Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joseph Silber:
The new Closure::fromCallable() in PHP 7.1
Jul 26, 2016 @ 10:20:47

In a new post to his site Joseph Silber looks at a new feature that will be coming with the next release in the PHP 7.x series - PHP 7.1 - the ability to convert a callable type into an actual Closure instance.

With PHP 5.5 going EOL earlier this week and the PHP 7.1 beta expected later this month, now sounds like a good time to look into a neat little feature coming in 7.1: easily converting any callable into a proper Closure using the new Closure::fromCallable() method.

He starts with a quick refresher on what closures/callables are in PHP (or an introduction for those not already familiar) including a simple example with the reject handling on a Laravel collection. He then modifies the example to try to pass in a base PHP function. This doesn't work directly (as it's not technically "callable" how it's expecting) so he wraps the is_float in a closure instead. This is a bit of a hassle and not as reusable so he updates it for PHP 7.1 and uses the Closure::fromCallable handling to make it automatically. He follows this with another example use case: calling a private method with the array of object/method name from inside the class.

tagged: closure callable fromcallable php7 example introduction

Link: https://josephsilber.com/posts/2016/07/13/closure-from-callable-in-php-7-1

SitePoint PHP Blog:
Can We Use Laravel to Build a Custom Google Drive UI?
Jul 25, 2016 @ 13:57:52

The SitePoint PHP blog has posted a new tutorial that asks the question "Can We Use Laravel to Build a Custom Google Drive UI??" In this case it's a simplified version of the current Google Drive functionality, but it's more of a proof-of-concept than anything.

In this tutorial, we’re going to build an app that talks to the Google Drive API. It will have file search, upload, download and delete features. If you want to follow along, you can clone the repo from Github.

They walk you through the full process of getting the application set up, including creating the project on the Google side and grabbing the API credentials for use in your code. They then switch back over to the code side and create a basic Laravel project and configure it with the Google API credentials you just created. Next up is the creation of all of the routes for the list, upload and delete handling in the Laravel app as well as the controllers/views to make them all work. They also include search functionality, letting you easily query the API for files with names matching a certain string.

tagged: laravel google drive ui tutorial api example

Link: https://www.sitepoint.com/is-laravel-good-enough-to-power-a-custom-google-drive-ui/

TutsPlus.com:
New Features in Laravel 5.2
Jul 25, 2016 @ 11:14:31

On the TutsPlus.com site they've posted a guide sharing some of the new features that have come with the 5.2 version of the Laravel framework. With v5.3 on the horizon, it's good to get a solid base with 5.2 first.

In this article, I will take a look at the new features of Laravel 5.2 and describe them one by one. The new features are [...]: implicit route model binding, form array validation, API rate-limiting middleware, middleware groups, authentication scaffold and multiple authentication guard drivers

The post then goes through each of these topics providing a bit of explanation of what they're about and how they can be useful. There's also snippets of code included where helpful to show off the feature and provide a more useful example.

tagged: laravel features v52 overview code example description

Link: http://code.tutsplus.com/tutorials/new-features-in-laravel-52--cms-26229

SitePoint PHP Blog:
Testing Your Tests? Who Watches the Watchmen?
Jul 21, 2016 @ 12:10:48

In a tutorial posted to the SitePoint PHP blog Claudio Ribeiro tries to answer the question of "who watches the watchmen" (your application's tests) to ensure they're functioning as expected and are correct. In this new tutorial he introduces the Humbug mutation testing tool and how it can be used to verify your own tests.

Regardless of whether you’re working for a big corporation, a startup, or just for yourself, unit testing is not only helpful, but often indispensable. We use unit tests to test our code, but what happens if our tests are wrong or incomplete? What can we use to test our tests? Who watches the watchmen?

[...] Mutation Testing ( or Mutant Analysis ) is a technique used to create and evaluate the quality of software tests. It consists of modifying the tests in very small ways. Each modified version is called a mutant and tests detect and reject mutants by causing the behavior of the original version to differ from the mutant. Mutations are bugs in our original code and analysis checks if our tests detect those bugs. In a nutshell, if a test still works after it’s mutated, it’s not a good test.

He starts by helping you get it installed (a quick composer require) and creating a simple "calculator" test to show it in use. He then creates the test for the class with some simple testing methods for the basic calculator functionality. He then configures the Humbug installation (via a JSON config file) and executes it on the current tests, sharing the resulting output. He goes through the results showing how to interpret them and points out places where the tests could be improved.

tagged: testing unittest humbug mutation variation example tutorial output

Link: https://www.sitepoint.com/testing-your-tests-who-watches-the-watchmen/

IBM Security Intelligence:
The Webshell Game Continues
Jul 20, 2016 @ 11:50:15

On the IBM Security Intelligence site there's a new article posted talking about webshells. For those not familiar with webshells, they're scripts that can be used to control servers or work as a platform to access other systems put in place by attackers. In this article they introduce some of the basics around webshells and the rise they're seeing in their use.

The IBM X-Force Research team reported an increase in PHP C99 webshell attacks in April 2016. More recently, webshells dubbed b374k made their mark with attacks that the team has been tracking over the past few months.

Although this blog highlights some features of the b374k shell, the main objective is to call your attention to the fact that PHP applications are becoming an increasingly popular choice for attackers aiming to glean your data and deface your website without much hard work. This threat should be pushed to the top of your priority list — primarily because of the power of the tool used for this type of attack, but also because of the startling increase in this attack type this year.

They start off with some of the basics of webshells, more related to the PHP versions: what they are, what kind of functionality they commonly provide and an example of the UI of a shell. They then talk about some of the common delivery methods, potential entry points of these attacks and some of the "indicators of compromise" you can use to detect them. They also include mitigations you can perform to rid yourself of these webshells including adding additional plugins/software and locking down features of PHP itself.

tagged: webshell game introduction example features attack security

Link: https://securityintelligence.com/the-webshell-game-continues/

Adam Wathan:
Customizing Keys When Mapping Collections
Jul 19, 2016 @ 10:52:29

Adam Wathan has a new post to his site talking about mapping with collections and customizing the keys when injecting new data into your Laravel collections.

People often ask me, “how do I specify keys when I’m mapping a collection?”

It actually ends up being a pretty interesting topic, so I decided to cover it in a short screencast, as well as in written format below.

He shows how to translate a simple set of data into a much more slimmed down version. He points out that the "map" function could be used but it doesn't allow for setting keys. Instead he talks briefly about how the problem could be solved in Javascript (returning an object instead of an array) and how to use the "reduce" method to filter and reset the data as it goes through the array. He finishes out the post talking about learning from other languages, the "toAssoc" macro on Laravel collections and mapping the data back to an array with a custom macro.

tagged: customize key mapping collection laravel object javascript example screencast

Link: https://adamwathan.me/2016/07/14/customizing-keys-when-mapping-collections/

SitePoint PHP Blog:
Cleaning up Code: Is Refactoring for Aesthetics worth It?
Jul 18, 2016 @ 10:16:17

On the SitePoint PHP blog Tobias Schlitt has an article posted that tries to answer the question "is refactoring for aesthetics worth it" for most development groups out there.

Most development teams want to get their codebase into a better, more maintainable state. But what definition of better should be chosen? In many cases, it is not necessary to dig deep into Domain Driven Design (DDD) to achieve this goal. Sometimes, it's even counter productive. But one of the most basic collections of principles can help each team a lot already: Clean Code.

The Clean Code book by Robert C. Martin summarizes many simple and advanced improvements to get better, understandable, and therefore more maintainable code.

He goes on with a bit of example code, showing a getJobs method that has room for improvement. He makes recommendations on cleanup steps like: renaming variables for clarity and breaking up code more visibly based on functionality. He then talks about the "methodology of refactoring" and how to take "baby steps" in your updates rather than major jumps. He ends by pointing out that refactoring for "beauty" sake isn't a good idea nor is doing it without a sufficient level of automated testing to ensure changes didn't break the application.

tagged: refactoring aesthetics babysteps opinion example naming cleancode

Link: https://www.sitepoint.com/cleaning-up-code-is-refactoring-for-aesthetics-worth-it/

Nicolas Widart:
Writing modular applications with laravel-modules
Jul 13, 2016 @ 11:57:39

In a new post to his site Nicolas Widart introduces you to the idea of building Laravel applications a bit differently than you may normally: in a more modular structure. This structure makes use of this package to make it happen.

Let me start by saying Laravel is an amazing framework. However when it comes to writing more complex and bigger applications, I find the default structure laravel comes with cumbersome and not ideal.

The way the default laravel installation comes with is basically all the application logic inside an app/ folder. This works, but I would not suggest going this route. [...] This is what being modular is trying to resolve. You split of the business logic into different parts, which belongs together. If you're into Domain Driven Design, you can consider a module an aggregate.

Each module has its own resources (routes, models, views, etc) combined into a single "drop-in" structure. He provides an example of this structure and compares it to the more traditional Laravel "all-app" structure. The package he links to makes this modular structure simpler and points out that this system is what the AsgardCMS already uses behind the scenes.

tagged: modular application laravel tutorial example package asgardcms

Link: https://nicolaswidart.com/blog/writing-modular-applications-with-laravel-modules

TutsPlus.com:
Internationalizing WordPress Projects: A Practical Example, Part 1
Jul 06, 2016 @ 10:50:43

Tom McFarlin has continued his series covering internationalization in WordPress applications with this latest part of the series. In the previous part of the series he introduced some of the basic topics and terms. In this new tutorial he gets more into functionality creating the plugin he'll use in his examples.

Given that WordPress powers roughly 25% of the web and that the web is not local to your country of origin, it makes sense to ensure that the work that we produce can be translated into other locations.

To be clear, this does not mean that you, as the developer, are responsible for translating all of the strings in your codebase into the various languages that your customers may use. Instead, it means that you use the proper APIs to ensure someone else can come along and provide translations for them.

He then walks you through the download of the latest WordPress version (a Subversion checkout) and the creation of the plugin structure. He provides sample code to define the plugin and shows how it should look in the "Plugins" listing. He helps you add in the menu item with internationalized strings for the link text. They help you add a simple screen for the plugin and help you style the page a bit. The post ends with a brief mention of object-oriented programming but points out that OOP introduces other, not necessarily related, topics that could detract from the WordPress-related content (and so will not be used).

tagged: wordpress internationalization i18n tutorial series part2 plugin example practical

Link: http://code.tutsplus.com/tutorials/internationalizing-wordpress-projects-a-practical-example-part-1--cms-26676

Freek Van der Herten:
A package to log activity in a Laravel app
Jun 30, 2016 @ 09:46:17

In a new post to his site Freek Van der Herten shares information about a logging package they've developed for Laravel-based applications to make activity logging simpler throughout the app: laravel-activitylog.

n your apps there’s probably a lot going on. Users log in and out, they create, update and delete content, mails get sent and so on. For an administrator of an app these events provide useful insights. In almost every project we make at Spatie we log these events and show them in the admin-section of our site. [...] We made a new package called laravel-activitylog that makes logging activities in a Laravel app a cinch. In this blogpost I’d like to walk you through it.

He then goes through the basics of using the library, complete with code examples:

  • simple activity logging with messaging
  • providing the "acted on" object information
  • logging the information about who the actor was

There's also a section with details on automatic model logging, making it easier to see the changes on you data without having to log each one individually. He also shows you how to use multiple logs, providing a method to narrow down log records by type.

tagged: laravel application logging package example introduction model

Link: https://murze.be/2016/06/package-log-activity-laravel-app/