Upload
ryan-kilfedder
View
396
Download
0
Embed Size (px)
Citation preview
PHP BY THE BOOK
SOME TERRIBLE IDEAS
▸ Magic Quotes
▸ Register globals
▸ addslashes
▸ index.php everywhere
▸ Proper OO (private/public)
▸ Dependencies
▸ Standards
SOME MISSING GOOD IDEAS
PHP BY THE BOOK
I LEARNED FROM A BOOK
▸ PHP and MySQL Web Development
▸ 2005
▸ In my bedroom
▸ Book was great at the time
PHP BY THE BOOK
WHAT’S HAPPENED SINCE 2004
▸ Magic quotes
▸ Symfony
▸ PHP Unit
▸ PEAR
▸ Composer
▸ Packagist
▸ register globals
▸ mysql
▸ pdo
▸ MariaDB
▸ phpStorm
▸ password hashing api
▸ PHP 5, PHP 5.3, PHP 5.4, PHP 6, PHP 7 (soon!)
▸ “Proper” OO
▸ Unicode
▸ Vagrant
▸ Docker
▸ Easy Peasy CI
▸ github
PHP BY THE BOOK
SQL▸ Hard and bad and deprecated: mysql_* libraries
▸ Less bad: mysqli_*
▸ Better: PDO
▸ Best: Often Eloquent/Doctrine/Some ORM
▸ These are going to use PDO underneath anyway
PHP BY THE BOOK
IMPROVING THE STACK OVERFLOW ANSWER WITH PDO/** * generate a random salt to use for this account **/$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); $saltedPW = $_POST['password'] . $salt; $hashedPW = hash('sha256', $saltedPW); $query = $pdo->prepare('INSERT INTO user (`name`, hash, salt) VALUES (:name, :hash, :salt)’);
$query->execute([ 'name' => $_POST['name'], 'hash' => $hashedPW, 'salt' => $salt]);
PHP BY THE BOOK
HASHING IS HARD
▸ Salting
▸ algorithms get found out as bad
▸ Rehashing is hard
▸ md5 was once thought secure
▸ Thankfully php 5.5 has password hashing library
▸ Available on php 5.4 via composer
▸ But upgrade your php to >=5.5 instead if you’re on 5.4
PHP BY THE BOOK
MAKE THE HASHING BETTER$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES (:email, :hash)'); $query->execute([ 'email' => $_POST['email'], 'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) ]);
PHP BY THE BOOK
MAKE THE HASHING BETTER$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES (:email, :hash)'); $query->execute([ 'email' => $_POST['email'], 'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) ]);
$saltQuery = $pdo->prepare('SELECT hash FROM user WHERE name = :email'); $result = $saltQuery->execute(['email' => $_POST['email']]); $hashInDb = $saltQuery->fetch(PDO::FETCH_ASSOC); if (password_verify($_POST['password'], $hashInDb)) { if (password_needs_rehash($hashInDb, PASSWORD_DEFAULT)) { //Rehash the password here... } return true; }
PHP BY THE BOOK
MEH, USE A LIBRARYuse Cartalyst\Sentinel\Native\Facades\Sentinel; require_once(dirname(__DIR__).'/vendor/autoload.php'); Sentinel::register([ 'email' => $_POST['email'], 'password' => $_POST['password'] ]);
PHP BY THE BOOK
MEH, USE A LIBRARY$credentials = [ 'email' => $_POST['email'], 'password' => $_POST['password'] ]; Sentinel::authenticate($credentials);
PHP BY THE BOOK: WHAT TIME IS IT
USING MKTIME<?php$numberOfMonths = 12; $dates = []; $monthlyResults = []; for ($i = 0; $i < $numberOfMonths; $i++) { $date = mktime(null, null, null, date('n') + $i); $monthlyResults[] = [ 'date' => $date, 'results' => getResults(date('m', $date), date('Y', $date)) ]; }
PHP BY THE BOOK: WHAT TIME IS IT
USING MKTIME...foreach ($monthlyResults as $resultSet) { ?> <tr> <td> <?php echo date('m Y', $resultSet['date']); ?> </td> <td> <?php echo $resultSet['results']; ?> </td> </tr> <?php} ?>
PHP BY THE BOOK: WHAT TIME IS IT
USING MTKIME - CHANGING TO 4 WEEKS<?php$dates = []; $monthlyResults = []; $endDate = mktime(null, null, null, null, null, date('Y') + 1); $i = 0; do { $date = mktime(null, null, null, null, date('d') + ($i * 28)); $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; $i++; } while ($date <= $endDate);
PHP BY THE BOOK: WHAT TIME IS IT
WITH \DATETIME<?php$numberOfMonths = 12; $endDate = new DateTime(); $endDate->add(new DateInterval('P' . $numberOfMonths . 'M')); $dates = new DatePeriod(new DateTime('now'), new DateInterval('P1M'), $endDate); foreach ($dates as $date) { $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; }
PHP BY THE BOOK: WHAT TIME IS IT
WITH \DATETIME<?phpforeach ($monthlyResults as $resultSet) { ?> <tr> <td> <?php echo $resultSet['date']->format('m Y'); ?> </td> <td> <?php echo $resultSet['results']; ?> </td> </tr> <?php} ?>
PHP BY THE BOOK: WHAT TIME IS IT
WITH \DATETIME - CHANGING TO 4 WEEKS<?php$endDate = new DateTime(); $endDate->add(new DateInterval('P1Y')); $dates = new DatePeriod(new DateTime('now'), new DateInterval('P28D'), $endDate); foreach ($dates as $date) { $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; }
PHP BY THE BOOK
STANDARDS - PHP-FIG / PSR
▸ Loads of these
▸ autoloading (PSR-0 & PSR-4)
▸ Coding (PSR-1 & PSR-2)
▸ Logging (PSR-3)
▸ HTTP Messages (PSR-7)
▸ More on the way…WWW.PHP-FIG.ORG
PHP BY THE BOOK: RESPONSIBILITIES
STAYING ON TOP
▸Modern PHP - Josh Lockhart
▸ Read the php release announcements
▸Community
▸ especially in work
PHP BY THE BOOK: RESPONSIBILITIES
HELPING OTHER DEVELOPERS
▸ Talk to each other
▸ Tech talks in house
▸ Show off a bit
▸ Pair Programming
▸ Ping Pong?
▸Who do you send to Conferences?
NO-ONE IS "SELF-TAUGHT" YOU ARE COMMUNITY-TAUGHT - YOU LEARNED FROM THE BLOG POSTS & EXAMPLE CODE OF OTHERS. JOIN YOUR LOCAL #PHPUG
@phpbelfast
PHP BY THE BOOK: RESPONSIBILITIES
PHP BY THE BOOK
FURTHER READING
▸ goo.gl/nv2YUb - 7 ways to screw up bcrypt
▸ php-fig.org
▸ goo.gl/EBEACo - the Stack question
▸Modern PHP - Josh Lockhart