New encryption function-password_hash () in PHP 5.5 ()

PHP 5.4 has just been released for four months. It may be too early to talk about the next version of PHP, but it is very popular in the PHP internal email list.
PHP 5.5 is still in its early stages of development. What will it look like in the end? No one knows it now. The following just summarizes people's expectations for PHP 5.5, however, PHP 5.5 does not contain all the following content.
In short, there are four important functions:
A simple password hash function
Scalar typehinting)
Getters and seters (attribute)
Generators)
Many other details:
Windows XP and 2003 are not supported
PHP 5.5 will no longer support Windows XP and 2003 systems, which are too old.
/E modifier is defined as obsolete
After the/e modifier is set, preg_replace () replaces the replacement string with a forward reference, and evaluates and executes the replaced string as the php code (eval function mode ), the execution result is used as the string to be replaced. single quotation marks, double quotation marks, backslash (\), and NULL characters are escaped by backslash when being replaced by backward references.
This will cause security issues. As an alternative, you should use the preg_replace_callback function.
Boolval ()
PHP has implemented the strval, intval, floatval functions. The boolval function converted to the bool type will be added. He is the same as (bool), but he can be used as a callback function.
Array_column ()
The array_colume or array_pluch functions are as follows:
<? Php
 
$ UserNames = array_column ($ users, 'name ');
// Equivalent to the following code
$ UserNames = [];
Foreach ($ users as $ user ){
$ UserNames [] = $ user ['name'];
}
A simple password hash function
Recently, many large websites have leaked passwords (note that this password is not a domestic password door, so foreigners do not care about it in China. There are also many types of password leaks abroad ), we have always advocated the use of bcrypt for encryption of passwords, but many people still use insecure sha1 hashing. (Both Chinese and foreign passwords are leaked, but foreign passwords are hashed, while domestic passwords are directly in plaintext)
I guess this may be too difficult to use the crypt function (sha1 and md5 are really simple), because we need a simple and secure password hash function:
<? Php
 
$ Password = "foo ";
 
// Create a password hash
$ Hash = password_hash ($ password, PASSWORD_BCRYPT );
 
// Verify a password
If (password_verify ($ password, $ hash )){
// The password is correct!
} Else {
// Incorrect password!
}
The new password hash has more advantages. Here is the RFC overview.
Constant dereferencing)
"Constant dereferencing" means that strings can be operated directly using arrays. See the following two examples:
<? Php
 
Function randomHexString ($ length ){
$ Str = '';
For ($ I = 0; $ I <$ length; ++ $ I ){
$ Str. = "0123456789 abcdef" [mt_rand (0, 15)]; // direct dereference of string
}
}
 
Function randomBool (){
Return [false, true] [mt_rand (0, 1)]; // direct dereference of array
}
I don't think this feature should be used, but it makes the language syntax a little more. View RFC
The empty () function will support a function call (and other expressions)
Currently, the empty () function can only have one variable. in PHP 5.5, emtpy ($ this-> getFriends () is supported, in earlier versions, this will throw an error. View RFC
Obtain the complete Class Name
Added the namespace feature in PHP 5.3. This causes the following code problems:
<? Php
 
Use Some \ Deeply \ Nested \ Namespace \ FooBar;
 
// This Code cannot work because it will search for the FooBar class globally. Obviously, this Code cannot be found.
$ Reflection = new ReflectionClass ('foobar ');
To solve this problem, a new syntax FooBar: class is introduced to return the complete class name.
Use Some \ Deeply \ Nested \ Namespace \ FooBar;
 
// This works because FooBar: class is resolved to "Some \ Deeply \ Nested \ Namespace \ FooBar"
$ Reflection = new ReflectionClass (FooBar: class );
For more examples, see RFC
Parameter can be skipped (Parameter skipping)
If you have a function that accepts multiple optional parameters, you cannot use the default value of the intermediate parameter. The new default value can use the default value of some parameters, instead of defining the value where the function is called.
The following is an example in RFC:
Function create_query ($ where, $ order_by, $ join_type = '', $ execute = false, $ report_errors = true ){...}
If we want to set $ report_errors = false without setting $ join_type and $ execute parameters, we can use the following code:
Create_query ("deleted = 0", "name", default, default, false );
Type constraint Detection
The check type constraint was originally included in PHP 5.4, but it was not included in PHP 5.4 because no consensus was reached.
Now PHP 5.5 has started to discuss his proposal. View RFC
Function foo (int $ I ){...}
Www.2cto.com
Foo (1); // $ I = 1
Fool (1.0); // $ I = 1
Foo ("1"); // $ I = 1
Foo ("1abc"); // not yet clear, maybe $ I = 1 with notice
Foo (1.5); // not yet clear, maybe $ I = 1 with notice
Foo ([]); // error
Foo ("abc"); // error
New Getters and Setters syntax
If you are a fan of getXYZ () and setXYZ (), this is a welcome change. In PHP 5.5, we propose to add a syntax for direct attribute read/write:
<? Php
 
Class TimePeriod {
Public $ seconds;
 
Public $ hours {
Get {return $ this-& gt; seconds/3600 ;}
Set {$ this-> seconds = $ value * 3600 ;}
}
}
 
$ TimePeriod = new TimePeriod;
$ TimePeriod-> hours = 10;
 
Var_dump ($ timePeriod-> seconds); // int (36000)
Var_dump ($ timePeriod-> hours); // int (10)
There are also some other features, such as read-only attributes. For more information, see RFC
Generator
Currently, the custom iterator is rarely used, because it is too troublesome to use it and requires a lot of irrelevant code (called template code ), the generator provides a convenient way to use the iterator to solve this problem.
For example, this is a function with a custom range, but it can also be used as an iterator:
<? Php
 
Function * xrange ($ start, $ end, $ step = 1 ){
For ($ I = $ start; $ I <$ end; $ I + = $ step ){
Yield $ I;
}
}
 
Foreach (xrange (10, 20) as $ I ){
//...
}
The preceding xrange function has the same functions as the built-in range function. The only difference is that it does not return an array containing all values, but a dynamic value generated by an iterator.
For more functions, refer to RFC
List connotation and generator expression
List content provides a simple way to access Arrays:
$ FirstNames = [foreach ($ users as $ user) yield $ user-> firstName];
The content of the above-mentioned table is equivalent to the following code:
$ FirstNames = [];
Foreach ($ users as $ user ){
$ FirstNames [] = $ user-> firstName;
}
You can also filter the array:
$ UnderageUsers = [foreach ($ users as $ user) if ($ user-> age <18) yield $ user];
The generator expression class is, But it returns the value dynamically generated by an iterator instead of an array.