diff --git a/README.md b/README.md index 33355ce..7cffe99 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ developers know where to find good information! * [Korean](http://modernpug.github.io/php-the-right-way) * [Persian](http://novid.github.io/php-the-right-way/) * [Polish](http://pl.phptherightway.com) -* [Portuguese (Brazil)](http://br.phptherightway.com/) +* [Portuguese (Brazil)](http://br.phptherightway.com) * [Romanian](https://bgui.github.io/php-the-right-way/) * [Russian](http://getjump.github.io/ru-php-the-right-way) * [Serbian](http://phpsrbija.github.io/php-the-right-way/) diff --git a/_posts/01-04-01-Mac-Setup.md b/_posts/01-04-01-Mac-Setup.md index 0476dd9..74abe62 100644 --- a/_posts/01-04-01-Mac-Setup.md +++ b/_posts/01-04-01-Mac-Setup.md @@ -26,7 +26,7 @@ command-line, X11 or Aqua based open-source software on the OS X operating system. MacPorts supports pre-compiled binaries, so you don't need to recompile every -dependencies from the source tarball files, it saves your life if you don't +dependency from the source tarball files, it saves your life if you don't have any package installed on your system. At this point, you can install `php54`, `php55`, `php56` or `php70` using the `port install` command, for example: @@ -34,7 +34,7 @@ At this point, you can install `php54`, `php55`, `php56` or `php70` using the `p sudo port install php56 sudo port install php70 -And you can run `select` command to switch your active php: +And you can run `select` command to switch your active PHP: sudo port select --set php php70 @@ -46,7 +46,7 @@ applications/projects require different versions of PHP, and you are not using v ### Install PHP via Liip's binary installer Another popular option is [php-osx.liip.ch] which provides one liner installation methods for versions 5.3 through 7.0. -It doesn't overwrite the php binaries installed by Apple, but installs everything in a separate location (/usr/local/php5). +It doesn't overwrite the PHP binaries installed by Apple, but installs everything in a separate location (/usr/local/php5). ### Compile from Source diff --git a/_posts/01-05-01-Windows-Setup.md b/_posts/01-05-01-Windows-Setup.md index e916c91..1435ed7 100644 --- a/_posts/01-05-01-Windows-Setup.md +++ b/_posts/01-05-01-Windows-Setup.md @@ -7,13 +7,13 @@ anchor: windows_setup You can download the binaries from [windows.php.net/download][php-downloads]. After the extraction of PHP, it is recommended to set the [PATH][windows-path] to the root of your PHP folder (where php.exe is located) so you can execute PHP from anywhere. -For learning and local development you can use the built in webserver with PHP 5.4+ so you don't need to worry about +For learning and local development, you can use the built in webserver with PHP 5.4+ so you don't need to worry about configuring it. If you would like an "all-in-one" which includes a full-blown webserver and MySQL too then tools such as the [Web Platform Installer][wpi], [XAMPP][xampp], [EasyPHP][easyphp], [OpenServer][openserver] and [WAMP][wamp] will help get a Windows development environment up and running fast. That said, these tools will be a little different from production so be careful of environment differences if you are working on Windows and deploying to Linux. -If you need to run your production system on Windows then IIS7 will give you the most stable and best performance. You +If you need to run your production system on Windows, then IIS7 will give you the most stable and best performance. You can use [phpmanager][phpmanager] (a GUI plugin for IIS7) to make configuring and managing PHP simple. IIS7 comes with FastCGI built in and ready to go, you just need to configure PHP as a handler. For support and additional resources there is a [dedicated area on iis.net][php-iis] for PHP. diff --git a/_posts/03-03-01-Namespaces.md b/_posts/03-03-01-Namespaces.md index 0536eed..f821dad 100644 --- a/_posts/03-03-01-Namespaces.md +++ b/_posts/03-03-01-Namespaces.md @@ -19,7 +19,7 @@ with other libraries. One recommended way to use namespaces is outlined in [PSR-4][psr4], which aims to provide a standard file, class and namespace convention to allow plug-and-play code. -In October 2014 the PHP-FIG deprecated the previous autoloading standard: [PSR-0][psr0]. Both PSR-0 and PSR-4 are still perfectly usable. The latter requires PHP 5.3, so many PHP 5.2-only projects implement PSR-0. +In October 2014 the PHP-FIG deprecated the previous autoloading standard: [PSR-0][psr0]. Both PSR-0 and PSR-4 are still perfectly usable. The latter requires PHP 5.3, so many PHP 5.2-only projects implement PSR-0. If you're going to use an autoloader standard for a new application or package, look into PSR-4. diff --git a/_posts/04-02-01-Composer-and-Packagist.md b/_posts/04-02-01-Composer-and-Packagist.md index d580acb..bd4d831 100644 --- a/_posts/04-02-01-Composer-and-Packagist.md +++ b/_posts/04-02-01-Composer-and-Packagist.md @@ -78,7 +78,7 @@ as a dependency of your project. composer require twig/twig:~1.8 {% endhighlight %} -Alternatively the `composer init` command will guide you through creating a full `composer.json` file +Alternatively, the `composer init` command will guide you through creating a full `composer.json` file for your project. Either way, once you've created your `composer.json` file you can tell Composer to download and install your dependencies into the `vendor/` directory. This also applies to projects you've downloaded that already provide a `composer.json` file: @@ -100,12 +100,13 @@ Now you can use your project dependencies, and they'll be autoloaded on demand. ### Updating your dependencies Composer creates a file called `composer.lock` which stores the exact version of each package it -downloaded when you -first ran `composer install`. If you share your project with other coders and the `composer.lock` file -is part of your distribution, when they run `composer install` they'll get the same versions as you. -To update your dependencies, run `composer update`. +downloaded when you first ran `composer install`. If you share your project with others, +ensure the `composer.lock` file is included, so that when they run `composer install` they'll +get the same versions as you. To update your dependencies, run `composer update`. Don't use +`composer update` when deploying, only `composer install`, otherwise you may end up with different +package versions on production. -This is most useful when you define your version requirements flexibly. For instance a version +This is most useful when you define your version requirements flexibly. For instance, a version requirement of `~1.8` means "anything newer than `1.8.0`, but less than `2.0.x-dev`". You can also use the `*` wildcard as in `1.8.*`. Now Composer's `composer update` command will upgrade all your dependencies to the newest version that fits the restrictions you define. diff --git a/_posts/04-03-01-PEAR.md b/_posts/04-03-01-PEAR.md index ad30a35..4410218 100644 --- a/_posts/04-03-01-PEAR.md +++ b/_posts/04-03-01-PEAR.md @@ -58,7 +58,7 @@ handle your PEAR dependencies. This example will install code from `pear2.php.ne {% endhighlight %} The first section `"repositories"` will be used to let Composer know it should "initialize" (or "discover" in PEAR -terminology) the pear repo. Then the require section will prefix the package name like this: +terminology) the pear repo. Then the `require` section will prefix the package name like this: > pear-channel/Package diff --git a/_posts/05-02-01-The-Basics.md b/_posts/05-02-01-The-Basics.md index 458c670..dd5fc28 100644 --- a/_posts/05-02-01-The-Basics.md +++ b/_posts/05-02-01-The-Basics.md @@ -6,7 +6,7 @@ anchor: the_basics ## The Basics {#the_basics_title} PHP is a vast language that allows coders of all levels the ability to produce code not only quickly, but efficiently. -However while advancing through the language, we often forget the basics that we first learnt (or overlooked) in favor +However, while advancing through the language, we often forget the basics that we first learnt (or overlooked) in favor of short cuts and/or bad habits. To help combat this common issue, this section is aimed at reminding coders of the basic coding practices within PHP. diff --git a/_posts/05-05-01-PHP-and-UTF8.md b/_posts/05-05-01-PHP-and-UTF8.md index de0d659..b734d3b 100644 --- a/_posts/05-05-01-PHP-and-UTF8.md +++ b/_posts/05-05-01-PHP-and-UTF8.md @@ -18,7 +18,7 @@ for a brief, practical summary. ### UTF-8 at the PHP level The basic string operations, like concatenating two strings and assigning strings to variables, don't need anything -special for UTF-8. However most string functions, like `strpos()` and `strlen()`, do need special consideration. These +special for UTF-8. However, most string functions, like `strpos()` and `strlen()`, do need special consideration. These functions often have an `mb_*` counterpart: for example, `mb_strpos()` and `mb_strlen()`. These `mb_*` strings are made available to you via the [Multibyte String Extension], and are specifically designed to operate on Unicode strings. diff --git a/_posts/06-03-01-Complex-Problem.md b/_posts/06-03-01-Complex-Problem.md index 0d6f907..c64e723 100644 --- a/_posts/06-03-01-Complex-Problem.md +++ b/_posts/06-03-01-Complex-Problem.md @@ -10,7 +10,7 @@ If you have ever read about Dependency Injection then you have probably seen the ### Inversion of Control -Inversion of Control is as it says, "inverting the control" of a system by keeping organisational control entirely +Inversion of Control is as it says, "inverting the control" of a system by keeping organizational control entirely separate from our objects. In terms of Dependency Injection, this means loosening our dependencies by controlling and instantiating them elsewhere in the system. diff --git a/_posts/07-04-01-Interacting-via-Code.md b/_posts/07-04-01-Interacting-via-Code.md index 78d4f4b..5cae4f0 100644 --- a/_posts/07-04-01-Interacting-via-Code.md +++ b/_posts/07-04-01-Interacting-via-Code.md @@ -19,7 +19,7 @@ foreach ($db->query('SELECT * FROM table') as $row) { {% endhighlight %} -This is bad practice for all sorts of reasons, mainly that its hard to debug, hard to test, hard to read and it is +This is bad practice for all sorts of reasons, mainly that it's hard to debug, hard to test, hard to read and it is going to output a lot of fields if you don't put a limit on there. While there are many other solutions to doing this - depending on if you prefer [OOP](/#object-oriented-programming) or diff --git a/_posts/10-03-01-Password-Hashing.md b/_posts/10-03-01-Password-Hashing.md index ee70a65..6893f9c 100644 --- a/_posts/10-03-01-Password-Hashing.md +++ b/_posts/10-03-01-Password-Hashing.md @@ -8,12 +8,17 @@ anchor: password_hashing Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a database and later used to authenticate users upon login. -It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, one -way function performed against the user's password. This produces a fixed-length string that cannot be feasibly +It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, +one-way function performed against the user's password. This produces a fixed-length string that cannot be feasibly reversed. This means you can compare a hash against another to determine if they both came from the same source string, but you cannot determine the original string. If passwords are not hashed and your database is accessed by an -unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password -for other services. Therefore, it is important to take security seriously. +unauthorized third-party, all user accounts are now compromised. + +Passwords should also be individually [_salted_][5] by adding a random string to each password before hashing. This prevents dictionary attacks and the use of "rainbow tables" (a reverse list of crytographic hashes for common passwords.) + +Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor. + +Fortunately, nowadays PHP makes this easy. **Hashing passwords with `password_hash`** @@ -37,10 +42,12 @@ if (password_verify('bad-password', $passwordHash)) { } {% endhighlight %} +`password_hash()` takes care of password salting for you. The salt is stored, along with the algorithm and "cost", as part of the hash. `password_verify()` extracts this to determine how to check the password, so you don't need a separate database field to store your salts. * [Learn about `password_hash()`] [1] * [`password_compat` for PHP >= 5.3.7 && < 5.5] [2] * [Learn about hashing in regards to cryptography] [3] +* [Learn about salts] [5] * [PHP `password_hash()` RFC] [4] @@ -48,3 +55,4 @@ if (password_verify('bad-password', $passwordHash)) { [2]: https://github.com/ircmaxell/password_compat [3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function [4]: https://wiki.php.net/rfc/password_hash +[5]: https://en.wikipedia.org/wiki/Salt_(cryptography) diff --git a/_posts/10-05-01-Configuration-Files.md b/_posts/10-05-01-Configuration-Files.md index afb7c0b..2e30846 100644 --- a/_posts/10-05-01-Configuration-Files.md +++ b/_posts/10-05-01-Configuration-Files.md @@ -14,4 +14,4 @@ via the file system. that, even if the script is accessed directly, it will not be output as plain text. - Information in configuration files should be protected accordingly, either through encryption or group/user file system permissions. -- It is a good idea to ensure that you do not commit configuration files containing sensitive information eg passwords or API tokens to source control. +- It is a good idea to ensure that you do not commit configuration files containing sensitive information e.g. passwords or API tokens to source control. diff --git a/_posts/12-03-01-Virtual-or-Dedicated-Servers.md b/_posts/12-03-01-Virtual-or-Dedicated-Servers.md index 1780ecf..73e47e2 100644 --- a/_posts/12-03-01-Virtual-or-Dedicated-Servers.md +++ b/_posts/12-03-01-Virtual-or-Dedicated-Servers.md @@ -35,10 +35,14 @@ Alternatively, if you want to squeeze more performance and stability out of Apac same FPM system as nginx and run the [worker MPM] or [event MPM] with mod_fastcgi or mod_fcgid. This configuration will be significantly more memory efficient and much faster but it is more work to set up. +If you are running Apache 2.4 or later, you can use [mod_proxy_fcgi] to get great performance that is easy to setup. + * [Read more on Apache][apache] * [Read more on Multi-Processing Modules][apache-MPM] * [Read more on mod_fastcgi][mod_fastcgi] * [Read more on mod_fcgid][mod_fcgid] +* [Read more on mod_proxy_fcgi][mod_proxy_fcgi] +* [Read more on setting up Apache and PHP-FPM with mod_proxy_fcgi][tutorial-mod_proxy_fcgi] [nginx]: http://nginx.org/ @@ -50,5 +54,7 @@ be significantly more memory efficient and much faster but it is more work to se [event MPM]: http://httpd.apache.org/docs/2.4/mod/event.html [apache]: http://httpd.apache.org/ [apache-MPM]: http://httpd.apache.org/docs/2.4/mod/mpm_common.html -[mod_fastcgi]: http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html +[mod_fastcgi]: https://blogs.oracle.com/opal/entry/php_fpm_fastcgi_process_manager [mod_fcgid]: http://httpd.apache.org/mod_fcgid/ +[mod_proxy_fcgi]: https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html +[tutorial-mod_proxy_fcgi]: https://serversforhackers.com/video/apache-and-php-fpm diff --git a/_posts/12-04-01-Shared-Servers.md b/_posts/12-04-01-Shared-Servers.md index f33127a..828eb4f 100644 --- a/_posts/12-04-01-Shared-Servers.md +++ b/_posts/12-04-01-Shared-Servers.md @@ -9,6 +9,6 @@ PHP has shared servers to thank for its popularity. It is hard to find a host wi the latest version. Shared servers allow you and other developers to deploy websites to a single machine. The upside to this is that it has become a cheap commodity. The downside is that you never know what kind of a ruckus your neighboring tenants are going to create; loading down the server or opening up security holes are the main concerns. If -your project's budget can afford to avoid shared servers you should. +your project's budget can afford to avoid shared servers, you should. To make sure your shared servers are offering the latest versions of PHP, check out [PHP Versions](http://phpversions.info/shared-hosting/). diff --git a/_posts/13-03-01-Docker.md b/_posts/13-03-01-Docker.md index b013dc0..7292556 100644 --- a/_posts/13-03-01-Docker.md +++ b/_posts/13-03-01-Docker.md @@ -5,41 +5,40 @@ anchor: docker ## Docker {#docker_title} -Beside using Vagrant, another easy way to get a virtual development or production environment up and running is [Docker]. -Docker helps you to provide Linux containers for all kind of applications. -There are many helpful docker images which could provide you with other great services without the need to install -these services on your local machine, e.g. MySQL or PostgreSQL and a lot more. Have a look at the [Docker Hub Registry] -[docker-hub] to search a list of available pre-built containers, which you can then run and use in very few steps. +[Docker] - a lightweight alternative to a full virtual machine - is so called because it's all about "containers". A container is a building block which, in the simplest case, does one specific job, e.g. running a web server. An "image" is the package you use to build the container - Docker has a repository full of them. + +A typical LAMP application might have three containers: a web server, a PHP-FPM process and MySQL. As with shared folders in Vagrant, you can leave your application files where they are and tell Docker where to find them. + +You can generate containers from the command line (see example below) or, for ease of maintenance, build a `docker-compose.yml` file for your project specifying which to create and how they communicate with one another. + +Docker may help if you're developing multiple websites and want the separation that comes from installing each on it's own virtual machine, but don't have the necessary disk space or the time to keep everything up to date. It's efficient: the installation and downloads are quicker, you only need to store one copy of each image however often it's used, containers need less RAM and share the same OS kernel, so you can have more servers running simultaneously, and it takes a matter of seconds to stop and start them, no need to wait for a full server boot. ### Example: Running your PHP Applications in Docker -After you [installed docker][docker-install] on your machine, you can start an Apache with PHP support in one step. -The following command will download a fully functional Apache installation with the latest PHP version and provide the -directory `/path/to/your/php/files` at `http://localhost:8080`: +After [installing docker][docker-install] on your machine, you can start a web server with one command. +The following will download a fully functional Apache installation with the latest PHP version, map `/path/to/your/php/files` to the document root, which you can view at `http://localhost:8080`: {% highlight console %} docker run -d --name my-php-webserver -p 8080:80 -v /path/to/your/php/files:/var/www/html/ php:apache {% endhighlight %} -After running `docker run` your container is initialized and running. -If you would like to stop or start your container again, you can use the provided name attribute and simply run -`docker stop my-php-webserver` and `docker start my-php-webserver` without providing the above mentioned parameters -again. +This will initialize and launch your container. `-d` makes it runs in the background. To stop and start it, simply run `docker stop my-php-webserver` and `docker start my-php-webserver` (the other parameters are not needed again). ### Learn more about Docker -The commands mentioned above only show a quick way to run an Apache web server with PHP support but there are a lot -more things that you can do with Docker. One of the most important things for PHP developers will be linking your -web server to a database instance, for example. How this could be done is well described within the [Docker User Guide] -[docker-doc]. +The command above shows a quick way to run a basic server. There's much more you can do (and thousands of pre-built images in the [Docker Hub][docker-hub]). Take time to learn the terminology and read the [Docker User Guide][docker-doc] to get the most from it, and don't run random code you've downloaded without checking it's safe – unofficial images may not have the latest security patches. If in doubt, stick to the [official repositiories][docker-hub-official]. + +The [PHPDocker.io] site will auto-generate all the files you need for a fully-featured LAMP/LEMP stack, including your choice of PHP version and extensions. * [Docker Website][Docker] * [Docker Installation][docker-install] -* [Docker Images at the Docker Hub Registry][docker-hub] * [Docker User Guide][docker-doc] - +* [Docker Hub][docker-hub] +* [Docker Hub - official images][docker-hub-official] [Docker]: http://docker.com/ [docker-hub]: https://hub.docker.com/ +[docker-hub-official]: https://hub.docker.com/explore/ [docker-install]: https://docs.docker.com/installation/ [docker-doc]: https://docs.docker.com/userguide/ +[PHPDocker.io]: https://phpdocker.io/generator diff --git a/_posts/16-09-01-Videos.md b/_posts/16-09-01-Videos.md index 35e961b..7cdbd6f 100644 --- a/_posts/16-09-01-Videos.md +++ b/_posts/16-09-01-Videos.md @@ -6,7 +6,7 @@ title: Video Tutorials ## Video Tutorials {#videos} -### Youtube Channels +### YouTube Channels * [PHP Academy](https://www.youtube.com/user/phpacademy) * [The New Boston](https://www.youtube.com/user/thenewboston) * [Sherif Ramadan](https://www.youtube.com/user/businessgeek) diff --git a/_posts/17-02-01-User-Groups.md b/_posts/17-02-01-User-Groups.md index 97c062b..7fcd668 100644 --- a/_posts/17-02-01-User-Groups.md +++ b/_posts/17-02-01-User-Groups.md @@ -7,7 +7,7 @@ anchor: user_groups If you live in a larger city, odds are there's a PHP user group nearby. You can easily find your local PUG at the [usergroup-list at php.net][php-uglist] which is based upon [PHP.ug][php-ug]. Alternate sources might be -[Meetup.com][meetup] or a search for ```php user group near me``` using your favourite search engine +[Meetup.com][meetup] or a search for ```php user group near me``` using your favorite search engine (i.e. [Google][google]). If you live in a smaller town, there may not be a local PUG; if that's the case, start one! Special mention should be made of two global user groups: [NomadPHP] and [PHPWomen]. [NomadPHP] offers twice monthly diff --git a/less/all.less b/less/all.less index 4ecc4c8..744e501 100644 --- a/less/all.less +++ b/less/all.less @@ -139,6 +139,11 @@ pre{ pre{ padding: 5px 10px; + white-space: pre-wrap; + white-space: -moz-pre-wrap; + white-space: -pre-wrap; + white-space: -o-pre-wrap; + word-wrap: break-word; } } diff --git a/styles/syntax.css b/styles/syntax.css index 1e651cf..f65ef4c 100644 --- a/styles/syntax.css +++ b/styles/syntax.css @@ -1,4 +1,4 @@ -.highlight { background: #ffffff; } +.highlight { background: #ffffff; margin: 0 4px; font-size: 0.8em; } .highlight .c { color: #999988; font-style: italic } /* Comment */ .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ .highlight .k { font-weight: bold } /* Keyword */