Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Integrate a Stripe Payment Gateway with PHP
Oct 28, 2016 @ 10:47:24

The PHPBuilder.com site has a tutorial posted helping you integrate Stripe into your PHP application as a payment gateway service.

Stripe is a payment gateway that is becoming increasingly popular in the Web industry. It offers payment processing services, which can be easily integrated into your Web application using the Stripe API.

Although it is not free (2.9% + 30 cents per transaction), Stripe saves time and reduces cost in many ways: seamless integration and good documentation reduces the amount of time and development hours needed, while it offers complete control over sensitive data which saves hundreds of thousands of dollars that would otherwise be spent on ensuring PCI compliance.

They then show how to set up and use the PHP Stripe API package to create a simple checkout form to accept credit card information and use the stripe.js handling to send it directly to Stripe. Once the service receives it, it then makes a call back to your callback endpoint to create a token value for the transaction and customer. This callback then uses the API to make the actual charge using the token for the payment method and the customer information.

tagged: stripe payment gateway integration tutorial customer creditcard

Link: http://www.phpbuilder.com/articles/application-architecture/shopping-carts/integrate-a-stripe-payment-gateway-with-php.html

That Podcast:
Episode 33: Lag
Oct 28, 2016 @ 09:14:28

That Podcast, hosted by Beau Simensen and Dave Marshall, has posted their latest episode today - Episode #33: Lag.

Beau and Dave somehow manage to form a coherent conversation despite laggy internet, about dynamic sharing images, Beau's application for Global Entry, overlays and Mailchimp automation, profilers like Blackfire and XHProf, and Beau having a new microphone.

Other topics mentioned include: the 12 Startups in 12 Months article, the @levelsio Twitter account and Cloud.IQ. You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. If you enjoy the episode, be sure to subscribe to their feed and follow them on Twitter for updates when future shows are released.

tagged: thatpodcast ep33 podcast beausimensen davemarshall lag

Link: https://thatpodcast.io/episodes/episode-33-lag

Kévin Gomez:
Digging into: Humbug
Oct 27, 2016 @ 12:12:36

Kévin Gomez has a recent post to his site sharing some of the knowledge he gained when digging into Humbug, a mutation testing tool for PHP development.

While I’ve already used Humbug a few time, a recent article made my realise that I didn’t really know how it worked.

That’s when I got the idea to dig into Humbug to learn how it works, and publish my findings here.

He starts with a brief overview of Humbug for those not familiar with it - a mutation testing tool that reviews your unit tests to see how well they actually cover your code. It performs various operations (mutations) on the tests and evaluates the response. He then gets into how Humbug does this and what tools it uses to break down and understand your tests. He then goes through the actual code of the tool, walking through the tests, tokenizing the code and performing small changes to re-test and see how the results differ from the original results.

tagged: humbug mutation testing tool indepth library token variation

Link: http://blog.kevingomez.fr/2016/10/23/digging-into-humbug/

SitePoint PHP Blog:
Shopify App Development Made Simple with HTTP APIs and Guzzle
Oct 27, 2016 @ 11:51:09

The SitePoint PHP blog has posted a tutorial from author Wern Ancheta digs into the Shopify API and shows you some simple methods to use it with Guzzle.

In this tutorial, you’re going to get started with developing Shopify apps. You’re going to create a simple app that lists out products from a Shopify store. [...] Shopify apps are a way of extending the functionality of a Shopify store or to provide ecommerce capabilities to websites or mobile apps.

The tutorial then starts in, showing you how to set up a Shopify Partner Account and create the "Store" instance you'll be using for the development. With that created, you'll have to set up a new application inside the store - this is what the script will actually connect with. From there they start in on the demo application, installing Twig, Slim, Guzzle and a few other libraries. They show the code to set up the simple Slim application along with a handful of routes, views and some SQL interaction. The tutorial includes the code for:

  • authenticating users against the API (and your store)
  • making requests to the API for product information
  • outputting the results to a simple page

If you're short on time or just want to jump to the end, you can get the code for this example in this GitHub repository.

tagged: shopify tutorial api http guzzle client shop application

Link: https://www.sitepoint.com/shopify-app-development-made-simple/

PHP 7.1.0 Release Candidate 5 Released
Oct 27, 2016 @ 10:25:04

The main PHP.net page has posted an announcement about the latest Release Candidate in the PHP 7.1.x series being tagged and released: PHP 7.1.0 Release Candidate 5:

The PHP development team announces the immediate availability of PHP 7.1.0 Release Candidate 5. This release is the fifth release candidate for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

As a reminder, this is a release candidate and is not to be used in production. You can download and test out this latest release from the PHP.net source QA site or the Windows QA site for the binaries. The next release candidate for this version will be released on November 10th with a goal of a final release following that.

tagged: php71 release candidate release preview test php71rc5

Link: http://php.net/index.php#id2016-10-27-1

Laravel News:
Learn how to change Laravel’s login validation
Oct 27, 2016 @ 09:42:34

On the Laravel News site there's a quick post looking at Laravel's login validation and how you can make updates to its handling (and where the changes should be made).

Laravel’s included auth system is a great way of scaffolding out a basic flow for authenticating users through a complete registration, login, logout, and forgot password system.

When it’s all setup the login and password reset validation is stored in an AuthenticatesUsers and ResetsPasswords trait. Even though it’s a little hidden away it’s still easy to adjust this to your needs. Let’s take a look at how to adjust this.

The post then breaks each of these down, showing where in the framework source the code lives and how you can update or override the current handling. The login validation lives in the default "AuthenticatesUsers" trait and the password reset verification is in "ResetsPasswords". These can each be overridden in your own controllers as they're just methods included via traits.

tagged: laravel login validation trait tutorial password

Link: https://laravel-news.com/2016/10/login-validation/

How to Secure a REST API With Lumen
Oct 26, 2016 @ 10:56:58

Over on the TutsPlus.com site there's a new tutorial posted for the Lumen users out there building REST APIs. The post walks you through an authentication method for the API making use of Laravel's included "guard" handling and an API token.

Lumen is Laravel's little brother: a fast, lightweight micro-framework for writing RESTful APIs. With just a little bit of code, you can use Lumen to build a secure and extremely fast RESTful API.

In this video tutorial from my course, Create a REST API With Lumen, you'll learn how to use Lumen's built-in authentication middleware to secure a REST API with Lumen.

The post includes the screencast of the tutorial but it also includes all of the content below that in more developer-friendly text form. Screenshots of the code in various states are also included as well as descriptions of what's happening in the auth process along the way.

tagged: lumen security rest api screencast tutorial

Link: https://code.tutsplus.com/tutorials/how-to-secure-a-rest-api-with-lumen--cms-27442

Laravel News:
Can you be an expert developer in 10,000 hours?
Oct 26, 2016 @ 09:32:48

On the Laravel News site there's a new post that tries to answer the question "can you be a an expert developer in 10,000 hours?" This is based on some prior research (not specific to programming) that anyone can be an expert on anything in about 10 thousand hours worth of work and study on the subject. This post takes the ideas presented there and applies them to the world of development, trying to see if there's a good match.

Back in 1993, psychologists K. Anders Ericsson, Ralf Th. Krampe, and Clemens Tesch-Romer said that 10,000 hours of deliberate practice of a specific skill will make one an expert. Fast forward 15 years, and Malcolm Gladwell’s Outliers made the 10,000 hours rule famous. And in 2012, Macklemore solidified it’s fact status: it officially takes 10,000 hours to be an expert at anything.

How does this rule correlate to coding? If you’ve been working full time as a dev for five years, you’d be considered an expert by the parameters of the rule. [...] The problem with the 10,000 hours rule to excellence is that most domains aren’t static.

The article goes on to talk about the ever-changing world of technology (as compared to static activities where the rules aren't going to change). They talk about the Laravel framework and how it has evolved since beta/version 1 and how, if the 10k rule is applied, no one is an "expert" as it changes so fast. There's also a link to a study that debunked the 10k rule and so they shift to trying to answer another question: how much does it take to be just considered "good"? This is related back to software engineering and where in the process could it be that you move from "good" to "great".

Maybe the real question here is instead of trying to be an expert software developer, what aspects of your job can you improve in 20 hours of practice? Maybe the focus shouldn’t just be on the code; after all, your job is more than just staring at glowing screens all day. Identifying specific areas of weakness that you can devote time to strengthening every week may be the key to becoming that expert that you desire to be.
tagged: expert developer good tenthousand hours development opinion

Link: https://laravel-news.com/2016/10/10000-hours/

Community News:
Recent posts from PHP Quickfix (10.26.2016)
Oct 26, 2016 @ 08:05:01

Recent posts from the PHP Quickfix site:



Paragon Initiative:
Guide to Automatic Security Updates For PHP Developers
Oct 25, 2016 @ 12:51:21

On the Paragon Initiative blog they've posted a guide to handling automatic security updates for PHP developers, helping to prevent security-related issues by keeping your libraries up to date.

Most of the software security vulnerabilities known to man are preventable by careful development practices. [...] However, even if you're trying to do everything right, eventually we all make mistakes and ship exploitable software.

[...] By making updates manual rather than automatic, you're forcing your customers to take all the responsibility for making sure that your mistakes don't hurt their business. Only a very small minority of your customers might prefer the responsibility of verifying and applying each update themselves. [...] Automatic security updates reduce the interval between points 2 and 3 from possibly infinite to nearly zero. That's clearly a meaningful improvement over manual patch management.

The post then walks through the aspects of a secure automatic update system that includes offline cryptographic signatures, transport layer security and separation of privileges (who will perform the actual update). The author gets into a bit of detail for each item on the list, explaining how the system should be set up and some tools you can use to start working up the process in your own applications.

tagged: automatic security update developers tutorial system

Link: https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers