Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthew Weier O'Phinney:
Serve PSR-7 Middleware Via React
Apr 20, 2016 @ 12:07:56

Matthew Weier O'Phinney has a post to his site showing you how to combine PSR-7 request/response handling (his examples use Zend Expressive) with React and middleawre in your application.

I've been intending to play with React for some time, but, for one reason or another, kept putting it off. This past week, I carved some time finally to experiment with it, and, specifically, to determine if serving PSR-7 middleware was possible.

He starts with a brief introduction to React and what kind of functionality it brings to the table. He includes a bit of sample code showing it in use creating a basic HTTP server responding to any request with a simple "Hello World" message. He then starts on the React+PSR-7 integration, wrapping the request and response handling from one in the other to keep the expected responses the same. He also talks about serving up static files using the React+PSR-7 handling via a middleware on the Expressive side. Finally he shares the work he's done via a library to help make it easier to reuse in other situations. He shows the installation and usage of this library and sample requests you can use to test it out.

tagged: react psr7 request response example library handler static file tutorial

Link: https://mwop.net/blog/2016-04-17-react2psr7.html

Alex Bilbie:
OAuth 2.0 Device Flow Grant
Apr 20, 2016 @ 11:58:50

In a new post to his site Alex Bilbie looks at a good approach to simplifying the OAuth 2 authorization flow for a device and some of the simple PHP that can power it.

When signing into apps and services on devices such as a Playstation or an Apple TV it can be immensely frustrating experience. Generally you will ordeal something similar to one of the following scenarios: The utterly terrible experience whereby you don’t have anything other than an onscreen keyboard [or] A slightly less terrible experience whereby you can pair a bluetooth keyboard to enter your username and that crazy long password.

[...] There are some apps however - such as Youtube for Apple TV - that have a much better end user experience.

He talks more about this better experience involving a simple code presented to the user, a special URL to link the device and the typical OAuth-ish authorization page to link the request to your account. He then explains how it would work with a PHP backend: making the request to the auth server, returning a message with the codes and URL to pass along and the "device code" it responds with. He also includes a few examples of error responses for polling too quickly, pending authorization and a denied request. This is all based on the (currently in draft) OAuth 2.0 Device Flow Grant currently in the works.

tagged: device flow grant oauth2 example draft standard authorization

Link: http://alexbilbie.com/2016/04/oauth-2-device-flow-grant

What Are Laravel Exceptions?
Apr 18, 2016 @ 12:25:35

In a new tutorial posted on the TutsPlus.com site they get into some detail about what exceptions are in Laravel-based applications, when to use them and how to make your own.

As a PHP developer, you may use exceptions, because they allow you to notice when something has gone wrong or the user has acted in an unusual way (such as division by zero). Without exceptions, your application would end up presenting unwanted errors and being much more difficult to debug. It is also important that you halt execution immediately and take another course of action.

Exceptions are really simple, and they will make your development progress easier. When you learn how to use exceptions, this will be a usual part of your development.

They start by explaining what exceptions are (in the strictest sense, a definition from Martin Fowler) and an example of how one is caught in PHP. They briefly talk about when to use exceptions and how they're implemented in Laravel. The post finishes with a look at creating your own exception types and where to place them in your application. They also make the suggestion of using the Assertion package to verify data and catch the AssertionFailedException if there's an issue.

tagged: laravel exception example tutorial overview usage

Link: http://code.tutsplus.com/tutorials/what-are-laravel-exceptions--cms-25816

Paragon Initiative:
Securely Implementing (De)Serialization in PHP
Apr 18, 2016 @ 11:58:22

The Paragon Initiative site has a new tutorial posted aiming to help you more securely use the serialize and unserialize handling in PHP to prevent security issues. In this tutorial they offer some advice - mainly don't unserialize unless you're on PHP7 - and some other solutions you could use.

A frequent problem that developers encounter when building web applications in PHP is, "How should I represent this data structure as a string?" Two common examples include:
  • Caching a complex data structure (to reduce database load)
  • Communicating API requests and responses between HTTP-aware applications
This seems like the sort of problem that you could expect would have pre-existing, straightforward solutions built into every major programming language that aren't accompanied by significant security risk. Sadly, this isn't the case.

He starts with a look at the serialization handling and how it could allow remote code execution if an attacker were to modify the serialized data. He includes an example of using the new "allowed classes" parameter in PHP 7 too, though, preventing the issue. He also walks through two other ways you could replace serialized data: JSON structure and XML handling. Each of these have their own issues too but they're very different than the code execution with serialization.

tagged: serialize unserialize security json xml tutorial example vulnerability

Link: https://paragonie.com/blog/2016/04/securely-implementing-de-serialization-in-php

CloudWays Blog:
Using Memcached With PHP
Apr 13, 2016 @ 13:48:10

On the Cloudways blog they have a new tutorial posted showing you how to use memcached with PHP to help improve the overall performance of your application through cached data.

Memcached is a distributed memory caching system. It speeds up websites having large dynamic databasing by storing database object in Dynamic Memory to reduce the pressure on a server whenever an external data source requests a read. A memcached layer reduces the number of times database requests are made.

[..] Why Memcached? It increases the response time of your web pages, which in return enhances the overall customer’s experience. A better response time allows users to fetch data seamlessly.

He starts by ensuring that you already have a memcached instance up and running (it's external to PHP). They suggest using their own Cloudways setup, but it's relatively easy to install with packages on most Linux distributions. With that verified, he shows how to check for memchace functionality in your PHP installation and provides a bit of code to create a connection. Next is an example showing how to pull information from a MySQL database and push that data directly into the waiting memcache server via a set method call. It also includes a get example, showing if the caching was a success or not.

tagged: memcached caching tutorial introduction server configuration example

Link: http://www.cloudways.com/blog/memcached-with-php/

SitePoint PHP Blog:
Easy Deployment of PHP Applications with Deployer
Apr 08, 2016 @ 09:42:51

The SitePoint PHP blog has a tutorial showing you how to deploy your applications with Deployer, a simple deployment tool that aims to make it as easy as a single command to release you application to production.

Everybody tries to automate their development process, testing, code formatting, system checks, etc. This is also the case for deploying our applications or pushing a new version to the production server. Some of us do this manually by uploading the code using an FTP client, others prefer Phing, and Laravel users will prefer Envoyer for this process. In this article, I’m going to introduce you to Deployer – a deployment tool for PHP.

To introduce you to the tool they walk you through the deployment of a demo application, a simple tool that was used in a previous tutorial to connect to the 500px API. They help you get it installed and start in on some of the basic configuration:

  • setting up the target servers and environments
  • using SSH authentication
  • defining basic tasks
  • making use of "zero downtime" releases
  • using some common built-in tasks

Finally, they link to a recipes section on the Deployer website that gives you more advanced and wider reaching examples.

tagged: deployment deployer tutorial tool example introduction configuration

Link: http://www.sitepoint.com/deploying-php-applications-with-deployer/

Loïc Faugeron:
The Ultimate Developer Guide to Symfony - CLI Example
Apr 07, 2016 @ 10:43:51

Loïc Faugeron has posted another in his "ultimate guide" series of posts around components in the Symfony framework. In this latest post he gives an example of using the command line component with the Console component.

In this guide we've explored the main standalone libraries (also known as "Components") provided by Symfony to help us build applications: HTTP Kernel and HTTP Foundation, Event Dispatcher, Routing and YAML, Dependency Injection and Console. We've also seen how HttpKernel enabled reusable code with Bundles, and the different ways to organize our application tree directory.

Finally we've started to put all this knowledge in practice by creating a "fortune" project with: an endpoint that allows us to submit new fortunes, a page that lists all fortunes. In this article, we're going to continue the "fortune" project by creating a command that prints the last fortune.

He walks through the use of an example repository as a base and shows:

  • the creation of the command class
  • the matching tests to ensure it's working correctly
  • building out the logic to pull in the latest fortunes

They enter the fortunes via the web interface and use the command line to output them as as simple text.

tagged: ultimate developer guide symfony commandline cli example tutorial series

Link: https://gnugat.github.io/2016/04/06/ultimate-symfony-cli-example.html

QaFoo Blog:
Using Mink in PHPUnit
Apr 06, 2016 @ 09:13:30

The QaFoo blog has a new post today showing you how to use Mink with PHPUnit. Mink is a testing tool that allows you to write tests as if they were happening through a browser.

Another day for a short PHPUnit trick. If you want to use PHPunit to control a browser for functional or acceptence tests, then you can easily do this using the Mink library. Mink is well known from the Behat community to facilitate Behaviour-Driven Development (BDD), but it is a standalone library that can be used with PHPUnit just as easily.

This is more flexible than using dedicated browser abstractions such as Selenium directly from PHPunit, because you can switch between different implementations or even run tests with multiple implementations using the same code base.

They start with the command you'll need to get Mink installed via Composer (a simple require) and come example code for a test on the Wikipedia site (the page about PHP). They then refactor this a bit to remove the boostrapping of the Mink client into a reusable trait, making it simpler to use in other tests. They also refactor the test to use the trait and include the phpunit.xml configuration needed to run it.

tagged: mink browser test phpunit install example trait refactor wikipedia

Link: https://qafoo.com/blog/081_phpunit_mink_functional_tests.html

Jesse Schutt:
Simplifying Conditional Expressions
Apr 04, 2016 @ 14:47:43

Jesse Schutt has posted a set of helpful hints around simplifying conditional expressions in your PHP code. This can not only make them more readable but also easier to maintain in the future.

As I’ve been reading through Refactoring by Martin Fowler, I’ve found it helpful to rewrite some of the examples from the book in PHP in order to cement the concepts into my mind. While Martin’s examples are primarily in Java, I’ve found an overwhelming majority of the concepts apply to PHP, which is where I spend most of my programming time.

In today’s article, I will attempt to rework the Simplifying Conditional Expressions (pp. 237-270) section into a handful of PHP-based examples.

He touches n a few different types of conditional refactoring and provides examples for each:

  • Decomposing the Conditional
  • Consolidate Conditional Expression
  • Consolidate Duplicate Conditional Fragment
  • Replace Nested Conditional with Guard Clause

He ends the post with a reminder about why refactoring like this is important to both you and your code:

Computers excel at taking sets of instructions and stepping through them systematically. They don’t need code to have informative method or variable names. They don’t even need the code to be formatted in a specific pattern (aside for the syntactical requirements). Our goal in simplifying conditional expressions should be to make the code read easier for humans, not for computers.
tagged: simplify conditional expression example refactor tutorial

Link: http://zaengle.com/blog/simplifying-conditional-expressions

Kevin Schroeder:
Excluding Fields in the MongoDB/MongoDB Library
Mar 31, 2016 @ 11:18:05

In this new post to his site Kevin Schroeder has shared a helpful hint around the MongoDB library and excluding fields from the results of a query.

I am using the mongodb/mongodb library for a project of mine. The API seems fairly different from the old PECL library and it also came with some other, albeit unexpected, baggage. [...] One of the practices I’ve heard about Mongo is to get Mongo to do as much as it can, but not to worry too much about complicated joins and such as you would in SQL. In other words, don’t shy away from bringing data into the application to do some processing. That was the practice I followed, which worked fine up until my data size started to increase.

He started seeing some major performance issues when his data set grew to a significant size (50% of the response time). He went searching for a solution, tried MapReduce but eventually came upon an optional parameter letting him tell the Mongo DB to omit a value (or values) from the result set. Using this he dropped 7.5 seconds off of his wall clock time.

tagged: exclude fields result set mongodb library example parameter

Link: http://www.eschrade.com/page/excluding-fields-in-the-mongodbmongodb-library/