Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rob Allen:
ZendInput and empty values
Aug 04, 2015 @ 10:49:15

Rob Allen has a post to his site to help clear up some confusion with how the ZendInput component handles "empty" between the required, allow_empty and continue_if_empty logic.

These settings define what happens when you try to validate an empty value for a given input. For ZendInput, empty means exactly equal to null, an empty string or an empty array.

He starts by outlining each of the three settings including both their default settings and its intent. He gets into a bit more detail on continue_if_empty as it has additional logic that depends on the results of the other two settings. He includes a small test application that cycles through a set of values and evaluates them through a ZendInput instance. The output is also included in the post so you can verify your system is seeing the same evaluation results.

tagged: zendinput empty value evaluation required allowempty continueifempty tutorial

Link: http://akrabat.com/zend-input-empty-values/

SitePoint PHP Blog:
Introduction to Elasticsearch in PHP
Aug 04, 2015 @ 09:31:05

The SitePoint PHP blog has posted an introduction to using Elasticsearch in your PHP applications. In it author Wern Ancheta covers some of the basics of this powerful tool and helps you get an example script up and running for testing.

In this tutorial, we’re going to take a look at Elasticsearch and how we can use it in PHP. Elasticsearch is an open-source search server based on Apache Lucene. We can use it to perform super fast full-text and other complex searches. It also includes a REST API which allows us to easily issue requests for creating, deleting, updating and retrieving of data.

He starts by helping you get Elasticsearch itself installed via the apt-get package manager (may slightly differ depending on your OS of choice) and tested with a simple web-based request to the port the server is running on. With the server set up he then moves on to the PHP aspect, helping you get the elasticsearch library installed via Composer and creating a new client instance. He then includes code examples of some of the main operations you'll perform with entries in the Elasticsearch instance: inserting a document, updating a document, deleting and - of course - searching for documents matching certain simple and more complex criteria.

tagged: introduction tutorial elasticsearch install library insert update delete search

Link: http://www.sitepoint.com/introduction-to-elasticsearch-in-php/

Voices of the ElePHPant:
Interview with Heather White
Aug 04, 2015 @ 08:58:39

The Voices of the ElePHPant podcast has posted their latest episode, another in their series of interviews with members of the PHP community. In this latest show host Cal Evans interviews Heather White from php[architect]

In the episode Cal and Heather talk about her as a speaker at the 2015 Lone Star PHP conference and what her session was about. They also talk some about her interaction with the PHP community now that she's becoming more involved, both through php[architect] and community participation.

You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. If you enjoy the show and want to hear more, be sure to subscribe to their feedif you want to hear more or just catch up on previous episodes (and get new ones as they're released).

tagged: voicesoftheelephpant community interview heatherwhite podcast

Link: https://voicesoftheelephpant.com/2015/08/04/interview-with-heather-white/

SitePoint PHP Blog:
The State of Accessibility in PHP Tools
Aug 03, 2015 @ 11:19:21

On the SitePoint PHP blog Parham Doustdar has posted a look at accessibility in PHP tools or how easy they make it for those with disabilities (such as his own blindness) to do their development work.

Usually when I tell people that I’m blind, many people ask me how I can use the computer. “Is someone reading you my messages?” I remember someone asking. Many people imagine that I have this super-nifty speech recognition software that I can just talk to, and it would do anything, even write code. Imagine dictating code to a speech recognition system! [...] I gave an answer on Quora, to someone who had asked How does a visually impaired computer programmer do programming? I recommend you go through that answer to have a better context on what I’ll be talking about in this post.

He starts with a look at how visually impaired people could normally use a computer using screen readers, interaction with the software (all through the keyboard) and some things that just can't be done with this setup. He covers some of the issues screen readers have when parsing web applications and links to the WebAIM articles page for more information there. He then gets into the IDE comparison covering essential, assistance and supplementary features as well as community engagement around accessibility issues. He compares:

  • PHPStorm
  • SublimeText
  • NetBeans
  • Eclipse-based IDEs (Zend Studio, Eclipse PDT)
  • Notepad++

Unfortunately, most of the software on his list received a rating of "zero" on the scale with the exception of Notepad++, though it still has places it falls flat.

tagged: accessibility tools blind programming ide comparison screenreader

Link: http://www.sitepoint.com/the-state-of-accessibility-in-php-tools/

Paragon Initiative:
Secure Data Encryption in Web Applications with PHP
Aug 03, 2015 @ 10:58:47

The Paragon Initiative has posted a new white paper to their site covering secure data encryption in web applications written in PHP. The paper covers high level topics and offers some more practical suggestions about tools and guides to use in protecting your applications.

Encrypting network communications is absolutely essential to the security of anyone who wishes to use your website or application. The standard and most reliable form of network encryption is called Transport Layer Security (TLS), which was preceded by and older standard called Secure Socket Layer (SSL).

Websites that use SSL or TLS are accessible by typing https://domain.com into your browser instead of just http://domain.com. Consequently, the shorthand way to refer to HTTP over TLS is simply HTTPS. Contrasted with network cryptography, storing sensitive information is a much more challenging and interesting problem to solve, and is the focus of this paper.

Among the topics covered in the white paper are things like:

  • The flow of a HTTPS request (and if it's "fast" or not)
  • Secure password storage and handling
  • On-demand encryption/decryption
  • Cryptography library recommendations
  • Using asymmetric cryptography with public and private keys

They also point to this curated list of resources to help you learn more about general web application security including cryptography.

tagged: secure application cryptography https password library libsodium resources

Link: https://paragonie.com/white-paper/2015-secure-php-data-encryption

Andrew Smith:
Why is Slim 3 not so slim anymore
Aug 03, 2015 @ 09:54:13

In this post to is site Andrew Smith refutes the misconception that version three (v3) of the Slim PHP microframework is "not so slim" anymore with some of the additions to this latest version, increasing it's size and complexity.

There is a common misconception that Slim 3 has plenty of files and is no longer slim. Slim 3 does indeed contain more files than Slim 2 and this has been the result of being more flexible and moving away from the Not Invented Here (NIH) philosophy.

Installing Slim 3 through composer will install all its dependencies, when doing a PHP file count you will notice we have doubled in file count. This is a given with the amount of flexibility we now have. Most developers might not see any benefit in this as they will likely just work with what is provided, but if at any point you should hit a limitation in any working part of the framework, you can easily swap it out without a fuss.

He includes the command to install this latest version via Composer and how to count the number of files with a single command. He points out that some people that are reporting 1000+ PHP files being installed with the framework are probably getting the development packages as well and not just the release. He points out that "Slim 3 is still slim, we just added more flexibility in it." He ends the post with a thanks to Josh Lockhart and a few others who have made large contributions to the project and have helped make it what it is.

tagged: slimframework version slim3 slim2 size improvement flexibility

Link: http://thoughts.silentworks.co.uk/why-is-slim3-not-so-slim-anymore/

Matt Stauffer:
Login Throttling in Laravel 5.1
Aug 03, 2015 @ 08:35:57

Matt Stauffer has posted the eleventh part in his series looking at new features of the latest release of the Laravel framework (well, version 5.1). In this tutorial he shows you how to setup and configure the login throttling for your Laravel-based application with the help of the Laravel Throttle package.

Whether or not you know it, any login forms are likely to get a lot of automated login attempts. Most login forms don't stop an automated attack trying email after email, password after password, and since those aren't being logged, you might not even know it's happening.

The best solution to something like this is to halt a user from attempting logins after a certain number of failed attempts. This is called login throttling, or rate limiting. Graham Campbell wrote a great package called Laravel Throttle to address this in previous versions of Laravel, but in Laravel 5.1 Login throttling comes right out of the box.

He shows how to use the ThrottleTrait in your AuthController to have some of the "behind the scenes" work done for you. He shows you how to update your view to relay the possible error message back to the user (and includes a quick screencast of the result). He ends the post with a quick look at what the throttling functionality is doing under the covers: creating a temporary cache item based on username+IP address as a "lock" indicator. Finally, he points out two properties you can find on the auth controller to give a bit more detail on the current configuration: lockout time and max login attempts.

tagged: laravel login throttle tutorial authcontroller laravelthrottle package cache username ipaddress

Link: https://mattstauffer.co/blog/login-throttling-in-laravel-5.1

Amine Matmati:
Testing PDF content with PHP and Behat
Jul 31, 2015 @ 13:49:52

In this post to his site Amine Matmati shows you how to use Behat (with a bit of additional PHP) to test the contents of a rendered PDF file.

If you have a PDF generation functionality in your app, and since most of the libraries out there build the PDF content in an internal structure before outputting it to the file system (FPDF, TCPDF). A good way to write a test for it is to test the output just before the rendering process.

Recently however, and due to this process being a total pain in the ass, people switched to using tools like wkhtmltopdf or some of its PHP wrappers (phpwkhtmltopdf, snappy) that let you build your pages in html/css and use a browser engine to render the PDF for you, and while this technique is a lot more developer friendly, you loose control over the building process.

He shows how to get all of the required software installed including the smalot/pdfparser library used to read in the contents of the PDF file. He initializes a Behat test directory and writes a simple test, checking for a string of some "Lorem ipsum" text in the document's title and that it contains only one page. Some additional methods have to be created to integrate the PDF parsing and string location/page counting and code is included for each. When all the pieces are put in place, executing the test passes for both checks. You can find the code for the tutorial in this repository that also includes two sample PDFs to work with.

tagged: integration test behat contents string pages tutorial

Link: http://matmati.net/testing-pdf-with-behat-and-php

ServerGrove Blog:
Introduction to the PHAR format
Jul 31, 2015 @ 12:15:44

The ServerGrove blog has posted an introduction to the PHAR format, a built-in method to use PHP and create self-contained functional scripts as a single *.phar file making it much easier to transport.

In the last years there is a trend in the PHP community to release tools, especially command line utilities, as PHAR files, so you can package an entire PHP application into a single file for convenience. But, how PHAR files work? In this post we will try to explain it.

They cover a few of the basic topics first: what is a PHAR file and a few examples of them being provided by major PHP projects. They then get into the creation of an archive, showing how to make a super simple PHAR "Hello World" archive, created with just a bit of PHP. They then get into the structure behind the archive and get into detail on each section (stub, manifest, file contents and signature).

tagged: phar format introduction archive package

Link: http://blog.servergrove.com/2015/07/30/introduction-phar-format/

PHP Town Hall Podcast:
Episode 43: Midnight Express
Jul 31, 2015 @ 11:37:18

The PHP Town Hall podcast has released their latest episode today: Episode #43: Midnight Madness with hosts and PHP community members Phil Sturgeon and Ben Edmunds.

Your two favourite PHP developers are joined this episode by Emir Kar??yakal? off of PHPKonf and IstanbulPHP. Istanbul is not only a beautiful and awesome city, but it’s got a thriving PHP community too, who are currently hosting a whole bunch of PHP stars for their annual conference.

You can listen to their latest episode either through the in-page audio player or by downloading the mp3 to listen at your leisure. If you enjoy the show, be sure to subscribe to their feed or follow them on Twitter.

tagged: phptownhall podcast ep43 midnight madness emirkars?yakal?

Link: http://phptownhall.com/blog/2015/06/11/episode-43-midnight-express/