OhRyan.ca » php

Assault on the Hash (or how to make secure your passwords)

RyanN — Mon, 04 Jul 2011 05:47:19 +0000

In a recent episode of Build & Analyze Marco Armet (creator of Instapaper) explained that the standard practice of salting a hash is no longer a really good way to secure passwords. CPUs (and GPUs) are so fast that they can effectively guess your salt in a reasonable amount of time*.

The solution, use bcrypt. Essentially, it’s an extremely slow hashing algorithm.

To me this seems a little bit like security through obscurity, every once in awhile – as CPU speed increases - you’ll have to update your algorithm to generate hashes even slower.

How To: File Upload Progress Bar. No Flash. No PHP addons.

RyanN — Wed, 29 Jun 2011 02:11:20 +0000

Upload progressbars are pretty common on the web these days, they add a touch of feedback to the long and mysterious process of uploading a file to a website. Unfortunately, the most common methods for doing so involve flash or baring that PHP addons that require a recompiling.

In this post I’m going to talk about creating an upload progress bar without the need for a clunky flash object. I’m going to do it with PHP, jQueryUI and a gracefully-degrading framework-independent library.

AJAX Upload

I stumbled across the aptly named AJAX Upload code library (developed by Andrew Valums) at work the other day.

The feature list is quite impressive:

multiple file select, progress-bar in FF, Chrome, Safari

drag-and-drop file select in FF, Chrome

uploads are cancellable

no external dependencies

doesn’t use Flash

fully working with https

keyboard support in FF, Chrome, Safari

tested in IE7,8; Firefox 3,3.6,4; Safari4,5; Chrome; Opera10.60;

The package includes a javascript library to handle DOM creation and magical ajax-ey transactions, as well as server-side code written in PHP, CGI, Java and Cold Fusion. The server-side code is required to manage the file upload, where some other solutions use APC or PECL’s uploadprogress, Andrews code makes clever use of PHP streams to track the upload progress.

Relevant snippet from php.php:

    function save($path) {
        $input = fopen("php://input", "r");
        $temp = tmpfile();
        $realSize = stream_copy_to_stream($input, $temp);
        fclose($input);

        if ($realSize != $this->getSize()){
            return false;
        }

        $target = fopen($path, "w");
        fseek($temp, 0, SEEK_SET);
        stream_copy_to_stream($temp, $target);
        fclose($target);

        return true;
    }

Why didn’t I think of that?!

The Javascript & HTML

Here’s an example of a really basic uploader utilizing jQueryUI’s progressbar.




    AJAX Upload Test
    
    
    
    
    
    


    
    Upload A File!

The real key here is updating the progressbar value in the uploader’s onChange event.

So there you have it!

DIGG: 4000% PERFORMANCE INCREASE BY SORTING IN PHP RATHER THAN MYSQL

RyanN — Fri, 26 Mar 2010 20:37:27 +0000

To scale at Digg they followed a set of practices very similar to those used at eBay. No joins, no foreign key constraints (to scale writes), primary key look-ups only, limited range queries, and joins were done in memory. When implementing the comment feature a 4,000 percent increase in performance was created by sorting in PHP instead of MySQL. All this effort required to make a relational database scale basically meant you were using a non-relational database anyway. So why not just use a non-relational database from the start?

[via High Scalability]

How To: Exclude Words Like “An, A, The” From Alphabetized MySQL ORDER

RyanN — Fri, 17 Jul 2009 15:10:42 +0000

When ordering lists of names or titles it’s sometimes desirable to exclude articles or other words from the order clause (eg. you want “The Burning Hell” to show up before “Great Lake Swimmers” in a list ordered by name). Early on in my career I must have assumed it was not possible and never bothered to look into again because I don’t recall ever ordering a list like this.
Anyways. Here’s how you do it:

SELECT name FROM artists ORDER BY TRIM( LEADING "a " FROM TRIM( LEADING "an " FROM TRIM( LEADING "the " FROM LOWER( name ) ) ) )

[thanks metafilter]

How To Round Unixtime To Midnight

RyanN — Wed, 28 May 2008 14:59:00 +0000

This might be pretty obvious to anyone with basic math skills. It took me a few minutes to figure out, so I thought I’d share with the world. To round a unix timestamp to the previous midnight (UTC) use the following function:

function unixtime_round_to_midnight ($t) {
return $t – ($t%86400);
}

Thanks to Ian for pointing out my math ineptitude.

Top 5%

RyanN — Sat, 03 May 2008 04:03:47 +0000

According to Kevin Rose (of digg and diggnation fame) I am in the top 5% of php developers. In the last episode of This Week in Tech, he mentioned that 95% of the resumes he receives for digg.com positions are from developers who haven’t even worked on a site that gets 1 million uniques, let alone anything near the 26 million digg gets.

I have!

*toot toot* (that’s the sound of my own horn)

TinyMy, Quick and Dirty MySQL Shell

RyanN — Fri, 07 Dec 2007 13:30:22 +0000

Stumbled across a tiny mysql shell – appropriately named ‘tinymy’ – a few months ago.

It’s quite a useful little bit of PHP code. Very lightweight and function interface and shell for MySQL. I use it whenever I need to verify the contents of a database table or test a couple of queries but don’t need a full install phpMyAdmin.

Thought I’d share.
Link