My RSS » Planet PHP » July 13, 2010

Planet PHP

Storing encrypted session information in a cookie

Posted: July 13th, 2010, 2:54pm MDT by Evert Pot
Our session system is due for an upgrade. Currently all PHP sessions are stored in the database, and some things are getting a bit slow. There have been a couple of approaches I've been considering, one of which is simply storing all the information in a browser cookie.
First I want to make clear I don't necessarily condone this. The reason I'm writing this post, is because I'm hoping for some more community feedback. Is this a really bad idea? I would love to know.
The benefits
If all the session data is stored in the browser, it means that I don't need to store it on the server. I actually don't care all that much for having the data on the server (unless it's the only secure way), it's mostly a gigantic map with session tokens and user id's (along with some other info).
I also feel it's more natural for [HTTP,] as it makes it a bit more stateless.
Sample code
1. <?php
3. class BrowserSession {
5. public $secret = 'this will need to be a cryptographic random number';
6. public $currentUser = null;
8. // Sessions time out after 10 minutes
9. public $timeout = 600;
11. function init() {
13. if (!isset($_COOKIE['MYSESSION'])) {
14. echo "No session cookie found\n";
15. return;
16. }
18. list($userId, $time, $signature) = explode(':',$_COOKIE['MYSESSION']);
20. // The cookie is old
21. if ($time> time() + $this->timeout) {
22. echo "The session cookie timed out\n"
Truncated by Planet PHP, read more at the original (another 10267 bytes)
I'm back…and I brought friends!

Posted: July 13th, 2010, 2:01pm MDT by Zend Developer Zone

Oh yeah BA-BY, I’m BACK ! It’s been more than two years but I’m back and this time I brought some friends with me.
Towards A Style Of Contract Programming

Posted: July 13th, 2010, 12:44pm MDT by Stuart Herbert
There’s a programming style I rarely see in the PHP world, but one which I use from my C programming days – programming by contract. It’s a very useful technique for writing code that is demonstrably robust, and a useful compliment to unit testing with PHPUnit.

At it’s most basic, programming by contract can be summed up as:
- Does my function or method have inputs that are acceptable to me?
- Has my function or method generated return data that I’m happy to pass back.
PHP has the assert() method to help with this, but it is deficient and best avoided. I’d like to share the approach I’m currently using for this, to get constructive feedback on how to evolve the style further.

At the heart of this approach lies the constraint. It is a test that must be satisfied; a bit like a runtime unit test. We could do this inline:
function breakMe($inputData = "I am bad data")
{
// enforce our constraint
if (!is_array($inputData))
{
throw new Exception(‘Bad data $inputData; expected array()’);
}
}
… but the problem with that is that it quickly bulks out your code with a lot of repetitive (and avoidable) content. An ideal candidate to make into a function or a method, which could yield:
function constraint_mustBeArray(&$testData)
{
if (!is_array($testData))
{
throw new Exception("Constraint failed");
}
}
function breakMe($inputData = "I am bad data")
{
// our constraint is now in a nice function
constraint_mustBeArray($inputData);
}

Here, we are trading performance (the cost of a function call) for both developer efficiency and reduced future maintenance costs. In general, the trade-off is worth it; most PHP developers work on small sites where developers are more expensive than runtime costs (within reason). The time saved from proving that code is working (and bailing immediately we prove otherwise) is worth saving.

We’re also introducing an important principle: there’s no return value to check. If execution continues on the line below the call to constraint_mustBeArray(), we can assume that the constraint was passed. If the constraint failed, we let whatever exception handlers there are, well, handle it.

There’s a couple of problems with this style that have been nagging me. It h
Truncated by Planet PHP, read more at the original (another 7653 bytes)
Qafoo - software quality since 1886

Posted: July 13th, 2010, 7:32am MDT by Tobias Schlitt

Of course not, but still, the building that hosts our office was built at that time. ;) However, this post should simply tell you that Qafoo, the company by Kore, Manuel and me, has started on July 1st officially and that our company website went online just some minutes ago. You can now find all of our services online, nicely presented in a fresh green. And of course, you can send us a message right away, if you desire training, consulting or support anyway related to PHP software quality.
Giving Up The Day Job

Posted: July 13th, 2010, 7:02am MDT by Lorna Mitchell
The In-A-Nutshell Version I have resigned from Ibuildings. I will complete my notice period here in a couple of weeks and then move on to a wide and interesting variety of well-paying freelance assignments covering development, consultancy, writing and speaking. Hopefully.

The slightly longer version really is this. Two and a half years ago, I left a job at a type of company I usually describe as a yet-another-website company, where literally every new project was another CMS website. Which was fun for about the first 4 months and got old pretty quickly. Two and a half years at Ibuildings and I haven't done yet-another-anything, the projects have been technical, challenging and my colleagues are the best qualified set of people I'll probably ever work with.

Along the way I've also done a wide variety of other things, most of which are achievements beyond my wildest dreams, some within the scope of this job and some on my own time but of course influenced by all that I've learned. I've delivered training, led projects, been published, become a regular conference speaker and travelled internationally doing so, collaborated on an open source project, edited a developer portal and hosted a major international PHP conference. I've even learned to say those things about myself in public without feeling too much of a fraud!

At this point, there are so many things I want to be doing, writing, speaking and so on, as well as some interesting development projects, that holding down my 9-5 as well has become untenable; that's the main motivation for this change. I don't intend to take another full time job, although I don't have a lot of paying work lined up so please bear in mind that I am looking for some ;)

Things I would like to be doing:
- Working with development teams on skills, tools and process (think teach a man to fish, rather than sell him a fish)
- API development
- Technical writing
- Meeting cool and interesting people and embarking on cool and interesting projects together
Advice on achieving any or all of the above is appreciated - if any of you can also think of me when discussing business, write me a linked in recommendation, or retweet my announcement of my news, that would be fabulous!!

If you're still reading, then I'll share a little something with you. I decided that with a career move, I needed a little rebrand, so here is my new angel avatar. I hope you like her :)

Wish me luck in my new (ad)venture, I'll be keeping everyone up to date as always!