Not Really PHP by the book

PHP BY THE BOOK
IN THE BEGINNING…

PHP BY THE BOOK
SOME TERRIBLE IDEAS
▸ Magic Quotes
▸ Register globals
▸ addslashes
▸ index.php everywhere
▸ Proper OO (private/public)
▸ Dependencies
▸ Standards
SOME MISSING GOOD IDEAS

PHP BY THE BOOK
I LEARNED FROM A BOOK
▸ PHP and MySQL Web
Development
▸ 2005
▸ In my bedroom
▸ Book was great at the time

PHP BY THE BOOK
WHAT’S HAPPENED SINCE 2004
▸ Magic quotes
▸ Symfony
▸ PHP Unit
▸ PEAR
▸ Composer
▸ Packagist
▸ register globals
▸ mysql
▸ pdo
▸ MariaDB
▸ phpStorm
▸ password
hashing api
▸ PHP 5, PHP 5.3, PHP 5.4, PHP 6, PHP 7 (soon!)
▸ “Proper” OO
▸ Unicode
▸ Vagrant
▸ Docker
▸ Easy Peasy CI
▸ github

PHP BY THE BOOK
EVERYONE USES STACK OVERFLOW ANYWAY… RIGHT?
▸ Google for “hash password php md5”

PHP BY THE BOOK
SQL
▸ Hard and bad and deprecated: mysql_* libraries
▸ Less bad: mysqli_*
▸ Better: PDO
▸ Best: Often Eloquent/Doctrine/Some ORM
▸ These are going to use PDO underneath anyway

PHP BY THE BOOK
IMPROVING THE STACK OVERFLOW ANSWER WITH PDO
/** 
* generate a random salt to use for this account 
**/ 
$salt = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM)); 
 
$saltedPW = $_POST['password'] . $salt; 
 
$hashedPW = hash('sha256', $saltedPW); 
 
$query = $pdo->prepare('INSERT INTO user (`name`, hash,
salt) VALUES (:name, :hash, :salt)’);
$query->execute([ 
'name' => $_POST['name'], 
'hash' => $hashedPW, 
'salt' => $salt 
]);

PHP BY THE BOOK
HASHING IS HARD
▸ Salting
▸ algorithms get found out as bad
▸ Rehashing is hard
▸ md5 was once thought secure
▸ Thankfully php 5.5 has password hashing library
▸ Available on php 5.4 via composer
▸ But upgrade your php to >=5.5 instead if you’re on 5.4

PHP BY THE BOOK
MAKE THE HASHING BETTER
$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES
(:email, :hash)'); 
'email' => $_POST['email'], 
'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) 
]);

PHP BY THE BOOK
MAKE THE HASHING BETTER
$query = $pdo->prepare('INSERT INTO user (email, hash) VALUES
(:email, :hash)'); 
'hash' => password_hash($_POST[‘password’], PASSWORD_DEFAULT) 
]);
$saltQuery = $pdo->prepare('SELECT hash FROM user WHERE name
= :email'); 
 
$result = $saltQuery->execute(['email' => $_POST['email']]); 
$hashInDb = $saltQuery->fetch(PDO::FETCH_ASSOC); 
 
if (password_verify($_POST['password'], $hashInDb)) { 
 
if (password_needs_rehash($hashInDb, PASSWORD_DEFAULT)) { 
//Rehash the password here... 
} 
return true; 
}

PHP BY THE BOOK
DEPENDENCIES
▸ I made this!
▸ phpclasses.org
▸ Pear
▸ Composer

PHP BY THE BOOK
MEH, USE A LIBRARY
use CartalystSentinelNativeFacadesSentinel; 
 
require_once(dirname(__DIR__).'/vendor/autoload.php'); 
 
 
Sentinel::register([ 
'password' => $_POST['password'] 
]);

PHP BY THE BOOK
MEH, USE A LIBRARY
$credentials = [ 
'password' => $_POST['password'] 
]; 
 
Sentinel::authenticate($credentials);

WHAT TIME IS IT?
PHP BY THE BOOK

PHP BY THE BOOK: WHAT TIME IS IT
MTKIME

USING MKTIME
<?php 
 
$numberOfMonths = 12; 
 
$dates = []; 
$monthlyResults = []; 
 
 
for ($i = 0; $i < $numberOfMonths; $i++) { 
$date = mktime(null, null, null, date('n') + $i); 
 
$monthlyResults[] = [ 
'date' => $date, 
'results' => getResults(date('m', $date), date('Y', $date)) 
]; 
}

USING MKTIME
... 
foreach ($monthlyResults as $resultSet) { 
?> 
<tr> 
<td> <?php echo date('m Y', $resultSet['date']); ?>
</td> 
<td> <?php echo $resultSet['results']; ?> </td> 
</tr> 
<?php 
} 
?>

USING MTKIME - CHANGING TO 4 WEEKS
<?php 
 
$dates = []; 
$monthlyResults = []; 
 
$endDate = mktime(null, null, null, null, null, date('Y') + 1); 
$i = 0; 
 
do { 
 
$date = mktime(null, null, null, null, date('d') + ($i * 28)); 
 
'date' => $date, 
'results' => getResults($date) 
]; 
 
$i++; 
} while ($date <= $endDate);

WITH DATETIME
<?php 
 
$numberOfMonths = 12; 
 
$endDate = new DateTime(); 
$endDate->add(new DateInterval('P' . $numberOfMonths .
'M')); 
 
$dates = new DatePeriod(new DateTime('now'), new
DateInterval('P1M'), $endDate); 
 
foreach ($dates as $date) { 
 
'date' => $date, 
]; 
}

WITH DATETIME
<?php 
foreach ($monthlyResults as $resultSet) { 
?> 
<tr> 
<td> <?php echo $resultSet['date']->format('m Y'); ?> </td> 
<td> <?php echo $resultSet['results']; ?> </td> 
</tr> 
<?php 
} 
?>

WITH DATETIME - CHANGING TO 4 WEEKS
<?php 
 
$endDate = new DateTime(); 
$endDate->add(new DateInterval('P1Y')); 
 
$dates = new DatePeriod(new DateTime('now'), new
DateInterval('P28D'), $endDate); 
 
foreach ($dates as $date) { 
 
'date' => $date, 
]; 
}

MOAR!!!!!
PHP BY THE BOOK:  
TEMPLATES & CARBON

PHP BY THE BOOK
STANDARDS - PHP-FIG / PSR
▸ Loads of these
▸ autoloading (PSR-0 &  
PSR-4)
▸ Coding (PSR-1 & PSR-2)
▸ Logging (PSR-3)
▸ HTTP Messages (PSR-7)
▸ More on the way…
WWW.PHP-FIG.ORG

PHP BY THE BOOK
NON CODE STUFF
▸ Unit Tests and CI
▸ Tools

RESPONSIBILITIES
PHP BY THE BOOK

PHP BY THE BOOK: RESPONSIBILITIES
STAYING ON TOP
▸ Modern PHP - Josh Lockhart
▸ Read the php release announcements
▸ Community
▸ especially in work

HELPING OTHER DEVELOPERS
▸ Talk to each other
▸ Tech talks in house
▸ Show off a bit
▸ Pair Programming
▸ Ping Pong?
▸ Who do you send to Conferences?

NO-ONE IS "SELF-TAUGHT" YOU ARE
COMMUNITY-TAUGHT - YOU LEARNED FROM
THE BLOG POSTS & EXAMPLE CODE OF
OTHERS.
JOIN YOUR LOCAL #PHPUG
@phpbelfast

PHP BY THE BOOK
FURTHER READING
▸ goo.gl/nv2YUb - 7 ways to screw up
bcrypt
▸ php-ﬁg.org
▸ goo.gl/EBEACo - the Stack question
▸ Modern PHP - Josh Lockhart

PHP BY THE BOOK
GETTING IN TOUCH
▸ @ryankilf
▸ norniron.slack.com #phpbelfast
▸ joind.in/15861

Not Really PHP by the book

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (18)

Similar to Not Really PHP by the book

Similar to Not Really PHP by the book (20)

Recently uploaded

Recently uploaded (20)

Not Really PHP by the book