Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
How to Safely Implement Cryptography Features in Any Application
Oct 07, 2015 @ 11:51:41

The Paragon Initiative blog has posted a new article showing you how to safely implement cryptography in any PHP-based application (or really just about any application) with the help of libsodium.

Why not {Mcrypt, OpenSSL, Bouncy Castle, KeyCzar, etc.}? These cryptography libraries are really building blocks that by and large must be used, with expert care, to build the interfaces you want developers to use. In most cases, libsodium is the interface you want developers to use. [...] By default, these libraries don't provide [authenticated encryption](https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken). Most of them force developers to use RSA (or ECDSA but certainly not EdDSA), which is [hard to get right](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html) and for which [index calculus attacks are improving each year](https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2501/original/20141227.pdf).

He goes on to talk about NaCI as a possible option (libsodium is from a fork of it) but points out that NaCI isn't as easily available as libsodium to non-C/Python developers. He shares a few reasons why he thinks "libsodium is so great" and a few reasons not to use it (mostly dealing with outside limitations, not technical ones). Finally he points you in the right direction to help you get started using libsodium for PHP as a PECL extension.

tagged: cryptography feature safe guide tutorial introduction pecl extension

Link: https://paragonie.com/blog/2015/09/how-to-safely-implement-cryptography-in-any-application

Community News:
Latest PECL Releases (09.29.2015)
Sep 29, 2015 @ 08:05:01

Latest PECL Releases:

  • WinCache

    • PHP7 Support
    • x64 Support
    • Remove opcode cache support
    • Remove custom SRW locking
    • Remove unused settings
    • Enforce NTS-only build
    • Comment clean up
    • Minor bug fixes and tweaks
  • eio 1.2.6
    Fix: uid/gid validation in eio_fchown Fix: compilation issue on OS X 10.11
  • solr 2.2.1
    - Fix windows build
  • pthreads 3.0.7
    fix issue destroying monitors (deadlocking on shutdown) remove Thread::kill disable auto-join on __destruct of Thread use global persistent shared strings table support compiling and linking with AddressSanitizer support
  • solr 2.2.0
    - Support Real Time Get (Request #68647) - Support Result Grouping (Request #68793) - Support Field Collapsing (Request #70175) - Support Expand Component (Request #70176) - SolrMissingMandatoryParameterException (Request #70301) - Fix SegFault on Solr Server 500 Response with no msg [xml RW] (Bug #69156) - Fix SegFault on non-phpserialized 500 responses from Solr Server with PHPS RW (Bug #69156) - Fix Failed to parse 500 error response when it lacks msg JSON/PHPS RW (Bug #70495, #70496) - Fix compatibility tests with Solr Server 5 (Bug #70333) - Fix Error unserializing raw response on statistics response having NaN as value (Bug #67394)
  • v8js 0.2.6
    - Fix reference counting issue on PHP->JS->PHP exception propagation
  • pecl_http 2.5.3
    * Fixed gh-issue #12: crash on bad url passed to httpMessage::setRequestUrl() * The URL parser now fails on empty labels
  • gRPC 0.6.0
    - support per message compression disable - expose per-call host override option - expose connectivity API - expose channel target and call peer - add user-agent - update to wrap gRPC C core library beta version 0.11.0
  • v8js 0.2.5
    - Stop JS execution on PHP exceptions (instead of continuing silently) - Allow propagation of PHP exceptions to JS context (disabled by default) - Add v8js.compat_php_exceptions php.ini switch to switch previous behaviour back on
  • SeasLog 1.4.4
    - Fixed issue #50 Fix error and exception hook dead loop. - Fixed support windows with new version. - Fixed trace_error default enable and trace_exception default disable.
tagged: pecl release

Link: http://pecl.php.net

Simon Holywell:
International PHP dates with intl
Jul 22, 2015 @ 12:55:33

Following up on his previous post about date/time handling and localization, Simon Holywell has posted an update with information about using the "Intl" extension for PHP to get it working with the more powerful PHP DateTime handling.

I wrote about localising dates (and other data) in a recent blog post, but unfortunately there were some shortcomings where time zones were concerned. As I alluded to in that post there is a way around this via the Intl extension that exposes a simple API to format DateTime instances. Thankfully this follow up post will be quite short as the setup is very simple for those of you on Ubuntu/Debian you can use the repositories.

He includes the commands you'll need to install the extension (via apt-get), compile it via the "pecl" command and update your php.ini file to enable it. He also includes some code examples showing how to use the IntlDateFormatter handling to work with dates, formats and calendars.

tagged: international datetime intl extension tutorial aptget pecl

Link: https://www.simonholywell.com/post/2015/07/international-php-dates-with-intl/

Hannes Magnusson:
Next Generation MongoDB Driver for PHP!
Apr 15, 2015 @ 11:41:50

Hannes Magnusson has a new post to his site talking about the new update to the MongoDB driver for PHP and its focus on simplicity.

For the past few months I've been working on a "next-gen" MongoDB driver for PHP -- codename "phongo". The aim was to build a new PHP extension ontop of the mongoc and libbson libraries to reduce maintenance of the extension itself and focus more on providing the ecosystem with improved support and libraries.

The new driver is available on PECL (called "mongodb", surprisingly enough). It doesn't include any of the bells and whistles found in the previous "mongo" driver. It doesn't include any `group` or `count` command helpers, and you won't find any Collection or Database objects; however, it really doesn't need any of these things.

He talks about the three basic things it can do: execute a command, a write or a query to locate records. He also answers the question many developers have about this shift to simplicity and provides a link to a PHP library to make porting over existing MongoDB handling simpler.

tagged: mongodb driver pecl extension language simplicity version release

Link: http://bjori.blogspot.com/2015/04/next-gen-mongodb-driver.html

Hannes Magnusson:
I have a dream
May 26, 2014 @ 09:23:54

In his latest post Hannes Magnusson describes his "dream" about a future for PHP where things like upgrading and working with extensions would be simpler, faster and more manageable.

Today we will revolutionize PHP. We will make it easier to upgrade the things you care about. We will make it easier to not upgrade things you don't want to upgrade. We will make it easier to distribute your extensions. We will make it easier to release according to your own schedule. We will make it easier to add functionality. We will make it easier to work. Ok, today is a white lie here maybe... I haven't actually implemented this, but bare with me here for a second.

With the introduction and huge growth of Composer, the PEAR package manager is fading in popularity and is slowly being abandoned. Unfortunately, it's still the primary mechanism for deploying and installing PHP extensions (PECL packages). He talks about some of his recent experience reviving a package and issues he had around the use of the packaging manager. He proposes the creation of a new "pecl install" tool - a package manager dedicated to PHP extensions, decoupled from PEAR.

The manager would just install basic PHP then leave it up to you to pick which features you need from there. The idea is still in its early stages, but the idea has taken roots and plans are being worked through to see if this idea will work for the future of the language.

tagged: pear pecl future language package manager extension

Link: http://bjori.blogspot.com/2014/05/i-have-dream.html

Mikko Koppanen:
Memcached protocol support
Nov 15, 2013 @ 11:15:38

Mikko Koppanen has posted about some updates he's making to the PECL memcached extension, more specifically around binary protocol support.

There are quite a few things still missing and only binary protocol is supported at the moment, but the code seems to work reasonably well in small-scale testing. I am not sure whether this is useful for anyone, but at least it allows things such as quick prototyping of network servers, exposing sqlite database over memcached protocol etc.

An example of code using this new functionality is included in the post showing how to create both a simple sever with attached "get" and "set" handlers and a client to connect to it and enable the binary protocol.

The code is still work in progress but it’s available in github: https://github.com/mkoppanen/php-memcached/tree/feature-server. Note that you need to compile libmemcached with –enable-libmemcachedprotocol and the PECL memcached extension with –enable-memcached-protocol.
tagged: memcached binary support protocol pecl update

Link: http://valokuva.org/memcached-protocol-support/

Rob Allen:
Setting up PHP & MySQL on OS X Mavericks
Nov 04, 2013 @ 09:52:25

For those that have made the switch to OSX Mavericks and are wondering how to get PHP and MySQL into a working state, Rob Allen has posted a quick guide to getting it all set up.

With OS X 10.9 Mavericks, Apple chose to ship PHP 5.4.17. This is how to set it up from a clean install of Mavericks. Note: If you don't want to use the built-in PHP or want to use version 5.5, then these are [other] alternatives: a binary package from Liip, Zend Server and a Homebrew install.

He provides all the commands you'll need to get things up and running including checking file/directory permissions, installing MySQL and using the command line to work with Apache (no more "Web Sharing"). He also includes the configuration changes to be made to the php.ini including how to enable Xdebug. There's lots of other good things included in the guide as well like setting up Composer, PHPUnit and how to compile a few handy extensions.

tagged: osx mavericks mysql install configure apache extension pear pecl phpunit

Link: http://akrabat.com/computing/setting-up-php-mysql-on-os-x-mavericks/

Hasin Hayder:
Installing gearmand, libgearman & pecl gearman for php from source in Debian 6 & 7
Oct 31, 2013 @ 11:55:51

Hasin Hayder has posted a complete guide to getting Gearman and PHP playing nicely together. The guide gives you a step by step (and command by command) list to follow so you don't have the same pains he did trying to get it working.

I had a pretty rough evening today. No, not because the waiter forgot to add sugar in my tea, but because it was so boring to go through the trial and errors of installing gearman daemon and pecl gearman extension for php.

He walks though the whole process, starting with the failures, that he took getting it installed. Unfortunately it wasn't just as easy as installing a package and using PECL to drop in the extension. There was other software packages that needed to be installed as well and were a bit harder to figure out - libboost, gperf, libevent, uuid-dev and libcloog-ppl-dev. With these installed, the PECL install command was finally able to build and he got the shared module he needed.

tagged: install guide gearman gearmand pecl debian source extension

Link: http://hasin.me/2013/10/30/installing-gearmand-libgearman-and-pecl-gearman-from-source/

Scott Arciszewski:
Using scrypt in PHP-based Websites
Oct 30, 2013 @ 10:48:18

Scott Arciszewski has posted a new tutorial to his site helping you get scrypt installed as an alternative to some of the other cryptographic functionality that's already supported by PHP (like bcrypt).

Most newbie PHP developers suck at developing user authentication systems. When not storing passwords in plaintext, they just wing it with a simple hash function and hope it's good enough. Instead of md5(), sha1(), or hash(), you should consider using scrypt, pbkdf2, or bcrypt. Today, I'll go through the steps required to start using scrypt in your web applications.

He walks you through the exact steps you'll need to get scrypt installed and working happily with PHP (provided you have root on the machine). Thankfully, it's pretty easy thanks to the scrypt extension provided through PECL. He gives a brief introduction to using the scrypt function and links to an updated version of a scrypt wrapper you can use in your applications.

tagged: scrypt cryptography hashing extension pecl tutorial

Link: https://s.arciszewski.me/blog/2013/10/php-scrypt-setup

Mohammad Emran Hasan:
Concurrent HTTP requests in PHP using pecl_http
Oct 07, 2013 @ 10:42:09

Mohammad Emran Hasan has posted a quick example of using the pecl_http extension to make concurrent HTTP requests.

The pecl_http extension has a little gem that can be handy at times – HttpRequestPool. Using this, you can send concurrent HTTP requests and can gain efficiency in fetching non-related data at once. For example, from an external source if your application needs to retrieve an user’s profile, their order history and current balance, you can send parallel requests to the API and get everything together.

His code shows three example connections to a made up URL on three different endpoints. With the HttpRequestPool functionality, all three can be requested at once and tracked to extract the response body.

tagged: concurrent http request httprequestpool pecl peclhttp extension

Link: http://emranhasan.com/2013/09/concurrent-requests-in-php-using-pecl_http/