Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
How to Safely Implement Cryptography Features in Any Application
Oct 07, 2015 @ 11:51:41

The Paragon Initiative blog has posted a new article showing you how to safely implement cryptography in any PHP-based application (or really just about any application) with the help of libsodium.

Why not {Mcrypt, OpenSSL, Bouncy Castle, KeyCzar, etc.}? These cryptography libraries are really building blocks that by and large must be used, with expert care, to build the interfaces you want developers to use. In most cases, libsodium is the interface you want developers to use. [...] By default, these libraries don't provide [authenticated encryption](https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken). Most of them force developers to use RSA (or ECDSA but certainly not EdDSA), which is [hard to get right](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html) and for which [index calculus attacks are improving each year](https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2501/original/20141227.pdf).

He goes on to talk about NaCI as a possible option (libsodium is from a fork of it) but points out that NaCI isn't as easily available as libsodium to non-C/Python developers. He shares a few reasons why he thinks "libsodium is so great" and a few reasons not to use it (mostly dealing with outside limitations, not technical ones). Finally he points you in the right direction to help you get started using libsodium for PHP as a PECL extension.

tagged: cryptography feature safe guide tutorial introduction pecl extension

Link: https://paragonie.com/blog/2015/09/how-to-safely-implement-cryptography-in-any-application

Rob Allen:
The beginner's guide to contributing to a GitHub project
Sep 24, 2015 @ 12:08:10

If you've ever wanted to contribute to an open source project but didn't have any idea where to begin, Rob Allen has a few suggestions to help you get started. His guide is a bit more on the technical level than others that talk more about finding a project or community to be a part of, though.

This is a guide to contributing to an open source project that uses GitHub. It's mostly based on how I've seen Zend Framework, Slim Framework and joind.in operate. However, this is a general guide so check your project's README for specifics.

He walks you through a four step process to getting ready to contribute and make that first submission to the project of your choice:

  • Set up a working copy on your computer
  • Do some work
  • Create the PR (Pull Request)
  • Review by the maintainers

Naturally, some of this depends on the process that the project follows to take in new submissions, either from an issues list or just random buxfixes. It's a pretty standard GitHub-centric guide to follow though. He also recommends reading this article from Lorna Mitchell about code reviews and what the maintainers of most open source projects will look for in submissions.

tagged: beginner guide opensource github contribute project

Link: http://akrabat.com/the-beginners-guide-to-contributing-to-a-github-project/

Paragon Initiative:
Using Libsodium in PHP Projects
Sep 02, 2015 @ 13:25:18

The Paragon Initiative site has posted a new guide to helping you integrate libsodium into your application to provide additional cryptographic functionality in addition to things like mcrypt and crypt

You shouldn't need a Ph.D in Applied Cryptography to build a secure web application. Enter libsodium, which allows developers to develop fast, secure, and reliable applications without needing to know what a stream cipher even is.

After reading this brief electronic manual, you should know what libsodium is, what features it has, and how to install it (both the library and the PHP extension from PECL). [You should also] generally understand which cryptography tool to use for a specific scenario [and] be capable of writing production-quality code that uses libsodium.

The guide (still a work in progress) starts by explaining what libsodium is and what it has to offer over other encryption methods. It talks about the role of random data in encryption, a few basic crypto concepts (like key-based encryption and hashing) and finally gets into some of the more advanced features of the libsodium extension.

Additionally, the guide is also open source so if you'd like to contribute, just submit a pull request for consideration.

tagged: paragoninitiative libsodium guide introduction advanced encryption

Link: https://paragonie.com/book/pecl-libsodium

PHP7 Migration Guide Posted
Aug 17, 2015 @ 11:29:48

The official PHP.net has posted their PHP 7 migration guide for those already on PHP 5.6.x and wanting to prepare their applications for PHP7.

Despite the fact that PHP 7.0 is a new major version, efforts were put in to make migration as painless as possible. This release focusses mainly on removing functionality deprecated in previous versions and improving language consistency. There are a few incompatibilities and new features that should be considered, and code should be tested before switching PHP versions in production environments.

The guide includes links to other pages showing things like:

  • Backward incompatible changes
  • New features
  • Deprecated features in PHP 7.0.x
  • New functions/classes/interfaces/global constants
  • Removed Extensions and SAPIs

There's also a link to some other various changes that's not completely fleshed out yet, but is evolving as PHP 7 gets closer to a final release.

tagged: php7 migration guide php56 changes update deprecation remove features

Link: http://php.net/manual/en/migration70.php

UserSnap Blog:
A Practical Guide to Building Fast Web Applications in the Cloud
Aug 14, 2015 @ 10:44:58

On the UserSnap blog Luciano Mammino has provided a guide to building fast applications in the cloud using PHP and several tools and techniques. He offers a list of six rules to follow to make building the applications fast (and fast applications).

In this post Luciano highlighted some of the most common principles you should consider while building high performing web applications (specifically on the backend part). The following concepts discussed here can be applied to any language and framework. Though this post will cover some concrete examples, design patterns and tools that are mostly used in the PHP ecosystem.

His list of rules includes tips like:

  • Avoid premature optimization
  • Defer the work you don’t need to do immediately
  • Use cache when you can
  • Prepare your app for horizontal scalability when possible

Each point comes with a paragraph or two of explanation as to why it's an issue to watch out for and some tips to help prevent it as well as tools that can help.

tagged: guide practical fast application top6 tips tools

Link: http://usersnap.com/blog/building-web-applications-cloud/

PHP Object-Oriented Programming Beginner's Guide
Aug 12, 2015 @ 09:45:14

For those working to move from procedural PHP into a more object-oriented world but may be having some trouble with the transition, the Star Tutorial site has a great beginner OOP in PHP guide you should check out.

They cover all of the basics you'll need to get started with objects in PHP including:

  • classes versus objects
  • visibility
  • inheritance
  • polymorphism
  • interfaces versus abstract classes

Each section is a quick definition and a bit of code to help illustrate the point. This isn't going to be a hand-holding kind of tutorial showing you each step to making an OOP application. Instead, it provides quick, high level summaries of the main OOP concepts to get you on the right road.

tagged: oop object beginner concepts guide tutorial section concepts

Link: http://www.startutorial.com/homes/oo_beginner

Knp University:
How we Upgraded to Symfony 2.7 (+ deprecation notices)
Jun 01, 2015 @ 11:17:24

The Knp University site has a new post to their blog sharing how they migrated to Symfony 2.7, the latest release of the popular PHP framework.

Symfony 2.7 - the next LTS release - came out on Saturday, with bells and whistles like 100+ new features/enhancements and a surprise new bridge component to PSR-7. So, we decided to upgrade immediately and report back. Let's go!

They walk through each stage of the process, sharing code and summaries about what changed along the way (including the update to the composer.json):

  • You need to upgrade sensio/distribution-bundle
  • You Need -with-dependencies
  • Upgrading FOSUserBundle
  • Fixing Behat 2.5

It's a pretty short list and obviously your milage may vary depending on what version you're updating from, but most recent versions shouldn't have too much trouble.

tagged: knpuniversity upgrade symfony27 guide steps fixes

Link: http://knpuniversity.com/blog/upgrading-symfony-2.7

Binary Studio Blog:
Definitive Guide On Creating Custom Providers For Laravel OAuth2 Authorization
May 26, 2015 @ 12:45:12

A new guide has been posted showing you how to create custom OAuth2 providers for your Laravel application. In this case they wanted to hook the application in via Socialite to the VK social network but needed a custom connector to make it happen.

First of all let’s say that social authorization is very popular and frankly speaking it’s really handy tool. Surfing internet we can see a lot of sites and services which offer login with Facebook, Twitter, Google and other social networks. [...] If you’re building your website in PHP using Laravel, probably you’ve noticed Socialite which provides OAuth / OAuth 2 authentication with Facebook, Twitter, Google, and GitHub. The most famous social network which provides OAuth2 authentication in Russian segment of the internet is vk. But there is a lack of such connector (provider) in Socialite library. Actually it’s not a hard problem, so let’s build new VkProvider on top of Socialite’s components.

He starts with a brief look at the typical OAuth2 authentication flow between the social network and your application. From there it gets more vk.com specific. He shows how to set up the custom application on their side, updating your configuration with the credentials and installing Socialite. He then implements a "VkProvider" defining the required methods based on the interface. He then registers it as a "SocialiteServiceProvider" and uses it in a "login" request route.

tagged: oauth2 guide custom provider laravel socialite tutorial vkcom russian

Link: http://binary-studio.com/2015/05/25/laravel-oauth2/

SitePoint PHP Blog:
Laravel 4 to Laravel 5 – The Simple Upgrade Guide
Apr 06, 2015 @ 11:49:51

The SitePoint PHP blog has posted a guide to help you upgrade from a Laravel 4 based application to the latest version, Laravel 5. Author Younes Rafie walks you through each step of the process, providing sample code and explanations of the changes along the way.

Laravel 5 is already out, but the fear of change is taking everyone. We keep hearing people complaining about some radical changes. Like, why this new folder structure? Will my application break if I do a composer update? In this article, we’re going to look at how to migrate your existing Laravel 4 application to Laravel 5 and understand the new folder structure.

he starts by helping you get Larave 5 installed and working via Composer. He then makes updates to some configuration files for his sample application (it hooks into the Google Analytics API) including the Analytics connection information. He includes changes to the route handling and moving some files around to their new locations. He also mentions the re-installation of the Illuminate/Html package as it's no longer included in the base release.

tagged: laravel4 laravel5 upgrade guide tutorial framework

Link: http://www.sitepoint.com/laravel-4-laravel-5-simple-upgrade-guide/

A Beginner’s Guide To Composer
Mar 31, 2015 @ 13:48:55

The Scotch.io site has posted a guide that can help you if you're just getting started in the world of PHP packages via Composer. In this new tutorial Daniel Pataki introduces you to the tool and how to use it to install the dependencies you need.

I’m sure there are plenty of coders out there who are wondering about the benefits of using composer and many who are afraid to make the leap into a new system. In this article we’ll take a look at what exactly Composer is, what it does and why it is a great tool for PHP projects.

He starts with the basics of dependency management, why it would be used in a project and how it automates the installation and integration of 3rd party libraries. From there he helps you get Composer installed and starts in on a sample "composer.json" configuration file. In his example he installs Monolog, the popular PHP logging class. He talks some about how to specify versions, locking down the dependency versions to install and installing "developer only" requirements.

tagged: composer package dependencies library introduction beginner guide

Link: https://scotch.io/tutorials/a-beginners-guide-to-composer