info/php-the-right-way
1
0
Fork 0
mirror of https://github.com/codeguy/php-the-right-way.git synced 2025-08-17 19:16:20 +02:00
Code Issues Projects Releases Wiki Activity

Merge branch 'gh-pages' of github.com:codeguy/php-the-right-way into gh-pages

Browse Source
This commit is contained in:
Jeremy Cloutier
2012-12-09 16:12:19 -05:00
parent 5c412a4c87 19b0d7b6f8
commit 6254403034
5 changed files with 73 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -37,6 +37,7 @@ developers know where to find good information!
* [Chinese](http://wulijun.github.com/php-the-right-way) * [Chinese](http://wulijun.github.com/php-the-right-way)
* [Ukrainian](http://iflista.github.com/php-the-right-way) * [Ukrainian](http://iflista.github.com/php-the-right-way)
* [Portuguese](http://br.phptherightway.com/) * [Portuguese](http://br.phptherightway.com/)
* [Bulgarian](http://bg.phptherightway.com/)
### Translations ### Translations

1
_includes/welcome.md
View File

@@ -16,6 +16,7 @@ _PHP: The Right Way_ is (or soon will be) translated into many different languag
* Russian (Coming Soon) * Russian (Coming Soon)
* [Spanish](http://es.phptherightway.com) * [Spanish](http://es.phptherightway.com)
* [Ukrainian](http://iflista.github.com/php-the-right-way/) * [Ukrainian](http://iflista.github.com/php-the-right-way/)
* [Bulgarian](http://bg.phptherightway.com/)
## Disclaimer ## Disclaimer

32
_posts/04-03-01-PEAR.md
View File

@@ -4,6 +4,36 @@ isChild: true
## PEAR {#pear_title} ## PEAR {#pear_title}
Another veteran package manager that many PHP developers enjoy is [PEAR][1]. It behaves much the same way, and is also worth researching for your projects. [Learn about PEAR][1]. Another veteran package manager that many PHP developers enjoy is [PEAR][1]. It behaves much the same way as Composer,
but has some noteable differences.
PEAR requires each package to have a specific structure, which means that the author of the package must prepare it
for usage with PEAR. Using a project which was not prepared to work with PEAR is not possible.
PEAR installs packages globally, which means after installing them once they are available to all projects on that
server. This can be good if many projects rely on the same package with the same version but might lead to problems
if version conflicts between two projects arise.
### How to install PEAR
You can install PEAR by downloading the phar installer and executing it. The PEAR documentation has detailed
[install instructions][2] for every operating system.
If you are using Linux, you can also have a look at your distribution package manager. Debian and Ubuntu for example
have a apt ``php-pear`` package.
### How to install a package
If the package is listed on the [PEAR packages list][3], you can install it by specifying the official name:
pear install foo
If the package is hosted on another channel, you need to `discover` the channel first and also specify it when
installing. See the [Using channel docs][4] for more information on this topic.
* [Learn about PEAR][1]
[1]: http://pear.php.net/ [1]: http://pear.php.net/
[2]: http://pear.php.net/manual/en/installation.getting.php
[3]: http://pear.php.net/packages.php
[4]: http://pear.php.net/manual/en/guide.users.commandline.channels.php

19
_posts/07-03-01-Password-Hashing-with-Bcrypt.md
View File

@@ -1,19 +0,0 @@
---
isChild: true
---
## Password Hashing with Bcrypt {#password_hashing_with_bcrypt_title}
Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.
**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.
There are several Bcrypt libraries for PHP that you may use.
* [Read "How to Safely Store a Password" by Coda Hale][3]
* [Use Bcrypt with PHPass][4]
[3]: http://codahale.com/how-to-safely-store-a-password/
[4]: http://www.openwall.com/phpass/

40
_posts/07-03-01-Password-Hashing.md Normal file
View File

@@ -0,0 +1,40 @@
---
isChild: true
---
## Password Hashing {#password_hashing_title}
Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored in a database and later used to authenticate users upon login.
It is important that you properly [_hash_][3] passwords before storing them. Password hashing is an irreversible, one way function performed against the users password. This produces a fix length string that can not be feasibly reversed. This means you can compare a hash against another to determine if they both came from the same source string, but you can not determine the original string. If passwords are not hashed and your database is accessed by an unauthorized third-party, all user accounts are now compromised. Some users may (unfortunately) use the same password for other services. Therefore, it is important to take security seriously.
**Hashing passwords with `password_hash`**
In PHP 5.5 `password_hash` will be introduced. At this time it is using BCrypt, the strongest algorithm currently supported by PHP. It will updated in the future to support more algorithms as needed though. The `password_compat` library was created to provide forward compatibility for PHP >= 5.3.7.
Below we hash a string, we then check the hash against a new string. Because our two source strings are different ('secret-password' vs. 'bad-password') this login will fail.
{% highlight php %}
<?php
require 'password.php';
$passwordhash = password_hash('secret-password', PASSWORD_DEFAULT);
if (password_verify('bad-password', $password-hash)) {
//Correct Password
} else {
//Wrong password
}
{% endhighlight %}
* [Learn about `password_hash`] [1]
* [`password_compat` for PHP >= 5.3.7 && < 5.5] [2]
* [Learn about hashing in regards to cryptography] [3]
* [PHP `password_hash` RFC] [4]
[1]: http://us2.php.net/manual/en/function.password-hash.php
[2]: https://github.com/ircmaxell/password_compat
[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function
[4]: https://wiki.php.net/rfc/password_hash