Not Really PHP by the book

PHP BY THE BOOKNOT REALLY

PHP BY THE BOOK

IN THE BEGINNING…

PHP BY THE BOOK

IN THE BEGINNING…

PHP BY THE BOOK

SOME TERRIBLE IDEAS

▸ Magic Quotes

▸ Register globals

▸ addslashes

▸ index.php everywhere

▸ Proper OO (private/public)

▸ Dependencies

▸ Standards

SOME MISSING GOOD IDEAS

PHP BY THE BOOK

PHP BY THE BOOK

I LEARNED FROM A BOOK

▸ PHP and MySQL Web Development

▸ 2005

▸ In my bedroom

▸ Book was great at the time

PHP BY THE BOOK

WHAT’S HAPPENED SINCE 2004

▸ Magic quotes

▸ Symfony

▸ PHP Unit

▸ PEAR

▸ Composer

▸ Packagist

▸ register globals

▸ mysql

▸ pdo

▸ MariaDB

▸ phpStorm

▸ password hashing api

▸ PHP 5, PHP 5.3, PHP 5.4, PHP 6, PHP 7 (soon!)

▸ “Proper” OO

▸ Unicode

▸ Vagrant

▸ Docker

▸ Easy Peasy CI

▸ github

PHP GOT EASIER

OLD BOOK IS OLD

PHP BY THE BOOK

EVERYONE USES STACK OVERFLOW ANYWAY… RIGHT?▸ Google for “hash password php md5”

PHP BY THE BOOK

SQL▸ Hard and bad and deprecated: mysql_* libraries

▸ Less bad: mysqli_*

▸ Better: PDO

▸ Best: Often Eloquent/Doctrine/Some ORM

▸ These are going to use PDO underneath anyway

PHP BY THE BOOK

IMPROVING THE STACK OVERFLOW ANSWER WITH PDO/** * generate a random salt to use for this account **/$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); $saltedPW = $_POST['password'] . $salt; $hashedPW = hash('sha256', $saltedPW); $query = $pdo->prepare('INSERT INTO user (`name`, hash, salt) VALUES (:name, :hash, :salt)’);

$query->execute([ 'name' => $_POST['name'], 'hash' => $hashedPW, 'salt' => $salt]);

HASHINGPHP BY THE BOOK

PHP BY THE BOOK

HASHING IS HARD

▸ Salting

▸ algorithms get found out as bad

▸ Rehashing is hard

▸ md5 was once thought secure

▸ Thankfully php 5.5 has password hashing library

▸ Available on php 5.4 via composer

▸ But upgrade your php to >=5.5 instead if you’re on 5.4

PHP BY THE BOOK

MAKE THE HASHING BETTER$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES (:email, :hash)'); $query->execute([ 'email' => $_POST['email'], 'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) ]);

PHP BY THE BOOK

MAKE THE HASHING BETTER$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES (:email, :hash)'); $query->execute([ 'email' => $_POST['email'], 'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) ]);

$saltQuery = $pdo->prepare('SELECT hash FROM user WHERE name = :email'); $result = $saltQuery->execute(['email' => $_POST['email']]); $hashInDb = $saltQuery->fetch(PDO::FETCH_ASSOC); if (password_verify($_POST['password'], $hashInDb)) { if (password_needs_rehash($hashInDb, PASSWORD_DEFAULT)) { //Rehash the password here... } return true; }

PHP BY THE BOOK

DEPENDENCIES

▸ I made this!

▸ phpclasses.org

▸ Pear

▸ Composer

PHP BY THE BOOK

DEPENDENCIES

▸ I made this!

▸ phpclasses.org

▸ Pear

▸ Composer

PHP BY THE BOOK

DEPENDENCIES

▸ I made this!

▸ phpclasses.org

▸ Pear

▸ Composer

PHP BY THE BOOK

DEPENDENCIES

▸ I made this!

▸ phpclasses.org

▸ Pear

▸ Composer

PHP BY THE BOOK

MEH, USE A LIBRARYuse Cartalyst\Sentinel\Native\Facades\Sentinel; require_once(dirname(__DIR__).'/vendor/autoload.php'); Sentinel::register([ 'email' => $_POST['email'], 'password' => $_POST['password'] ]);

PHP BY THE BOOK

MEH, USE A LIBRARY$credentials = [ 'email' => $_POST['email'], 'password' => $_POST['password'] ]; Sentinel::authenticate($credentials);

WHAT TIME IS IT?PHP BY THE BOOK

PHP BY THE BOOK: WHAT TIME IS IT

MTKIME


USING MKTIME<?php$numberOfMonths = 12; $dates = []; $monthlyResults = []; for ($i = 0; $i < $numberOfMonths; $i++) { $date = mktime(null, null, null, date('n') + $i); $monthlyResults[] = [ 'date' => $date, 'results' => getResults(date('m', $date), date('Y', $date)) ]; }


USING MKTIME...foreach ($monthlyResults as $resultSet) { ?> <tr> <td> <?php echo date('m Y', $resultSet['date']); ?> </td> <td> <?php echo $resultSet['results']; ?> </td> </tr> <?php} ?>


USING MTKIME - CHANGING TO 4 WEEKS<?php$dates = []; $monthlyResults = []; $endDate = mktime(null, null, null, null, null, date('Y') + 1); $i = 0; do { $date = mktime(null, null, null, null, date('d') + ($i * 28)); $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; $i++; } while ($date <= $endDate);


WITH \DATETIME<?php$numberOfMonths = 12; $endDate = new DateTime(); $endDate->add(new DateInterval('P' . $numberOfMonths . 'M')); $dates = new DatePeriod(new DateTime('now'), new DateInterval('P1M'), $endDate); foreach ($dates as $date) { $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; }


WITH \DATETIME<?phpforeach ($monthlyResults as $resultSet) { ?> <tr> <td> <?php echo $resultSet['date']->format('m Y'); ?> </td> <td> <?php echo $resultSet['results']; ?> </td> </tr> <?php} ?>


WITH \DATETIME - CHANGING TO 4 WEEKS<?php$endDate = new DateTime(); $endDate->add(new DateInterval('P1Y')); $dates = new DatePeriod(new DateTime('now'), new DateInterval('P28D'), $endDate); foreach ($dates as $date) { $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; }

MOAR!!!!!PHP BY THE BOOK: TEMPLATES & CARBON

PHP BY THE BOOK

STANDARDS - PHP-FIG / PSR

▸ Loads of these

▸ autoloading (PSR-0 & PSR-4)

▸ Coding (PSR-1 & PSR-2)

▸ Logging (PSR-3)

▸ HTTP Messages (PSR-7)

▸ More on the way…WWW.PHP-FIG.ORG

PHP BY THE BOOK

NON CODE STUFF

▸ Unit Tests and CI

▸ Tools

RESPONSIBILITIESPHP BY THE BOOK

PHP BY THE BOOK: RESPONSIBILITIES

STAYING ON TOP

▸Modern PHP - Josh Lockhart

▸ Read the php release announcements

▸Community

▸ especially in work


HELPING OTHER DEVELOPERS

▸ Talk to each other

▸ Tech talks in house

▸ Show off a bit

▸ Pair Programming

▸ Ping Pong?

▸Who do you send to Conferences?

NO-ONE IS "SELF-TAUGHT" YOU ARE COMMUNITY-TAUGHT - YOU LEARNED FROM THE BLOG POSTS & EXAMPLE CODE OF OTHERS. JOIN YOUR LOCAL #PHPUG

@phpbelfast


PHP BY THE BOOK

FURTHER READING

▸ goo.gl/nv2YUb - 7 ways to screw up bcrypt

▸ php-fig.org

▸ goo.gl/EBEACo - the Stack question

▸Modern PHP - Josh Lockhart

PHP BY THE BOOK

GETTING IN TOUCH

▸@ryankilf

▸ norniron.slack.com #phpbelfast

▸ joind.in/15861

Technology

Not Really PHP by the book