FYI: If you have the displeasure of having to work on a Windows server, and get this: PHP Warning: PHP Startup: Unable to load dynamic library ‘C:\Program Files (x86)\PHP\ext\php_curl.dll’ – %1 is not a valid Win32 application. in Unknown on line 0 Then try copying the libeay32.dll and ssleay32.dll files from your PHP installation and [...]

For simpler websites, building on top of a framework can be overkill. But if you still want clean URLs and the ability to write your own controllers, you’ll need some type of system to keep things in order.  The system presented below is a very small dispatcher that parses your URIs and passes control to your controller.

Ever have the need to add some really large integers. Large enough that they don’t fit in the standard data types. No? Didn’t think so. But just in case you do, here is a function that can add two numbers no matter how large. This function returns a string with the resulting number in it. One caveat: It only works with positive integers.

I’ve made some more changes to my password class. This time I’ve added stretching, which is basically just running the hash function multiple times to slow down the code. Usage is very simple, as shown in the comments in the code. Also, you need to define AUTH_SALT and AUTH_LEVEL somewhere in your code. A unique value for AUTH_SALT can be found here: http://bradleyproctor.com/tools/salt.php. Setting AUTH_LEVEL to 10 will give a good balance between security and speed. Full source below:

1. echo vs print

The echo and print methods are virtually the same.  They are both built into the language so they are faster than function calls.  The one thing that makes them different is that print returns whether it was successful or not while echo does not return anything.  This puts a little overhead on print that echo does not have.  So unless you need the return value, stick with echo.

2. Single quotes vs double quotes

Double quotes has the ability of embedding variables within the string and also translating other escape characters.  With single quotes, what you see is what you get.  The string is exactly as you typed it.  Because PHP has to do extra work in checking a double quote string, using single quotes is faster.

I originally wrote about my method of password security in my post Password Security. Since then I’ve made a few improvements to the code.

First, I’ve increased the unique salt value to 16 characters instead of 8 and also improved on how this value is generated. This is an increase from 4 billion possible salt values to 16 million-trillion possible salt values.

Second, for the HMAC key, I’ve added a site wide salt value that is appended to the unique salt. While using a site-wide salt alone is weak, but when using it in addition to a unique salt, it added an extra layer of security because if the database were compromised, this piece of information would still be missing.

So let say you have a bunch of titles of articles, posts, or whatever and you want to be able to create a search engine friendly URI much like how WordPress does when you create a post. I originally wrote my own, but after looking through the WordPress code, saw that they preserve octets and remove HTML entities such as those for an ampersand and the copyright symbol. So I went ahead and added that stuff to my code as well.