Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Authentication and Authorization Using Auth0 in PHP
Jun 20, 2018 @ 11:16:08

The NetTuts.com site has posted a tutorial for those looking to simplify the authentication of users in their PHP applications. In this new article they show how to use the Auth0 service to offload some of the burden of user management and authentication flow.

In this article, we're going to explore the Auth0 service, which provides authentication and authorization as a service. Auth0 allows you to set up basic authentication and authorization features for your apps in the blink of an eye.

The article starts with a brief overview of what the Auth0 service offers and what particular ones will be involved in the tutorial. To help make it simpler to get up and running, they've created a base application. They show how to get this application installed and configured to use the secrets values from your Auth0 account. It then walks through the various scripts included in the sample application including a login, logout and code to perform the actual authentication flow process (including validating the access token).

tagged: authentication auth0 tutorial application authorization

Link: https://code.tutsplus.com/tutorials/authentication-and-authorization-using-auth0-in-php--cms-31134

Matthieu Napoli:
Serverless Laravel
Jun 05, 2018 @ 11:53:36

In a new post to his site Matthieu Napoli shows how, with the help of the Bref package, to run a serverless Laravel instance. This is a continuation from his previous post covering the use of serverless functionality for running plain PHP.

Serverless basically means “Running apps without worrying about servers”. The main difference with a traditional hosting is that you do not maintain the servers and reserve their capacity. They are scaled up or down automatically and you pay only for what you use.

[...] Serverless hosting has the advantages of scaling very well since there are (theoretically) no limits. It can also help optimize costs by avoiding paying for unused server resources. You can read more about advantages and drawbacks here.

After briefly introducing what "serverless" computing is, he dives right into the creation of the first lambda on AWS. He then goes through the process of creating the new Laravel project, installing and configuring Bref, and wrapping the Laravel functionality in its HTTP handler. Next, he shares an example of the serverless.yml configuration, how to set up the file storage (for things like sessions and cache) and configure the application to run correctly on the lambda. The post finishes out with a look at setting up the logging, session handling and routing before finally deploying the app using Bref's own command.

tagged: laravel serverless tutorial bref framework application lambda aws

Link: http://mnapoli.fr/serverless-laravel/

Tomas Vortuba:
Build Your First Symfony Console Application with Dependency Injection Under 4 Files
May 29, 2018 @ 10:16:01

Tomas Vortuba has continued his series looking at building command line tools with PHP and the Symfony Console component. In this latest post he shows how to create an application using dependency injection in just four files.

Series about PHP CLI Apps continues with 3rd part about writing Symfony Console Application with Dependency Injection in the first place. Not last, not second, but the first. Luckily, is easy to start using it.

He starts with a bit of information about how Symfony has evolved from the previous method of using controllers as services to create CLI tools. Now commands can be used as services and be pushed into/pulled from a dependency injection container. He then walks through the three steps to adding a command as a service:

  1. updating the services.yml file to include linking for the console application class.
  2. updating the Kernel to load the yml configuration.
  3. creating the bin file to execute the application.

With this structure in place, he then shows how to share functionality between services using a CompilerPass.

tagged: symfony console application dependency injection service command tutorial

Link: https://www.tomasvotruba.cz/blog/2018/05/28/build-your-first-symfony-console-application-with-dependency-injection-under-4-files/

Tomas Votruba:
How to Load --config With Services in Symfony Console
May 15, 2018 @ 09:11:43

On his site Tomas Votruba continues his look at the Symfony/Console component of the Symfony framework. In this latest article he walks through the loading of configuration options from a file provided by a --config option on the command line.

PHP CLI apps usually accept config, to setup their behavior. For PHPUnit it's phpunit.xml, for PHP CS Fixer it's .php_cs, for EasyCodingStandard it's easy-coding-standard.yml, for PHPStan it's phpstan.neon and so on.

In the first post about PHP CLI Apps I wrote about poor DI support in PHP CLI projects.

Today we look on the first barrier that leads most people to prefer static over DI - how to load config with services.

He starts off talking about the "chicken and egg" issue when it comes to loading configuration: needing a configuration to create an Application instance which then needs the config (and so on...). He then walks through three possible solutions:

  1. Not using a container to manage dependencies for the application
  2. Setting up a container in a command
  3. Using the ArgvInput input helper to pull directly from the arguments

He gets into more detail on this last method, providing code examples and input/output examples of it in use. Unfortunately this method also introduces some undesired dependencies between commands. He finishes the post with an alternative: setting up option definitions in the getDefaultInputDefinition method of the main application and having them available to all commands.

tagged: symfony console service argument commandline tutorial application

Link: https://www.tomasvotruba.cz/blog/2018/05/14/how-to-load-config-with-services-in-symfony-console/

Exakat Blog:
EPIC : Exakat PHP Index of Coding (May 2018)
May 04, 2018 @ 11:46:36

The Exakat blog has an interesting post to their site sharing some statistics from the applications they've scanned related to commonly used coding styles. In this PHP Index of Coding (for 2018) they share a listing of practices in the order of popularity according to the results of over 1700 projects.

Not using @ is the poster child of good practices. It’s also looked upon, as an impossible goal. Did you know that the @ operator is only merely used by 50% of PHP applications ? Same for parenthesis with include (and co) : don’t use them, like 50% of the developpers. This is how the Exakat PHP Index of coding was born.

Every month, Exakat runs thousands of analysis on half a billion lines of PHP code. This is primarily for testing purpose, a kind of torture test that checks the engine runs on any kind of code. And it is very useful to ensure all situations are correctly handled.

We also extracted the following stats out of 1700+ projects, analysis by analysis. This way, any issue may be ranked from ‘wide spread’ to ‘very unusual’. In fact, ‘wide spread’ may also be understood as : ‘almost a feature’.

The results are ranked by frequency of appearance with the top five being:

  • Uses Default Values
  • Used Once Variables (In Scope)
  • Unused Methods
  • Method Could Be Private Method
  • Should Use Local Class

For each item in the list there's a link to more information about the check and how much it has changed since the last time the index was generated.

tagged: exakat indexofcoding review application codingstyle rating 2018

Link: https://www.exakat.io/exakat-coding-index-2018-05/

Michaelangelo van Dam:
Testing your e-commerce PHP application
May 02, 2018 @ 10:10:45

Michelangelo van Dam has a new post on his site sharing some helpful hints you can use to test your e-commerce application, be it WooCommerce or other popular PHP-based e-commerce packages.

I'm participating (as much as possible) in the #30daysoftesting challenge organised by Ministry of Testing and SauceLabs. If you're interested, read the full 30 Days of E-Commerce Testing article and join this fun and educational challenge.

The 2nd challenge on the list was to read and share interesting blog articles about E-commerce testing. Since I'm working as a PHP professional I thought it would be great if I oriented my focus on testing PHP based E-commerce platforms. I picked WooCommerce as it's an easy to install and use E-commerce solution. For Magento, PrestaShop and others I've added useful links at the bottom of this article.

He then gets into the details of WooCommerce and what it has available from a testing perspective. He also includes links to a few resources for more general WordPress testing too. The remainder of the post consists of links to more information about testing the other popular e-commerce packages: Magento, PrestaShop, OpenCart, Sylius and Laravel-based packages.

tagged: testing ecommerce application woocommerce magento prestashop

Link: https://www.dragonbe.com/2018/05/testing-your-e-commerce-php-application.html

Learnk8s.io Blog:
How to deploy Laravel to Kubernetes
Apr 30, 2018 @ 13:10:24

The Learnk8x.io blog has a tutorial they've posted showing you how to deploy a Laravel application to Kubernetes. Kubernetes is a system created to make it simpler to deploy containerized applications in a clustered context.

Vagrant is very good with setting up a local environment similar to a remote server. However, in production, you will most likely require more than just one web host and one database. You’ll probably have separate services for several requirements. You also need to have mechanisms in place to ensure that the application is always online and that the servers can efficiently balance the load.

In this article, I’ll explain how to deal with the simple requirement of running a Laravel application as a local Kubernetes set up.

The article then gets into the "whats" and "whys" of using Kubernetes and an introduction to the Minikube local Kubernetes environment. It runs through some of the prerequisites to getting the deployment set up and provides the Docker configuration to create and link the containers together. With that defined it provides the commands to get the environment up and running and the application deployed. The final part of the tutorial covers the scaling of the system and allowing ingress to the application through a certain URL.

tagged: kubernetes tutorial deploy laravel application docker container

Link: https://learnk8s.io/blog/deploying-laravel-to-kubernetes

Matthias Noback:
Combing legacy code string by string
Apr 18, 2018 @ 09:15:59

In a new post to his site Matthias Noback takes a look at legacy applications and two things that most of them seem to have in common: classes that are too large and too generic methods. In this post he discusses these two topics and some of the tactics you can use to help refactor and resolve them.

I find it very curious that legacy (PHP) code often has the following characteristics:
  • Classes with the name of a central domain concept have grown too large.
  • Methods in these classes have become very generic.

He starts by tackling the "classes too large" problem, suggesting that it's usually just a matter of developers slowly adding to existing functionality rather than introducing large chunks of code all at once. Moving on to the "generic methods" issue, he lays out a common scenario showing how a method evolves over time to repurpose it for other uses thank its original intent. He recommends "taking a step back" and picking apart the code to make the functionality more specific in the places it's used.

tagged: legacy application generic method large class tutorial

Link: https://matthiasnoback.nl/2018/04/combing-legacy-code-string-by-string/

Michael Dyrynda:
Sharing databases between Laravel applications
Apr 13, 2018 @ 09:39:16

Michael Dyrynda has a new post to his site showing the Laravel users out there how to share a database between your applications. In his case one of the applications is a legacy app and the other is a newer Laravel application.

As a contractor, I had a sanitised copy of the database, and I managed to reverse engineer the Eloquent models from the database schema, creating factories along the way, in order to be able to write tests for the members application.

In late 2017, we started migrating our CRM to Laravel as well, in order to modernise the code base a bit, give it a standard structure, and make it easy to make changes to it moving forward. Now that we had two Laravel applications, we started looking at how best to share data between them.

He starts by talking about reverse engineering the models from the database structure and the use of migrations to manage the database schema. In the end he created a stand-alone tool, Nomad, that helps to keep things in sync between the two databases. He includes examples of it in use and how it helped to keep the database in sync despite permissions issues and connection problems. He also mentions how they used it to take care of some testing issues, database configuration changes and how to use it in a continuous integration pipeline.

tagged: share database laravel application nomad tool migration schema

Link: https://dyrynda.com.au/blog/sharing-databases-between-laravel-applications

Fortrabbit Blog:
Your responsibility: App security
Apr 09, 2018 @ 11:45:17

On the Fortrabbit blog there's a post from Oliver Stark about securing your PHP application based on an experience they had with a recent support ticket.

A few days ago, late in the evening, we received a support ticket with the [message asking if their site had been hacked]. The support team started the conversation with the client and checked the domain routing first. It quickly became clear that the redirects to the phishing domain happened on our platform, so they searched the access logs for suspicious requests.

As they searched the logs, other similar requests showed up pointing back to a root.php file that seemed to be taking commands from URL parameters. This kind of script is called a "webshell" and is usually uploaded via a vulnerability with a plugin, poorly guarded upload forms or bad input validation. After some additional tracking, the vulnerability was located in the site's "vendor" folder that was web accessible. The post finishes with some recommendations to keep this from happening to you and your application including keeping dependencies up to date and preventing direct "vendor" folder access.

tagged: application security fortrabbit webshell experience

Link: https://blog.fortrabbit.com/app-sec