Description
Do you want to learn and understand PHP Database Objects (PDO)?Do you want to know how to harness the power of PDO helper functions?Do you want to know how to write DB Wrapper class and methods the proper way?Do you want to be able to write slim, concise, reusable and secure code?Do you want to know how to prevent the most common website vulnerabilities? Such as: SQL Injection, Broken Authentication and Session Management, Broken Access Control, Cross-site Scripting (XSS) and much more. If your answer to all these is Yes, Then this course is for you. This course begins by an in-depth study of PDO, with concreate examples to buttress the knowledge taught. At the end of this course, you will be well grounded in PDO- knowing when and how to use each helper function correctly. In this course, I am going to walk you through the process of building a Complete and Secure User Registration Login System in OOP using PHP & MySQL. We are going to accomplish this task using web technologies like: PDO, MySQL, JQuery, Ajax, Bootstrap 4 and PHPMailer libraries, TextLocal API(to send SMS), MailTrap API (to send email)Taking cognizance of the so many tutorials/courses on PDO that failed to explain the real benefits of PDO, or even promote rather bad practices. As a result, half of PDO'S features remain in obscurity and almost never used by PHP developers, who as a result are constantly trying to reinvent the wheel which already exists in PDO. The goal of this author is to highlight the common mistakes and bad practices, while showing the right way to do things. After a careful analysis of several YouTube videos, and other web tutorials, it's a sad reality that most of these creators are limited in their knowledge of PDO. Don't take my words for it, you will see with your own eyes. Part of this course include correcting/improving some random codes taken from the internet. So at the end of this course, you will have the knowledge and confidence to tell those YouTubers and other web tutorials creators that what they are doing is wrong. This is course is jam-packed with a lot of examples, practical activities and hands-on exercises enough to take a PDO novice to a mastery level. Considerable time and energy was spent on web security related issues. I have taken the best approach visa-visa web security- explaining and applying the concept of validation, sanitization, escaping, SQL Injection, and secure file upload, broken authentication and session management, sensitive data exposure and much more. My promise to you is that, at the end of this course - you will find working with PDO a second nature that you wouldn't like go back to MySQLi driver or any other driver. You will start writing slim, concise, reusable and secure code. You are going to discover that PDO is even the easier option to MySQLi. This course is for newbies, intermediate and even experienced level PDO PHP developers, because I have pointed out some bad practices (and there are a lot) among the PHP developer's community. One of such is the indiscriminate use of the rowCount() function. Main Features that stand out: This course is jam-packed with a lot of features:1. There are four different login modes: Standard login with Secure Remember Me MFA Login with Email OTP MFA Login with Email OTP with JQuery & AjaxMFA Login with SMS OTP with JQuery & Ajax2. Two different Password Recovery modes: Recover password with Email link Recover password with Email OTP3. Email verification & Resend Email verification link features4. Identification and Authentication Failures Mitigation (featured in OWASP TOP 10 List of Web application Security Risks 2021, formerly known as Broken Authentication ) Limit login attempts Automatic logout if inactive users Strengthen password requirement -impose use of strong passwords Implement Multi-factor Authentication in login & password recovery5. An admin dashboard ONLY for master users. With the following features: Show user online status -users can be either online or offline. If offline display the time in ago format e. g. 1 hour ago. A Bootstrap modal to show user's individual data using JQuery & Ajax A big data section - show the statistics6. A multi-role login feature7. Mobile Number Verification feature8. A secure file upload feature9. This course is built on a Security First Philosophy - meaning thinking about security even before we write a single line of code. The course is built on the backdrop of the OWASP TOP 10 List of Web application Security Risks. As such the following security measures were put in place: Content Security Policy (CSP) - To guard against XSS (Cross-Site Scripting), clickjacking, and cross-site leak vulnerabilities Cross-Site Request Forgery Attacks Mitigation (CSRF) -Implement anti-CSRF token as a protection measure Prepare Statement - To guard against SQL Injection Data Sanitization & Validation - To make sure the proper kind of data is saved into the database Output Escaping/Encode - To guard against XSS attacks10. PDO Wrapper class, helper functions and CRUD methods
