News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Arbitrary Precision and Big Numbers in PHP
January 30, 2014 @ 10:20:46

The SitePoint PHP blog has a new post by Taylor Ren looks at big numbers in PHP and the functionality it has to handle arbitrary precision via three modules - GMP. BC Math and php-bignumbers.

In this article, we will review the PHP capability to provide arbitrary precision number calculation / big integer calculation by reviewing 3 PHP modules: GMP, BC Math and php-bignumbers. We will demonstrate two real-world examples to see the powers/limitations of each. The first one will be calculating PI to arbitrary precision - well, for the sake of the article, we will restrict the precision, say, to 1000 digits; the second will be a simple demonstration on RSA encryption/decryption.

He briefly looks at how to get the tools installed (via at-get or Composer) and a sample script to ensure that they're all included correctly and working. He includes a comparison between the three libraries, listing both strengths and weaknesses relative to the others. He then gets a bit more in-depth and shows how to calculate PI with each option (code is on GitHub) and the results of the benchmarking. He also includes a second example of calculating the RSA algorithm based on their process.

0 comments voice your opinion now!
arbitrary precision big number gmp phpbignumbers bcmath tutorial

Link: http://www.sitepoint.com/arbitrary-precision-big-numbers-php/

Timoh's Blog:
Secure random numbers for PHP developers
November 06, 2013 @ 09:20:55

Timoh has posted a look at random number generation to his site, focusing on one of the many methods to produce truly random number - using /dev/(u)random (available on Unix-based filesystems).

How would you gather cryptographically secure random bytes in your PHP application? This is actually quite a good question. It used to be, and seems, it still is not that uncommon to just simply call mt_rand() function to get the job done creating user's "initial password", for example. A bit more experienced reader will notice there is a security bug. [...] But actually only a few [functions to get random values] can be recommended for security sensitive purposes. And now I'm not talking about openssl_random_pseudo_bytes().

He starts with a look at openssl_random_pseudo_bytes and why there might be something wrong with its use - mainly that OpenSSL has had its own share of security issues in the past. Of the two random resources he recommends /dev/urandom as it's less blocking and more useful for web applications. He recommends the RandomCompat library if you need to take this random data and transform it into integers (with one caveat).

0 comments voice your opinion now!
secure random number generation devurandom urandom openssl

Link: http://timoh6.github.io/2013/11/05/Secure-random-numbers-for-PHP-developers.html

SitePoint.com:
How to Create Your Own Random Number Generator in PHP
February 09, 2012 @ 10:03:35

On SitePoint.com today there's a new tutorial showing how to create a random number generator in PHP (with the help of methods like mt_rand and mt_srand).

Computers cannot generate random numbers. A machine which works in ones and zeros is unable to magically invent its own stream of random data. However, computers can implement mathematical algorithms which produce pseudo-random numbers. They look like random numbers. They feel like random distributions. But they're fake; the same sequence of digits is generated if you run the algorithm twice.

Included in the post is code showing how to use the random functions and how to create a class (Random) that provides a few methods to help make generation easier - "seed" and "num". It first calls "seed" with a number to start the random generator off with and then "num" in a loop to pull out random values based on that.

0 comments voice your opinion now!
random number generator tutorial introduction mtrand


Anthony Ferrara's Blog:
Random Number Generation In PHP
July 21, 2011 @ 10:03:28

Anthony Ferrara has a new post to his blog today looking at true random number generation as it relates to predictability and bias. He also talks about a method/tool you can use (based on RFC 4086) to generate truly random numbers - PHP-CryptLib.

When we talk about "random" numbers, we generally talk about two fundamental properties: Predictability and Bias. Both are closely related, but are subtly different. Predictability in reference to random numbers is the statistical problem of predicting the next value when knowing any number of previous values. Bias on the other hand is the statistical problem of predicting the next value when knowing the distribution of previous values.

He looks at how predictability can effect true random number generation and a common mistake in generation related to bias in the calculation method. He talks about some of the functions PHP includes to work with randomness, but notes that they all have their flaws. He points to the PHP-CryptLib package as a solution (adhering to the guidelines in RFC 4086 for randomness). He includes some sample code of how to use it to generate random numbers, tokens and sets of bytes. You can find the full source over on github.

0 comments voice your opinion now!
random number generation library phpcryptlib library predictability bias


Lorna Mitchell's Blog:
Script for Database Patching at Deploy Time
April 15, 2011 @ 08:51:31

As a part of one of her projects, Lorna Mitchell had a need to deploy database patches as a part of her overall deployment process. Obviously, doing this manually every time can be a hassle so she came up with a script that does the work for her (based on a patch_history table).

My current project (BiteStats, a simple report of your google analytics data) uses a basic system where there are numbered patches, and a patch_history table with a row for every patch that was run, showing the version number and a timestamp. When I deploy the code to production, I have a script that runs automatically to apply the patches.

The script uses the number-based patch names (such as patch1.sql) and finds the latest ones that haven't been applied based on the highest values for the patch_number column in the database. This number is updated by the patches themselves when they're run to avoid any confusion in the script itself. She has it running as a part of her phing build process as a part of a Zend Framework application.

0 comments voice your opinion now!
deployment database patch number history mysql table phing


AjaxRay.com:
Extending Zend Form Element to create customized Phone number field
September 02, 2010 @ 08:05:06

On the AjaxRay.com site today there's a new tutorial for the Zend Framework users out there with a library they can use to extend Zend_Form for custom phone number fields.

When taking Phone number as user input, we can worn users about phone number format by setting a hint/description and can validate using Regular Expression. [...] Now, if we try provide this feature in Zend Form, that's possible. We can create three individual Zend_Form_Element_Text objects and join there value together to make the phone number. But, in this case, validating them together is a hassle.

Instead of separate fields, the library they create makes it simple to handle them as a whole field. It works as a helper for Zend_Form and lets you set things like the separator between the text fields, a "format" string and a validator to apply to their fields (in the example code, it's the "digits" validator). Sample code is included to show you how it fits in your form.

0 comments voice your opinion now!
zendform extend phone number custom field tutorial


php|architect:
Possible vulnerabilities found in PHP session IDs
April 12, 2010 @ 08:29:00

Beth Tucker Long has posted a new warning about a possible issue with session IDs in PHP dealing with weak random numbers being generated by the language when making the IDs.

Seclists.org has posted an advisory titled "Weak RNG in PHP session ID generation leads to session hijacking." RNG stands for Random Number Generation, and the advisory is warning that not enough entropy is being used to seed the RNG; this, in turn, can lead to a reduced number of possible session IDs under certain specific conditions, thus making brute force session spoofing easier, if not bringing it into the realm of feasibility.

The threat is only marked at a "medium" level of severity, but it could still cause problems if you're not careful. There are specific conditions that have to be in place for it to be a problem including using the standard PHP session generation and that the app shares the information about remote users. To protect yourself you can either install Suhosin and don't use the result of set an external source for entropy to help randomize the session ID even more.

0 comments voice your opinion now!
sessionid vulnerability rng random number entropy


Klaus Graefensteiner's Blog:
Two ways to test for prime numbers in PHP Sieve and File
February 26, 2010 @ 13:33:43

In a new post to his blog Klaus Graefensteiner takes a look at two ways to test for prime numbers both with Sieve and from a file.

In PHP is really no ideal way to test large integers and determine whether they are prime numbers or not. The most popular algorithm for finding prime numbers is a memory and resource hog. It is called The Sieve of Eratosthenes.

You can get more of an idea on this method in this video and in this example from Wikipedia. He includes the full source for his solution that includes methods like isInteger, isPositive, isPerfectSquare and isPalindromicPrime. The script is also available for download.

0 comments voice your opinion now!
prime number tutorial sieve


PHPBuilder.com:
Math & Number Handling in PHP - The ABCs of PHP Part 6
April 22, 2009 @ 07:57:17

On PHPBuilder.com today they've posted the next article in their "ABCs of PHP" series. This time they focus on math and number handling.

Last time we looked at text and strings in variables, in this episode we're going to continue with our exploration of PHP variables and delve deeper into math and number handling in PHP. Using numbers is not much different to using text and strings, you allocate variables and fill them in, using exactly the same techniques as you do using strings & text.

They covers some of the basic operators (+,-,*,etc), evaluation with equals, number shifting, binary and creating a "barrel shifter" to work with the binary bits of a number.

0 comments voice your opinion now!
shifter barrel binary introduction abc handling number math


Danne Lundqvist's Blog:
Zend Framework and locales
April 01, 2009 @ 13:44:18

In a new post to his blog Danne Lundqvist take a look at using locales in the Zend Framework and a "gotcha" that made him look deeper.

Last night I spent a couple of hours with Zend Framework and especially Zend_Form. I discovered, and now also reported as ZF-6175, a bug in Zend_Validate_Float when using a locale with a decimal point other than ".". There are unit tests but none that test Zend_Validate_Float under a different locale.

He points out that floats are locale-aware in PHP itself (code examples) and how the current Zend_Validate float package handled it. He has already proposed a fix for the problem and, until its changed in the framework, has provided the simplified code you can use.

0 comments voice your opinion now!
zendframework locales float number zendvalidatefloat



Community Events





Don't see your event here?
Let us know!


tool podcast community interview laravel library update symfony composer series security framework package release version introduction opinion voicesoftheelephpant language mvc

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework