SCMS project is a secure content management system. Some of its features are a role-based object-oriented design, conformance to XHTML 1.0 Transitional, strict I/O (input/output) validation, a custom session implementation, support for SSL and cookies (when run over SSL), session identifier regeneration, idle session expiration, account locking, account unlocking methods, encryption (with MD5, AES, SHA1, SHA256, SHA512, or WHIRLPOOL), and event logging.


Product's homepage

Here are some key features of "SCMS":

· Licenced Under GPLv3
· Full XHTML 1.0 Transitional Conformity
· Full CSS2 Conformity
· Role Based OO (Object Orientated) Design
· Designed for PHP5 (5.2.x Branch)
· Works with MySQL and PgSQL(currently untested)
· Implements MVC Design Pattern
· Per Controller SSL/NonSSL Enforcement
· Implements Singleton Design Pattern
· Strict IO (Input/Output) Validation
· Custom Session Handling With Idle Session Expiration & Session Identifier Regeneration
· User Account Locking With Both Automatic & Manual Unlocking Methods
· Event Logging
· Password Aging/Expiration
· Support for "secure" (When run over SSL) AND "httponly" Cookies
· Improved CSRF Protection By Using Random Form CSRF Tokens
· Support for all PHP5 Hashing Algorithms as well as MySQL's AES and DES Encryption
· Optional Captcha Images
· Optional Session Data Encryption
· Optional Per Request Session IP Checking

What's New in This Release: [ read full changelog ]

· Licensed Under GPLv3
· Full XHTML 1.0 Strict Conformity
· Full CSS 2.1 Conformity
· OOP (Object-oriented programming)
· RBAC (Role Based Access Control)
· MVC (Model-View-Controller) Design Pattern
· Singleton Design Pattern
· Designed for PHP5+ (Uses PDO)
· Strict IO (Input/Output) Validation
· Supports Mysql or any PDO driver supported database (still untested)
· Custom Session Handling With Idle Session Expiration & Session Identifiers Regeneration
· User Account Locking With Both Automatic & Manual Unlocking Methods
· Login Attempts & Session Event Logging
· Per Action Optional SSL/TLS (Transport Layer Security) Enforcement
· Password Aging/Expiration
· Support for "secure" (When run over SSL/TLS) AND "httponly" Cookies
· Improved CSRF (Cross Site Request Forgery) Protection By Using Random Protection Tokens
· Support for all PHP5 Hashing Algorithms as well as MySQL's AES and DES Encryption
· Additional CSRF and Bot Protection using Optional CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) Images
· Optional Session Data Storage Encryption
· Optional Session IP Checking (Prevents Session Hijacking)