The Kit Library Collection consists of several relatively small and simple PHP libraries with the purpose of making some common (and sometimes a bit less common) tasks easier.
The basic idea of the library collection is to provide high quality libraries that solve specific problems. For me, this high quality means following things: Fully tested, documented API, documented use cases, availability via composer, adherence to PSR standards and taking advantage of code analysis tools.
Currently, the library collection consists of the following libraries:
BaseConversion is a PHP library for converting number bases, similar to
PHP's built in function
base_convert(). However, unlike the
built in function, this library is not limited by 32 bit integers and is
capable of converting numbers of arbitrary precision. This library also
supports conversion of fractions and allows more customization in terms of
In order to optimize the conversion of large numbers, this library also employs two different conversion strategies. In some cases, it's possible to convert numbers simply by replacing the digits with digits from the other base (e.g. when converting from base 2 to base 16). This is considerably faster than the other strategy, which simply calculates the new number using arbitrary precision integer arithmetic.
Classloader is a PHP library for autoloading classes. Class autoloading means that classes are loaded only when they are actually needed instead of having to include each class file on every execution. This reduces the page loading overhead especially on larger websites, as only some of the class files need to be loaded. Usually the classes are also loaded dynamically from files with file names based on the namespace and class name. This also makes it easier to manage a large number of class files.
This library supports two of the current standards for autoloading classes, namely the PSR-0 and PSR-4. The basic idea behind these standards is that class files reside in directories based on their namespace and in files named after the class. The key difference between these two standards is that PSR-4 does not require the entire namespace to be present in the directory hierarchy.
However, since the operation of finding the actual class files tends to be relatively costly, this library also provides basic caching mechanisms that allow caching the class file locations in a PHP file. With caching, the performance difference between autoloading and loading the files manually becomes negligible.
CSRF is a PHP library for preventing Cross-Site Request Forgery attacks. A CSRF attack takes advantage of authenticated users by sending them to a malicious website that sends carefully crafted requests to the targeted website in order to modify content on that website. The attack uses the authenticated user's browser to send the request to bypass any authentication. This library prevents these attacks by requiring a CSRF token in each POST, PUT and DELETE request. These tokens are not known by the attacker, which prevents them from sending malicious requests.
This library supports storing the CSRF tokens using either cookies or sessions. The token can also be submitted using either a hidden form field in POST requests or using a HTTP header, which makes it easier to pass the token in ajax requests.
In order to provide additional security against different forms of attacks against the CSRF tokens, this library uses constant time string comparisons to prevent timing attacks and generates random encrypted tokens in each request to prevent BREACH attacks. On top of that, all tokens are generated using a secure random byte generator.
PathJoin is PHP library for normalizing and joining file system paths. The purpose of this library is to make easier to work with file system paths irregardless of the platform and the system directory separator.
The purpose of file path normalization is to provide a single consistent
file path representation. In other words, the normalization in this library
.. directory references and
also condense multiple directory separators into one. This makes it much
easier to avoid common problems when comparing paths against each other.
While PHP provides a built in function
realpath(), it is not
usable in every case since it works by using the file system. This library
simply combines and normalizes the paths using string handling. There is no
requirement for the files or directories to be readable or even exist.
PHPEncoder is a PHP library for exporting variables and generating
PHP code representations for said variables similar to the built in function
var_export(). Compared to the built in function, however, this
library provides more options to customize the output, which makes it easier
to generate code for different kinds of purposes such as readable
configuration files or optimized cache files.
The purpose of this library is to address some of the shortcomings with the
var_export(). For example, there is no way to control
the amount of whitespace in the output and there is no way to choose between
different array notations. This library also provides functionality to
convert objects into PHP code that is actually useful when compared to the
built in function.
The large number of customization options in this library allows you to create code that fits your purposes. You can create very compact code, when you need to limit the size of the output, or you can create code in the style that actually fits in any of your dynamically generated PHP files.
SecureRandom is a PHP library for generating secure random numbers and using them for common randomization operations such as shuffling arrays or generating string sequences like passwords. Prior to version 7.0, PHP did not have built in secure random functions, but it was still possible to use different sources of randomness for generating secure random values. Thus, this library has two main purposes:
This library does not provide any additional secure random byte generators. It simply uses the byte generators that are available to PHP via extensions or internally. The four generators that are commonly available to PHP are:
The security of the randomness generated by this library is entirely dependant on the underlying random byte generator. The library does not do any additional transformations on the bytes other than the normalization needed to generate even distributions of random numbers.
UrlParser is PHP library that provides a RFC 3986 compliant URL
parser and a PSR-7
compatible URI component. The purpose of this library is to provide a parser
that accurately implements the RFC specification unlike the built in
parse_url(), which differs from the specification in
some subtle ways.
This library has two main purposes. The first to provide information from the parsed URLs. To achive this, the library implements the standard URI handling interface from the PSR-7 and also provides additional methods that make it easier to retrieve commonly used information from the URLs. The second purpose is to also permit the modification of said URLs using the interface from the PSR-7 standard in addition to few extra methods that make some tasks more straightforward.
While this library is mainly intended for parsing URLs, the parsing is simply based on the generic URI syntax. Thus, it is possible to use this library to validate and parse any other types of URIs against the generic syntax. The library does not perform any scheme specific validation for the URLs.
In addition to the default RFC 3986 compliant mode, the library also offers options that allow parsing of URLs that contain UTF-8 characters in different components of the URL while converting them to the appropriate percent encoded and IDN ascii formats.