not really php by the book

PHP BY THE BOOKNOT REALLY

PHP BY THE BOOK

IN THE BEGINNING…

PHP BY THE BOOK

SOME TERRIBLE IDEAS

▸ Magic Quotes

▸ Register globals

▸ addslashes

▸ index.php everywhere

▸ Proper OO (private/public)

▸ Dependencies

▸ Standards

SOME MISSING GOOD IDEAS

PHP BY THE BOOK

PHP BY THE BOOK

I LEARNED FROM A BOOK

▸ PHP and MySQL Web Development

▸ 2005

▸ In my bedroom

▸ Book was great at the time

PHP BY THE BOOK

WHAT’S HAPPENED SINCE 2004

▸ Magic quotes

▸ Symfony

▸ PHP Unit

▸ PEAR

▸ Composer

▸ Packagist

▸ register globals

▸ mysql

▸ pdo

▸ MariaDB

▸ phpStorm

▸ password hashing api

▸ PHP 5, PHP 5.3, PHP 5.4, PHP 6, PHP 7 (soon!)

▸ “Proper” OO

▸ Unicode

▸ Vagrant

▸ Docker

▸ Easy Peasy CI

▸ github

PHP GOT EASIER

OLD BOOK IS OLD

PHP BY THE BOOK

EVERYONE USES STACK OVERFLOW ANYWAY… RIGHT?▸ Google for “hash password php md5”

PHP BY THE BOOK

SQL▸ Hard and bad and deprecated: mysql_* libraries

▸ Less bad: mysqli_*

▸ Better: PDO

▸ Best: Often Eloquent/Doctrine/Some ORM

▸ These are going to use PDO underneath anyway

PHP BY THE BOOK

IMPROVING THE STACK OVERFLOW ANSWER WITH PDO/** * generate a random salt to use for this account **/$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); $saltedPW = $_POST['password'] . $salt; $hashedPW = hash('sha256', $saltedPW); $query = $pdo->prepare('INSERT INTO user (`name`, hash, salt) VALUES (:name, :hash, :salt)’);

$query->execute([ 'name' => $_POST['name'], 'hash' => $hashedPW, 'salt' => $salt]);

HASHINGPHP BY THE BOOK

PHP BY THE BOOK

HASHING IS HARD

▸ Salting

▸ algorithms get found out as bad

▸ Rehashing is hard

▸ md5 was once thought secure

▸ Thankfully php 5.5 has password hashing library

▸ Available on php 5.4 via composer

▸ But upgrade your php to >=5.5 instead if you’re on 5.4

PHP BY THE BOOK

MAKE THE HASHING BETTER$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES (:email, :hash)'); $query->execute([ 'email' => $_POST['email'], 'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) ]);

PHP BY THE BOOK

MAKE THE HASHING BETTER$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES (:email, :hash)'); $query->execute([ 'email' => $_POST['email'], 'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) ]);

$saltQuery = $pdo->prepare('SELECT hash FROM user WHERE name = :email'); $result = $saltQuery->execute(['email' => $_POST['email']]); $hashInDb = $saltQuery->fetch(PDO::FETCH_ASSOC); if (password_verify($_POST['password'], $hashInDb)) { if (password_needs_rehash($hashInDb, PASSWORD_DEFAULT)) { //Rehash the password here... } return true; }

PHP BY THE BOOK

DEPENDENCIES

▸ I made this!

▸ phpclasses.org

▸ Pear

▸ Composer

PHP BY THE BOOK

MEH, USE A LIBRARYuse Cartalyst\Sentinel\Native\Facades\Sentinel; require_once(dirname(__DIR__).'/vendor/autoload.php'); Sentinel::register([ 'email' => $_POST['email'], 'password' => $_POST['password'] ]);

PHP BY THE BOOK

MEH, USE A LIBRARY$credentials = [ 'email' => $_POST['email'], 'password' => $_POST['password'] ]; Sentinel::authenticate($credentials);

WHAT TIME IS IT?PHP BY THE BOOK

PHP BY THE BOOK: WHAT TIME IS IT

MTKIME


USING MKTIME<?php$numberOfMonths = 12; $dates = []; $monthlyResults = []; for ($i = 0; $i < $numberOfMonths; $i++) { $date = mktime(null, null, null, date('n') + $i); $monthlyResults[] = [ 'date' => $date, 'results' => getResults(date('m', $date), date('Y', $date)) ]; }


USING MKTIME...foreach ($monthlyResults as $resultSet) { ?> <tr> <td> <?php echo date('m Y', $resultSet['date']); ?> </td> <td> <?php echo $resultSet['results']; ?> </td> </tr> <?php} ?>


USING MTKIME - CHANGING TO 4 WEEKS<?php$dates = []; $monthlyResults = []; $endDate = mktime(null, null, null, null, null, date('Y') + 1); $i = 0; do { $date = mktime(null, null, null, null, date('d') + ($i * 28)); $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; $i++; } while ($date <= $endDate);


WITH \DATETIME<?php$numberOfMonths = 12; $endDate = new DateTime(); $endDate->add(new DateInterval('P' . $numberOfMonths . 'M')); $dates = new DatePeriod(new DateTime('now'), new DateInterval('P1M'), $endDate); foreach ($dates as $date) { $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; }


WITH \DATETIME<?phpforeach ($monthlyResults as $resultSet) { ?> <tr> <td> <?php echo $resultSet['date']->format('m Y'); ?> </td> <td> <?php echo $resultSet['results']; ?> </td> </tr> <?php} ?>


WITH \DATETIME - CHANGING TO 4 WEEKS<?php$endDate = new DateTime(); $endDate->add(new DateInterval('P1Y')); $dates = new DatePeriod(new DateTime('now'), new DateInterval('P28D'), $endDate); foreach ($dates as $date) { $monthlyResults[] = [ 'date' => $date, 'results' => getResults($date) ]; }

MOAR!!!!!PHP BY THE BOOK: TEMPLATES & CARBON

PHP BY THE BOOK

STANDARDS - PHP-FIG / PSR

▸ Loads of these

▸ autoloading (PSR-0 & PSR-4)

▸ Coding (PSR-1 & PSR-2)

▸ Logging (PSR-3)

▸ HTTP Messages (PSR-7)

▸ More on the way…WWW.PHP-FIG.ORG

PHP BY THE BOOK

NON CODE STUFF

▸ Unit Tests and CI

▸ Tools

RESPONSIBILITIESPHP BY THE BOOK

PHP BY THE BOOK: RESPONSIBILITIES

STAYING ON TOP

▸Modern PHP - Josh Lockhart

▸ Read the php release announcements

▸Community

▸ especially in work


HELPING OTHER DEVELOPERS

▸ Talk to each other

▸ Tech talks in house

▸ Show off a bit

▸ Pair Programming

▸ Ping Pong?

▸Who do you send to Conferences?

NO-ONE IS "SELF-TAUGHT" YOU ARE COMMUNITY-TAUGHT - YOU LEARNED FROM THE BLOG POSTS & EXAMPLE CODE OF OTHERS. JOIN YOUR LOCAL #PHPUG

@phpbelfast


PHP BY THE BOOK

FURTHER READING

▸ goo.gl/nv2YUb - 7 ways to screw up bcrypt

▸ php-fig.org

▸ goo.gl/EBEACo - the Stack question

▸Modern PHP - Josh Lockhart

PHP BY THE BOOK

GETTING IN TOUCH

▸@ryankilf

▸ norniron.slack.com #phpbelfast

▸ joind.in/15861

not really php by the book

Technology