Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
Using Libsodium in PHP Projects
Sep 02, 2015 @ 13:25:18

The Paragon Initiative site has posted a new guide to helping you integrate libsodium into your application to provide additional cryptographic functionality in addition to things like mcrypt and crypt

You shouldn't need a Ph.D in Applied Cryptography to build a secure web application. Enter libsodium, which allows developers to develop fast, secure, and reliable applications without needing to know what a stream cipher even is.

After reading this brief electronic manual, you should know what libsodium is, what features it has, and how to install it (both the library and the PHP extension from PECL). [You should also] generally understand which cryptography tool to use for a specific scenario [and] be capable of writing production-quality code that uses libsodium.

The guide (still a work in progress) starts by explaining what libsodium is and what it has to offer over other encryption methods. It talks about the role of random data in encryption, a few basic crypto concepts (like key-based encryption and hashing) and finally gets into some of the more advanced features of the libsodium extension.

Additionally, the guide is also open source so if you'd like to contribute, just submit a pull request for consideration.

tagged: paragoninitiative libsodium guide introduction advanced encryption

Link: https://paragonie.com/book/pecl-libsodium

Coding.bmail.net Blog:
Advanced logging system in PHP for careful developers
Aug 05, 2015 @ 12:19:51

On the Coding.bmail.net blog they've posted a guide to what they've called an advanced logging system in PHP for careful developers - essentially a logging system that's as "error proof" as possible and that works with as little user exposure as possible.

Being aware of all the activity and problems under the hood is essential when running big websites with lots of users, many features and, as it is usual in such cases, weak spots that must not be left untracked.

In order to be the first in knowing when errors or other events of interest happen we need a well designed logs manager. My code will provide such a feature, for PHP based websites.

They briefly outline how the complete setup will work, failing back to email if the database connection isn' available and logging based on environment. It also includes error levels and, on development only, a method for showing the errors being logged. While a good bit of this functionality could be handled by something like Monolog they do include some additional features like the email fallback, output of the errors in development mode and custom error/exception handlers.

tagged: logging advanced system custom database email environment tutorial

Link: http://coding.bmain.net/tutorials/php/advanced_logging_system_in_php_for_careful_developers

AppDynamics PHP Blog:
Introduction to PHP Security – Part 2
Jul 22, 2015 @ 08:33:01

The

AppDynamics PHP blog has posted the second part of their series looking at some of the basics of PHP security. In part one they talked about some of the most common attacks and how to remediate them. In this latest part they "dive deeper" and get into some of the more advanced issues.

Truth be told, there are potentially an infinite number of ways in which a software product can be compromised and have its security breached. [...] New security flaws are regularly found, and routine patches are immediately released for most of the major software applications you utilize in your application stack. No matter whether your web or database server, your operating system, your PHP runtime, or even the MVC framework that your time adopted, your point(s) of exposure may exist anywhere within the various components that make up your application ecosystem.

They start with a few more advanced best practices including using SSL and keeping error messages away from the public eye. They briefly discuss other kinds of injection types (besides just SQL) and offer some tips about securing the data that lives in the application as well.

tagged: security introduction series part2 advanced bestpractice injectiondata

Link: https://blog.appdynamics.com/php/introduction-to-php-security-part-2

NetTuts.com:
Programming With Yii2: Specialized Validations
Jun 03, 2015 @ 10:53:23

NetTuts.com continues their series covering development with the Yii2 framework today with a new post looking at specialized validations (expanding on their previous post covering some of the basic built-in validations).

In this Programming With Yii2 series, I'm guiding readers in use of the newly upgraded Yii2 Framework for PHP. This tutorial is our second part, looking at Yii2's validators. Validators simplify the code needed to validate input, i.e. verify conformance or non-conformance of data input, typically from users via web forms. Specifically, we're going to explore some of the built-in specialty validations that are common to web development.

They cover some of the more complex validators in this tutorial including:

  • CaptchaValidator
  • ExistValidator
  • ImageValidator
  • RegularExpressionValidator
  • UniqueValidator
  • UrlValidator

They cover each of them with a brief summary of what they can do and a code example showing them in action. In some cases (like with the CAPTCHA validator) a screenshot is also included of the output.

tagged: yii2 series tutorial programming advanced validators

Link: http://code.tutsplus.com/tutorials/programming-with-yii2-specialized-validations--cms-23427

SitePoint PHP Blog:
Mastering Composer – Tips and Tricks
May 26, 2015 @ 11:02:32

The SitePoint PHP blog has a new tutorial today from editor Bruno Skvorc with some tips and tricks to help you master Composer, the widely popular PHP package management tool.

Composer has revolutionized package management in PHP. It upped the reusability game and helped PHP developers all over the world generate framework agnostic, fully shareable code. But few people ever go beyond the basics, so this post will cover some useful tips and tricks.

Tips in his list include:

  • Installing Composer globally
  • Using "composer require" to install packages
  • Committing your composer.lock file
  • Options to provide profiling information
  • Speeding up Composer installations

...and many more. If you're looking to take your Composer usage and knowledge beyond the basics, definitely check out this article.

tagged: master composer tips tricks advanced list

Link: http://www.sitepoint.com/mastering-composer-tips-tricks/

Alejandro Celaya:
Composer advanced concepts
Apr 28, 2015 @ 11:42:34

Alejandro Celaya has shared some advanced concepts when using Composer that you may or may not know this popular tool could do.

Composer is The Tool in any modern PHP project. Nowadays I can't imagine to work without it. It is much more powerful than some people think, easily solving the integration of third party components in our projects, but there are some advanced features that are less known. I'm going to try to explain some of the best practices and mechanisms bundled with composer.

His list of more advanced techniques and concepts includes:

  • Globally installing composer
  • Create the composer.json file (with composer init)
  • Production environments (and flags to customize the installation)
  • Executing CLI scripts

There's several more items in his list and each includes a description of the feature/practice and commands or code where appropriate.

tagged: composer advanced concept practice install configure tutorial

Link: http://blog.alejandrocelaya.com/2015/04/25/composer-advanced-concepts/

Laracasts:
Advanced Eloquent (Video Series)
Mar 05, 2015 @ 09:28:31

The Laracasts site has launched a new video series with some advanced tips on using Eloquent, the ORM layer from the Laravel framework.

Sure, you've learned the essentials of using Eloquent in your applications, but do you really understand what's going on under the hood? Well, that's specifically what we're interested in for this series. How do all the bits and pieces fit together?

There's two videos posted so far helping you build a basic application to work inside of and looking behind the scenes of "find" to see what happens when it's executed. Only the first video in the series is free, but it gives you an idea of what will be covered and the style of the videos.

tagged: advanced eloquent video series laracasts

Link: https://laracasts.com/series/advanced-eloquent

Joshua Thijssen:
Advanced user switching
Feb 25, 2015 @ 09:12:05

Joshua Thijssen has a new post today with a "neat trick" that the Symfony Security component allows - switching (impersonating) another user programatically.

This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don’t have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.

He talks about how to enable it, how to use it to switch to another user and, most important, how to restrict its use. He points out that there's no way to define who a user can switch to built-in, so he's come up with a custom "switch listener" to help add in this protection. His "SwitchUserListener" class replicates some of the code in the original handling (well, the whole class) and updates the "attemptSwitchUser" method to check the user they're trying to switch to and see if they have the right role. Finally he shows how to add it to the services configuration and how it overrides the default listener.

tagged: user switching advanced tutorial custom listener role access validate

Link: https://www.adayinthelifeof.nl/2015/02/24/advanced-user-switching/

SitePoint PHP Blog:
Developing PHP Extensions with C++ and PHP-CPP: Advanced
Jan 08, 2015 @ 11:17:47

On the SitePoint PHP blog today Taylor Ren continues his look at using the PHP-CPP library to help build custom extensions. In this latest post he sheds some light on some more advanced topics.

In my earlier articles, I have introduced the PHP-CPP lib to create an extension for PHP using C++ (first article and second article). In the latter, I demonstrated a bit of the OO side of writing a PHP extension with a Complex class doing complex number manipulations. That introduction is not complete as the main focus of that article is more on the demonstration of the OO capability of PHP-CPP, not on the OO implementation details. In this article, we will further drill down the Complex lib development, adding more member functions, and addressing some advanced topics in writing a PHP extension with OO features using PHP-CPP

He breaks up the advanced topics into sections, providing code examples for each:

  • Returning this pointer in C++
  • Returning a Complex object pointer
  • Exposing the __toString magical method
  • Chaining member function calls
  • Exception throwing and handling in PHP

With the code in place, he then shows how to test all of the new functions you've added with a bit of simple PHP code.

tagged: tutorial advanced extension cplusplus phpcpp series part3

Link: http://www.sitepoint.com/developing-php-extensions-c-php-cpp-advanced/

NetTuts.com:
Building Advanced Email Features With IMAP and PHP
Oct 21, 2014 @ 12:19:47

On the NetTuts.com site they've posted a tutorial showing you how to build advanced features with IMAP and PHP. He bases it on the SimplifyEmail project and incldues examples of three different features to get you started.

Analysis of my own email showed I was receiving email from more than 230 automated senders, far fewer actual people. I was tired of constructing filters in Gmail and filling in a myriad of unsubscribe forms. I wanted to have more control over managing my email and simplifying my life. Finally, this past year, I decided to build the features I needed. The result is Simplify Email (SE), a small web app you can host yourself which offers a variety of cool new email features all of which you can check out on the project website. The coolest thing about SE is that it's a platform for reading, analyzing, routing and managing your email - the possibilities abound. Simplify Email is essentially a programmable playground for "hacking" your own email.

His three examples show you how to:

  • Checking your inbox and filter messages
  • Implement a Whitelist challenge to unknown senders
  • Reporting unanswered email

Each of these comes with plenty of code examples, screenshots and output examples (as well as some places where you might need to change some SE configuration values).

tagged: advanced email imap tutorial feature simpleemail filter whitelist reporting

Link: http://code.tutsplus.com/tutorials/building-advanced-email-features-with-imap-and-php--cms-22059