Twig PHP templating system

Twig is a popular templating system, from the creators of the Symphony framework. Here I describe a minimal startup guide for those preferring a manual installation (i.e. no composer).

<?  
require_once 'lib/Twig/Autoloader.php';  
Twig_Autoloader::register();  
$loader = new Twig_Loader_Filesystem('templates/');  
$twig = new Twig_Environment(     
   $loader,     
   array( 'cache' => 'cache/')
);

$twig = new Twig_Environment($loader);

echo $twig->render('index.template', 
   array('name' => 'Andrea', 'surname' => 'Telatin')
);
?>

where the index.template file is

Hello {{ name }} {{ surname }}!

Advertisements

Salting passwords with PHP

As nobody would store plain password in a database, I’d like to write a short memo on how to encrypt passwords to be safely store them in our databases.

The first concept is hashing. In brief we use a function that takes a string as input (i.e. our plain text password) and produces an output that is different for each input string, but without the possibility to reverse the process. An once popular hashing algorithm was MD5, that is now believed to be not enough secure. Better alternatives include SHA-2 and Blowfish. In PHP we have this function to hash:

$hashedString = hash('sha1', $inputString);

The second concept is salting. Given that is almost impossible to guess the password given its hash, its possible to pre-compute million of hashes and use this database to predict the hidden password. This approach is referred to as rainbow tables. To avoid this the trick is to encrypt (hash) the string with some further text. This is salting.

The simplest form of salting is to encrypt a string like ‘this is the salt for a {$string}’, but if the salt is stored somewhere it is also possible to find it, and moreover if a single user uses a weak password and somehow the hacker cracks it, he will also able to use the same salt for any other password. In PHP we use the hash() function only for to check integrity of contenct, not to crypt passwords, as we have a dedicated one:

$hashedPassword = crypt($password, $salt);

The salt parameter is slightly more complex than a bunch of chars though…

How to salt passwords with PHP

The crypt functions require a form of salt that includes a format string, indicating both the algorithm (I use 2y for Blowfish) and the cost (higher=stronger) of the process:

    $password = 'myPassword';
    $hash_format = "$2y$10$";             // 2y=blowfish; 10=cost of algorithm
    $salt = "ThisIsMyLong1234567890Salt"; // has to be > 22 chars
    echo 'Salt size: ' : strlen($salt);
    $format_and_salt = $hash_format. $salt;
    $hash = crypt($password, $format_and_salt);

Given that the “salt” contains the format as well, we can compare hashes like this:

if (hash_equals($hashed_password, crypt($user_input, $hashed_password))) {
   echo "Password verified!";
}

 

Mounting an FTP directory. No need to have an FTP editor then

Using FUSE to mount remote directories (when the more secure SSH connection is not available), with a program like curlftps, it’s possible to mount any remote directory like:

curlftpfs -o user=user:pass ftp.server.com /my/mount/point

This means that after any standard editor will become an FTP enabled editor.

ImageMagick: watermark logo

composite logo.png photo.jpeg -dissolve 90% -gravity NorthEast test.jpg

To tile the watermark:

composite logo.pngphoto.jpeg -dissolve 55% -tile  test.jpg

ImageMagick: remove background color (make transparent background)

convert input.png -transparent white -fuzz 90% output.png

Replace “white” with the color you want to replace, or “rgba(0,0,0,0)” to set it to a custom value. “Fuzz” is the tolerance.

some HTML5 learning resources

HTML5 for Webdesigners (PDF format)

Dive into HTML5 (online)

Course specification (PDF)

Cheat sheet (PDF)

ImageMagick: create animated GIF

To animate a set of images to GIF:

convert -resize 20% -delay 44 -loop 0 frame*.png output.gif

Example here