10. PHP BY THE BOOK
EVERYONE USES STACK OVERFLOW ANYWAY… RIGHT?
▸ Google for “hash password php md5”
11. PHP BY THE BOOK
SQL
▸ Hard and bad and deprecated: mysql_* libraries
▸ Less bad: mysqli_*
▸ Better: PDO
▸ Best: Often Eloquent/Doctrine/Some ORM
▸ These are going to use PDO underneath anyway
12. PHP BY THE BOOK
IMPROVING THE STACK OVERFLOW ANSWER WITH PDO
/**
* generate a random salt to use for this account
**/
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
$saltedPW = $_POST['password'] . $salt;
$hashedPW = hash('sha256', $saltedPW);
$query = $pdo->prepare('INSERT INTO user (`name`, hash,
salt) VALUES (:name, :hash, :salt)’);
$query->execute([
'name' => $_POST['name'],
'hash' => $hashedPW,
'salt' => $salt
]);
14. PHP BY THE BOOK
HASHING IS HARD
▸ Salting
▸ algorithms get found out as bad
▸ Rehashing is hard
▸ md5 was once thought secure
▸ Thankfully php 5.5 has password hashing library
▸ Available on php 5.4 via composer
▸ But upgrade your php to >=5.5 instead if you’re on 5.4
15. PHP BY THE BOOK
MAKE THE HASHING BETTER
$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES
(:email, :hash)');
$query->execute([
'email' => $_POST['email'],
'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT)
]);
16. PHP BY THE BOOK
MAKE THE HASHING BETTER
$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES
(:email, :hash)');
$query->execute([
'email' => $_POST['email'],
'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT)
]);
$saltQuery = $pdo->prepare('SELECT hash FROM user WHERE name
= :email');
$result = $saltQuery->execute(['email' => $_POST['email']]);
$hashInDb = $saltQuery->fetch(PDO::FETCH_ASSOC);
if (password_verify($_POST['password'], $hashInDb)) {
if (password_needs_rehash($hashInDb, PASSWORD_DEFAULT)) {
//Rehash the password here...
}
return true;
}
17. PHP BY THE BOOK
DEPENDENCIES
▸ I made this!
▸ phpclasses.org
▸ Pear
▸ Composer
18. PHP BY THE BOOK
DEPENDENCIES
▸ I made this!
▸ phpclasses.org
▸ Pear
▸ Composer
19. PHP BY THE BOOK
DEPENDENCIES
▸ I made this!
▸ phpclasses.org
▸ Pear
▸ Composer
20. PHP BY THE BOOK
DEPENDENCIES
▸ I made this!
▸ phpclasses.org
▸ Pear
▸ Composer
21. PHP BY THE BOOK
MEH, USE A LIBRARY
use CartalystSentinelNativeFacadesSentinel;
require_once(dirname(__DIR__).'/vendor/autoload.php');
Sentinel::register([
'email' => $_POST['email'],
'password' => $_POST['password']
]);
22. PHP BY THE BOOK
MEH, USE A LIBRARY
$credentials = [
'email' => $_POST['email'],
'password' => $_POST['password']
];
Sentinel::authenticate($credentials);
25. PHP BY THE BOOK: WHAT TIME IS IT
USING MKTIME
<?php
$numberOfMonths = 12;
$dates = [];
$monthlyResults = [];
for ($i = 0; $i < $numberOfMonths; $i++) {
$date = mktime(null, null, null, date('n') + $i);
$monthlyResults[] = [
'date' => $date,
'results' => getResults(date('m', $date), date('Y', $date))
];
}
26. PHP BY THE BOOK: WHAT TIME IS IT
USING MKTIME
...
foreach ($monthlyResults as $resultSet) {
?>
<tr>
<td> <?php echo date('m Y', $resultSet['date']); ?>
</td>
<td> <?php echo $resultSet['results']; ?> </td>
</tr>
<?php
}
?>
27. PHP BY THE BOOK: WHAT TIME IS IT
USING MTKIME - CHANGING TO 4 WEEKS
<?php
$dates = [];
$monthlyResults = [];
$endDate = mktime(null, null, null, null, null, date('Y') + 1);
$i = 0;
do {
$date = mktime(null, null, null, null, date('d') + ($i * 28));
$monthlyResults[] = [
'date' => $date,
'results' => getResults($date)
];
$i++;
} while ($date <= $endDate);
28. PHP BY THE BOOK: WHAT TIME IS IT
WITH DATETIME
<?php
$numberOfMonths = 12;
$endDate = new DateTime();
$endDate->add(new DateInterval('P' . $numberOfMonths .
'M'));
$dates = new DatePeriod(new DateTime('now'), new
DateInterval('P1M'), $endDate);
foreach ($dates as $date) {
$monthlyResults[] = [
'date' => $date,
'results' => getResults($date)
];
}
29. PHP BY THE BOOK: WHAT TIME IS IT
WITH DATETIME
<?php
foreach ($monthlyResults as $resultSet) {
?>
<tr>
<td> <?php echo $resultSet['date']->format('m Y'); ?> </td>
<td> <?php echo $resultSet['results']; ?> </td>
</tr>
<?php
}
?>
30. PHP BY THE BOOK: WHAT TIME IS IT
WITH DATETIME - CHANGING TO 4 WEEKS
<?php
$endDate = new DateTime();
$endDate->add(new DateInterval('P1Y'));
$dates = new DatePeriod(new DateTime('now'), new
DateInterval('P28D'), $endDate);
foreach ($dates as $date) {
$monthlyResults[] = [
'date' => $date,
'results' => getResults($date)
];
}
32. PHP BY THE BOOK
STANDARDS - PHP-FIG / PSR
▸ Loads of these
▸ autoloading (PSR-0 &
PSR-4)
▸ Coding (PSR-1 & PSR-2)
▸ Logging (PSR-3)
▸ HTTP Messages (PSR-7)
▸ More on the way…
WWW.PHP-FIG.ORG
33. PHP BY THE BOOK
NON CODE STUFF
▸ Unit Tests and CI
▸ Tools
35. PHP BY THE BOOK: RESPONSIBILITIES
STAYING ON TOP
▸ Modern PHP - Josh Lockhart
▸ Read the php release announcements
▸ Community
▸ especially in work
36. PHP BY THE BOOK: RESPONSIBILITIES
HELPING OTHER DEVELOPERS
▸ Talk to each other
▸ Tech talks in house
▸ Show off a bit
▸ Pair Programming
▸ Ping Pong?
▸ Who do you send to Conferences?
37. NO-ONE IS "SELF-TAUGHT" YOU ARE
COMMUNITY-TAUGHT - YOU LEARNED FROM
THE BLOG POSTS & EXAMPLE CODE OF
OTHERS.
JOIN YOUR LOCAL #PHPUG
@phpbelfast
PHP BY THE BOOK: RESPONSIBILITIES
38. PHP BY THE BOOK
FURTHER READING
▸ goo.gl/nv2YUb - 7 ways to screw up
bcrypt
▸ php-fig.org
▸ goo.gl/EBEACo - the Stack question
▸ Modern PHP - Josh Lockhart
39. PHP BY THE BOOK
GETTING IN TOUCH
▸ @ryankilf
▸ norniron.slack.com #phpbelfast
▸ joind.in/15861