Mixed Content Scan: Scan your HTTPS-enabled website for Mixed Content

With my recent move to HTTPS I wasn’t sure if there were any pages left on my site that had Mixed Content or not. If an HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted. […] When a webpage exhibits this behavior, it is called a mixed content […]

It’s All About Time: Timing attacks in PHP

$query = "SELECT * FROM users WHERE id = ?"; $stmt = $pdo->prepare($query); $stmt->execute([$_POST[‘id’]]); $user = $stmt->fetchObject(); if ($user && password_verify($_POST[‘password’], $user->password)) { return true; } return false; There is information leak here: If you try different user names, it will take a different amount of time depending on if the username is there or […]

phpspec

phpspec is a development tool, designed to help you achieve clean and working PHP code by using a technique derived from test-first development called (spec) behaviour driven development, or SpecBDD. Example spec file: <?php namespace spec; use PhpSpec\ObjectBehavior; class MarkdownSpec extends ObjectBehavior { function it_converts_plain_text_to_html_paragraphs() { $this->toHtml("Hi, there")->shouldReturn("<p>Hi, there</p>"); } } Running it is easy: […]

PHP 5.6: “Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version.”

Since PHP 5.6, the use of $HTTP_RAW_POST_DATA is deprecated. Now, I’m not using this so I’m in the clear, or at least I thought I was … The default value for always_populate_raw_post_data in PHP 5.6 is doing more harm than good. Perfectly good code will spit out that error whenever it receives a request that […]

PHP Geotools

<?php $geotools = new \League\Geotools\Geotools(); $coordinate = new \League\Geotools\Coordinate\Coordinate(‘40.446195, -79.948862’); $converted = $geotools->convert($coordinate); // convert to decimal degrees without and with format string printf(“%s\n”, $converted->toDecimalMinutes()); // 40 26.7717N, -79 56.93172W printf(“%s\n”, $converted->toDM(‘%P%D°%N %p%d°%n’)); // 40°26.7717 -79°56.93172 // convert to degrees minutes seconds without and with format string printf(“%s\n”, $converted->toDegreesMinutesSeconds(‘%P%D:%M:%S, %p%d:%m:%s’)); // 40:26:46, -79:56:56 printf(“%s\n”, $converted->toDMS()); […]

Build your own PHP Framework with Symfony Components

switch($_SERVER[‘PATH_INFO’]) {     case ‘/’:         echo ‘This is the home page’;         break;     case ‘/about’:         echo ‘This is the about page’;         break;       default:         echo ‘Not found!’; } Good introduction on the Sitepoint website to getting started with a few of the Symfony Components. Starts with the example code above and – one by one – introduces the […]