Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matt Stauffer:
Introducing Laravel Nova: A Tool for Building Admin Panels and Custom CMSes
Jul 27, 2018 @ 15:16:01

Matt Stauffer has a new post to his site that takes a "deep dive" into Laravel Nova, the recently announced administration panel that's developed by the Laravel project. This is the first post in a new series.

These are my notes that I took during the announcement on 2018-07-25. I hope to go back later and update this after a more careful re-watching of the YouTube recording that's now up, so I could get some of my code samples more exact and catch anything I missed.

If you notice anything I missed or got wrong, please let me know on Twitter! And please check back in a few days so I have time to fix this up. :)

The post reads more like a live stream than a formal write up, but the good stuff is all there:

  • the basics of what Nova provides
  • how it works
  • defining a resource
  • working with fields
  • actions/filters
  • lenses
  • searching
  • auditing

...and much more. The post goes through each item, providing screenshots, context and code to show off the feature. If you want to see the announcement for yourself, check out the video over on YouTube.

tagged: laravel nova administration dashboard indepth features code

Link: https://mattstauffer.com/blog/introducing-laravel-nova-a-tool-for-building-admin-panels-and-custom-cmses/

Checkpoint Research Blog:
Uncovering Drupalgeddon 2
Apr 13, 2018 @ 15:22:46

On the Checkpoint Research blog there's a recent post covering the recent critical Drupal bug, a.k.a. Drupalgeddon 2, and providing a deeper look into the bug and how the exploit worked.

Two weeks ago, a highly critical (21/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-2018-002 / CVE-2018-7600), was disclosed by the Drupal security team. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations.

[...] Until now details of the vulnerability were not available to the public, however, Check Point Research can now expand upon this vulnerability and reveal exactly how it works.

The post covers the basic issue, a lack of input sanitization on Form API requests, and what versions it existed in. It then dives into the technical details, showing a proof of concept for the exploit and how an attacker might locate a place in the application to use it. It also looks behind the scenes at the code that handles the request and shows where the issue lies. The post ends with a look at "weaponizing" the exploit and executing whatever code you'd like on the server.

tagged: drupal security issue drupalgeddon2 indepth technical detail

Link: https://research.checkpoint.com/uncovering-drupalgeddon-2/

Joshua Thijssen:
Symfony's autowiring
Nov 02, 2017 @ 15:26:18

Joshua Thijssen has a new post to his site looking "under the hood" at Symfony's autowiring functionality used to locate and initialize services for the framework as needed.

When asking people if they use Symfony’s autowiring functionality, an often heard excuse why people don’t use it is because of all the magic that is happening during autowiring. But just like most impressive magic tricks, once explained, it all boils down to a few simple principles and Symfony’s autowiring is nothing different in that perspective. In this blogpost I will explain the new autowiring and autoconfiguration features, and why you should love them.

He starts off with an example of how to define services manually. He then explains how these services are used in the code and how to pass in arguments when fetching. He then moves on to the automatic generation of the services (the autowiring) and how the framework is "tricked" into using the namespace of the discovered service as the name. This is also used in dependency handling. The post then covers when the autowiring won't work, autoconfiguration and how to set defaults on service definitions (for arguments).

tagged: symfony autowiring tutorial indepth configuration framework

Link: https://adayinthelifeof.nl/2017/09/19/symfony-autowire.html

Chike Mgbemena:
PHP 7 In-Depth Look
Nov 04, 2016 @ 16:58:51

Chike Mgbemena has posted a great guide for those out there still getting familiar with what PHP 7 has to offer and things to watch for when migrating your PHP 5.x code up to this latest version.

PHP 7 was released on 03 Dec 2015, and so many people have not yet started using or learning about the awesome features it has. I wrote this post to give a breakdown of the features released with PHP 7 for those that have not yet learnt about them and even if you know it, you might still learn something from this post.

Rasmus Lerdorf (creator of PHP) claims that apps running PHP 7 performance is improved by 100% or more. Memory usage is lower also, so if you are running a lot of servers, PHP 7 is an essential upgrade. One of the big changes in PHP 7 is the refactored ZEND Engine(PHPNG) which is now faster, memory usage reduced and a “green” version of PHP which makes you run less hardware to run your code.

He starts with a list of things that have been removed from PHP 7 including the MySQL extension (not mysqli), posix regular expression handling and the deprecation of the "salt" option in password hashing. He goes on to talk about some of the new things that come with PHP 7 including:

  • the "spaceship" operator
  • allowing constants to be defined as arrays (previously just strings)
  • the random_bytes and random_integer functions

He also covers one of the most major changes in PHP 7: the inclusion of type hinting and checking, generators, error handling updates and a few other miscellaneous changes.

tagged: php7 indepth language changes guide

Link: http://chikemgbemena.com/2016/10/29/php-7-in-depth-look/

Kévin Gomez:
Digging into: Humbug
Oct 27, 2016 @ 17:12:36

Kévin Gomez has a recent post to his site sharing some of the knowledge he gained when digging into Humbug, a mutation testing tool for PHP development.

While I’ve already used Humbug a few time, a recent article made my realise that I didn’t really know how it worked.

That’s when I got the idea to dig into Humbug to learn how it works, and publish my findings here.

He starts with a brief overview of Humbug for those not familiar with it - a mutation testing tool that reviews your unit tests to see how well they actually cover your code. It performs various operations (mutations) on the tests and evaluates the response. He then gets into how Humbug does this and what tools it uses to break down and understand your tests. He then goes through the actual code of the tool, walking through the tests, tokenizing the code and performing small changes to re-test and see how the results differ from the original results.

tagged: humbug mutation testing tool indepth library token variation

Link: http://blog.kevingomez.fr/2016/10/23/digging-into-humbug/

Matt Stauffer:
Introducing Laravel Echo: An In-Depth Walk-Through
Jun 17, 2016 @ 17:11:02

Matt Stauffer has a new post to his site where he's put together an in-depth look at Laravel Echo, a feature included in newer versions of the framework that makes it easy to integrate websockets into your Laravel-based application.

A few weeks ago, Taylor Otwell introduced another branded product within the Laravel line: Laravel Echo. So far, the only coverage it's gotten has been his Laracasts video intro, but I recently wrote it up for my book and wanted to share that with you. What follows is an excerpt from Laravel: Up and Running, heavily modified to make sense in a blog format.

He then gets into what Echo is and the different pieces that make it up: updates to the Laravel broadcast system and a new Javascript package. He suggests some places where using Echo makes sense and how to set up a simple broadcast event in your application (non-Echo to start). This makes use of the Pusher service for real-time event broadcasting. With that in place, he helps you install the Echo dependencies and integrating messages from both public and private channels. He also includes a bit of code at the end to exclude the message from broadcasting to the current user if you ever find a need for it.

tagged: laravel echo indepth tutorial setup configure pusher javascript

Link: https://mattstauffer.co/blog/introducing-laravel-echo

Joshua Thjissen:
Incrementing values in PHP
Oct 13, 2015 @ 15:50:01

Joshua Thjissen has a post to his site looking at a relatively common operation in PHP code - incrementing values - but gets a lot more in-depth than just a simple overview.

Take a variable, increment it with 1. That sounds like a simple enough job right? Well.. from a PHP developer point of view that might seem the case, but is it really? There are bound to be some catches to it (otherwise we wouldn’t write a blogpost about it). So, there are a few different ways to increment a value, and they MIGHT seem similar, they work and behave differently under the hood of PHP, which can lead to – let’s say – interesting results.

He starts with the most basic situations, updating known integer values, but shows the curious things that can happen when the same operations are done on strings. He digs down into the bytecode that's generated from these bits of code, showing the order of operations when the code is actually executed. He then gets into more detail on each kind of operator, starting with the unary increment operator then moving on to the add assignment expression and add operator. For each he describes the behind the scenes bytcode actions happening and where in the PHP source code its being handled (and how).

tagged: increment value integer string bytecode indepth source

Link: https://www.adayinthelifeof.nl/2015/10/13/incrementing-values-in-php/

Dayle Rees:
PHP: The Composer Lock File
Aug 24, 2015 @ 14:17:10

Dayle Rees has a post to his site help to demystify the composer.lock file for the Composer users out there - what it's for, how it works and why you may or may not want to have it in version control.

Everywhere that I go, conference, the supermarket, the dentist, building sites, people always ask me about the Composer lock file. It's a mystery that seems to cause confusion all across the globe. Well, boys and girls, I'm here today to de-mystify the lock file once and for all.

He starts with a new project and some simple dependencies (three of them), two with specific versions defined and one with a wildcard. Once a composer install is run, the packages are downloaded and the composer.lock file is created. He talks about the contents of the lock file and how they relate to the version of the library Composer has installed, the exact version to be precise. He then gets to the question many wonder about the lock file - should I commit it to my version control system? He suggests that, if you need exact versions installed, then yes. This helps keep versions the same across the board of a team and ensures other people working with the library are using compatible library versions. He ends the post talking about how to use the lock file (install vs update) and what changes could be made in one versus the other.

tagged: composer lock file composerlock indepth update install tutorial

Link: http://daylerees.com/the-composer-lock-file/

Coding Geek:
How does a relational database work
Aug 19, 2015 @ 14:49:41

You may have been using relational databases in your PHP applications for a long time (PHP loves MySQL after all) but you might not have ever dug deep enough to understand how those databases work internally. In this detailed tutorial from Coding Geek they dive way in and cover everything from the basics out to complex sorting, management components and query handling.

When it comes to relational databases, I can’t help thinking that something is missing. They’re used everywhere. [...] you can google by yourself “how does a relational database work” to see how few results there are. [...] Are relational databases too old and too boring to be explained outside of university courses, research papers and books?

As a developer, I HATE using something I don’t understand. And, if databases have been used for 40 years, there must be a reason. [...] Over the years, I’ve spent hundreds of hours to really understand these weird black boxes I use every day. Relational Databases are very interesting because they’re based on useful and reusable concepts. If understanding a database interests you but you’ve never had the time or the will to dig into this wide subject, you should like this article.

He covers a wide range of topics during the post:

  • O(1)) vs O(n2) (or how data sets are handled based on size)
  • Array, Tree and Hash table
  • Global overview (structure of the database system and its pieces)
  • Query manager
  • Statistics (and optimizing storage of the data)
  • Data manager
  • Deadlock
  • Logging

Each of these topics comes with a lot of explanation, examples of how the internals are functioning as well as diagrams to help make a bit more sense. If you've ever really wanted to know how that database you use functions, this is definitely the article to check out.

tagged: relational database indepth concepts lowlevel highlevel query optimization transaction buffer

Link: http://coding-geek.com/how-databases-work/

Community News:
"Are Conference Talks Getting Too Soft?" (Adam Culp & Cal Evans)
Mar 03, 2015 @ 17:57:42

There's an interesting set of posts from PHP community members Adam Culp and Cal Evans each on a similar subject centering around conferences and the presentations made at them. They both wonder if talks are getting too "soft" and not focusing as much on the technology and getting in-depth as they should be. From Cal:

PHP conferences are changing very slowly, and not in a way that I like. I blame myself. As a frequent speaker I am getting lazy. I get caught up in the excitement of the CfP, I write up 5-10 abstracts and shotgun them into the CfP system hoping that something hits the mark. I’ve not actually written these talks. In most cases, I’m pretty sure I can get 45 minutes on the topic, but I don’t know for sure because I’ve not bothered to write it yet. Adam Culp talks about this very thing in his post “Are Conference Talks Getting Too Soft?“.

Adam points out that, while introductory talks and overviews are acceptable level coverage for someone new to the speaking scene (or development), the trend seems to be that everyone is providing less "meat" in their talks.

It is hard to teach a great amount in a 1 hour talk, but if there is not some immediately usable content an attendee will have a tough time proving to their short sighted boss that it was worth their time.

Both Adam and Cal set out a challenge, both to themselves and other speakers in the community. They encourage you to spend more time with your subjects, get in-depth into the topics, present on what you're excited about and maybe even try them out locally first.

tagged: conference talk soft indepth opinion topic adamculp calevans

Link: http://www.geekyboy.com/archives/1076


Trending Topics: