james-w

Re: Secure your script (lock it down from outsiders) Well in my framework (modulargaming.com) every request gets passed through index.php which looks up the jump_pages table for a page slug (term borrowed from wordpress) Permissions etc are checked through that. I prevent SQL injection by using ActiveTables. XSS is prevented by use of HTMLpurifer (a lot better than simple str_replace) as it works as whitelist rather than a blacklist.

The modular gaming framework is written in PHP5 oop and is designed to be fast and secure. We use the Smarty templating engine, HTML purifer, TinyMCE, the adobe Sypr AJAX framework and ActiveTables (database abstraction layer that enables fast and easy to use database code) We are looking for php developers, web designers, game owners and testers to help out. We also will be releasing a few offical games using the framework. http://modulargaming.com I am also offering free hosting to a few selected games using the framework. Plus free hosting to any developer interested in contributing.