Latest PHP articles...

To change or not to change passwords

-- Published 19.07.2018 --

To change or not to change passwords A lot discussion has been taken last few years regarding whether it is wise or not to enforce company security policy by enforcing password rotation (usually) every 3 months. Camp #1 shouts "Yes, it's the right way, because people will never use strong passwords and their accounts is easy to guess." Opposite camp #2 shouts "No, it's wrong, because it becomes impossible to remember strong passwords in a time - so people are forced to write it down somewhere .. security compromised!" I've experience with both camps - hacked accounts due to silly weak passwords, but also got frustrated.. Read more »

Update Centos to PHP7 via Remi repos

-- Published 18.12.2015 --

Update Centos to PHP7 via Remi repos On 03.12.2015 has been released PHP7 with great performance & feature improvements. Since I have a couple of applications running on PHP 5.5 branch with quite complicate environment settings I was wondering whether there is an easy way to simply upgrade to PHP7 without the need to do too much of manual uninstall/install stuff. I was actually surprised how easy things went on. So here is in short steps to upgrade existing PHP installation on Centos (applicable probably also to Fedora and Red Hat). Following is assumed (or at least applied to my setup): the installation was executed.. Read more »

Does PHP really need unicode support?

-- Published 02.10.2014 --

Does PHP really need unicode support? Bits of history A lot of talks and criticism has been spread around on PHP development efforst due to missing and long-time-still-expected native unicode (UTF-8/16/32) support. This article presents few thoughts of my own I've gathered over time on the topic. At my early programming years back 10 years ago, I used to be pretty much frustrated with the complexity of handling accented characters. And along with other folks I was wondering why PHP does not support unicode - it would make simple things like splitting multibyte strings so much easier. Well, now after another years, another debates and reading PHP.. Read more »

EU VAT Validator

-- Published 17.03.2014 --

EU VAT Validator EU VAT validator class. Enter valid EU VAT number and click "Validate". Please note, that provided validation is not sufficient and does not implement modulo checks specific for each country. For precise modulo check see javascript implementation by John Gardner at See also: EU VIES FAQ Examples - valid EU VAT numbers are e.g. ATU99999999 or LU12345678 More EU VAT examples + Member State Structure Format* AT-Austria ATU99999999 1 block of 9 characters BE-Belgium BE0999999999 1 block of.. Read more »

IBAN Validator

-- Published 17.03.2014 --

IBAN Validator IBAN validator class. Enter valid IBAN number to see some extracted data: Example - valid IBANs: SK 52 8130 0000 0020 0026 0100 or SK1611110000001000229002 More IBAN examples + Country IBAN AlbaniaAL47 2121 1009 0000 0002 3569 8741 AndorraAD12 0001 2030 2003 5910 0100 AustriaAT61 1904 3002 3457 3201 AzerbaijanAZ21 NABZ 0000 0000 1370 1000 1944 BahrainBH67 BMAG 0000 1299 1234 56 BelgiumBE62 5100 0754 7061 Bosnia and HerzegovinaBA39 1290 0794 0102 8494 BulgariaBG80 BNBG 9661 1020.. Read more »

Benchmarking symmetric cyphers in PHP - OpenSSL vs. Mcrypt

-- Published 04.10.2013 --

Benchmarking symmetric cyphers in PHP - OpenSSL vs. Mcrypt Symmetric (two-way) cyphers are the only secure way of transferring unencrypted data over the internet. A typical use case would be sending URL link with parameter called "contractID". In some situations it is undesirable to display what is the actual value of the contract ID - user can be tempted to play with the value, or a competitor may learn how many contracts did you yesterday:-) While some kind of custom obfuscation routines might be also usable, an advantage of encrypting such a values with standard encryption algorithm is that they are much more difficult to decipher and work right out of the.. Read more »

Free installation of free SSL certificate

-- Published 19.06.2013 --

Free installation of free SSL certificate Sophisticated network traffic analyzers are powerful and dangerous tools in hands of a malicious spammer. Stealing plain text passwords sent over the internet, email addresses, credit card numbers, date of birth, ID card numbers etc. - all this stuff can be with certain effort and technical knowledge collected into database and misused. Even though most of web site developers are aware of this fact, the number of web sites being set up insecurely is astonishingly high. SSL certificates play important role in securing your website by encrypting all transferred contents between server and browser. There is almost no way a spammer could.. Read more »