![Image](http://images.freshmeat.net/screenshots/63625_thumb.jpg)
SCMS is a secure content management system. Some of its features are a role-based object-oriented design, conformance to XHTML 1.0 Transitional, strict I/O (input/output) validation, a custom session implementation, support for SSL and cookies (when run over SSL), session identifier regeneration, idle session expiration, account locking, account unlocking methods, encryption (with MD5, AES, SHA1, SHA256, SHA512, or WHIRLPOOL), and event logging.
License: GNU General Public License (GPL)
Changes:
CSRF protection was added for each SCMS request by default. Account locking was improved considerably; now the user logins' counter is stored in the database in scms_uInvalidLogins in scms_Users. The table scms_Sessions was redefined. scmsSession_IPCheck was defined to control whether to tie sessions to their initial IPs, which is another way to prevent session hijacking. scmsSession_DataEncrypt was defined to control whether to encrypt the Session Data in the database or not.
More...