Convert static HTML site to Jekyll project

.gitignore

@@ -0,0 +1 @@
+/_site/

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2012 Josh Lockhart
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,32 @@
+# PHP: The Right Way
+
+## Overview
+
+This is the GitHub Pages repository for the _PHP: The Right Way_ project.
+
+* This website is a Jekyll project.
+* Each section has a separate file in `_includes/`.
+* Section files are written in Markdown.
+* Section files are included in `index.html`.
+
+## How to Contribute
+
+1. Fork and edit
+2. Optionally install [Ruby](https://rvm.io/rvm/install/) with [Jekyll](https://github.com/mojombo/jekyll/) gem to preview locally
+3. Submit pull request for consideration
+
+## Where
+
+<http://www.phptherightway.com>
+
+## Why
+
+There's been a lot of discussion lately about how the PHP community lacks sufficient, credible information for programmers new to PHP. This repository aims to solve this problem.
+
+## Who
+
+My name is [Josh Lockhart](http://twitter.com/codeguy). I'm the author of the [Slim Framework](http://www.slimframework.com/), and I work for [New Media Campaigns](http://www.newmediacampaigns.com/).
+
+## Copyright
+
+[MIT](http://opensource.org/licenses/MIT)

_config.yml

@@ -0,0 +1,39 @@
+safe: false
+auto: false
+server: true
+server_port: 4000
+baseurl: /
+url: http://localhost:4000
+
+source: .
+destination: ./_site
+plugins:     ./_plugins
+
+future: true
+lsi: false
+pygments: false
+markdown: maruku
+permalink: date
+maruku:
+    use_tex:    false
+    use_divs:   false
+    png_engine: blahtex
+    png_dir:    images/latex
+    png_url:    /images/latex
+
+rdiscount:
+    extensions: []
+
+kramdown:
+    auto_ids: true,
+    footnote_nr: 1
+    entity_output: as_char
+    toc_levels: 1..6
+    use_coderay: false
+    coderay:
+        coderay_wrap: div
+        coderay_line_numbers: inline
+        coderay_line_numbers_start: 1
+        coderay_tab_width: 4
+        coderay_bold_every: 10
+        coderay_css: style

_includes/code-style-guide.md

@@ -0,0 +1,16 @@
+# Code Style Guide
+
+The PHP community is large and diverse, composed of innumerable libraries, frameworks, and components. It is common for PHP developers to choose several of these and combine them into a single project. Is is important that PHP code adhere (as close as possible) to a common code style to make it easy for developers to mix and match various libraries for their projects.
+
+The [Framework Interop Group][1] (a.k.a. PHP Standards Group) has proposed and approved a code style standard — [PSR-1][2] and [PSR-2][3]. Don't let the funny names confuse you. These two standards are merely a "shared set of rules and expectations about how to format PHP code." That's all.
+
+You should write PHP code that adheres to one or both of these standards so that other developers can easily read and work with your code.
+
+* [Read about PSR-1][2]
+* [Read about PSR-2][3]
+
+[Back to Top](#top){.top}
+
+[1]: https://github.com/php-fig/fig-standards
+[2]: https://github.com/pmjones/fig-standards/blob/psr-1-style-guide/proposed/PSR-1-basic.md
+[3]: https://github.com/pmjones/fig-standards/blob/psr-1-style-guide/proposed/PSR-2-advanced.md

_includes/databases.md

@@ -0,0 +1,27 @@
+# Databases and PDO
+
+Many times your PHP code will use a database to persist information. If you use a database, use `PDO` to talk with it. PDO is a database abstraction library — (usually) built into PHP — that provides a common interface to talk with many different databases.
+
+More importantly, `PDO` allows you to safely inject foreign input (e.g. IDs) into your SQL queries without worrying about database SQL injection attacks. This is possible using PDOStatements and bound parameters.
+
+Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user record from a database. This is the `wrong` way to do this:
+
+    <?php
+    $pdo = new PDO('sqlite:users.db');
+    $pdo->query("SELECT * FROM users WHERE id = " . $_GET['id']); // <-- NO!
+
+This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked in a heartbeat. Instead, you should sanitize the ID input using PDO bound parameters.
+
+    <?php
+    $pdo = new PDO('sqlite:users.db');
+    $stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
+    $stmt->bindParam(':id', (int)$_GET['id'], PDO::PARAM_INT);
+    $stmt->execute();
+
+This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before it is introduced to the database preventing potential SQL injection attacks.
+
+* [Learn about PDO][1]
+
+[Back to Top](#top){.top}
+
+[1]: http://www.php.net/manual/en/book.pdo.php

_includes/dependency-management.md

@@ -0,0 +1,51 @@
+# Dependency Management
+
+There are a ton of PHP libraries, frameworks, and components to choose from. Your project will likely use several of them — these are project dependencies. Until recently, PHP did not have a good way to manage these project dependencies. Even if you managed them manually, you still had to worry about autoloaders. No more.
+
+## Composer and Packagist
+
+Composer is a **brilliant** dependency manager for PHP. List your project's dependencies in a `composer.json` file and, with a few simple commands, Composer will automatically download your project's dependencies and setup autoloading for you.
+
+There are already a lot of PHP libraries that are compatible with Composer, ready to be used in your project. These "packages" are listed on [Packagist][1], the official repository for Composer-compatible PHP libraries.
+
+### How to Install Composer
+
+You can install Composer locally (in your current working directory) or globally (e.g. /usr/local/bin). Let's assume you want to install Composer locally. From your project's root directory:
+
+    curl -s http://getcomposer.org/installer | php
+
+This will download `composer.phar` (a PHP binary archive). You can run this with `php` to manage your project dependencies.
+
+### How to Define and Install Dependencies
+
+First, create a `composer.json` file in the same directory as `composer.phar`. Here's an example that lists [Twig][2] as a project dependency.
+
+    {
+        "require": {
+            "twig/twig": ">=1.8.0"
+        }
+    }
+
+Next, run this command from your project root directory.
+
+    php composer.phar install
+
+This will download and install the project dependencies into a `vendors/` directory. Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's autoloader for your project dependencies.
+
+    require 'vendor/autoload.php';
+
+Now you can use your project dependencies, and they'll be autoloaded on demand.
+
+## PEAR
+
+Another veteran package manager that many PHP developers enjoy is [PEAR][3]. It behaves much the same way, and is also worth researching for your projects.
+
+* [Learn about Composer][4]
+* [Learn about PEAR][3]
+
+[Back to Top](#top){.top}
+
+[1]: http://packagist.org/
+[2]: http://twig.sensiolabs.org
+[3]: http://pear.php.net/
+[4]: http://getcomposer.org/doc/00-intro.md

_includes/input-filtering.md

@@ -0,0 +1,15 @@
+# Input Filtering
+
+Never ever (ever) trust foreign input introduced to your PHP code. That lead's to dark and dangerous places. Instead, always filter foreign input before you use it in your code.
+
+PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.
+
+For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.
+
+* [Learn about `filter_var`][1]
+* [Learn about `filter_input`][2]
+
+[Back to Top](#top){.top}
+
+[1]: http://php.net/manual/en/function.filter-var.php
+[2]: http://www.php.net/manual/en/function.filter-input.php

_includes/introduction.md

@@ -0,0 +1,17 @@
+# Introduction
+
+There's a lot of bad information on the Web (I'm looking at you, W3Schools) that leads new PHP users astray, propagating bad practices and bad code. This must stop. _PHP: The Right Way_ easy-to-read, quick reference for PHP best practices, accepted coding standards, and links to authoritative tutorials around the Web.
+
+It is important to understand _there is no canonical way to use PHP_. That's the beauty of it. This website introduces new PHP developers to best practices, available options, and good information.
+
+## Disclaimer
+
+This is a living document and will continue to be updated with more helpful information and examples as they become available.
+
+## How to Contribute
+
+Help make this website the best resource for new PHP programmers! [Contribute on GitHub][1]
+
+[Back to Top](#top){.top}
+
+[1]: https://github.com/codeguy/php-the-right-way

_includes/links-and-resources.md

@@ -0,0 +1,25 @@
+# Links and Resources
+
+Here are some miscellaneous resources that are worth a read.
+
+## From the Source
+
+* [PHP Website](http://php.net/)
+* [PHP Documentation](http://php.net/docs.php)
+
+## People to Follow
+
+* [Rasmus Lerdorf](http://twitter.com/rasmus)
+* [Fabien Potencier](http://twitter.com/fabpot)
+* [Derick Rethans](http://twitter.com/derickr)
+* [Chris Shiflett](http://twitter.com/shiflett)
+* [Sebastian Bergmann](http://twitter.com/s_bergmann)
+
+## PHP PaaS Providers
+
+* [PagodaBox](https://pagodabox.com/)
+* [PHP Fog](https://phpfog.com/)
+* [Engine Yard Orchestra PHP Platform](http://www.engineyard.com/products/orchestra/)
+* [Red Hat OpenShift Platform](http://www.redhat.com/products/cloud-computing/openshift/)
+
+[Back to Top](#top){.top}

_includes/namespaces.md

@@ -0,0 +1,13 @@
+# Namespaces
+
+As I mentioned above, the PHP community has a lot of developers creating lots of code. This means that one library's PHP code may use the same class name as another library. When both libraries are used in the same namespace, they collide and cause trouble.
+
+_Namespaces_ solve this problem. As described in the PHP reference manual, namespaces may be compared to operating system directories that _namespace_ files; two files with the same name may co-exist in separate directories. Likewise, two PHP classes with the same name may co-exist in separate PHP namespaces. It's as simple as that.
+
+It is important for you to namespace your code so that it may be used by other developers without fear of colliding with other libraries.
+
+* [Read about Namespaces][1]
+
+[Back to Top](#top){.top}
+
+[1]: http://php.net/manual/en/language.namespaces.php

_includes/passwords.md

@@ -0,0 +1,17 @@
+# Password Hashing with Bcrypt
+
+Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.
+
+It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.
+
+**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.
+
+There are several Bcrypt libraries for PHP that you may use.
+
+* [Read "How to Safely Store a Password" by Coda Hale][1]
+* [Use Bcrypt with PHPAss][2] (odd name, I know)
+
+[Back to Top](#top){.top}
+
+[1]: http://codahale.com/how-to-safely-store-a-password/
+[2]: http://www.openwall.com/phpass/

_includes/popular-frameworks.md

@@ -0,0 +1,24 @@
+# Popular Frameworks
+
+Rather than re-invent the wheel, many PHP developers use _frameworks_ to build out web applications. Frameworks abstract away many of the low-level concerns and provide helpful, easy-to-use interfaces to complete common tasks.
+
+_You do not need to use a framework for every project_. Sometimes, plain PHP is the right way to go. But if you do need a framework, here are a few of the most popular ones:
+
+## Full-Stack Frameworks
+
+* [Symfony](http://symfony.com/)
+* [Yii](http://www.yiiframework.com/)
+* [Laravel](http://laravel.com/)
+* [Kohana](http://kohanaframework.org/)
+* [FuelPHP](http://fuelphp.com/)
+* [CodeIgniter](http://codeigniter.com/)
+* [Zend](http://framework.zend.com/)
+* [Cake PHP](http://cakephp.org/)
+
+## Micro Frameworks
+
+* [Silex](http://silex.sensiolabs.org/)
+* [Slim](http://www.slimframework.com/)
+* [Fat-Free](http://bcosca.github.com/fatfree/)
+
+[Back to Top](#top){.top}

_includes/web-application-security.md

@@ -0,0 +1,11 @@
+# Web Application Security
+
+There are bad people ready and willing to exploit your web application. It is important that you
+ take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.
+
+* [Read the OWASP Security Guide][2]
+
+[Back to Top](#top){.top}
+
+[1]: https://www.owasp.org/
+[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents

_layouts/default.html

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8"/>
+        <title>PHP: The Right Way</title>
+        <meta name="description" content="An easy-to-read, quick reference for PHP best practices, accepted coding standards, and links to authoritative PHP tutorials around the Web"/>
+        <meta name="robots" content="index,follow,archive"/>
+        <link rel="icon" href="/favicon.png" type="image/png"/>
+        <link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Alfa+Slab+One|Droid+Serif"/>
+        <link rel="stylesheet" href="/styles.css"/>
+        <script>
+        var _gaq = _gaq || [];
+        _gaq.push(['_setAccount', 'UA-362072-7']);
+        _gaq.push(['_trackPageview']);
+        (function() {
+            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
+            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
+        })();
+        </script>
+    </head>
+    <body>
+        <header class="site-header">
+            <div class="site-title">PHP</div>
+            <div class="site-slogan">(The Right Way)</div>
+            <nav>
+                <ul class="toc">
+                    <li><a href="#introduction">Introduction</a></li>
+                    <li><a href="#code_style_guide">Code Style Guide</a></li>
+                    <li><a href="#namespaces">Namespaces</a></li>
+                    <li><a href="#input_filtering">Input Filtering</a></li>
+                    <li><a href="#databases_and_pdo">Databases and PDO</a></li>
+                    <li><a href="#password_hashing_with_bcrypt">Password Hashing with Bcrypt</a></li>
+                    <li><a href="#dependency_management">Dependency Management</a></li>
+                    <li><a href="#web_application_security">Web Application Security</a></li>
+                    <li><a href="#popular_frameworks">Popular Frameworks</a></li>
+                    <li><a href="#links_and_resources">Links &amp; Resources</a></li>
+                </ul>
+            </nav>
+            <a href="https://twitter.com/share" class="twitter-share-button" data-url="http://www.phptherightway.com/" data-size="large" data-hashtags="php">Tweet</a>
+        </header>
+
+        <div class="site-content">
+            {{ content }}
+        </div>
+
+        <footer class="site-footer">
+            <small>Created and maintained by <a href="http://twitter.com/codeguy">Josh Lockhart</a>. Favicon from <a href="http://pictos.cc/">Pictos</a>.</small>
+        </footer>
+
+        <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
+    </body>
+</html>