Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
The State of Accessibility in PHP Tools
Aug 03, 2015 @ 11:19:21

On the SitePoint PHP blog Parham Doustdar has posted a look at accessibility in PHP tools or how easy they make it for those with disabilities (such as his own blindness) to do their development work.

Usually when I tell people that I’m blind, many people ask me how I can use the computer. “Is someone reading you my messages?” I remember someone asking. Many people imagine that I have this super-nifty speech recognition software that I can just talk to, and it would do anything, even write code. Imagine dictating code to a speech recognition system! [...] I gave an answer on Quora, to someone who had asked How does a visually impaired computer programmer do programming? I recommend you go through that answer to have a better context on what I’ll be talking about in this post.

He starts with a look at how visually impaired people could normally use a computer using screen readers, interaction with the software (all through the keyboard) and some things that just can't be done with this setup. He covers some of the issues screen readers have when parsing web applications and links to the WebAIM articles page for more information there. He then gets into the IDE comparison covering essential, assistance and supplementary features as well as community engagement around accessibility issues. He compares:

  • PHPStorm
  • SublimeText
  • NetBeans
  • Eclipse-based IDEs (Zend Studio, Eclipse PDT)
  • Notepad++

Unfortunately, most of the software on his list received a rating of "zero" on the scale with the exception of Notepad++, though it still has places it falls flat.

tagged: accessibility tools blind programming ide comparison screenreader

Link: http://www.sitepoint.com/the-state-of-accessibility-in-php-tools/

Paragon Initiative:
Secure Data Encryption in Web Applications with PHP
Aug 03, 2015 @ 10:58:47

The Paragon Initiative has posted a new white paper to their site covering secure data encryption in web applications written in PHP. The paper covers high level topics and offers some more practical suggestions about tools and guides to use in protecting your applications.

Encrypting network communications is absolutely essential to the security of anyone who wishes to use your website or application. The standard and most reliable form of network encryption is called Transport Layer Security (TLS), which was preceded by and older standard called Secure Socket Layer (SSL).

Websites that use SSL or TLS are accessible by typing https://domain.com into your browser instead of just http://domain.com. Consequently, the shorthand way to refer to HTTP over TLS is simply HTTPS. Contrasted with network cryptography, storing sensitive information is a much more challenging and interesting problem to solve, and is the focus of this paper.

Among the topics covered in the white paper are things like:

  • The flow of a HTTPS request (and if it's "fast" or not)
  • Secure password storage and handling
  • On-demand encryption/decryption
  • Cryptography library recommendations
  • Using asymmetric cryptography with public and private keys

They also point to this curated list of resources to help you learn more about general web application security including cryptography.

tagged: secure application cryptography https password library libsodium resources

Link: https://paragonie.com/white-paper/2015-secure-php-data-encryption

Andrew Smith:
Why is Slim 3 not so slim anymore
Aug 03, 2015 @ 09:54:13

In this post to is site Andrew Smith refutes the misconception that version three (v3) of the Slim PHP microframework is "not so slim" anymore with some of the additions to this latest version, increasing it's size and complexity.

There is a common misconception that Slim 3 has plenty of files and is no longer slim. Slim 3 does indeed contain more files than Slim 2 and this has been the result of being more flexible and moving away from the Not Invented Here (NIH) philosophy.

Installing Slim 3 through composer will install all its dependencies, when doing a PHP file count you will notice we have doubled in file count. This is a given with the amount of flexibility we now have. Most developers might not see any benefit in this as they will likely just work with what is provided, but if at any point you should hit a limitation in any working part of the framework, you can easily swap it out without a fuss.

He includes the command to install this latest version via Composer and how to count the number of files with a single command. He points out that some people that are reporting 1000+ PHP files being installed with the framework are probably getting the development packages as well and not just the release. He points out that "Slim 3 is still slim, we just added more flexibility in it." He ends the post with a thanks to Josh Lockhart and a few others who have made large contributions to the project and have helped make it what it is.

tagged: slimframework version slim3 slim2 size improvement flexibility

Link: http://thoughts.silentworks.co.uk/why-is-slim3-not-so-slim-anymore/

Matt Stauffer:
Login Throttling in Laravel 5.1
Aug 03, 2015 @ 08:35:57

Matt Stauffer has posted the eleventh part in his series looking at new features of the latest release of the Laravel framework (well, version 5.1). In this tutorial he shows you how to setup and configure the login throttling for your Laravel-based application with the help of the Laravel Throttle package.

Whether or not you know it, any login forms are likely to get a lot of automated login attempts. Most login forms don't stop an automated attack trying email after email, password after password, and since those aren't being logged, you might not even know it's happening.

The best solution to something like this is to halt a user from attempting logins after a certain number of failed attempts. This is called login throttling, or rate limiting. Graham Campbell wrote a great package called Laravel Throttle to address this in previous versions of Laravel, but in Laravel 5.1 Login throttling comes right out of the box.

He shows how to use the ThrottleTrait in your AuthController to have some of the "behind the scenes" work done for you. He shows you how to update your view to relay the possible error message back to the user (and includes a quick screencast of the result). He ends the post with a quick look at what the throttling functionality is doing under the covers: creating a temporary cache item based on username+IP address as a "lock" indicator. Finally, he points out two properties you can find on the auth controller to give a bit more detail on the current configuration: lockout time and max login attempts.

tagged: laravel login throttle tutorial authcontroller laravelthrottle package cache username ipaddress

Link: https://mattstauffer.co/blog/login-throttling-in-laravel-5.1

Amine Matmati:
Testing PDF content with PHP and Behat
Jul 31, 2015 @ 13:49:52

In this post to his site Amine Matmati shows you how to use Behat (with a bit of additional PHP) to test the contents of a rendered PDF file.

If you have a PDF generation functionality in your app, and since most of the libraries out there build the PDF content in an internal structure before outputting it to the file system (FPDF, TCPDF). A good way to write a test for it is to test the output just before the rendering process.

Recently however, and due to this process being a total pain in the ass, people switched to using tools like wkhtmltopdf or some of its PHP wrappers (phpwkhtmltopdf, snappy) that let you build your pages in html/css and use a browser engine to render the PDF for you, and while this technique is a lot more developer friendly, you loose control over the building process.

He shows how to get all of the required software installed including the smalot/pdfparser library used to read in the contents of the PDF file. He initializes a Behat test directory and writes a simple test, checking for a string of some "Lorem ipsum" text in the document's title and that it contains only one page. Some additional methods have to be created to integrate the PDF parsing and string location/page counting and code is included for each. When all the pieces are put in place, executing the test passes for both checks. You can find the code for the tutorial in this repository that also includes two sample PDFs to work with.

tagged: integration test behat contents string pages tutorial

Link: http://matmati.net/testing-pdf-with-behat-and-php

ServerGrove Blog:
Introduction to the PHAR format
Jul 31, 2015 @ 12:15:44

The ServerGrove blog has posted an introduction to the PHAR format, a built-in method to use PHP and create self-contained functional scripts as a single *.phar file making it much easier to transport.

In the last years there is a trend in the PHP community to release tools, especially command line utilities, as PHAR files, so you can package an entire PHP application into a single file for convenience. But, how PHAR files work? In this post we will try to explain it.

They cover a few of the basic topics first: what is a PHAR file and a few examples of them being provided by major PHP projects. They then get into the creation of an archive, showing how to make a super simple PHAR "Hello World" archive, created with just a bit of PHP. They then get into the structure behind the archive and get into detail on each section (stub, manifest, file contents and signature).

tagged: phar format introduction archive package

Link: http://blog.servergrove.com/2015/07/30/introduction-phar-format/

PHP Town Hall Podcast:
Episode 43: Midnight Express
Jul 31, 2015 @ 11:37:18

The PHP Town Hall podcast has released their latest episode today: Episode #43: Midnight Madness with hosts and PHP community members Phil Sturgeon and Ben Edmunds.

Your two favourite PHP developers are joined this episode by Emir Kar??yakal? off of PHPKonf and IstanbulPHP. Istanbul is not only a beautiful and awesome city, but it’s got a thriving PHP community too, who are currently hosting a whole bunch of PHP stars for their annual conference.

You can listen to their latest episode either through the in-page audio player or by downloading the mp3 to listen at your leisure. If you enjoy the show, be sure to subscribe to their feed or follow them on Twitter.

tagged: phptownhall podcast ep43 midnight madness emirkars?yakal?

Link: http://phptownhall.com/blog/2015/06/11/episode-43-midnight-express/


Davey Shafik:
An Exceptional Change in PHP 7.0
Jul 31, 2015 @ 09:55:37

Davey Shafik has a post today that talks about an exceptional change to PHP 7.0 and some updates that have been made to provide more of a hierarchy (a different one) that can make them easier to work with.

With PHP 7 errors and exceptions are undergoing major changes. For the first time, the PHP engine will start to emit exceptions instead of standard PHP errors for (previously) fatal, and catchable fatal errors. This means that we can now handle them much more gracefully with try... catch. But with this change, comes a whole new exception hierarchy.

He provides a tree of the error/exception relationships, what they inherit from and who their "children" are. He also talks more in detail about the "error" type exceptions: Error, AssertionError, ParseError and TypeError. He gets into more detail about catchable fatal errors and the userland handling of the Throwable type and extension.

tagged: exception change php7 throwable error exception tree parent child

Link: http://daveyshafik.com/archives/69237-an-exceptional-change-in-php-7-0.html

Dylan Bridgman:
Writing highly readable code
Jul 30, 2015 @ 12:29:55

Dylan Bridgman has posted a few helpful tips on writing code that's "highly readable" and easier for both developers inside and outside the project to understand.

We are always told that commenting our code is important. Without comments other developers will not be able to understand what we did and our future selves will recoil in horror when doing maintenance. Readable code, however, is not only about comment text. More importantly it is about the style, structure and naming. If you get into the habit of writing easily readable code, you will actually find yourself writing less comments.

He breaks it up into a few different categories to keep in mind as you're writing your code:

  • the overall style of the code
  • the structure of the application (directories, libraries used, etc)
  • naming conventions for variables, methods and classes

Finally, he talks about comments and how they should fit into the ideas of readable code. He suggests that they should stay as high level as possible and explain the intent of the code, not what the code is doing (yes, there's a difference).

tagged: write readable code tips style structure naming convention comments

Link: https://medium.com/@dylanbr/writing-highly-readable-code-94da94d5d636