From 0487a30e4d08011ab2d97ab9712749145ed946a7 Mon Sep 17 00:00:00 2001 From: Marin Ivanov Date: Thu, 22 Nov 2012 04:20:25 +0200 Subject: [PATCH 1/4] Added links to bg.phptherightway.com for Bulgarian translation --- README.md | 1 + _includes/welcome.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index d4bbe96..afcab61 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ developers know where to find good information! * [Chinese](http://wulijun.github.com/php-the-right-way) * [Ukrainian](http://iflista.github.com/php-the-right-way) * [Portuguese](http://br.phptherightway.com/) +* [Bulgarian](http://bg.phptherightway.com/) ### Translations diff --git a/_includes/welcome.md b/_includes/welcome.md index eaa0a64..a37f707 100644 --- a/_includes/welcome.md +++ b/_includes/welcome.md @@ -16,6 +16,7 @@ _PHP: The Right Way_ is (or soon will be) translated into many different languag * Russian (Coming Soon) * [Spanish](http://es.phptherightway.com) * [Ukrainian](http://iflista.github.com/php-the-right-way/) +* [Bulgarian](http://bg.phptherightway.com/) ## Disclaimer From 1ac7c580ade0b755bbe3c9924e2d60cb130e46a1 Mon Sep 17 00:00:00 2001 From: Sebastian Goettschkes Date: Tue, 4 Dec 2012 16:17:24 +0100 Subject: [PATCH 2/4] Updating pear description --- _posts/04-03-01-PEAR.md | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/_posts/04-03-01-PEAR.md b/_posts/04-03-01-PEAR.md index e0f0194..61d0ce4 100644 --- a/_posts/04-03-01-PEAR.md +++ b/_posts/04-03-01-PEAR.md @@ -4,6 +4,36 @@ isChild: true ## PEAR {#pear_title} -Another veteran package manager that many PHP developers enjoy is [PEAR][1]. It behaves much the same way, and is also worth researching for your projects. [Learn about PEAR][1]. +Another veteran package manager that many PHP developers enjoy is [PEAR][1]. It behaves much the same way as Composer, +but has some noteable differences. + +PEAR requires each package to have a specific structure, which means that the author of the package must prepare it +for usage with PEAR. Using a project which was not prepared to work with PEAR is not possible. + +PEAR installs packages globally, which means after installing them once they are available to all projects on that +server. This can be good if many projects rely on the same package with the same version but might lead to problems +if version conflicts between two projects arise. + +### How to install PEAR + +You can install PEAR by downloading the phar installer and executing it. The PEAR documentation has detailed +[install instructions][2] for every operating system. + +If you are using Linux, you can also have a look at your distribution package manager. Debian and Ubuntu for example +have a apt ``php-pear`` package. + +### How to install a package + +If the package is listed on the [PEAR packages list][3], you can install it by specifying the official name: + + pear install foo + +If the package is hosted on another channel, you need to `discover` the channel first and also specify it when +installing. See the [Using channel docs][4] for more information on this topic. + +* [Learn about PEAR][1] [1]: http://pear.php.net/ +[2]: http://pear.php.net/manual/en/installation.getting.php +[3]: http://pear.php.net/packages.php +[4]: http://pear.php.net/manual/en/guide.users.commandline.channels.php From 8b7b2ae5562d4cc77b516ed6b628d084fd2688ae Mon Sep 17 00:00:00 2001 From: Sean DuBois Date: Wed, 5 Dec 2012 22:58:44 -0500 Subject: [PATCH 3/4] Update password hashing section --- .../07-03-01-Password-Hashing-with-Bcrypt.md | 19 -------- _posts/07-03-01-Password-Hashing.md | 44 +++++++++++++++++++ 2 files changed, 44 insertions(+), 19 deletions(-) delete mode 100644 _posts/07-03-01-Password-Hashing-with-Bcrypt.md create mode 100644 _posts/07-03-01-Password-Hashing.md diff --git a/_posts/07-03-01-Password-Hashing-with-Bcrypt.md b/_posts/07-03-01-Password-Hashing-with-Bcrypt.md deleted file mode 100644 index bb8471c..0000000 --- a/_posts/07-03-01-Password-Hashing-with-Bcrypt.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -isChild: true ---- - -## Password Hashing with Bcrypt {#password_hashing_with_bcrypt_title} - -Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login. - -It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised. - -**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised. - -There are several Bcrypt libraries for PHP that you may use. - -* [Read "How to Safely Store a Password" by Coda Hale][3] -* [Use Bcrypt with PHPass][4] - -[3]: http://codahale.com/how-to-safely-store-a-password/ -[4]: http://www.openwall.com/phpass/ diff --git a/_posts/07-03-01-Password-Hashing.md b/_posts/07-03-01-Password-Hashing.md new file mode 100644 index 0000000..8d3d03a --- /dev/null +++ b/_posts/07-03-01-Password-Hashing.md @@ -0,0 +1,44 @@ +--- +isChild: true +--- + +## Password Hashing {#password_hashing_title} + +Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a database and later used to authenticate users upon login. + +It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, one way function performed against the users password. This produces a fix length string that can not be feasibly reversed. This means you can compare a hash against another to determine if they both came from the same source string, but you can not determine the original string. If passwords are not hashed and your database is accessed by an unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password for other services. Therefore, it is important to take security seriously. + +**Hashing passwords with `password_hash`** + +In PHP 5.5 `password_hash` will be introduced. At this time it is using BCrypt, the strongest algorithm currently supported by PHP. It will updated in the future to support more algorithms as needed though. The `password_compat` library was created to provide forward compatibility for PHP >= 5.3.7. + +Below we hash two strings, but because the two hashes do not match the user will be denied login. + +{% highlight php %} += 5.3.7 && < 5.5] [2] +* [Learn about hashing in regards to cryptography] [3] +* [PHP `password_hash` RFC] [4] + +[1]: http://us2.php.net/manual/en/function.password-hash.php +[2]: https://github.com/ircmaxell/password_compat +[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function +[4]: https://wiki.php.net/rfc/password_hash From 6d62e643f7a75dff69c4cf42edaaf04bf1961cdb Mon Sep 17 00:00:00 2001 From: Sean DuBois Date: Thu, 6 Dec 2012 04:44:29 -0500 Subject: [PATCH 4/4] The example I had before is not actually helpful for users, this one is much more relevant --- _posts/07-03-01-Password-Hashing.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/_posts/07-03-01-Password-Hashing.md b/_posts/07-03-01-Password-Hashing.md index 8d3d03a..cb611bf 100644 --- a/_posts/07-03-01-Password-Hashing.md +++ b/_posts/07-03-01-Password-Hashing.md @@ -12,20 +12,16 @@ It is important that you properly [_hash_][3] passwords before storing them. Pas In PHP 5.5 `password_hash` will be introduced. At this time it is using BCrypt, the strongest algorithm currently supported by PHP. It will updated in the future to support more algorithms as needed though. The `password_compat` library was created to provide forward compatibility for PHP >= 5.3.7. -Below we hash two strings, but because the two hashes do not match the user will be denied login. +Below we hash a string, we then check the hash against a new string. Because our two source strings are different ('secret-password' vs. 'bad-password') this login will fail. {% highlight php %}