Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Luciano Mammino:
6 Rules of thumb to build blazing fast web server applications
Jul 28, 2015 @ 09:48:33

Luciano Mammino has posted six tips for blazing fast web applications to his site. These tips aren't as much specific to the code (though they're related) as they are general good practices around architecture, development work and common issues.

In this post I will try to highlight some of the most common principles that you have to take under consideration when you want to achieve a great level of performance while building a web application (specifically on the backend part). I believe the concepts discussed here can be applied to any language and framework even if, due to my specific experience, I will mention some examples, design patterns, conventions and tools that are mostly used in the PHP world.

His post lists out six main rules along with some description and links to other tools for each:

  • Avoid premature optimization
  • Do the minimum amount of work to solve the problem
  • Defer the work you don't need to do immediately
  • Use cache when you can
  • Understand and avoid the N+1 query problem with relational databases
  • Prepare your app for horizontal scalability when possible

There's lots of good tools mentioned here so find one that fits your needs and helps solve the issue. There's also some good articles mentioned, giving more information about a particular topic or other perspectives on how to solve it a different way.

tagged: tips rulesofthumb fast web application optimize work cache nplusone scale horizontal

Link: http://loige.co/6-rules-of-thumb-to-build-blazing-fast-web-applications

Symfony Blog:
The Symfony Demo application, three months later
Jul 27, 2015 @ 10:27:02

The Symfony blog has a post that talks about the state of the Symfony "Demo" application three months after its release. The "Demo" application is a simpler way to get an entire Symfony 2 application up and running, giving you a good foundation for either your own development or quick testing.

The [Symfony Demo application](https://github.com/symfony/symfony-demo) was publicly introduced three months ago. In addition to being a learning resource, it's considered the reference implementation of the [Symfony Best Practices](http://symfony.com/doc/current/best_practices/index.html). During the past weeks, we've been busy adding new features to showcase Symfony functionalities. This article is a quick recap of the most important new features.

They talk about four different improvements to the demo setup and configuration process:

  • Full internationalization
  • New console commands
  • New technical requirements checker
  • New JavaScript and Sass/CSS management

They also briefly mention a few other miscellaneous changes at the end of the application around security, debugging helpers and more functional testing.

tagged: symfony demo application improvements symfony2

Link: http://symfony.com/blog/the-symfony-demo-application-three-months-later

Lorna Mitchell:
Test Your PHP Application on PHP 7
Jul 24, 2015 @ 09:06:53

Lorna Mitchell has a post to her site showing you how to get a PHP7 setup and working so you can test out your current application, preparing it for this next major version's release.

PHP 7 is coming, which is nice, but what does it mean for the majority of PHP developers? PHP as a community is notoriously slow in adoption, some of us are still waiting for 2012's new shiny to be available as standard on our hosting platforms. However with the performance benefits and a few really nice new features, PHP 7 is well worth everyone's attention, and it's actually quite easy to get started so here's my quick howto.

The large part of the post is the steps you'll need to get the php7dev box (from Rasmus Lerdorf) up and running, complete with a shared folder mounted from your local machine and a custom Nginx configuration. She also mentions the "Go PHP7" initiative that's aiming to help make the transition to PHP7 as easy as possible for everyone (including various extensions).

tagged: test application php7 php7dev vm virtualmachine setup configure

Link: http://www.lornajane.net/posts/2015/test-your-php-application-on-php-7

Paragon Initiative:
Implementing Secure User Auth in PHP Applications with Long-Term Persistence
Jul 23, 2015 @ 10:14:23

On the Paragon Initiative blog there's a post showing you how to implement secure authentication with long term persistence (a secure "remember me" essentially) in a PHP application

A common problem in web development is to implement user authentication and access controls, typically accomplished through sign-up and log-in forms. Though these systems are simple enough in theory, engineering one that lives up to application security standards is a daunting undertaking.

Without a great deal of care and sophistication, authentication systems can be as fragile as a cardboard lemonade stand in a category five hurricane. However, for everything that can go wrong, there is an effective (and often simple) way to achieve a higher level of security and resilience.

He starts with a look at passwords - how to correctly hash them, how salts play into it and some suggestions about password policies. From there he gets into the "remember me" handling, giving two common problems with most systems: insufficient randomness and timing leaks (timing attack issues). He then proposes a different kind of solution, storing some additional information in the database record, a "selector" that's not timing dependent to find the record then use a timing attack safe method to compare the hashes. He ends the post with a brief look at account recovery and some things to watch out for if you plan to implement it.

tagged: secure authentication application longterm persistence

Link: https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence

Andrew Embler:
Creating a Z-Ray Plugin for Zend Server 8.5
Jul 22, 2015 @ 11:37:45

In this post to his site Andrew Embler shows you how to create a custom Z-Ray plugin for the Zend Server (v8.5) to show some statistics about requests made to the application.

Zend just released version 8.5 of their Zend Server application server. A major part of this release is the plugin gallery, which provides an App store for Zend Server extensions. These extensions can add application-specific debugging features to the Z-Ray Debugger. We've built one such extension specifically for Concrete5. It didn't take long – just a day or two. That said, there were some bumps in the process, as you're working on a platform for which the documentation hasn't quite caught up yet. With that in mind, I'm going to share my process for building the Concrete5 Z-Ray plugin, in the hopes that it might help someone who is building their own Z-Ray plugin for Zend Server.

The post is pretty comprehensive, sharing all the code you'll need to implement the extension along the way. He's broken it up into sections to help make it a bit more manageable:

  • Create Your Directory
  • Place the deployment.json file in the directory
  • Add Additional Items specified by deployment.json
  • Add the Z-Ray specific Directory
  • Create the Z-Ray PHP Class
  • [Adding] The Logo
  • Basic Panel Details: The Pages Panel
  • Advanced Panel Details: The Blocks Panel

Screenshots also accompany some of the steps showing you what the page output should look like once the files and functionality are in place.

tagged: zray plugin zendserver tutorial application server platform

Link: http://andrewembler.com/2015/07/creating-z-ray-plugin-zend-server-85/

Freek Van der Herten:
Speed up a Laravel app by caching the entire response
Jul 20, 2015 @ 08:12:55

Freek Van der Herten has written up a tutorial for his site showing the Laravel users out there how to cache their entire response to speed up the overall performance of their application.

A typical request on an dynamic PHP site can do a lot of things. It’s highly likely that a bunch database queries are performed. On complex pages executing those queries and hydrating them can slow a site down. The response time can be improved by caching the entire response. The idea is that when a user visits a certain page the app stores the rendered page.

With a little help from his package it's easy to enable. Just install the package, add the service provider and you're ready to go. All successful responses will be cached unless told otherwise and cache files will be written out to files by default. He does point out that caching like this, while handy and a nice "quick fix" shouldn't be used in place of proper application tuning methods though. He also links to two other external technologies that could be used for the same purpose: Varnish and Nginx's own cache handling.

tagged: laravel application response cache output serviceprovider package

Link: https://murze.be/2015/07/speed-up-a-laravel-app-by-caching-the-entire-response/

Rob Allen:
Replacing Pimple in a Slim 3 application
Jul 14, 2015 @ 10:56:00

Rob Allen has a quick post to his site showing you how to replace the default Slim dependency injection container (Pimple) with another option.

One feature of Slim 3 is that the DI container is loosely coupled to the core framework. This is done in two ways: The App composes the container instance rather than extending from it and internally, App depends on the container implementing the container-interop interface. [...] Slim 3 ships with Pimple by default, but my preference is for ZendServiceManager, so I decided to integrate ServiceManager into Slim 3.

While he's packaged it up into an installable library, he also walks through the process. He shows how it was implemented via a callback resolver in the ServiceManager. He had a little issue with the "set" functionality but solved it with a few simple "if" checks on the content type before setting it to the container.

tagged: replace pimple application slim3 servicemanager zend tutorial zsmslimcontainer

Link: http://akrabat.com/replacing-pimple-in-a-slim-3-application/

Essential Macro Optimizations to Improve PHP Performance
Jul 09, 2015 @ 10:19:16

The Tideways.io blog has posted a set of four macro-optimizations you can do to help improve the overall performance of your application. Note the "macro" here, not "micro", so these are larger, more platform-level changes.

This blog post describes four macro-optimizations for PHP applications that are essential to consider before investigating other possible optimizations. [...] While its fun chasing after small micro optimizations, often it is debatable if the developer time is well spent. After all I/O is the more important bottleneck in almost every application. [...] But its much more efficient to fix the big issues first. The changes I present in this post can be done quickly and their gains can be massive.

The four suggestions he makes cover different areas of a standard application:

  • Upgrade PHP to a recent version
  • Use accelerator such as APC or OPCache
  • Close Session for Writes
  • Don't run XDebug in Production

Each tip comes with a bit of background on why it's a good idea and some have links to other resources supporting the change or update proposed.

tagged: macrooptimization performance application version opcode cache session write xdebug

Link: https://tideways.io/profiler/blog/essential-macro-optimizations-to-improve-php-performance

Token-Based Authentication for AngularJS and Laravel Apps (continued)
Jul 06, 2015 @ 11:57:54

Scotch.io has posted the second part of their series (here's part one) continuing their look at using tokens for authentication in an AngularJs+Laravel application. They pick up where they left off in the previous part and focus on adding more of the systems around the token.

In the tutorial on Scotch.io we created a new app called jot-bot to look at how to implement token-based authentication in AngularJS and Laravel by using jwt-auth and Satellizer together. On the Laravel side, jwt-auth let’s us generate JSON web tokens when the user inputs their credentials. [...] There were a few things for a complete authentication solution that we didn’t get to in the last tutorial, including: Setting the logged-in user’s data (such as name and email address) and their authentication status, a way to redirect the user to the login page if they become logged out and how to log the user out and the implications of token-based authentication on logout.

He starts by updating the AuthenticateController to handle getting the authenticated user based on the token information. He also adds the matching route and show the kind of data it should return. He then switches to the Angular side and creates the controller to hook into the backend and get the current user information. The tutorial then shows how to relay user information back to the view and what it might look like. He then goes through a similar process for adding the logout handling including redirecting the user when logged out. Finally, he shows how to initialize the user on the frontend when the application loads, pulling the data from localstorage and checking for a valid existing session.

tagged: scotchio token authentication angularjs laravel application series part2

Link: http://ryanchenkie.com/token-based-authentication-for-angularjs-and-laravel-apps/

Book Review - Modernizing Legacy Applications In PHP
Jun 30, 2015 @ 09:39:59

The PHPClasses.org site has posted a book review of Paul Jones' "Modernizing Legacy Applications" ebook today covering some of the content in the book and the reviewers own personal opinions on what was good and what could use improvement.

The current technologies we have today and the numerous improvements to the PHP programming language, makes our legacy applications operate "below today’s standards". They need to be improved or rewritten, but who would want to rewrite an application of many thousands or millions of lines of code?

That’s why you should read this book, ‘Modernizing Legacy Applications in PHP’ by Paul M. Jones. It explains the nitty-gritty of how PHP applications were built over a decade ago and why they are now called legacy applications. He explains why your legacy applications are not meant to be rewritten, but optimized and improved to support today’s standards.

The reviewer goes through each chapter of the book, giving an overview of each including topics discussed and a few of the handy tips. Overall he recommends the book not only to those experienced in the industry but also those new to developing in PHP, helping to prevent bad behaviors before they start.

tagged: bookreview phpclasses modernizing application pauljones

Link: http://www.phpclasses.org/reviews/id/mlaphp.html