Skip to content

Commit

Permalink
Continuing with the restructuring.
Browse files Browse the repository at this point in the history
Making space for libraries.
Bringing security themed topics under single subject.
  • Loading branch information
KrisJordan committed Jul 9, 2012
1 parent fb3aaff commit d4b2fd2
Show file tree
Hide file tree
Showing 8 changed files with 56 additions and 65 deletions.
15 changes: 0 additions & 15 deletions _includes/input-filtering.md

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
# Popular Frameworks
# Libraries and Frameworks

## Web Frameworks

Rather than re-invent the wheel, many PHP developers use _frameworks_ to build out web applications. Frameworks abstract away many of the low-level concerns and provide helpful, easy-to-use interfaces to complete common tasks.

_You do not need to use a framework for every project_. Sometimes, plain PHP is the right way to go. But if you do need a framework, here are a few of the most popular ones (in alphabetical order):

## Full-Stack Frameworks
### Full-Stack Frameworks

* [CakePHP](http://cakephp.org/)
* [CodeIgniter](http://codeigniter.com/)
Expand All @@ -16,11 +18,10 @@ _You do not need to use a framework for every project_. Sometimes, plain PHP is
* [Yii](http://www.yiiframework.com/)
* [Zend](http://framework.zend.com/)

## Micro Frameworks
### Micro Frameworks

* [Fat-Free](http://bcosca.github.com/fatfree/)
* [Limonade](http://limonade-php.github.com/)
* [Silex](http://silex.sensiolabs.org/)
* [Slim](http://www.slimframework.com/)

[Back to Top](#top){.top}
17 changes: 0 additions & 17 deletions _includes/passwords.md

This file was deleted.

4 changes: 1 addition & 3 deletions _includes/links-and-resources.md → _includes/resources.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
# Links and Resources

Here are some miscellaneous resources that are worth a read.
# Resources

## From the Source

Expand Down
43 changes: 43 additions & 0 deletions _includes/security.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Security

## Web Application Security

There are bad people ready and willing to exploit your web application. It is important that you
take necessary precautions to harden your web application's security. Luckily, the fine folks at [The Open Web Application Security Project][1] (OWASP) have compiled a comprehensive list of known security issues and methods to protect yourself against them. This is a must read for the security-conscious developer.

* [Read the OWASP Security Guide][2]

[1]: https://www.owasp.org/
[2]: https://www.owasp.org/index.php/Guide_Table_of_Contents

## Password Hashing with Bcrypt

Eventually everyone builds a PHP application that relies on user login. Usernames and (hashed) passwords are stored in a database and later used to authenticate users upon login.

It is important that you properly _hash_ passwords that are stored in a database. If passwords are not hashed, and your database is hacked or accessed by an unauthorized third-party, all user accounts are now compromised.

**Hash passwords with Bcrypt**. It's super simple, and (for all intents and purposes) Bcrypt makes it impossible for someone to reverse-engineer the plain-text version of a password should the database be compromised.

There are several Bcrypt libraries for PHP that you may use.

* [Read "How to Safely Store a Password" by Coda Hale][3]
* [Use Bcrypt with PHPAss][4] (odd name, I know)

[3]: http://codahale.com/how-to-safely-store-a-password/
[4]: http://www.openwall.com/phpass/

## Input Filtering and Sanitizing

Never ever (ever) trust foreign input introduced to your PHP code. That leads to dark and dangerous places. Instead, always filter foreign input before you use it in your code.

PHP provides the `filter_var` and `filter_input` functions to help you do this. These two functions can sanitize text, verify formats (e.g. email addresses), and escape characters.

For example, if you accept code from an HTML form, you'll want to use `filter_input` before inserting the input into a database or inserting the input into an HTML response.

* [Learn about `filter_var`][5]
* [Learn about `filter_input`][6]

[5]: http://php.net/manual/en/function.filter-var.php
[6]: http://www.php.net/manual/en/function.filter-input.php

[Back to Top](#top){.top}
11 changes: 0 additions & 11 deletions _includes/web-application-security.md

This file was deleted.

8 changes: 3 additions & 5 deletions _layouts/default.html
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,12 @@
<li><a href="#code_style_guide">Code Style Guide</a></li>
<li><a href="#namespaces">Namespaces</a></li>
<li><a href="#dependency_management">Dependency Management</a></li>
<li><a href="#input_filtering">Input Filtering</a></li>
<li><a href="#databases_and_pdo">Databases and PDO</a></li>
<li><a href="#password_hashing_with_bcrypt">Password Hashing with Bcrypt</a></li>
<li><a href="#web_application_security">Web Application Security</a></li>
<li><a href="#security">Security</a></li>
<li><a href="#testing">Testing</a></li>
<li><a href="#command_line_interface">Command Line Interface</a></li>
<li><a href="#popular_frameworks">Popular Frameworks</a></li>
<li><a href="#links_and_resources">Links &amp; Resources</a></li>
<li><a href="#libraries_and_frameworks">Libraries and Frameworks</a></li>
<li><a href="#resources">Resources</a></li>
</ul>
</nav>
<a href="https://twitter.com/share" class="twitter-share-button" data-url="http://www.phptherightway.com/" data-size="large" data-hashtags="php">Tweet</a>
Expand Down
14 changes: 4 additions & 10 deletions index.html
Original file line number Diff line number Diff line change
Expand Up @@ -14,26 +14,20 @@
{% capture dependencies_content %}{% include dependency-management.md %}{% endcapture %}
{{ dependencies_content|markdownify }}

{% capture inputfiltering_content %}{% include input-filtering.md %}{% endcapture %}
{{ inputfiltering_content|markdownify }}

{% capture databases_content %}{% include databases.md %}{% endcapture %}
{{ databases_content|markdownify }}

{% capture security_content %}{% include web-application-security.md %}{% endcapture %}
{% capture security_content %}{% include security.md %}{% endcapture %}
{{ security_content|markdownify }}

{% capture passwords_content %}{% include passwords.md %}{% endcapture %}
{{ passwords_content|markdownify }}

{% capture testing_content %}{% include testing.md %}{% endcapture %}
{{ testing_content|markdownify }}

{% capture cli_content %}{% include command-line-interface.md %}{% endcapture %}
{{ cli_content|markdownify }}

{% capture frameworks_content %}{% include popular-frameworks.md %}{% endcapture %}
{% capture frameworks_content %}{% include libraries-and-frameworks.md %}{% endcapture %}
{{ frameworks_content|markdownify }}

{% capture links_content %}{% include links-and-resources.md %}{% endcapture %}
{{ links_content|markdownify }}
{% capture resources_content %}{% include resources.md %}{% endcapture %}
{{ resources_content|markdownify }}

0 comments on commit d4b2fd2

Please sign in to comment.