2. Hello
● Hello, I'm Julien PAULI
– PHP 5.5 Release Manager
– Working for blablacar in Paris (www.blablacar.com)
– Working with PHP since ~10y
– Working on PHP internals ~3y
14. PHP release process
● Starting from 5.4, we have a release process
● https://wiki.php.net/rfc/releaseprocess
● Yearly new major/minor (5.4->5.5 or 6.0)
– New features
– Big changes. Majors may break BC
– 3 years of life (2 + 1)
● Monthly new revisions (5.4.3->5.4.4)
– Bug fixes, no new features, BC kept
● EOLed security releases
– After EOL, 1 year of security fixes
16. Source distributions
● We use Git
– http://git.php.net
● We mirror on Github
– Social coding
– New ideas
– Pull Requests
17. PHP contributors
● About 10 to 15 active people
● Lots more total
● Contribute on
– Code (new features, changes, bugs&fixes)
– Doc & translations
– Infra services (hosting php.net worldwide)
– Human management
– … lots of things to do
19. PHP 5.5 new features
● Password hashing API
● "Finally" keyword
● Generators
● Syntax and engine improvements
● Breaks, deprecations
● … more not reported here
20. New Password hashing API
● PHP users don't really understand/care
about the concept behing hashing, salting
and crypting
● PHP doesn't give any hints about that
● User are left on their own
– Until 5.5 version
– Welcome a new password hashing API !
21. New Password hashing API
● https://wiki.php.net/rfc/password_hash
● See how easy that looks now :
– To generate a hash
$password = 'secret';
$hash = password_hash($password, PASSWORD_DEFAULT);
var_dump($hash);
// "$2y$10$Pa2cIqH5X3m6iqIYVDBdvOUcggnXnZzBy0dlie
4VRHLr3ncLcyB7a"
22. New Password hashing API
● https://wiki.php.net/rfc/password_hash
● See how easy that looks now :
– To verify a hash
$provided_password = 'secret';
$hash = "$2y$10$Pa2cIqH5X3m6iqIYVDBdvOUcggnXnZzBy0
dlie4VRHLr3ncLcyB7a";
if (password_verify($provided_password, $hash)) {
echo "you are welcome" ;
}
23. New Password hashing API
● More options :
– choose your hashing algorithm
– choose a salt from yours
– choose a CPU cost
$password = "mysecret" ;
$hash =password_hash($password, PASSWORD_BCRYPT,
array("cost" => 5, "salt" => "my_secret_salt") ) ;
24. New Password hashing API
● Just one Database field is needed
● The hash encapsulates all the infos
– algorithm used
– salt used
– cost used
– hash itself
"$2y$10$Pa2cIqH5X3m6iqIYVDBdvOUcggnXnZzBy0dlie4VR...
25. Other changes
● ext/intl has been massively worked on / improved
● ext/curl up to date with new libcurl
● bison < 2.4 no longer supported (parser)
● libpcre updated
● array_column()
● cli_set_process_title()
● Lots of bug fixes
29. OPCache
● OPCache = "ZendOptimizerPlus" for PHP
– It's been freed by Zend recently
– It's then been renamed
● OPCache will be shipped with PHP 5.5 , as
an extension you have to activate at compile
time
– it will be maintained together with PHP itself
● APC is now dead
32. PHP 5.5 compatibility breaks
● ext/mysql has been deprecated /!
● /e modifier for preg() has been deprecated
● Dropped support for Windows XP and 2k3
● No more php logo and zend logo functions
● pack()/unpack() minor changes
33. Performances ?
● The biggest step was 5.3 to 5.4
– First time for such a boost
● 5.5 is faster than 5.4
– But don't expect the same effect than 5.3 to 5.4