Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Introduction to Seeding Data in Testing
Apr 10, 2017 @ 10:42:26

On the Laravel News site they've posted an introduction to seeding data in testing to help make your Laravel application testing easier and see "more correct" results.

Since seeding was released in Laravel 5.1, testing has become easier and quicker.

You can have ten users with each having a post or 1000 users with one or more posts inserted before the testing begins. In this tutorial, you will create a test case to test the user model and a seeder to seed ten users, and each is following one user into the database.

The tutorial starts with a migration to create a "users" table including a "follow user ID" field that tracks which user another is following. Next up is the creation of the User model with the methods to create the "follow" links between users. The make:seeder command is then used with this model to generate the seeder class and make 10 users with faked information. The db:seed command is used to execute the seeder and populate the data. Finally an example test case is created, first just testing that 10 users were created then refactored to test links between the users and the follow/unfollow functionality.

tagged: laravel seed data testing migration tutorial unittest model

Link: https://laravel-news.com/seeding-data-testing

Jeff Madsen:
Using Faker to seed dummy data for Laravel application
Apr 13, 2016 @ 12:07:18

Jeff Madsen has a quick post to his site showing how to use Faker to populate data in Laravel directly in the framework's generated "seeders".

Hello, Mr. asdfgh qweefg! Welcome to kgjhjgjh! Thank you. Only the name's not "asdfgh qweefg".

Sorry! It's just easier.. You're always showing everyone on Laravel Quick Tips these helpful little tricks. Why not show them how to give me a proper name?

He includes an example of creating a Faker object in the seeder and using it to make name, email, age and city values. Naturally, not everyone's going to have English names or locations, so he shows how to set the language, locale and a few other tips:

  • shortcuts for optional data
  • randomized email addresses
  • random elements from a given set

He also mentions custom providers but points to the Faker documentation for a bit more information about that.

tagged: faker laravel seed seeder dummy data tutorial examples

Link: http://codebyjeff.com/blog/2016/04/hello-mr-asdfgh-qweefg-welcome-to-kgjhjgjh

SitePoint PHP Blog:
Build a Database with Eloquent, Faker and Flysystem
Aug 28, 2014 @ 11:55:09

In the latest post to the SitePoint PHP blog Aleksander Koko continues with his series about creating an application with PHP and EmberJS with a look at building databases. In the first part of the series he introduced the main toolset and set up a simple Laravel application inside of a Homestead instance. This latest post builds on that platform.

In this part, we will create the structure of the database. We will create the tables using migrations and seed the database using seeders. Also, you will learn how to grab some random images from LoremPixel and put them on the filesystem using Flysystem. You’ll also be adding some randomly generated data using the Faker library. Much like with part 1, you can download this part’s code from github.

He shows you how to get all the needed libraries installed and run the migrate command to create the needed tables. He also helps you set up a Dropbox application so you can use their API and configure the application with your API settings. Next he modifies the migrations and seeds the sample data. Next up he makes the models for each of the tables and integrates Faker to populate them with better seed data, making seeder classes to handle some of the more custom logic.

tagged: database eloquent faker flysystem dropbox seed data tutorial emberjs

Link: http://www.sitepoint.com/build-database-eloquent-faker-flysystem/

php_mt_seed went beyond PoC (mt_rand seed cracker)
Nov 05, 2013 @ 12:49:12

As Openwall.com has reported, a flaw has been found in PHP's mt_rand functionality that allows the prediction of the result with just some of the other results.

With the functionality added in October, our php_mt_seed PHP mt_rand() seed cracker is no longer just a proof-of-concept, but is a tool that may actually be useful, such as for penetration testing. It is now a maintained project with its own homepage: http://www.openwall.com/php_mt_seed/.

They include a bit of illustration code showing how the see cracker works - generating 10 "random" numbers between 0 and 9. An example of running the "php_mt_seed" command against these values is shown along with the time to crack (just under 20 seconds). There's also an example of cracking when you don't know all 10 numbers in the sequence too. This further reinforces the best practice of not using mt_rand when you need strong random numbers for the security related functionality of your application (something like openssl_random_pseudo_bytes is a much better option).

tagged: mtrand seed cracker proofofconcept poc openwall

Link: http://www.openwall.com/lists/announce/2013/11/04/1

Pádraic Brady:
Predicting Random Numbers In PHP - It’s Easier Than You Think!
Mar 26, 2013 @ 09:54:15

Pádraic Brady has a new post to his site about "randomness" in PHP and how, depending on the method used, you might not be as random as you think.

The Zend Framework team recently released versions 2.0.8 and 2.1.4 to address a number of potential security issues including advisory ZF2013-02 “Potential Information Disclosure and Insufficient Entropy vulnerabilities in ZendMathRand and ZendValidateCsrf Components”. Quite the mouthful! In short, Zend Framework used the mt_rand() function to generate random numbers in situations where neither openssl_pseudo_random_bytes() nor mcrypt_create_iv() were available. This is possible when the openssl and mcrypt extensions are not installed/compiled with PHP.

He talks some about the mt_rand function and how it generates its "random numbers" (designed for speed, not ultimate randomness). He notes that all of PHP's internal randomization functions use the concept of "seeds" to prime the random number/string generation. Unfortunately, the seeding method is known inside PHP, so it is possible - if the method of generation is weak, as it is with mt_rand - that an attacker could brtute force their way into a correct value. You can find more about randomness in PHP in this chapter of his PHP security handbook including a mention of Anthony Ferrara's randomness library.

tagged: randomness seed mtrand openssl mcrypt randomlib