - 30   31 - 40   41 - 50   51 - 53