Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Mar 16, 2018 @ 11:57:45

The PHP-FIG group, the ones responsible for the standards that helped to make Composer a real possibility (PSR-0 and PSR-4) have posted a general update of the various PSRs that are currently in progress and a brief summary of the status on each.

Hello everyone, we (the secretaries) decided it was time to post a status update for the PSR which are pending, as a way to update you members and the whole community on our work, and also to start discussion around some PSR that need a little more participation.

Current PSRs in the list include:

  • PSR-5: PHP docblock recommendations
  • PSR-12: Coding style guidelines
  • PSR-17: HTTP factories
  • PST-19: Streams/Async processing

If you would like to participate in the working group for any of the items listed in the full post, reply to it and the group will get back with you shortly.

tagged: phpfig psr update list status

Link: https://groups.google.com/forum/?fromgroups=#!topic/php-fig/ywaSYo_tXdc

PHPUgly Podcast:
Episode 98 - Ethical Dilemmas
Mar 16, 2018 @ 10:31:57

The PHPUgly podcast, hosted by Eric Van Johnson, John Congdon and Thomas Rideout, has posted their latest episode - Episode #98: [Ethical Dilemmas].

In this episode they mention topics such as:

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter to get updates on when new shows are released.

tagged: podcast phpugly ep98 ethical dilemma ericvanjohnson johncongdon thomasrideout

Link: https://www.phpugly.com/98

Laravel News:
Getting Started with Laravel Model Events
Mar 16, 2018 @ 09:47:09

The Laravel News site has a tutorial posted that introduces you to model events in Eloquent models and how to use them effectively in your code.

Laravel Model events allow you to tap into various points in a model’s lifecycle, and can even prevent a save or delete from happening. The Laravel model events documentation outlines how you can hook into these events with event classes, but this article aims to build upon and fill in a few additional details on setting up events and listeners.

The article starts with an overview of the different types of events available on the models and a brief summary of when each are fired. It then walks you through the process of registering events and where to configure the event-to-handler relationship. The artisan make:event command can then generate the skeleton code for you. In this class you can then add the handler method and then configure it in the providers. Finally it shows an example of how to test the event, stopping the save event and using observers to group the event handling.

tagged: laravel eloquent model event tutorial introduction

Link: https://laravel-news.com/laravel-model-events-getting-started

Yappa Blog:
(En)queue Symfony console commands
Mar 15, 2018 @ 12:13:06

The Yappa.be blog has a tutorial posted sharing the method they used to implement queued and scheduled execution of Symfony commands. This is made possible by the Enqueue package.

At Yappa, we have always used Johannes' JMSJobQueueBundle to run and schedule Symfony console commands for background jobs.

However, we've stumbled upon a much more elegant solution called Enqueue. [...] It's packed with features, supports major brokers such as RabbitMQ, Kafka, Amazon SQS, Google PubSub, Redis etc. and has a bundle ready to be used with Symfony.

[...] One downside is that the Enqueue Symfony bundle doesn't provide an out of the box solution to queue Symfony console commands and there's no 100% straight forward way to implement this. In this post I'll cover the basics in setting up the Enqueue Symfony bundle so we can easily queue Symfony console commands!

The tutorial then walks you through the installation of the Symfony bundle, adding it to the list of installed bundles and configuring it with basic parameters and queue connection details. Next they've included the code to create the processor used when a command is pushed to the queue. To handle the other side (execution of the command when the queue is handled) they create a "QueuedCommand" value object and a command handler class. With this structure in place they show the addition of test commands to the queue and the result when the queue is consumed.

tagged: symfony console command queue package handler tutorial

Link: http://tech.yappa.be/enqueue-symfony-console-commands

Three Devs & A Maybe:
The Power of Composition with Scott Wlaschin
Mar 15, 2018 @ 11:44:31

The Three Devs & A Maybe podcast, hosted by Michael Budd, Fraser Hart, Lewis Cains and Edd Mann, has posted their latest episode: The Power of Composition. In this episode they're joined by guest Scott Wlaschin, a senior software architect and developer with over twenty years of experience.

In this weeks episode we are lucky to have Scott Wlaschin back on the show. We start of discussion by highlighting his most recent talk on composition and some useful analogies to Lego, Brio and Unix. From here we move on to investigate function and type composition, the difference between a paradigm shift compared to simply a syntax one and the advantages of an opinionated language.

This leads us on to mention how within application design pushing the side-effects to the edge and keeping the core domain pure is beneficial. Finally, we touch upon testing in functional languages, experiences whilst consulting and Rich Hickey’s ‘Effective Programs’ talk.

You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly for listening at your leisure. If you enjoy the show, be sure to subscribe to their podcast and follow them on Twitter to get updates on when the latest shows are released.

tagged: threedevsandamaybe podcast power composition scottwlaschin

Link: http://threedevsandamaybe.com/the-power-of-composition-with-scott-wlaschin/

Frequently Asked Questions About Laravel based APIs
Mar 15, 2018 @ 10:35:09

On the Pineco.de site there's a new post that answers some of the frequently asked questions they've heard about APIs in Laravel-based applications.

Developing APIs are getting more and more popular, but still, it’s a bit blurry field for many developers. We collected some common questions and tried to answer them in one place.

Their list of questions includes:

  • "What does RESTful mean?"
  • "How does API authentication work?"
  • "Why Laravel has a “web” and an “api ” middleware group?"
  • "How can I test my APIs?"

For each there's a brief summary of the issue and links to other sources (documentation and packages) to help answer or fix the issue.

tagged: laravel api faq question rest authentication middleware testing

Link: https://pineco.de/frequently-asked-questions-about-laravel-based-apis/

Christoph Rumpel:
Content Security Policy 101
Mar 15, 2018 @ 09:52:43

In a new post to his site Christoph Rumpel shares an introduction to the use of Content Security policies to prevent client-side security issues in your applications. While his examples are more Laravel-specific, the concepts can be applied to just about any framework or home-grown solution.

As more and more services get digital these days, security has become a significant aspect of every application. Especially when it comes to third-party code, it is tough to guarantee safety. But in general, XSS and Code Injection is a big problem these days. Content Security Policy provides another layer of security that helps to detect and protect different attacks. Today, I will introduce this concept and its main features, as well as show real-world examples.

He starts with a general look at web application security vulnerabilities and, more specifically, cross-site scripting issues. These are the ones that a Content Security Policy (CSP) can help prevent. He then covers the basics of the CSP header and gets into the implementation. In his example he sets up the addition of the CSP header as a middleware so that it's included on every request. With the default header all resources are blocked so he walks through the process of restoring access to the scripts, fonts and styles his blog needs to work correctly.

With the basics covered he then gets into a few more advanced features of CSP policies such as nonces for resource identification, iframe handling and the submission of forms. The post ends with a recommendation of the Laravel CSP package for use in Laravel applications. If you're looking for something more framework agnostic you might want to look into ParagonIE's CSP Builder library.

tagged: contentsecuritypolicy csp beginner tutorial laravel middleware framework

Link: https://christoph-rumpel.com/2018/03/content-security-policy-101

Marc Baker:
Discharging Static #1
Mar 14, 2018 @ 14:49:47

On his blog Marc Baker about static calls and the trouble they bring in your applications. It's a continuation of ideas that Kore Nordmann shared previously on his site.

It’s been seven years since Kore Nordmann first published “static considered harmful” on his blog, explaining the problems with using static method calls in classes, and the difficulties that they cause when trying to test that class. Seven years on, and those difficulties are still the same, and there is still new code being written using static calls despite that knowledge; but it’s often a more severe problem in legacy code with little or no unit tests.a

So why exactly are static calls so bad? If you’ve read Kore’s article, then you probably have a good idea already; but what that article doesn’t cover is approaches that we can use to make the code testable.

He covers the main issue static methods have when it comes to testing: they introduce coupling by hard-coding a dependency into your code. He talks about the static testing functionality that various PHP testing tools provided: PHPUnit, Phake and Mockery. He then focuses on a newer tool that he's discovered to help make the testing simpler: AspectMock. He gives an example of it in use and some examples of tests using anonymous classes to make it easier to create tests on the fly.

tagged: static testing phpunit example harmful tutorial aspectmock

Link: https://markbakeruk.net/2018/03/13/discharging-static-1/