Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
End-to-end encryption with Zend Framework 3
Aug 22, 2016 @ 11:56:35

With the recent release of the latest version of the zend-crypt package, the Zend Framework has announced that it's possible to use it to create end-to-end encryption in your applications (Zend Framework based or not).

Recently, we released zend-crypt 3.1.0, the cryptographic component from Zend Framework. This last version includes a hybrid cryptosystem, a feature that can be used to implement end-to-end encryption schema in PHP.

A hybrid cryptosystem is a cryptographic mechanism that uses symmetric encryption (e.g. AES) to encrypt a message, and public-key cryptography (e.g. RSA) to protect the encryption key. This methodology guarantee two advantages: the speed of a symmetric algorithm and the security of public-key cryptography.

He starts with a brief overview of how the system works and the flow of the request/response messaging. With this base in place, he gets into the code required to perform the encryption, first generating the keys needed for the encryption (and why he chose the mode/cypher he did for each). Then, using these keys, he shows how to use zend-crypt and its "Hybrid" handling to encrypt and decrypt a simple message. He also shows how to encrypt the contents of a file using a password.

tagged: endtoend encryption zendcrypt zendframework encryption tutorial string file

Link: https://framework.zend.com/blog/2016-08-19-end-to-end-encryption.html

Chris White:
Avoiding the burden of file uploads
Jun 14, 2016 @ 09:18:59

Chris White has a post to his site sharing a method he's come up with to avoid the burden of file uploads in your PHP application with the help of the offerings of Amazon S3 and some creative coding.

Handling file uploads sucks. Code-wise it's a fairly simple task, the files get sent along with a POST request and are available server-side in the $_FILES super global. Your framework of choice may even have a convenient way of dealing with these files, probably based on Symfony's UploadedFile class. Unfortunately it's not that simple.

[...] For most situations using S3 is a no brainer, but the majority of developers transfer their user's uploads to S3 after they have received them on the server side. This doesn't have to be the case, your user's web browser can send the file directly to an S3 bucket. You don't even have to open the bucket up to the public. Signed upload URLs with an expiry will allow temporary access to upload a single object.

He points out two advantages of this method: that you don't have to handle the upload part of file uploads and that it gives the user more control. He shares a video of the end result (a simple file upload frontend) and the code that you'll need to use the AWS PHP SDK to make it all work together. There's some configuration changes that'll need to be made on the S3 bucket side (like for CORS) but the code itself to make the connection is relatively simple. He does a great job of explaining every step of the way and includes the Javascript needed for the frontend as well.

tagged: file upload amazon s3 aws tutorial frontend

Link: https://cwhite.me/avoiding-the-burden-of-file-uploads/

Frank de Jonge:
Finally, file streams, and deferred execution in PHP.
Jun 03, 2016 @ 11:26:52

In a post to his site Frank de Jonge looks at a few different topics around the idea of "cleaning up after yourself" when it comes to the use of finally, file streams and deferred execution.

Cleaning up after yourself can be a tedious task. For example, closing file handlers after using them needs to be done. A programmer's life isn't all about the happy path. When things go pear-shaped you might end up duplicating cleanup code throughout your code. This is horrible, let's explore an alternative.

He starts by looking at the use of resources for file handling instead of something like file_get_contents. Along with this, however, comes "less happy" things to do around cleanup of the resource in case of error or when complete. He suggests that it can be better handled and, after comparing a PHP function version to a Go function doing the same, refactors to make use of finally to close the resource in one place (and it is always called exception on exception). He refactors it even more by splitting it out into a "cleanup" function that can be reused in other places where resources are accessed.

tagged: finally file resource trycatch cleanup tutorial

Link: https://blog.frankdejonge.nl/finally-file-streams-and-deferred-execution-in-php/

Paul Jones:
When Possible, Use File *Resources* Instead Of File *Names*
May 13, 2016 @ 10:37:38

In this new post to his site Paul Jones makes a recommendation to those working with files and other resources: pass around the resources themselves (the streams) not filenames.

In testing the Aura.Http package, I have realized that it’s much more flexible, testing wise, to pass around file resources (a.k.a. handles, pointers, or streams) than it is to pass around file names. When you do that, you can use a php://memory stream instead of attempting to touch the file system. [...] This places control of the file creation in your hands directly, not under the control of the system under test.

He gives examples based on some testing of one of his own packages where he needed to swap out the resource being tested and mock out a file system call. It's a simple trick but could help reduce some complexity in your overall code in the right situations.

tagged: file resource name unittest testing aurahttp

Link: http://paul-m-jones.com/archives/2487

Matthew Weier O'Phinney:
Serve PSR-7 Middleware Via React
Apr 20, 2016 @ 12:07:56

Matthew Weier O'Phinney has a post to his site showing you how to combine PSR-7 request/response handling (his examples use Zend Expressive) with React and middleawre in your application.

I've been intending to play with React for some time, but, for one reason or another, kept putting it off. This past week, I carved some time finally to experiment with it, and, specifically, to determine if serving PSR-7 middleware was possible.

He starts with a brief introduction to React and what kind of functionality it brings to the table. He includes a bit of sample code showing it in use creating a basic HTTP server responding to any request with a simple "Hello World" message. He then starts on the React+PSR-7 integration, wrapping the request and response handling from one in the other to keep the expected responses the same. He also talks about serving up static files using the React+PSR-7 handling via a middleware on the Expressive side. Finally he shares the work he's done via a library to help make it easier to reuse in other situations. He shows the installation and usage of this library and sample requests you can use to test it out.

tagged: react psr7 request response example library handler static file tutorial

Link: https://mwop.net/blog/2016-04-17-react2psr7.html

TutsPlus.com:
What Are Laravel 5.0 Facades?
Feb 23, 2016 @ 12:22:49

The TutsPlus.com site has posted a tutorial for those either new to the Laravel framework or wanting to get started a bit easier. In this new post they talk about the "facades" the framework makes wide use of - what they are and how they work.

The facade is very similar to the adapter and decorator patterns. The adapter acts like a bridge between two interfaces which are not compatible, while the decorator is more complex and used for dynamically changing the way objects behave.

[...] Sweet syntax, which Laravel uses, makes writing code cleaner and easier to understand. Laravel facades are actually the syntactic sugar for service location.

He uses the Cache facade in his introduction, showing where the various parts of it are defined and how it hooks in to the framework's functionality. With the basics out of the way he then shows how to create a custom facade instance: a simple check to see if the file name provided is a PDF or not.

tagged: laravel facade introduction tutorial custom pdf file

Link: http://code.tutsplus.com/tutorials/what-are-laravel-50-facades--cms-25347

Rob Allen:
PSR-7 file uploads in Slim 3
Feb 05, 2016 @ 11:08:23

In a post to his site Rob Allen explains how to handle file uploads in a PSR-7 structure, specifically illustrating with an example using the Slim (v3) framework.

Handling file uploads in Slim 3 is reasonably easy as it uses the PSR-7 Request object, so let's take a look.

He shows how to create a simple index route in a Slim application and render a view containing just a simple form with an upload field and submit button. When the form submits, he uses the getUploadedFiles method on the Slim Request object to get the file information for the upload. He also shows how to check for errors on the upload using the file data as an object and calling the getError method.

tagged: slim3 file upload tutorial handling error psr7 request

Link: https://akrabat.com/psr-7-file-uploads-in-slim-3/

Lorna Mitchell:
Handling Composer "lock file out of date" Warning
Jan 22, 2016 @ 09:48:23

Lorna Mitchell has a post on her site that wants to help you out when Composer reports a "lock file out of date" warning when you try to update your Composer dependencies. She provides three options to help resolve this issue.

Composer is dependency management for PHP, and it consists of two main files: [composer.json and composer.lock]. Crucially, the composer.lock also includes a hash of the current composer.json when it updates, so you can always tell if you've added a requirement to the composer.json file and forgotten to install it.

The post includes three different ways to correct the warning message:

  • Option one: upgrade all of the things
  • Option two: try to work out which composer.json change caused this
  • Option three: do nothing, safely

The first two options are preferable to the last one (essentially overriding the error) but it could be used in cases where you think Composer is just getting things wrong.

tagged: composer lock file outofdate warning option fix override

Link: http://www.lornajane.net/posts/2016/handling-composer-lock-file-out-of-date-warning

Leonid Mamchenkov:
Weird PHP error output bug
Dec 10, 2015 @ 10:41:06

In a post to his site Leonid Mamchenkov shares an interesting output bug he came across in his work developing cron jobs and how they handled his errors.

We came across this PHP bug at work today. But before you go and read it, let me show you a use case. See, if you can spot the problem. We had a cron job script which [ran a PHP script and echoed a string when complete].

[...] We use similar code snippets all over the place, and they work fine. This particular one was a new addition. So the cron job ran and “Updating products failed” part happened. Weird. The PHP script in question has plenty of logging in it, but nothing was logged.

After adding more and more logging to the process and PHP script, nothing obvious was standing out. Finally, they noticed that the filename was incorrect but normally that would cause an error in the PHP command line execution. The tricky part here was in how PHP handled its errors. Their error_log and display_errors settings were such that the PHP "missing file" error was being swallowed up and not displayed.

tagged: bug cron output error missing file errorlog displayerrors

Link: http://mamchenkov.net/wordpress/2015/12/10/weird-php-error-output-bug/

Lorna Mitchell:
Generating a File List for Phan
Nov 27, 2015 @ 10:38:33

Lorna Mitchell has shared a tip she's found helpful when using the phan static analysis tool for finding only PHP files via a simple grep.

Phan is the PHP Analyzer for PHP 7 code. I've been using it, partly out of curiosity, and partly to look at what the implications of upgrading my various projects will be. [...] I generated my filelist.txt files with a little help from grep - by looking for all files with opening PHP tags in, and putting that list of filenames into a file.

The phan tool is still pretty young but it provides a good example of how to use the new php-ast handling to parse and analyze PHP code.

tagged: phan file list generate quick tip grep static analysis tool

Link: http://www.lornajane.net/posts/2015/generating-a-file-list-for-phan