Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pineco.de:
Inviting Users with Laravel’s Singed URLs
Sep 10, 2018 @ 16:56:57

On the Pineco.de site they've posted a tutorial for the Laravel users out there showing how to use the framework's "signed URL" functionality to create invite links for your application.

We can handle user invitations easily with the old and good database way. We create an invitation, store it with a unique token, then email it to the user. If the user uses the link, we can delete it from the database and that’s all. Now let’s give a try to Laravel’s signed URLs to handle a database-less solution.

The article starts by explaining what the "signed route" functionality is and how to generate then using the URL helper. It also shows how to use the "signed" middleware to validate the signature provided on the request. Finally, it shows how to configure, send and use the hashes to handle user registration.

tagged: laravel signed url tutorial registration

Link: https://pineco.de/inviting-users-with-laravels-singed-urls/

Laravel News:
Getting Started with Signed Routes in Laravel
Mar 21, 2018 @ 14:58:26

On the Laravel News site there's a tutorial showing you how to use a feature that's been added in the latest release of the Laravel framework: signed routes. These signed routes allow you to create routes that work with signatures and help with their validation.

In the latest Laravel 5.6.12 Release a new signed URLs feature was introduced. In this article, we’ll work on enabling signed URLs in an application and look at a few options of how to use them.

The tutorial starts by helping you update your installation to the latest version and change the configuration to add the new ValidateSignature middleware to the route middleware list. They also provide an example of a route definition that contains several "id" type of values that could potentially be modified by an attacker. It then shows how to use the Url helper to generate a new signed route that includes a signature based on the URL contents. The tutorial also provides an example of temporary URL signatures that will include a timeout value as a part of the hash so it will expire after a certain amount of time.

tagged: signed route signature integrity laravel tutorial introduction

Link: https://laravel-news.com/signed-routes

Matthew Weier O'Phinney:
Secure PHAR Automation
Dec 15, 2015 @ 18:32:54

There's always been an issue with the creation of Phar packages in PHP and the security around them. There's been recommendations about creating signatures and only using secure connections for updates and rollbacks. Unfortunately there isn't an overly easy way to handle this yet. However, Matthew Weier O'Phinney has written up a post showing his workflow for doing these kinds of things, making use of the Box project to help with some of the more detailed parts.

For a variety of reasons, I've been working on a utility that is best distributed via PHAR file. As has been noted by others (archive.is link, due to lack of availability of original site), PHAR distribution, while useful, is not without security concerns, and I decided to investigate how to securely create, distribute, and update PHAR utilities as part of this exercise.

This is an account of my journey, as well as concrete steps you can take to secure your own PHAR downloads.

He starts by outlining the "roadmap" of the features he wants to include and the steps to take to create this more secure phar archive. It includes the use of both current, local tools and services (like Box and GitHub pages). He then walks through the steps in the full process:

  • Create an OpenSSL Key
  • Use Box to create the PHAR
  • Generate a version file
  • Create the gh-pages branch
  • Write self-update/rollback commands
  • Enable Travis-CI for the repository
  • Create an SSH deploy key
  • Archive and encrypt the secrets
  • Write a deployment script
  • Add the script to travis

While this seems like a lot of steps to just get a more secure phar set up, Matthew has done the hard work for you here and includes all of the commands, configuration examples and steps you'll need to take to fully set the process up. If all goes well, his example in his last "push and watch it work" section will go off without a hitch.

tagged: phar archive security signed https update rollback travisci tutorial

Link: https://mwop.net/blog/2015-12-14-secure-phar-automation.html

PHPMaster.com:
Create Digital Tickets with PHP and Apple Passbook
May 30, 2013 @ 14:11:36

On PHPMaster.com today there's a new tutorial showing you how to create digital tickets using PHP and the Apple Passbook service.

Why should we PHP warriors care at all about Apple’s Passbook? Well first because Apple made this technology open (well, sort of…), second because it can be used outside iOS devices, and third because it involves a lot of well-known and loved technologies like JSON and RESTful APIs. I’d also add that it’s a very interesting piece of technology, but that’s my personal opinion. In this article I’ll show you how I built a sample web application that creates and distributes passes in the form of a “PHPMaster Membership Card”. It is not a full-featured product, but it’s a nice base to build on for more serious real world uses.

He talks about the concept of a "pass" (a digitally signed document that can be easily distributed) and the types that the Apple service lets you make. His example (sample code here) is Silm based and Idorim & Paris for the data handling. He talks some about the certificate handling that's involved and the structure of the application including the certs, application code, templates and images. He then works through the code step-by-step and explains what each part does and how it connects with Apple's service to generate the pass.

tagged: apple passbook tutorial ticket digital signed certificate

Link: http://phpmaster.com/create-digital-tickets-with-php-and-apple-passbook

Paul Reinheimer's Blog:
Mini PHP Contest
Oct 09, 2006 @ 21:57:00

Do you have your own interesting project kicking around you've been working on but hasn't gotten much notice. Well, you might want to check out this mini-contest that Paul Reinheimer is doing to help bring more of them to light.

I've made a small post to the general forum at PHP|Arch asking people to post a link to any side projects they might be currently working on.

The author (or authors) of the one(s) i like best will receive a free copy of my book, signed if so desired. Anyways, I'm just asking for a link to whatever you're working on already, so there's no effort required, go post!

The only comment so far in the forum post is Paul's own, but he talks about his imageBoxer script that combines images in a directory into a collage dynamically.

tagged: contest book signed project contest book signed project

Link:

Paul Reinheimer's Blog:
Mini PHP Contest
Oct 09, 2006 @ 21:57:00

Do you have your own interesting project kicking around you've been working on but hasn't gotten much notice. Well, you might want to check out this mini-contest that Paul Reinheimer is doing to help bring more of them to light.

I've made a small post to the general forum at PHP|Arch asking people to post a link to any side projects they might be currently working on.

The author (or authors) of the one(s) i like best will receive a free copy of my book, signed if so desired. Anyways, I'm just asking for a link to whatever you're working on already, so there's no effort required, go post!

The only comment so far in the forum post is Paul's own, but he talks about his imageBoxer script that combines images in a directory into a collage dynamically.

tagged: contest book signed project contest book signed project

Link:


Trending Topics: