Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Generate Random Alphanumeric Strings in PHP
Nov 21, 2018 @ 17:52:17

On the NetTuts.com site they've posted a tutorial showing how to generate random alphanumeric strings in PHP including information on how the different "randomness" methods work in PHP (and when to use which method).

Let me begin this post by saying that almost no event is truly random. Even the outcome of a classic coin toss could in theory be predicted if we knew the effect of every factor involved, like air friction, gravity, and initial force.

The same thing is applicable to the generation of random numbers and alphanumeric strings. The best we can hope for is to generate numbers and strings that don't seem to follow a pattern and can't be practically predicted by an attacker.

In this tutorial, we will cover different techniques for generating random numbers and alphanumeric strings in PHP. Some of them will be cryptographically secure, while others are meant only for casual use, like assigning pseudo-random file names or creating URLs and suggesting usernames.

They start with a look at generating random numbers using the rand, mt_rand and random_int functions. There's a mention of which to use when cryptographically secure random integers are needed as well. They also talk about seeding the random number generator and generating random float values.

From there they move on to the focus of the article - generating the random alphanumeric strings using a few different methods:

  • generating "shuffled" strings
  • generating random strings
  • generate random hexadecimal strings
  • generating cryptographically secure random strings

Each of the above sections (as well as the previous ones) come with code examples and explanations of the randomness each provides.

tagged: generate random alphanumeric strings tutorial cryptography

Link: https://code.tutsplus.com/tutorials/generate-random-alphanumeric-strings-in-php--cms-32132

TutsPlus.com:
Trigonometry, Random Numbers and More With Built-in PHP Math Functions
Oct 16, 2018 @ 16:56:01

The TutsPlus.com site has another great PHP tutorial for those new to the language covering mathematical functionality in the language, from the basics out to more complex topics like trigonometry and random number generation.

Basic maths is used a lot during programming. We need to frequently compare, add, multiply, subtract and divide different values when writing code.

Sometimes, the maths required in a program can be more involved. You might need to work with logarithmic, trigonometric or exponential functions. In this tutorial, I'll discuss how to use each of these functions in PHP, with examples.

This tutorial will introduce you to the built-in math functions in PHP for doing trigonometry, exponentiation, and logarithm calculations. We'll also look at rounding and generating random numbers.

They start off with some of the "heavy hitters" in PHP's math functionality and how how to perform trigonometric operations with the likes of sin, cos and tan. This is applied to create an interesting dynamic image using the GD functionality. Next up comes the exponential and logarithmic functions with simple examples followed by a section sharing some other useful math functions for more everyday needs.

tagged: tutorial math trigonometry random number introduction

Link: https://code.tutsplus.com/tutorials/mathematical-functions-in-php--cms-31972

TutsPlus.com:
Using the Twitter API to Tweet Repetitive Content
May 03, 2017 @ 14:58:18

On the TutsPlus.com site they've continued their series covering the use of the Twitter API from PHP. In this latest tutorial author Jeff Reifman shows you how to use the API to tweet content repetitively at different intervals and with randomized content. The tutorial uses a Yii2 framework application as its base.

Welcome back to our coverage of the Twitter API. If you use Twitter, you may have come across a friend sharing tweets from the @infinite_scream bot (shown above). I know it's mostly a bot because it tweets at ten-minute intervals. But it varies the string length of its virtual screams to avoid being blocked by the Twitter's API's infamous undocumented restrictions. Tweet too frequently or repeat the same content and you'll find your bots hopelessly blocked.

Recently, an online friend asked me to help them write code for a bot that might repeat but provide some intelligent content variation. In today's tutorial, I'll write about how to do this with the Twitter API.

He starts off with the registration of a new Twitter application and the creation of the table to store the tweet variations. Next he uses the CRUD and model generators in Yii2 to build out the model and controller skeletons. He then creates the migrations/tables/models for the random hashtags and URLs the bot will include in its tweets. Finally, he shows the creation of the code to make the random tweets and how he made the choice of when to tweet. The post ends with the code to send off the tweet (the job) and an example of the results.

tagged: twitter api repetitive content tutorial series bot random

Link: https://code.tutsplus.com/tutorials/using-the-twitter-api-to-tweet-repetitive-content--cms-28096

Scotch.io:
Laravel Random Keys with Keygen
Jan 27, 2017 @ 18:44:13

On the Scotch.io site they've posted a new Laravel-related tutorial covering the use of the keygen package to generate random keys via four generator types. These keys can be used for just about anything in your application and can be customized to fit your length and complexity requirements. One thing to note, however, is that the strings it generates are random but should not be considered strong enough to use for actual encryption purposes.

When developing applications, it is usually common to see randomness come into play - and as a result, many programming languages have built-in random generation mechanisms.

[...] When your application is required to generate very simple random character sequences like those enumerated above, then the Keygen package is a good option to go for. Keygen is a PHP package for generating simple random character sequences of any desired length and it ships with four generators, namely: numeric, alphanumeric, token and bytes.

For their example they chose to create a simple REST API service that allows for user creation, viewing users and generating a random (temporary) password using the Keygen package. They start by helping you get the package installed (via Composer) and adding an alias to your Laravel config for "Keygen" to make it easier to access. They then create the user model and add in a "setEmailAttribute" method to verify the email value submitted (for format and uniqueness). Next up is the route definition for the "user" endpoints, creation of the API controller and implementing the Keygen tool to create a random eight digit code for the user. They also include a few strategies to ensure the code generated (and the resulting hash) is unique across all users. The reminder of the post shows the full user creation, and implementing the remaining methods required to view the user's details.

tagged: laravel random key keygen tutorial package rest api

Link: https://scotch.io/tutorials/laravel-random-keys-with-keygen

Matt Trask:
Looking at Ramsey UUID
Aug 24, 2016 @ 14:16:56

Matt Trask has put together a new post spotlighting a handy library that's widely used across the PHP ecosystem for generating UUIDs: ramsey/uuid.

Welcome to the first installment in my 2113918230981 part series, "Better know a Package!". Tonight's package: the famous/infamous Uuid package that that taught us all what Ramsey is in Scottish, Rhumsaa. Created to give PHP a library to generate Universal Unique Identifiers, this library has been a stallwort in the community. Ben Ramsey created it first under the Rhumsaa namesapce before moving it to the Ramsey namespace, saving us all from learning more Scottish then we needed to ever learn.

[...] A UUID, or Universally Unique Identifier, will generate a 128 bite unique key in different series based on the version you asked for. RFC-4122 dictates how Uuids should be generated, and recommends 4 types.

Matt then goes on to describe each of the different UUID types and provides some code examples as illustration:

  • Version 1: Time and MAC addressed based Uuid
  • Version 2: DCE-based
  • Version 3: UUIDs based on a namespace and then it is MD5 hashed
  • Version 4: Random generation (based on the output of random_bytes

He also includes examples of the UUIDs output by each method (not much difference there as the structure of the resulting UUID is all the same).

tagged: uuid ramsey library introduction types namespace random mac time tutorial

Link: http://matthewtrask.net/blog/Looking-At-Ramsey-Uuid/

Tighten.co:
Creating a password-less, Medium-style, email-only authentication system in Laravel
Mar 14, 2016 @ 14:29:55

On the Tighten.co blog Matt Stauffer shows how to make a password-less authentication system similar to what the popular site Medium uses centered around emails sent to the account for the user.

Recently I was working on a project where one of our major pain points was users' passwords. Users were added to the application by administrators, so they didn't have passwords when they were first added, and forcing them to set and remember passwords was a big hitch on the project's usability.

So, we decided to try out a Medium/Slack-inspired password-less login. If you've never had the chance to work with this, the login system works like this: enter your email address on the login page, get emailed a login link, click the link, and now you're logged in. Access to your email address proves your identity without the need for a password.

He walks you through the process of disabling the current password-based flow by creating and modifying the default "make:auth" results. When the user comes to the site, they're asked to log in via sending an email. This email contains a unique token attached to a link that matches one on the server side related to the user. He shows how to build out this relation table, the matching model and the endpoint used to verify the hash once the user clicks on the link.

tagged: laravel password email login medium link random hash tutorial

Link: http://blog.tighten.co/creating-a-password-less-medium-style-email-only-authentication-system-in-laravel

SitePoint PHP Blog:
Randomness in PHP – Do You Feel Lucky?
Oct 29, 2015 @ 18:52:24

The SitePoint PHP blog has a post from author Nicola Pietroluongo talking about randomness in PHP. In the tutorial he talks about randomness, how it relates to cryptography and what's coming in PHP 7 to help.

This article analyzes problems related to random number generation used for cryptography purposes. PHP 5 does not provide an easy mechanism for generating cryptographically strong random numbers, while PHP 7 solves this by introducing a couple of CSPRNG functions.

He starts off by talking about what a CSPRNG (cryptographically secure pseudorandom number generator) is and some of the things it could be used for. He then moves on to the functionality coming in PHP 7 with the addition of the random_* functions for getting random bytes and random integer values. He talks briefly about what's going on "behind the scenes" of the generation and provides a simple code example with a randomized "dice roll" and the resulting numbers. He ends the post mentioning the random_compat library that can be installed for pre-PHP 7 applications that provides the same functionality just without those two functions defined.

tagged: random generation csprng number generator tutorial php7 php5 randomcompat

Link: http://www.sitepoint.com/well-do-ya-punk/

Paragon Initiative:
Coming to WordPress 4.4: CSPRNG
Oct 12, 2015 @ 17:52:42

The Paragon Initiative blog has a post from Scott Arciszewski about a new feature coming to upcoming WordPress versions - the use of a cryptographically security random number generator starting in version 4.4.0.

At Paragon Initiative Enterprises, we believe that security should be the default state of affairs, not something only in the reach of security experts. That is why [...] our team spends a great deal of time working to improve the security of popular free and open source software.

Today, we're pleased to announce an exciting security enhancement coming to WordPress in the next major version. Starting in 4.4.0, wp_rand() is cryptographically secure on all platforms.

He walks the reader through the "road" that's lead to the introduction of this support and the work he did in the past to help push the project (and others) towards it. Given that the WordPress project has a lot of emphasis on backwards compatibility, effort need to be put into a method that would work across new and old PHP versions. The random_compat library was created and was adopted not only by WordPress but also by several other major PHP projects.

Our part in this long and crazy journey has reached its end. In the course of fixing the same flaw in two distinct projects, the PHP community banded together to identify and expunge a bug in the PHP core, create a new feature in PHP 7, and in some small way helped to secure the CMS that powers more than 20% of websites on the Internet.
tagged: wordpress csprng random number generator cryptography security

Link: https://paragonie.com/blog/2015/10/coming-wordpress-4-4-csprng

Paragon Initiative:
How to Safely Generate Random Strings and Integers in PHP
Jul 08, 2015 @ 17:49:51

The Paragon Initiative blog has posted a guide to what they see as a way to safely generate random strings and integers in PHP applications.

Generating useful random data is a fairly common task for a developer to implement, but also one that developers rarely get right. [...] It's generally not okay to use a weak random number generator unless both of the following two conditions are met: the security of your application does not depend in any way on the value you generate being unpredictable or there is no requirement for each value to be unique (up to a reasonable probability).

He gives some examples of places where it's a must to use a "cryptographically secure pseudo-random number generator" including generating random passwords, encryption keys or IVs for data in CBC mode. The article goes on to talk about some of the problems that could come from using weak generators. It then gets into the process for generating random values and the use of the random_* functions in PHP (or using this polyfill) to more safely generate the numbers. Included is code showing the process and some advice around converting random bytes to both strings and integers.

tagged: safe generation random string integer php7 randomcompat security

Link: https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php

Giorgio Sironi:
Property-based testing primer
Jun 19, 2015 @ 17:15:29

Giorgio Sironi has a new post to his site today talking about a method (and tool) around a different sort of testing practice: property-based testing. The difference is that, instead of hard-coding values and evaluating them post-processing, you're generating random values and ensuring they match against a set of properties, not values.

I'm a great advocate of automated testing and of finding out your code does not work on your machine, 30 seconds after having written it, instead of in production after it has caused a monetary loss and some repair work to be performed. [...] However, classic test suites written with xUnit and BDD styles have some scaling problems they hit when you want to exercise more than some happy paths. [...] Property-based testing is an approach to testing coming from the functional programming world.

He helps to make the point a bit more clear with an example of testing the "sort" function and its results. He talks about how to test it using normal data, empty data, etc. but notes that this kind of testing can become "boring and error-prone". Instead he proposes the property-based testing of the results. He generates random values to feed into the method and checks to ensure the results are sorting by comparing them to each other. He expands this with a bit more complex example, showing how to test some DateTime handling and evaluating the result with logic in a closure. To help make this kind of testing easier, he's created a library (Eris) that extends PHPUnit and provides the methods seen in his examples.

tagged: property testing unittest phpunit extension random datetime sort eris

Link: http://www.giorgiosironi.com/2015/06/property-based-testing-primer.html


Trending Topics: