Properly Configure Nginx alias directive with PHP

When using alias directive, the SCRIPT_FILENAME parameter passed onto FastCGI interpreter should be $request_filename instead of the default $fastcgi_script_name. This ensures that the PHP interpreter receives the correct file path and does not return 404 Not Found.

Example Code:

Keyword based inline Search and Replace with sed

sed is a nifty utility that allows you to search and replace text in a file using a short 1-liner.

The following command does the following:
1. Searches for the keyword in every line of the input_file
2. In every matching line it looks for search_string
3. It replaces every instance of search_string with replace_string



Bluetooth Audio Receiver / A2DP Sink with Raspberry Pi

After much trial and error, I have managed to configure Raspberry Pi to function as a Bluetooth Audio Receiver, also known as A2DP Sink mode.

Much of the articles and configurations on the web are for older version of Debian (<=7.x) which worked correctly with older versions of PulseAudio (<=4.x), Alsa & Bluez (<=4.x).

The following configuration has been tested with latest release of Xbian, which is based on Debian Jessie (8.0) and Raspberry Pi 3, which comes with a built-in bluetooth module. Other compatible bluetooth modules should work as well. Continue reading Bluetooth Audio Receiver / A2DP Sink with Raspberry Pi

How to search and replace with nano text editor

Nano is a very compact and feature packed text editor commonly found on Linux and Unix based OS. One of the lesser used feature that is very useful is search & replace.

To Search and Replace text in the currently open file:

The search string can also be a regular expression.

Port Forwarding in Mikrotik RouterOS

Ports can be opened/forwarded in Mikrotik RouterOS using the snippet below.

Note the following parameters and edit as necessary:

  • dst-port
  • to-port
  • to-address
  • protocol

Introduction to hashing passwords in PHP (5.5+)

Every PHP developer at some point has a need for restricting access to certain parts of their web application and allow users to pass through secure areas with a username and password.

Due to it’s long history, PHP has a lot of practices around security which are no longer secure, or appropriate for the application requirements these days. Among such practices is hashing and securing passwords using algorithms such as MD5, SHA1, etc.

Securing passwords with md5, SHA1, SHA256 or custom hash generators is considered bad practice these days. According to

Hashing algorithms such as MD5, SHA1 and SHA256 are designed to be very fast and efficient. With modern techniques and computer equipment, it has become trivial to “brute force” the output of these algorithms, in order to determine the original input.

Because of how quickly a modern computer can “reverse” these hashing algorithms, many security professionals strongly suggest against their use for password hashing.

The methods considered secure a few years ago, are now obsolete/insecure due to ever increasing computing power and advanced techniques. And unless you are well versed in the area of cryptography and security, it is never a good idea to roll your own security mechanisms.

The current best practice is to use the native password hashing API, introduced in PHP version 5.5. The API provides two useful functions, namely password_hash and password_verify.

password_hash() creates a new password hash using a strong one-way hashing algorithm.

password_verify() verifies that the given hash matches the given password.

Using these functions is fairly straightforward. See the following example.

password_hash() currently provides Blowfish algorithm for creating the hash, and it is set as the default algorithm. The PASSWORD_DEFAULT constant is currently set to use the Blowfish algorithm. However, you may specify the Blowfish algorithm explicitly using the PASSWORD_BCRYPT constant, if the requirement is to always use Blowfish. Note that the password_verify() function is forward compatible, therefore PASSWORD_DEFAULT is the preferred option as it will provide the best possible hashing mechanism as PHP updates in future, while still working with previously generated hashes.

Blowfish allows specifying the cost of generating the hash. The cost of the hash implies the complexity and the processing power required to generate the hash. The higher the cost, the more complex the hash, the more processing power and time required to generate the hash. Depending on the use case of the application, and the required security complexity, the cost can be specified. The default cost of the Blowfish algorithm used in password_hash function is 10.

The generated hash is made up of algorithm, cost and salt as part of the returned hash. This eliminates the need to separately generate and store random salt values, and according to it is considered simplest and most secure approach.

See the following pages to get up to speed with native Password Hashing API in PHP


  1. I have corrected the article to reflect the point made by /u/LawnGnome on reddit about hashes being forward compatible, this it is preferred to use PASSWORD_DEFAULT for algorithm.
  2. password_compat library provides the password_* functions for PHP >= 5.3.7. – Thanks /u/PolarZoe
  3. Updated Blowfish constant to PASSWORD_BCRYPT, in line with native hashing API.

Simpler Role Based Authorization in Yii 2.0

UPDATE: Starting with version 2.0.2, Yii2 Advanced Template does not contain “role” column in the User table by default. Before proceeding to the tutorial below, do the following:

  1. Create a column called role in the user table.
  2. Update the User model by adding the role attribute and updating the User class docblock accordingly.

Yii 2.0 has a built in Access Control that supports 2 roles out of the box to check whether the user is a guest or if the user is logged in. Sometimes there is a need to simply extend the Access Control Layer with few more roles to distinguish the logged in users i.e. admin, moderator, without the full blown RBAC graph with permissions, roles and role assignments that Yii provides.

In this post, I will show how to implement simple Role Based authorization by simply extending the AccessRule class that defines the default rules and overriding the matchRule() function call, which will provide the additional rule matching logic. Continue reading Simpler Role Based Authorization in Yii 2.0

UDP Chat in Python Using Socket

Here I will share a very basic UDP chat application in Python using sockets.

It can work in point-to-point or broadcast mode.

For Point-to-Point, enter IP and Port.

For Broadcasting mode set the last byte of IP address to 255. i.e.

Port number is HEX, remove the base 16 to make it decimal.


i18n with Yii 2 Advanced Template

In this post, I will show you my workflow for internationalization of Yii based projects.

We will configure sane paths, logically dividing the frontend and backend. We will also use the yii cli tool to generate the translation files for us. Let’s get started. Continue reading i18n with Yii 2 Advanced Template