The online tool htaccess.mwl.be allows to easily debug HTACCESS redirects, and already saved me some headaches 🙂
Advertisements
Recent Updates Page 2
Twig PHP templating system
Twig is a popular templating system, from the creators of the Symphony framework. Here I describe a minimal startup guide for those preferring a manual installation (i.e. no composer).
<?
require_once 'lib/Twig/Autoloader.php';
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem('templates/');
$twig = new Twig_Environment(
$loader,
array( 'cache' => 'cache/')
);
$twig = new Twig_Environment($loader);
echo $twig->render('index.template',
array('name' => 'Andrea', 'surname' => 'Telatin')
);
?>
where the index.template file is
Hello {{ name }} {{ surname }}!
Salting passwords with PHP
As nobody would store plain password in a database, I’d like to write a short memo on how to encrypt passwords to be safely store them in our databases.
The first concept is hashing. In brief we use a function that takes a string as input (i.e. our plain text password) and produces an output that is different for each input string, but without the possibility to reverse the process. An once popular hashing algorithm was MD5, that is now believed to be not enough secure. Better alternatives include SHA-2 and Blowfish. In PHP we have this function to hash:
$hashedString = hash('sha1', $inputString);
The second concept is salting. Given that is almost impossible to guess the password given its hash, its possible to pre-compute million of hashes and use this database to predict the hidden password. This approach is referred to as rainbow tables. To avoid this the trick is to encrypt (hash) the string with some further text. This is salting.
The simplest form of salting is to encrypt a string like ‘this is the salt for a {$string}’, but if the salt is stored somewhere it is also possible to find it, and moreover if a single user uses a weak password and somehow the hacker cracks it, he will also able to use the same salt for any other password. In PHP we use the hash() function only for to check integrity of contenct, not to crypt passwords, as we have a dedicated one:
$hashedPassword = crypt($password, $salt);
The salt parameter is slightly more complex than a bunch of chars though…
How to salt passwords with PHP
The crypt functions require a form of salt that includes a format string, indicating both the algorithm (I use 2y for Blowfish) and the cost (higher=stronger) of the process:
$password = 'myPassword'; $hash_format = "$2y$10$"; // 2y=blowfish; 10=cost of algorithm $salt = "ThisIsMyLong1234567890Salt"; // has to be > 22 chars echo 'Salt size: ' : strlen($salt); $format_and_salt = $hash_format. $salt; $hash = crypt($password, $format_and_salt);
Given that the “salt” contains the format as well, we can compare hashes like this:
if (hash_equals($hashed_password, crypt($user_input, $hashed_password))) {
echo "Password verified!";
}
Mounting an FTP directory. No need to have an FTP editor then
Using FUSE to mount remote directories (when the more secure SSH connection is not available), with a program like curlftps, it’s possible to mount any remote directory like:
curlftpfs -o user=user:pass ftp.server.com /my/mount/pointThis means that after any standard editor will become an FTP enabled editor.
ImageMagick: watermark logo
composite logo.png photo.jpeg -dissolve 90% -gravity NorthEast test.jpg
To tile the watermark:
composite logo.pngphoto.jpeg -dissolve 55% -tile test.jpg
ImageMagick: remove background color (make transparent background)
Provided that the image (usually a “clip art”) has a color that can be easily assumed to be the background:
convert input.png -transparent white -fuzz 90% output.png
Replace “white” with the color you want to replace, or “rgba(0,0,0,0)” to set it to a custom value.
“fuzz” is the tolerance, that can be tricky to set with images with a drop shadow. For the average antialiased PNG image can be around 90%.
Being ImageMagick, the input can be any image format, but lossy compressed JPEG images tend to produce bad results.
