Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php[architect]:
August 2018 Issue Release - Masterful Code Management
Aug 06, 2018 @ 11:51:15

php[architect] magazine has posted the announcement of the release of their August 2018 issue: Masterful Code Management.

This issue includes articles like:

  • "Debugging PHP With Xdebug" by Mark Niebergall
  • "Pro Parsing Techniques with PHP, Part Three: Using Regular Expressions" by Michael Schrenk
  • "MySQL Generated Columns, Views, and Triggers" by Dave Stokes

All of the usual columns are back too including tips for using PhpStorm, using gitflow, secure token management and PHP community. You can pick up a copy to call our own from the php[architect] site and, if you're curious about the contents and want to "try before you buy", they've posted a free PDF of the "Using Regular Expressions" article to give you a taste.

tagged: phparchitect magazine release august2018 masterful code management

Link: https://www.phparch.com/magazine/2018-2/august/

Matthias Noback:
Negative architecture, and assumptions about code
Aug 06, 2018 @ 10:16:42

In a post to his site Matthias Noback looks at an interesting idea when it comes to the structure of your code: the idea of negative architecture and making assumptions.

In "Negative Architecture", Michael Feathers speaks about certain aspects of software architecture leading to some kind of negative architecture. Feathers mentions the IO Monad from Haskell (functional programming) as an example, but there are parallel examples in object-oriented programming. For example, by using layers and the dependency inversion principle you can "guarantee" that a certain class, in a certain layer (e.g. domain, application) won't do any IO - no talking to a database, no HTTP requests to some remote service, etc.

[...] A negative architecture is what's "between the lines". You can look at all the code and describe a positive architecture for it, but given certain architecture or design rules, there's also the background; things we can be sure will never happen.

He goes on to give a few examples of "negative architecture":

  • "An object does nothing meaningful in its constructor"
  • "An object doesn't also fetch dependencies statically if it also gets any number of dependencies injected"
  • "If a class is not marked final, it has at least one subclass"
  • "If a property is not marked "private", it's used by at least one subclass"
  • "An abstract class won't use methods that aren't part of its published interface"
  • "If an object has one public method, it won't have any public static methods"

For each item in the list there's a summary (and sometimes code) included to help clarify the point.

tagged: tutorial negative architecture assumption code

Link: https://matthiasnoback.nl/2018/08/negative-architecture-and-assumptions-about-code/

Matt Stauffer:
Introducing Laravel Nova: A Tool for Building Admin Panels and Custom CMSes
Jul 27, 2018 @ 10:16:01

Matt Stauffer has a new post to his site that takes a "deep dive" into Laravel Nova, the recently announced administration panel that's developed by the Laravel project. This is the first post in a new series.

These are my notes that I took during the announcement on 2018-07-25. I hope to go back later and update this after a more careful re-watching of the YouTube recording that's now up, so I could get some of my code samples more exact and catch anything I missed.

If you notice anything I missed or got wrong, please let me know on Twitter! And please check back in a few days so I have time to fix this up. :)

The post reads more like a live stream than a formal write up, but the good stuff is all there:

  • the basics of what Nova provides
  • how it works
  • defining a resource
  • working with fields
  • actions/filters
  • lenses
  • searching
  • auditing

...and much more. The post goes through each item, providing screenshots, context and code to show off the feature. If you want to see the announcement for yourself, check out the video over on YouTube.

tagged: laravel nova administration dashboard indepth features code

Link: https://mattstauffer.com/blog/introducing-laravel-nova-a-tool-for-building-admin-panels-and-custom-cmses/

TechBeacon:
9 ways to master awful code, fast
Jul 25, 2018 @ 10:24:58

On the TechBeacon site there's a new tutorial posted sharing a list of nine ways to master awful code and make it more efficient, easier to maintain and clearer.

You've been given the task of implementing a new feature on an old codebase, but the code looks awful. How can you understand it as quickly as possible? Here are several shortcuts to help learn the important parts of new code without getting lost in the irrelevant details.

Their suggestions range from technical to non-technical and include:

  • Ask for help
  • Make it easy to reproduce bugs (add version control, build environments)
  • Prepare for automated testing
  • At first, work on a small task

For each item in the list there's an explanation and links (or screenshots) of other resources to help illustrate their point.

tagged: master awful code refactor top9 list suggestion developer

Link: https://techbeacon.com/9-ways-master-awful-code-fast

Robert Basic:
Legacy code is 3rd party code
Jul 19, 2018 @ 09:43:50

In a post to his site Robert Basic makes an interesting suggestion about older codebases (legacy code) and how they should be handled. He suggests treating legacy code like 3rd party code.

Within the TDD community there’s an advice saying that we shouldn’t mock types we don’t own. I believe it is good advice and do my best to follow it. [...] This hidden advice is that we should create interfaces, clients, bridges, adapters between our application and the 3rd party code we use.

[...] What if we start looking at our legacy code the same way we look at the 3rd party code? This might be difficult to do, or even counterproductive, if the legacy code is in a maintenance-only mode, where we only fix bugs and tweak bits and pieces of it. But if we are writing new code that is (re)using legacy code, I believe we should look at legacy code the same way we look at 3rd party code, at least from the perspective of the new code.

He suggests that legacy code and new code should live in different parts of the application's structure and that, in order to use the legacy code, the new code should use interfaces to it rather than using it directly. He gives an example, showing the use of a User class from the legacy code and interfaces that could be used from the new code to work with it.

tagged: legacy code 3rdparty opinion interface separation

Link: https://robertbasic.com/blog/legacy-code-is-3rd-party-code/

RIPSTech.com:
WARNING: WordPress File Delete to Code Execution
Jun 27, 2018 @ 10:29:26

On the RIPSTech.com site they've posted a warning to the WordPress users out there about a vulnerability that would allow a malicious user to delete any file in the WordPress installation, not just file uploads.

At the time of writing no patch preventing this vulnerability is available. Any WordPress version, including the current 4.9.6 version, is susceptible to the vulnerability described in this blogpost.

For exploiting the vulnerability discussed in the following an attacker would need to gain the privileges to edit and delete media files beforehand. Thus, the vulnerability can be used to escalate privileges attained through the takeover of an account with a role as low as Author, or through the exploitation of another vulnerability/misconfiguration.

The post includes more details around the impact of the issue and where in the code the problem lies. It also offers a temporary "hotfix" as a way around the issue by adding a new filter that uses the basename function to reset the thumbnail data.

tagged: security wordpress delete file vulnerability code execution

Link: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/

Matt Stauffer:
How to count the number of lines of code in a PHP project
Jun 25, 2018 @ 10:50:37

In this post to his site Matt Stauffer shares several methods you can use to count the total number of lines of code in a PHP project.

I'm giving a talk soon about Laravel and "the enterprise", and the concept of LOC (lines of code) keeps coming up. It turns out that's actually a much harder number to discover than you might think, so I figured I would write up a few options here.

For what it's worth, I'm not a big fan of LOC as a measure of any importance, but it can at least give us some broad foundations to use to talk about broad differences in project size. If you were to ask me, I would say we shouldn't even think about it. But we don't always have that luxury.

He starts with a tl;dr for those that want the quick win (use PHPLOC) but shares other options with different tools too:

He shares answers to a few FAQs about finding lines of code and the output of each tool/command on the same project to show the differences.

tagged: linesofcode code lines count tutorial phploc cloc phpstorm sublimetext silversearcher

Link: https://mattstauffer.com/blog/how-to-count-the-number-of-lines-of-code-in-a-php-project/

Tomas Vortuba:
Is Your Code Readable By Humans? Cognitive Complexity Tells You
May 21, 2018 @ 10:55:07

In his latest post Tomas Votruba shares some of his thoughts around the importance of code readability and the idea of "cognitive complexity".

Cyclomatic complexity is a static analysis measure of how difficult is code to test. Cognitive complexity tells us, how difficult code is to understand by a reader.

Today, we'll see why is the later better and how to check it in your code with a Sniff.

He references this post and this PDF as sources for more information about cognitive complexity but opts for code examples to explain some of the basic concepts. He then gets into the automation of these kinds of checks, using a custom code sniff to check the complexity of the code. He walks through the installation process of the CognitiveComplexitySniff and shares some example results from its evaluation.

tagged: code readability human cognitive complexity example codesniffer tutorial

Link: https://www.tomasvotruba.cz/blog/2018/05/21/is-your-code-readable-by-humans-cognitive-complexity-tells-you/

Web Technologies Blog:
Code quality tools in PHP to check and improve your code
Apr 12, 2018 @ 10:52:55

On the Web Technologies blog they've posted a guide to some of the top PHP code quality assurance tools to ensure your codebase is kept neat, clear and clean from any unnecessary complexity.

You’ve got the good approach dear reader: code quality tools are essential to write solid and error-free PHP code. It can help your colleagues detect defects in the codebase and teach them some key concepts.

Don’t forget however that the advises and data they can provide won’t be appropriate everywhere. Your experience and your analysis skills are the one you should trust first.

The tutorial starts of with some of the tooling you'll need to get the system up and running: Composer for package management, terminal access for command execution and editor/IDE integrations (optional, obviously). It then lists out each of the tools and includes installation steps and links to more information:

  • PHP-CS-Fixer (PHP Coding Standards Fixer)
  • PHPCS (PHP CodeSniffer)
  • PHPMD (PHP Mess Detector)
  • PHPStan (PHP Static Analysis Tool)
  • PHPUnit and the CRAP metric

It also includes a few "bonus" tools that might be useful to track other quality aspects of your code including PhpLoc (lines of code), PHPMND for detecting "magic" numbers and churn-php for evaluating complexity of code based on number of commits. there's several more listed in the full post so be sure to check it out and see how you can integrate them into your development process.

tagged: quality assurance tool list improve code tutorial

Link: http://web-techno.net/code-quality-check-tools-php/

Junior Grossi:
Open-source is about sharing and giving back. Think about that.
Mar 26, 2018 @ 09:25:48

In a new post to his site Junior Grossi shares some of his thoughts about Open Source and how it's less about "free software" and more about sharing and giving back.

Maintaining an open source project – even a small one – is not an easy task. The open source ecosystem is about sharing and contributing, about giving and receiving. You scratch my back and I will scratch yours.

He suggests that working in Open Source is less about the actual software that's being written as it is a lifestyle. For him, the goal is to make someone else's life better by working on something you're sharing (instead of working on something commercial). He includes a quote from Fabien Potencier (of Symfony) about Open Source developers being exploited for their free software and how, despite the gift of time and work spent on the code, some people don't appreciate the work and just complain.

Instead of complaining about features or bugfixes, do it yourself, and show your gratitude for people that spent their free time working on something to help your life. They could be with their family but no, they were doing open-source. And you should thank them for that.

He finishes with a few thoughts about giving back to the projects you use and enjoy. It doesn't always have to be about code too - you can submit bugs, contribute to documentation or even just write up a tutorial to share your own knowledge of using the package.

tagged: opensource sharing project free software code opinion

Link: https://blog.jgrossi.com/2018/open-source-is-about-sharing-and-giving-back-think-about-that/