Security

• Every file in the program checks to see if the person is logged in and boots them out if not. This information is stored in sessions.

• Clients cannot view administrator pages or view/manage other client forms

• index.php files have been inserted into each folder to prevent directory listings

• All HTML and PHP tags are stripped from form submissions. Note: this has become a form-specific setting with Form Tools 1.4.7.

• By default, the /global/config.php file contains sensitive information, namely the mysql connection account. If you feel this is a concern and wish to move it above the webroot, I would suggest leaving the file in the same location (since it is being included by most files in the program at that fixed location), and simply move the contents into a new file and require() it in library.php.

Please contact us immediately if you find some security issues in the code. Please do not report security issues in the forums.