Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
Using Libsodium in PHP Projects
Sep 02, 2015 @ 13:25:18

The Paragon Initiative site has posted a new guide to helping you integrate libsodium into your application to provide additional cryptographic functionality in addition to things like mcrypt and crypt

You shouldn't need a Ph.D in Applied Cryptography to build a secure web application. Enter libsodium, which allows developers to develop fast, secure, and reliable applications without needing to know what a stream cipher even is.

After reading this brief electronic manual, you should know what libsodium is, what features it has, and how to install it (both the library and the PHP extension from PECL). [You should also] generally understand which cryptography tool to use for a specific scenario [and] be capable of writing production-quality code that uses libsodium.

The guide (still a work in progress) starts by explaining what libsodium is and what it has to offer over other encryption methods. It talks about the role of random data in encryption, a few basic crypto concepts (like key-based encryption and hashing) and finally gets into some of the more advanced features of the libsodium extension.

Additionally, the guide is also open source so if you'd like to contribute, just submit a pull request for consideration.

tagged: paragoninitiative libsodium guide introduction advanced encryption

Link: https://paragonie.com/book/pecl-libsodium

php[architect]:
September 2015 Issue Released - Security Boot Camp
Sep 02, 2015 @ 12:19:02

The latest issue of the php[architect] magazine has been released for September 2015. In this latest issue they focus on security in PHP along with the same columns you know and love.

In this issue, we have an overview of the various techniques that malicious users can use to attack your application, a deep dive into how passwords can be stored securely and how PHP’s built in password functions make this easier, a look at how to setup a PHP based Intrusion Detection System, and how to use PDO to guard against SQL injection attacks

Elsewhere, there’s a look at how to think like a functional programmer, an introduction to using Sculpin for generating a static site, an interview with Elizabeth Naramore, and more.

This month's issue includes articles like:

  • Basic Intrusion Detection with Expose (Greg Wilson) (read this one free here)
  • Keep Your Passwords Hashed and Salted (Leszek Krupi?ski)
  • Leveling Up: DeLoreans, Data, and Hacking Sites (David Stockton)

...as well as the "Education Station", "Community Corner" and "finally{}" columns from returning authors. You can purchase your copy of this month's issue directly from the php[architect] website either as a single issue or as a part of a subscription.

tagged: phparchitect magazine sept2015 security issue release

Link: https://www.phparch.com/magazine/2015-2/september/

SitePoint PHP Blog:
Logging with Monolog: From Devtools to Slack
Sep 02, 2015 @ 11:48:15

The SitePoint PHP blog has posted a tutorial showing you how to connect Monolog with Slack, a popular logging tool for PHP and a well-used communication (chat) service for development groups and projects. The basic idea is that, when something goes wrong, it's communicated directly to the chat channel versus just to a log somewhere for later analysis.

Logging is an important part of the app development/maintenance cycle. It’s not just about the data you log, but also about how you do it. In this article, we are going to explore the Monolog package and see how it can help us take advantage of our logs.

They start by helping you get Monolog installed in your project via Composer and how to create their "general" logger. He then explains the use of "handlers" in the Monolog system and how to add them to the logger instance. They also explain Monolog's "bubbling" of messages in a browser/error log example. Next they show how to integrate the SlackHandler into the logger, providing it with an access token, the channel to send to and a name to log in with. The article also shows how to format the message, giving it a bit nicer look than just the standard text error. Finally they touch on preprocessors that can add extra information to the log messages without having to touch every instance where it's used.

tagged: monolog slack integration message error realtime chat introduction

Link: http://www.sitepoint.com/logging-with-monolog-from-devtools-to-slack/

NetTuts.com:
Build a Real-Time Chat Application With Modulus and Laravel 5
Sep 02, 2015 @ 10:17:16

On NetTuts.com they've posted a tutorial showing you how to create a real-time chat system using Laravel 5, Modulus and Pusher (with a PostregSQL backend).

In this tutorial, I will show you how to implement a real-time chat application with Laravel 5, PostgreSQL, and Pusher. Then we will deploy this application to Modulus together. We will use Laravel 5 for the back-end service, HTML5 and jQuery for a simple front-end application, PostgreSQL for the database, and Pusher for real-time communication between the server and clients.

They start with the scenario they want to solve and a look at the overall architecture of the solution. Then they start setting up the software and services needed to bring it all together:

  • installing a fresh copy of Laravel (as a project)
  • setting up a new database using the ElephantSQL service
  • creating a Pusher account and the credentials you'll need for the application
  • creating an Nginx configuration for the Modulus setup

Next comes the design of the application, creating the models for message data (author, content, etc) and the simple controller to handle the requests. They show how to configure the connection to Pusher and build the routes for getting, listing and saving messages. Finally they create the view complete with Javascript to connect it to Pusher and transfer messages back and forth. All that's left then is the deployment using the modulus command line tool (installed via npm).

tagged: realtime chat tutorial application laravel5 pusher postgresql modulus

Link: http://code.tutsplus.com/tutorials/build-a-real-time-chat-application-with-modulus-and-laravel-5--cms-24284

PHP Roundtable:
030: SOA and Microservices
Sep 02, 2015 @ 09:55:44

The PHP Roundtable podcast, hosted by Sammy K Powers, has released their latest episode - Episode #30 - SOA and Microservices. In this episode Sammy is joined by guests Yitzchok Willroth, Sherif Ramadan and Samantha Geitz.

SOA (Service Oriented Architecture) is an architecture that shifts our focus from one big monolithic web app to smaller connected web apps. We discuss what an SOA app looks like in the real world and how it affects our codebases, deployment & DevOps.

You can watch this latest episode either through the in-page video player or over on YouTube or check out archived episodes through the "Past Episodes" section on their main page. If you enjoy the episode, be sure to subscribe to their feed and follow them on Twitter to get the latest on new episodes as they're released (or to be a part of a future live broadcast)

tagged: phproundtable podcast video ep30 soa microservices monolith

Link: https://www.phproundtable.com/episode/service-oriented-architecture-and-microservices

Community News:
Recent posts from PHP Quickfix (09.02.2015)
Sep 02, 2015 @ 08:15:53

Recent posts from the PHP Quickfix site:

tagged:

Link:

Stefan Koopmanschap:
WeCamp Wrap-up (Days 1 - 5)
Sep 01, 2015 @ 12:37:21

For those that couldn't attend this year's WeCamp conference but wanted to get an idea of what it was like, I'd suggest checking out Stefan Koopmanschap's five part series if his experiences there. This year he participated as a coach rather than just an attendee so his perspective changed a bit.

He's posted summaries from each day of the event, chronicling their journey from a group of unknowns to a cohesive team with a finished project by the end of the event:

The WeCamp "conference" is more of a large hackathon where teams are camping on an island for the duration. They form random teams the first day and come up with a product idea to take to fruition over the course of a few days. If you're interested in the event and want to learn more about future plans, be sure to check out the main conference site.

tagged: wecamp15 conference event coach stefankoopmanschap

Link: http://leftontheweb.com/blog/categories/wecamp15/

SitePoint PHP Blog:
Writing PHP Git Hooks with Static Review
Sep 01, 2015 @ 11:16:01

On the SitePoint PHP blog Matthew Setter introduces the use of git hooks to help with automatic static analysis of your application's code, integrating it directly into your current workflow. He shows how to use this library to make creating and installing them as easy as a single command (and they're written in PHP).

If you’ve been using Git for more than a short length of time, you’ll hopefully have heard of Git hooks. [...] There are hooks for pre- and post-commit, pre- and post-update, pre-push, pre-rebase, and so on. The sample hooks are written in Bash, one of the Linux shell languages. But they can be written in almost any language you’re comfortable or proficient with. [...] Thanks to Static Review, by Samuel Parkinson, you can now write Git hooks with native PHP, optionally building on the existing core classes. In today’s post, I’m going to give you a tour of what’s on offer, finishing up by writing a custom class to check for any lingering calls to var_dump().

He walks you through the installation of the library and helps you create a simple working example that ensures you've correctly set up your (Composer) dependencies. He explains a bit about what's involved in the StaticReview package and the three "introspection" objects initialized for each run. He ends the post by walking you through the creation of a custom, more real-world check that evaluates your code (via a simple grep) to ensure no var_dump statements were left in.

tagged: static review git hook analysis tutorial

Link: http://www.sitepoint.com/writing-php-git-hooks-with-static-review/

Community News:
Laravel 5 Now Includes Authorization
Sep 01, 2015 @ 10:50:41

In the latest release of the Laravel framework (v5.1.1) they've introduced authorization handling to the native framework. This allows you to integrate permissions checks and perform policy validation both on the backend and in the templates.

In addition to providing authentication services out of the box, Laravel also provides a simple way to organize authorization logic and control access to resources. There are a variety of methods and helpers to assist you in organizing your authorization logic.

The functionality includes the concepts of "abilities" (permissions, essentially) and validate the allow/deny status based on object properties, such as Users. The documentation shows how to perform the evaluations in the controllers, user model, form requests and even in the Blade templates. There's also a section on creating policies for more complex evaluations than just one-off permission checks.

To get a feel for what the community things of this new functionality, be sure to check out this Reddit thread with feedback, both positive and negative, on how it was implemented.

tagged: laravel framework authorization functionality permission policy allow deny

Link: http://laravel.com/docs/5.1/authorization

7PHP.com:
Pacific Northwest PHP Conference | Sneak Glance At The Pre-Event!
Sep 01, 2015 @ 09:09:17

In another in their series of interviews about people and things happening in the PHP community, the 7php.com site has posted a sneak peak of the Pacific Northwest PHP Conference and interviews one of the organizers, Jeremy Lindblom.

Khayrattee Wasseem talks with Jeremy about some of his work with the Seattle PHP User Group and where he'll be working in the near future (the Engrade team at McGraw-Hill Education). He also answers questions about:

  • What the conference is about and when it was first launched
  • Where the idea came from and what some of the objectives are
  • How the feedback has been so far
  • Who else has been on the team helping organize the event (and provided advice)
  • How they're handing sponsors and what challenges came around that

Jeremy also shares a message to thinking about attending the conference:

I honestly believe that everyone who attends, both in person and online is going to have a good experience, learn new things, and make new friends. My hope is that you will feel the strength of the PHP community and have a desire to contribute back to it afterwards.
tagged: 7php interview jeremylindblom pnwphp15 pacific northwest conference

Link: http://7php.com/pre-pnwphp-2015/