Php – Fastest way to retrieve a in PHP</h1> </header><!-- .entry-header --> <p style='font-size:1.2em'><span class="mr-2 badge badge-success">html</span><span class="mr-2 badge badge-info">parsing</span><span class="mr-2 badge badge-warning">PHP</span></p> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-8728145350222960" data-ad-slot="5017103864" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <div class="entry-content"> <p>I'm doing a bookmarking system and looking for the fastest (easiest) way to retrieve a page's title with PHP. </p> <p>It would be nice to have something like <code>$title = page_title($url)</code></p> </div><!-- .entry-content --> <div id="comments" class="comments-area"> <div class="row"> <div class="col-12"> <div class="mt-3 border-bottom border-success"> <h4 class="text-success"><i class='fa fa-check-circle text-success mr-3'></i><span>Best Answer</span></h4> </div> <div class='bg-transparent mb-3'> <pre><code><?php function page_title($url) { $fp = file_get_contents($url); if (!$fp) return null; $res = preg_match("/<title>(.*)<\/title>/siU", $fp, $title_matches); if (!$res) return null; // Clean up title: remove EOL's and excessive whitespace. $title = preg_replace('/\s+/', ' ', $title_matches[1]); $title = trim($title); return $title; } ?> </code></pre> <p>Gave 'er a whirl on the following input:</p> <pre><code>print page_title("http://www.google.com/"); </code></pre> <p>Outputted: Google</p> <p>Hopefully general enough for your usage. If you need something more powerful, it might not hurt to invest a bit of time into researching HTML parsers.</p> <p>EDIT: Added a bit of error checking. Kind of rushed the first version out, sorry.</p> </div> </div> <div class="col-4"></div> </div> </div><!-- #comments --> <div id="related-embeded" class="related-embeded-area"><div class="row"><div class="col-12"><div class="mt-3 border-bottom border-success"><h4 class="text-info"><i class='fa fa-check-circle text-info mr-3'></i><span>Related Solutions</span></h4></div><div class="mt-3 mb-3 border-bottom"><h5><a href='https://itecnotes.com/tecnote/html-make-a-div-fill-the-height-of-the-remaining-screen-space/'>Html – Make a div fill the height of the remaining screen space</a></h5></div><div class='bg-transparent mb-3'> <h3>2015 update: the flexbox approach</h3> <p>There are two other answers briefly mentioning <a href="https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Flexible_boxes" rel="noreferrer nofollow ugc">flexbox</a>; however, that was more than two years ago, and they don't provide any examples. The specification for flexbox has definitely settled now.</p> <blockquote> <p>Note: Though CSS Flexible Boxes Layout specification is at the Candidate Recommendation stage, not all browsers have implemented it. WebKit implementation must be prefixed with -webkit-; Internet Explorer implements an old version of the spec, prefixed with -ms-; Opera 12.10 implements the latest version of the spec, unprefixed. See the compatibility table on each property for an up-to-date compatibility status.</p> <p>(taken from <a href="https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Flexible_boxes" rel="noreferrer nofollow ugc">https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Flexible_boxes</a>)</p> </blockquote> <p>All major browsers and IE11+ support Flexbox. For IE 10 or older, you can use the FlexieJS shim.</p> <p>To check current support you can also see here: <a href="http://caniuse.com/#feat=flexbox" rel="noreferrer nofollow ugc">http://caniuse.com/#feat=flexbox</a></p> <h3>Working example</h3> <p>With flexbox you can easily switch between any of your rows or columns either having fixed dimensions, content-sized dimensions or remaining-space dimensions. In my example I have set the header to snap to its content (as per the OPs question), I've added a footer to show how to add a fixed-height region and then set the content area to fill up the remaining space.</p> <p></p><div class="snippet" data-lang="js" data-hide="false" data-console="false" data-babel="false"> <div class="snippet-code"> <pre class="snippet-code-css lang-css prettyprint-override"><code>html, body { height: 100%; margin: 0; } .box { display: flex; flex-flow: column; height: 100%; } .box .row { border: 1px dotted grey; } .box .row.header { flex: 0 1 auto; /* The above is shorthand for: flex-grow: 0, flex-shrink: 1, flex-basis: auto */ } .box .row.content { flex: 1 1 auto; } .box .row.footer { flex: 0 1 40px; }</code></pre> <pre class="snippet-code-html lang-html prettyprint-override"><code><!-- Obviously, you could use HTML5 tags like `header`, `footer` and `section` --> <div class="box"> <div class="row header"> <p><b>header</b> <br /> <br />(sized to content)</p> </div> <div class="row content"> <p> <b>content</b> (fills remaining space) </p> </div> <div class="row footer"> <p><b>footer</b> (fixed height)</p> </div> </div></code></pre> </div> </div> <p></p> <p>In the CSS above, the <a href="https://developer.mozilla.org/en/CSS/flex" rel="noreferrer nofollow ugc">flex</a> property shorthands the <a href="https://developer.mozilla.org/en/CSS/flex-grow" rel="noreferrer nofollow ugc">flex-grow</a>, <a href="https://developer.mozilla.org/en/CSS/flex-shrink" rel="noreferrer nofollow ugc">flex-shrink</a>, and <a href="https://developer.mozilla.org/en/CSS/flex-basis" rel="noreferrer nofollow ugc">flex-basis</a> properties to establish the flexibility of the flex items. Mozilla has a <a href="https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Flexible_boxes" rel="noreferrer nofollow ugc">good introduction to the flexible boxes model</a>.</p> </div><div class="mt-3 mb-3 border-bottom"><h5><a href='https://itecnotes.com/tecnote/php-secure-hash-and-salt-for-php-passwords/'>Php – Secure hash and salt for PHP passwords</a></h5></div><div class='bg-transparent mb-3'> <blockquote> <p><strong>DISCLAIMER</strong>: This answer was written in 2008.</p> <p>Since then, PHP has given us <a href="http://php.net/manual/en/function.password-hash.php" rel="noreferrer nofollow ugc"><code>password_hash</code></a> and <a href="http://php.net/manual/en/function.password-verify.php" rel="noreferrer nofollow ugc"><code>password_verify</code></a> and, since their introduction, they are the recommended password hashing & checking method.</p> <p>The theory of the answer is still a good read though.</p> </blockquote> <h2>TL;DR</h2> <h3>Don'ts</h3> <ul> <li>Don't limit what characters users can enter for passwords. Only idiots do this.</li> <li>Don't limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don't prevent them from using it.</li> <li>Don't strip or escape HTML and special characters in the password.</li> <li>Never store your user's password in plain-text.</li> <li>Never email a password to your user <em>except when they have lost theirs, and you sent a temporary one.</em></li> <li>Never, ever log passwords in any manner.</li> <li>Never hash passwords with <a href="http://arstechnica.com/security/2012/12/oh-great-new-attack-makes-some-password-cracking-faster-easier-than-ever/" rel="noreferrer nofollow ugc">SHA1</a> or MD5 or even SHA256! <a href="http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/" rel="noreferrer nofollow ugc">Modern crackers</a> can exceed 60 and 180 billion hashes/second (respectively).</li> <li>Don't mix <a href="http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html" rel="noreferrer nofollow ugc">bcrypt and with the <em>raw</em> output of hash()</a>, either use hex output or base64_encode it. (This applies to any input that may have a rogue <code>\0</code> in it, which can seriously weaken security.)</li> </ul> <h3>Dos</h3> <ul> <li>Use scrypt when you can; bcrypt if you cannot.</li> <li>Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.</li> <li>Reset everyone's passwords when the database is compromised.</li> <li>Implement a reasonable 8-10 character minimum length, plus require at least 1 upper case letter, 1 lower case letter, a number, and a symbol. This will improve the entropy of the password, in turn making it harder to crack. (See the "What makes a good password?" section for some debate.)</li> </ul> <h2>Why hash passwords anyway?</h2> <p>The objective behind hashing passwords is simple: preventing malicious access to user accounts by compromising the database. So the goal of password hashing is to deter a hacker or cracker by costing them too much time or money to calculate the plain-text passwords. And time/cost are the best deterrents in your arsenal.</p> <p>Another reason that you want a good, robust hash on a user accounts is to give you enough time to change all the passwords in the system. If your database is compromised you will need enough time to at <em>least</em> lock the system down, if not change every password in the database.</p> <p>Jeremiah Grossman, CTO of Whitehat Security, <a href="https://www.whitehatsec.com/blog/cracking-aes-256-dmgs-and-epic-self-pwnage/" rel="noreferrer nofollow ugc">stated on White Hat Security blog</a> after a recent password recovery that required brute-force breaking of his password protection:</p> <blockquote> <p>Interestingly, in living out this nightmare, I learned A LOT I didn’t know about password cracking, storage, and complexity. <em>I’ve come to appreciate why password storage is ever so much more important than password complexity. If you don’t know how your password is stored, then all you really can depend upon is complexity.</em> This might be common knowledge to password and crypto pros, but for the average InfoSec or Web Security expert, I highly doubt it.</p> </blockquote> <p>(Emphasis mine.)</p> <h2>What makes a <em>good</em> password anyway?</h2> <p><a href="http://xkcd.com/936/" rel="noreferrer nofollow ugc">Entropy</a>. (Not that I fully subscribe to Randall's viewpoint.)</p> <p>In short, entropy is how much variation is within the password. When a password is only lowercase roman letters, that's only 26 characters. That isn't much variation. Alpha-numeric passwords are better, with 36 characters. But allowing upper and lower case, with symbols, is roughly 96 characters. That's a lot better than just letters. One problem is, to make our passwords memorable we insert patterns—which reduces entropy. Oops!</p> <p>Password entropy is <a href="https://ritcyberselfdefense.wordpress.com/2011/09/24/how-to-calculate-password-entropy/" rel="noreferrer nofollow ugc">approximated</a> easily. Using the full range of ascii characters (roughly 96 typeable characters) yields an entropy of 6.6 per character, which at 8 characters for a password is still too low (52.679 bits of entropy) for future security. But the good news is: longer passwords, and passwords with unicode characters, really increase the entropy of a password and make it harder to crack.</p> <p>There's a longer discussion of password entropy on the <a href="https://crypto.stackexchange.com/questions/374/how-should-i-calculate-the-entropy-of-a-password" rel="nofollow ugc">Crypto StackExchange</a> site. A good Google search will also turn up a lot of results.</p> <p>In the comments I talked with @popnoodles, who pointed out that <em>enforcing</em> a password policy of X length with X many letters, numbers, symbols, etc, can actually reduce entropy by making the password scheme more predictable. I do agree. Randomess, as truly random as possible, is always the safest but least memorable solution.</p> <p>So far as I've been able to tell, making the world's best password is a Catch-22. Either its not memorable, too predictable, too short, too many unicode characters (hard to type on a Windows/Mobile device), too long, etc. No password is truly good enough for our purposes, so we must protect them as though they were in Fort Knox.</p> <h2>Best practices</h2> <p>Bcrypt and <a href="http://www.tarsnap.com/scrypt.html" rel="noreferrer nofollow ugc">scrypt</a> are the current best practices. <a href="http://www.tarsnap.com/scrypt.html" rel="noreferrer nofollow ugc">Scrypt</a> will be better than bcrypt in time, but it hasn't seen adoption as a standard by Linux/Unix or by webservers, and hasn't had in-depth reviews of its algorithm posted yet. But still, the future of the algorithm does look promising. If you are working with Ruby there is an <a href="http://rubygems.org/gems/scrypt" rel="noreferrer nofollow ugc">scrypt gem</a> that will help you out, and Node.js now has its own <a href="https://npmjs.org/package/scrypt" rel="noreferrer nofollow ugc">scrypt</a> package. You can use Scrypt in PHP either via the <a href="https://pecl.php.net/package/scrypt" rel="noreferrer nofollow ugc">Scrypt</a> extension or the <a href="https://paragonie.com/book/pecl-libsodium/read/07-password-hashing.md" rel="noreferrer nofollow ugc">Libsodium</a> extension (both are available in PECL).</p> <p>I highly suggest reading the documentation for the <a href="http://us.php.net/crypt" rel="noreferrer nofollow ugc">crypt function</a> if you want to understand how to use bcrypt, or finding yourself a <a href="https://stackoverflow.com/questions/4795385/how-do-you-use-bcrypt-for-hashing-passwords-in-php/6337021#6337021" rel="nofollow ugc">good</a> <a href="https://gist.github.com/1070401" rel="noreferrer nofollow ugc">wrapper</a> or use something like <a href="http://www.openwall.com/phpass/" rel="noreferrer nofollow ugc">PHPASS</a> for a more legacy implementation. I recommend a minimum of 12 rounds of bcrypt, if not 15 to 18.</p> <p>I changed my mind about using bcrypt when I learned that bcrypt only uses blowfish's key schedule, with a variable cost mechanism. The latter lets you increase the cost to brute-force a password by increasing blowfish's already expensive key schedule.</p> <h2>Average practices</h2> <p>I almost can't imagine this situation anymore. <a href="http://www.openwall.com/phpass/" rel="noreferrer nofollow ugc">PHPASS</a> supports PHP 3.0.18 through 5.3, so it is usable on almost every installation imaginable—and should be used if you don't <em>know for certain</em> that your environment supports bcrypt.</p> <p>But suppose that you cannot use bcrypt or PHPASS at all. What then?</p> <p>Try an implementation of <a href="http://www.itnewb.com/tutorial/Encrypting-Passwords-with-PHP-for-Storage-Using-the-RSA-PBKDF2-Standard" rel="noreferrer nofollow ugc">PDKBF2</a> with the <a href="https://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256" rel="nofollow ugc">maximum number of rounds</a> that your environment/application/user-perception can tolerate. The lowest number I'd recommend is 2500 rounds. Also, make sure to use <a href="http://php.net/hash_hmac" rel="noreferrer nofollow ugc">hash_hmac()</a> if it is available to make the operation harder to reproduce.</p> <h2>Future Practices</h2> <p>Coming in PHP 5.5 is a <a href="http://php.net/manual/en/ref.password.php" rel="noreferrer nofollow ugc">full password protection library</a> that abstracts away any pains of working with bcrypt. While most of us are stuck with PHP 5.2 and 5.3 in most common environments, especially shared hosts, @ircmaxell has built a <a href="https://github.com/ircmaxell/password_compat" rel="noreferrer nofollow ugc">compatibility layer</a> for the coming API that is backward compatible to PHP 5.3.7.</p> <h2>Cryptography Recap & Disclaimer</h2> <p>The computational power required to actually <em>crack</em> a hashed password doesn't exist. The only way for computers to "crack" a password is to recreate it and simulate the hashing algorithm used to secure it. The speed of the hash is linearly related to its ability to be brute-forced. Worse still, most hash algorithms can be easily parallelized to perform even faster. This is why costly schemes like bcrypt and scrypt are so important.</p> <p>You cannot possibly foresee all threats or avenues of attack, and so you must make your best effort to protect your users <strong>up front</strong>. If you do not, then you might even miss the fact that you were attacked until it's too late... <em>and you're liable</em>. To avoid that situation, act paranoid to begin with. Attack your own software (internally) and attempt to steal user credentials, or modify other user's accounts or access their data. If you don't test the security of your system, then you cannot blame anyone but yourself.</p> <p>Lastly: I am not a cryptographer. Whatever I've said is my opinion, but I happen to think it's based on good ol' common sense ... and lots of reading. Remember, be as paranoid as possible, make things as hard to intrude as possible, and then, if you are still worried, contact a white-hat hacker or cryptographer to see what they say about your code/system.</p> </div></div></div></div> </div> <div class="col-12 col-md-4"> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-8728145350222960" data-ad-slot="2985450245" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <div class='mt-3 ml-4 border-bottom border-success'><h6><span>Related Topic</span></h6></div><ul class='list-group list-group-flush'><li class="list-group-item"><a href='https://itecnotes.com/tecnote/javascript-how-to-modify-the-url-without-reloading-the-page/'>Javascript – How to modify the URL without reloading the page</a></li><li class="list-group-item"><a href='https://itecnotes.com/tecnote/php-how-to-get-php-errors-to-display/'>Php – How to get PHP errors to display</a></li><li class="list-group-item"><a href='https://itecnotes.com/tecnote/php-how-to-get-a-youtube-video-thumbnail-from-the-youtube-api/'>Php – How to get a YouTube video thumbnail from the YouTube API</a></li><li class="list-group-item"><a href='https://itecnotes.com/tecnote/html-how-to-create-an-html-button-that-acts-like-a-link/'>Html – How to create an HTML button that acts like a link</a></li><li class="list-group-item"><a href='https://itecnotes.com/tecnote/php-reference-what-does-this-symbol-mean-in-php/'>Php – Reference — What does this symbol mean in PHP</a></li><li class="list-group-item"><a href='https://itecnotes.com/tecnote/php-how-does-php-foreach-actually-work/'>Php – How does PHP ‘foreach’ actually work</a></li><li class="list-group-item"><a href='https://itecnotes.com/tecnote/javascript-is-it-possible-to-apply-css-to-half-of-a-character/'>Javascript – Is it possible to apply CSS to half of a character</a></li></ul> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-8728145350222960" data-ad-slot="8970621700" data-ad-format="auto" data-full-width-responsive="true"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> <footer class="entry-footer"> </footer><!-- .entry-footer --> </article><!-- #post-355236 --> </div><!-- #main-col --> </div><!-- #main-row --> </div><!-- #main-container --> </main><!-- #main --> </div><!-- #primary --> </div><!-- #content --> <footer id="colophon" class="site-footer"> <div class="site-info"> </div><!-- .site-info --> </footer><!-- #colophon --> </div><!-- #page --> <script type='text/javascript' src='https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js?ver=1.12.4' id='jquery-js'></script> <script type='text/javascript' id='jquery-js-after'> jQuery(document).ready(function ($) { const elements = document.getElementsByClassName("js-post-notice"); while(elements.length > 0){ elements[0].parentNode.removeChild(elements[0]); } }) </script> <script type='text/javascript' src='https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.min.js?ver=4.3.1' id='bootstrap4-js'></script> <script type='text/javascript' src='https://itecnotes.com/wp-includes/js/comment-reply.min.js?ver=5.9.9' id='comment-reply-js'></script> </body> </html> <!-- Page supported by LiteSpeed Cache 5.0.1 on 2024-04-21 21:44:36 -->