Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Prefix Trees and Parsers
May 19, 2015 @ 10:13:18

Anthony Ferrara has a new post, following up from his previous look at tries and lexers, continuing along the path to apply what he learned to a HTTP routing system.

In my last post, Tries and Lexers, I talked about an experiment I was doing related to parsing of JavaScript code. By the end of the post I had shifted to wanting to build a HTTP router using the techniques that I learned. Let's continue where we left off...

He starts off with thinking that lexing and parsing the routes out into their respective tokens instead of breaking them up as many do (i.e. splitting on the slashes). He shows the results of this lexing and some parser code to handle these results and turn them into something useful. He did find that the current setup caused a lot of overhead (255 new states per character) so he optimizes the processing with a "default" trie but it was still pretty intensive.

He decided to go a different way at this point, opting for the radix tree structure instead. He includes the implementation of this tree for parsing the routes and his matching lexer updates. Finally he shows how to apply code generation to the results of these changes and how coming back to the "slash splitting" could help...

tagged: lexer parser example prefix tree radixtree route matching slashes

Link: http://blog.ircmaxell.com/2015/05/prefix-trees-and-parsers.html

Anthony Ferrara:
Seven Ways To Screw Up BCrypt
Dec 21, 2012 @ 12:20:04

If you're going to be rolling your own user handling in your application, no doubt you've heard that something like bcrypt-ing your passwords is a good idea. Well, Anthony Ferrara has some suggestions for you and shows you seven ways you can "screw up" when trying ti implement it.

There are numerous articles on the web about how to properly use bcrypt in PHP. So this time, rather than write yet-another-how-to-use-bcrypt article, I'm going to focus on the mistakes that are commonly made when implementing bcrypt.

Here's the list of seven ways (each has its own description in the post):

  • Using A Non-Random Salt
  • Using An Incorrect Random Source for Salt Generation
  • Using Too Weak Of A Cost Parameter
  • Using The Wrong PHP Version
  • Using The Wrong Prefix
  • Not Checking For Errors
  • Not Using A Library

He also includes two "bonus" things to consider: "Not Using A Timing Safe Comparison" and "Not Encoding The Salt Correctly".

tagged: bcrypt screwup implementation suggestion salt random prefix library

Link:

Rob Allen's Blog:
Akrabat_Db_Schema_Manager: table prefix support
Jun 21, 2010 @ 09:14:52

Rob Allen has a new post to his blog today talking about an update he's made to the Akrabat_Db_Schema_Manager component for the Zend Framework to allow it to support table prefixes.

I've updated Akrabat_Db_Schema_Manager so that it now supports table prefixes. It uses the application.ini key of resources.db.table_prefix as I couldn't think of a better one :) and then uses that for the schema_version table's name and also makes it available in your change objects.

He illustrates with a sample setting for your application.ini file and some code to handle the creation and deletion of tables using this prefix setting.

Note that you are responsible for using the prefix property as the change classes cannot enforce what you do within the up() and down() methods. It also follows that you'll have to ensure that your models also use the correct prefix.
tagged: akrabatdbschemamanager zendframework component table prefix

Link:

Richard Thomas' Blog:
Solar Framework Shorts - Multitenant caching
Sep 21, 2009 @ 08:03:59

Richard Thomas has posted another Solar short with a quick tip on using the framework to cache data correctly (and under different prefixes) automatically even for multi-tenant sites.

This gets even more problematic if you support third party developers/modules as they have to follow the same rules as well. Head problems off at the pass by using the Solar_Cache prefix config. This bit of code would be placed as soon you "identify" the site in question and get some sort of unique id for that site.

All it takes is creating a Solar_Cache object (set into the Solar_Registry object) with the prefix for any and all scripts to pull out and use. This can even be used with the Solar models to cache data pulled from the database automatically.

tagged: solar framework cache prefix tutorial

Link:

Justin's Blog:
How to secure your wordpress blog - part 2
Apr 15, 2009 @ 11:19:47

Justin had written up a previous article with a few quick ways to secure your WordPress blog and he's come back with a few more helpful hints on how to keep you and your blog safe.

The following is a list of some additional changes that you can make to improve the security of your wordpress installation (Backup wp-config.php and your db tables before trying the following).

Here's his new list of recommendations:

  • Change the default table prefix
  • Install WP-Scanner
  • Change permissions on the WordPress to only be writable by you and root
tagged: secure wordpress blog table prefix permissions wpscanner

Link:

SaniSoft Blog:
The prefix automagic in CakePHP routing
Apr 09, 2008 @ 13:06:18

On the SaniSoft blog, Tarique Sani talks briefly about some of the prefix "automagic" that's already built in to the CakePHP framework's routing.

There are times when you need more than just admin routing, how about something like http://blah.com/user/profiles/edit and http://blah.com/user/profiles/changepassword ? If this could be routed to an action like user_add and user_changepassword wouldn't it be great!! (eg: think ownership ACL checks)

Good thing the CakePHP developers already planned for something like this - they included the connect() method for Router objects that maps the URL request to a method with that same prefix in the controller.

tagged: cakephp framework prefix routing magic connect

Link:

DevShed:
MySQL Table Prefix Changer Tool in PHP
Jan 02, 2008 @ 09:54:00

On DevShed today there's a new tutorial showing a method for preventing SQL injection attacks on your site - a MySQL table prefix changer.

Changing these [table] prefixes can be a tedious job if you had to do it manually. Even tools like phpMyAdmin don't provide a clean, quick method of doing this. But with a little help from PHP, we are able to create our own tool very quickly.

The tutorial follows the construction of the tool, making the modifications to the current database tables and pushing all of the changes back into the database.

tagged: table prefix changer tutorial mysql table prefix changer tutorial mysql

Link:

DevShed:
MySQL Table Prefix Changer Tool in PHP
Jan 02, 2008 @ 09:54:00

On DevShed today there's a new tutorial showing a method for preventing SQL injection attacks on your site - a MySQL table prefix changer.

Changing these [table] prefixes can be a tedious job if you had to do it manually. Even tools like phpMyAdmin don't provide a clean, quick method of doing this. But with a little help from PHP, we are able to create our own tool very quickly.

The tutorial follows the construction of the tool, making the modifications to the current database tables and pushing all of the changes back into the database.

tagged: table prefix changer tutorial mysql table prefix changer tutorial mysql

Link: