Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Sending and Receiving SMS with Laravel and Nexmo
Aug 05, 2016 @ 12:36:05

On the Laravel News site they've posted a tutorial from Phil Leggetter showing you how to integrate your application with Nexmo to be able to send and receive SMS messages in your Laravel application.

In this quick tutorial by Phil Leggetter, we’ll cover how you can both send and receive SMS from your Laravel application. We’ll do this using Nexmo, a cloud communications platform that offers APIs for provisioning phone numbers, sending and receiving SMS (which is handy since we’ll use that), making and receiving phone calls and more.

He starts off with some prerequisites you'll need to get the system working (including an account on Nexmo and their command line tool). They create a fresh Laravel application and integrate the Nexmo PHP package into it as a service provider. With that installed he shows how to send an SMS message to a phone number, how to "rent" a number they can reply to and receiving the callback when they send a response. The post finishes with the setup of an "auto-responder" that just confirms that the message was received.

tagged: nexmo laravel tutorial integration send receive message rent number

Link: https://laravel-news.com/2016/08/sending-receiving-sms-laravel-nexmo/

SitePoint PHP Blog:
Localizing Dates, Currency, and Numbers with Php-Intl
May 23, 2016 @ 12:52:32

On the SitePoint PHP blog Younes Rafie has continued his series about the PHP "Intl" extension for use in internationalizing an application. in this second part of the series he moves away from just strings and looks at using it for currencies and numbers.

The first part of this series was an introduction of the PHP Intl extension and of how to localize your application’s messages. In this part, we’re going to learn about localizing numbers, dates, calendars, and similar complex data.

The post is broken down into a few different sections, each with their own examples:

  • Localizing Decimals
  • Localizing Currencies
  • Timezones
  • Calendars

The "Intl" extension makes these operations relatively simple with plenty of built-in objects and methods to help with the translations between the formats. You can find out more about this extension in the PHP manual.

tagged: date currency localization number tutorial intl extension series part2

Link: https://www.sitepoint.com/localizing-dates-currency-and-numbers-with-php-intl/

SitePoint PHP Blog:
Randomness in PHP – Do You Feel Lucky?
Oct 29, 2015 @ 13:52:24

The SitePoint PHP blog has a post from author Nicola Pietroluongo talking about randomness in PHP. In the tutorial he talks about randomness, how it relates to cryptography and what's coming in PHP 7 to help.

This article analyzes problems related to random number generation used for cryptography purposes. PHP 5 does not provide an easy mechanism for generating cryptographically strong random numbers, while PHP 7 solves this by introducing a couple of CSPRNG functions.

He starts off by talking about what a CSPRNG (cryptographically secure pseudorandom number generator) is and some of the things it could be used for. He then moves on to the functionality coming in PHP 7 with the addition of the random_* functions for getting random bytes and random integer values. He talks briefly about what's going on "behind the scenes" of the generation and provides a simple code example with a randomized "dice roll" and the resulting numbers. He ends the post mentioning the random_compat library that can be installed for pre-PHP 7 applications that provides the same functionality just without those two functions defined.

tagged: random generation csprng number generator tutorial php7 php5 randomcompat

Link: http://www.sitepoint.com/well-do-ya-punk/

Paragon Initiative:
Coming to WordPress 4.4: CSPRNG
Oct 12, 2015 @ 12:52:42

The Paragon Initiative blog has a post from Scott Arciszewski about a new feature coming to upcoming WordPress versions - the use of a cryptographically security random number generator starting in version 4.4.0.

At Paragon Initiative Enterprises, we believe that security should be the default state of affairs, not something only in the reach of security experts. That is why [...] our team spends a great deal of time working to improve the security of popular free and open source software.

Today, we're pleased to announce an exciting security enhancement coming to WordPress in the next major version. Starting in 4.4.0, wp_rand() is cryptographically secure on all platforms.

He walks the reader through the "road" that's lead to the introduction of this support and the work he did in the past to help push the project (and others) towards it. Given that the WordPress project has a lot of emphasis on backwards compatibility, effort need to be put into a method that would work across new and old PHP versions. The random_compat library was created and was adopted not only by WordPress but also by several other major PHP projects.

Our part in this long and crazy journey has reached its end. In the course of fixing the same flaw in two distinct projects, the PHP community banded together to identify and expunge a bug in the PHP core, create a new feature in PHP 7, and in some small way helped to secure the CMS that powers more than 20% of websites on the Internet.
tagged: wordpress csprng random number generator cryptography security

Link: https://paragonie.com/blog/2015/10/coming-wordpress-4-4-csprng

Stanislav Malyshev:
Objects as keys
Dec 15, 2014 @ 09:18:50

In his latest post Stanislav Malyshev looks at a RFC he's proposed to allow array keys to be objects including some of his thoughts behind the proposal and how he sees it being helpful to the language.

I’m going to put to vote soon another of my RFCs, namely one about “objects as keys“. So, I want to outline the case for it here and address some criticisms and questions raised while discussing it.

He starts off by answering the "why" question, mentioning specially the introduction of things like GMP numbers and how, despite them seeming to work like numbers, other things can be done with them. He talks about how you'd use this functionality "the right way" and how that'd relate back to value objects. He answers a few other questions about the proposal including why it's better than just using __toString or spl_object_hash instead. He spends the rest of the post looking at some of the implementation problems, disadvantages and some of the possible names (function names) for the handling.

tagged: object array key rfc proposal gmp number

Link: http://php100.wordpress.com/2014/12/14/objects-as-keys/

SitePoint PHP Blog:
Arbitrary Precision and Big Numbers in PHP
Jan 30, 2014 @ 10:20:46

The SitePoint PHP blog has a new post by Taylor Ren looks at big numbers in PHP and the functionality it has to handle arbitrary precision via three modules - GMP. BC Math and php-bignumbers.

In this article, we will review the PHP capability to provide arbitrary precision number calculation / big integer calculation by reviewing 3 PHP modules: GMP, BC Math and php-bignumbers. We will demonstrate two real-world examples to see the powers/limitations of each. The first one will be calculating PI to arbitrary precision – well, for the sake of the article, we will restrict the precision, say, to 1000 digits; the second will be a simple demonstration on RSA encryption/decryption.

He briefly looks at how to get the tools installed (via at-get or Composer) and a sample script to ensure that they're all included correctly and working. He includes a comparison between the three libraries, listing both strengths and weaknesses relative to the others. He then gets a bit more in-depth and shows how to calculate PI with each option (code is on GitHub) and the results of the benchmarking. He also includes a second example of calculating the RSA algorithm based on their process.

tagged: arbitrary precision big number gmp phpbignumbers bcmath tutorial

Link: http://www.sitepoint.com/arbitrary-precision-big-numbers-php/

Timoh's Blog:
Secure random numbers for PHP developers
Nov 06, 2013 @ 09:20:55

Timoh has posted a look at random number generation to his site, focusing on one of the many methods to produce truly random number - using /dev/(u)random (available on Unix-based filesystems).

How would you gather cryptographically secure random bytes in your PHP application? This is actually quite a good question. It used to be, and seems, it still is not that uncommon to just simply call mt_rand() function to get the job done creating user’s “initial password”, for example. A bit more experienced reader will notice there is a security bug. [...] But actually only a few [functions to get random values] can be recommended for security sensitive purposes. And now I’m not talking about openssl_random_pseudo_bytes().

He starts with a look at openssl_random_pseudo_bytes and why there might be something wrong with its use - mainly that OpenSSL has had its own share of security issues in the past. Of the two random resources he recommends /dev/urandom as it's less blocking and more useful for web applications. He recommends the RandomCompat library if you need to take this random data and transform it into integers (with one caveat).

tagged: secure random number generation devurandom urandom openssl

Link: http://timoh6.github.io/2013/11/05/Secure-random-numbers-for-PHP-developers.html

How to Create Your Own Random Number Generator in PHP
Feb 09, 2012 @ 10:03:35

On SitePoint.com today there's a new tutorial showing how to create a random number generator in PHP (with the help of methods like mt_rand and mt_srand).

Computers cannot generate random numbers. A machine which works in ones and zeros is unable to magically invent its own stream of random data. However, computers can implement mathematical algorithms which produce pseudo-random numbers. They look like random numbers. They feel like random distributions. But they're fake; the same sequence of digits is generated if you run the algorithm twice.

Included in the post is code showing how to use the random functions and how to create a class (Random) that provides a few methods to help make generation easier - "seed" and "num". It first calls "seed" with a number to start the random generator off with and then "num" in a loop to pull out random values based on that.

tagged: random number generator tutorial introduction mtrand


Anthony Ferrara's Blog:
Random Number Generation In PHP
Jul 21, 2011 @ 10:03:28

Anthony Ferrara has a new post to his blog today looking at true random number generation as it relates to predictability and bias. He also talks about a method/tool you can use (based on RFC 4086) to generate truly random numbers - PHP-CryptLib.

When we talk about "random" numbers, we generally talk about two fundamental properties: Predictability and Bias. Both are closely related, but are subtly different. Predictability in reference to random numbers is the statistical problem of predicting the next value when knowing any number of previous values. Bias on the other hand is the statistical problem of predicting the next value when knowing the distribution of previous values.

He looks at how predictability can effect true random number generation and a common mistake in generation related to bias in the calculation method. He talks about some of the functions PHP includes to work with randomness, but notes that they all have their flaws. He points to the PHP-CryptLib package as a solution (adhering to the guidelines in RFC 4086 for randomness). He includes some sample code of how to use it to generate random numbers, tokens and sets of bytes. You can find the full source over on github.

tagged: random number generation library phpcryptlib library predictability bias


Lorna Mitchell's Blog:
Script for Database Patching at Deploy Time
Apr 15, 2011 @ 08:51:31

As a part of one of her projects, Lorna Mitchell had a need to deploy database patches as a part of her overall deployment process. Obviously, doing this manually every time can be a hassle so she came up with a script that does the work for her (based on a patch_history table).

My current project (BiteStats, a simple report of your google analytics data) uses a basic system where there are numbered patches, and a patch_history table with a row for every patch that was run, showing the version number and a timestamp. When I deploy the code to production, I have a script that runs automatically to apply the patches.

The script uses the number-based patch names (such as patch1.sql) and finds the latest ones that haven't been applied based on the highest values for the patch_number column in the database. This number is updated by the patches themselves when they're run to avoid any confusion in the script itself. She has it running as a part of her phing build process as a part of a Zend Framework application.

tagged: deployment database patch number history mysql table phing