In association with heise online

20 June 2013, 20:27

PHP 5.5.0 adds optimizer and drops Windows XP support

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

PHP icon

The PHP developers have released version 5.5 of the popular scripting language which has been in development since November 2012. PHP 5.5 includes a number of new features like the new array_column() function and support for non-scalar iterator keys in a foreach() loop, also known as generators, which allow developers to implement simple coroutines. The new version also introduces a password hashing function that allows developers to easily generate secure salted passwords and the finally keyword that runs a block of code regardless of whether an exception has been encountered or not. The foreach structure now also supports the list() construct. Most other improvements in the latest version of the language, such as the opcode cache and code optimiser Zend Optimizer+, do not have any impact on existent code and mainly improve the language's performance and stability.

The Zend Optimizer+ was open sourced in February with an eye towards integrating it into the core distribution with the PHP 5.5 release. It was previously only available as part of the proprietary Zend Server package from Zend Enterprise. The tool improves bytecode generated from PHP sources to speed up the performance of PHP applications. It also stores precompiled bytecode in shared memory rather than reading it from disk and compiling it when needed.

The new password hashing API allows developers to generate a secure salted password hash using Bcrypt and just one line of code:

$hash = password_hash($password, PASSWORD_DEFAULT);

The password will be automatically salted and can be verified with another simple line of code:

password_verify($password, $hash); 

Should the generated hashes land in the wrong hands, the thieves should only be able to reconstruct the corresponding plain text passwords with considerable effort, providing of course that the original passwords are long enough. Bcrypt is very computationally intensive and requires a lot of memory, making it difficult to crack with GPUs. A system with eight CPU cores can generate around 5,000 hashes per second and a current GPU delivers similar results. By comparison, hashing with SHA1 would deliver numbers in the tens of millions. Through the use of salts, the use of rainbow tables is also limited.

The developers caution users that PHP 5.5 also introduces some backwards incompatibilities. Support for Windows XP and 2003 has been dropped and case insensitive matching for function, class and constant names is now locale independent which may cause issues with older code that uses case insensitive matches for non-ASCII characters in character sets such as UTF-8. The developers say that users with a non-English, non-ASCII code base will need to test their code before deploying PHP 5.5 in production. Changes to the pack() and unpack() functions make their commands more compatible with Perl but mean that developers will have to write code using version_compare() to make their applications backward compatible. A list of new features and possible incompatibilities between PHP 5.5 and previous versions is available as part of the documentation on the PHP web site.

A list of all changes in PHP 5.5 can be found in the NEWS file for the release. Packages for the currently supported Windows versions can be found on the PHP web site; source code is also available. PHP is released under the PHP License v3.01.



  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit