Webcam and upload photo editing web app http://git.tvcloud.fr/cgit.cgi/camagru/atom?h=master 2026-03-22T12:57:45Z 2026-03-22T12:57:45Z Thomas Vanbesien tvanbesi@proton.me 2026-03-22T12:57:45Z urn:sha1:94dbb795cc3fe9799d34beb5d6bfa052eba81b0c Track attempts per IP in a rate_limits table with a sliding time window. Login allows 5 failed attempts per 15 min, password reset allows 3 requests per 15 min. Old entries are purged automatically. 2026-03-22T12:53:01Z Thomas Vanbesien tvanbesi@proton.me 2026-03-22T12:53:01Z urn:sha1:78e891f06ab94ef478de1c431157f7d634fe4ac8 Set httponly, samesite=Lax, and auto-detected secure flag on session cookies. Add X-Content-Type-Options, X-Frame-Options, and Content-Security-Policy headers in Nginx. Document both in README. 2026-03-22T12:40:53Z Thomas Vanbesien tvanbesi@proton.me 2026-03-22T12:40:53Z urn:sha1:de41aa4531df4515de93eba685cfeb03227a5d4e 2026-03-22T12:34:47Z Thomas Vanbesien tvanbesi@proton.me 2026-03-22T12:34:47Z urn:sha1:d6a9fd1c32f07b993cb8ecc3c1b7c22f7a0ce848 Reject base64 payloads over 10 MB, limit users to 50 posts each, and cap total posts at 10,000 (~650 MB on disk). Document upload security model in README. 2026-03-21T22:08:15Z Thomas Vanbesien tvanbesi@proton.me 2026-03-21T22:08:15Z urn:sha1:6ced3fae5446a8b173025d708c2f07aa23e640f8 2026-03-21T20:35:51Z Thomas Vanbesien tvanbesi@proton.me 2026-03-21T20:35:51Z urn:sha1:bc54c8c31e7f50a7a365f9b4d22fe8c74a29f61a Implements registration, login/logout, email verification via token, and password reset flow. Includes CSRF protection, flash messages, MailPit for dev email testing, and security docs in README. 2026-03-21T19:50:43Z Thomas Vanbesien tvanbesi@proton.me 2026-03-21T19:50:43Z urn:sha1:d1ef15fa39935bfa0420c5ac2b8c269e294c9a6d Set up MVC architecture with front controller, router, autoloader, database singleton, and Docker Compose stack (Nginx + PHP-FPM + MariaDB). Includes DB schema, responsive layout, dev tooling (php-cs-fixer, parallel-lint), and documentation.