Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

TutsPlus.com:
Get Started With Pusher: Using Presence Channels
Aug 23, 2018 @ 10:53:56

The TutsPlus.com site has continued their series looking at using the Pusher real-time communication service in your PHP application with a new tutorial. In this latest article, they show the use of presence channels, a feature that makes it simpler to know which users are connected to which channels.

In this series, we've been learning about Channels from Pusher, a platform that allows you to give your users the seamless real-time experience they want.

Presence channels build on the security provided by private channels, but they add the benefit of knowing which users are subscribed and connected to that channel. The best part is how easy it is to implement and use presence channels, and it's even easier if you've already configured your app to use private channels.

As in the previous articles in the series, they've provided both a screencast of the tutorial and the text-based version. They show how to modify the server you've already created to authorize a user and send that information along with the messages back to the Pusher service. They also include the changes to the frontend client to gather and send user information.

tagged: pusher service tutorial channel presence user information realtime

Link: https://code.tutsplus.com/tutorials/get-started-with-pusher-using-presence-channels--cms-31448

Evozon Blog:
GDPR – a brief reality check
Nov 03, 2017 @ 11:18:45

On the Evozon blog there's a post that provides "a brief reality check to developers about GDPR" and how it effects them and their applications. GDPR (General Data Protection Regulation) is a regulation passed in Europe that enforces certain requirements about personal data and how it should be handled.

If you`re reading this, it means you`ve already heard about it or you`re about to receive some flash-news: there`s a new all-encompassing data privacy regulation in the EU. Ready or not, 25th of May 2018, the date when the General Data Protection Regulation (GDPR) becomes effective, will wait for nobody. If there’s any buzz around it, it`s because of a good reason: businesses will have to comply, software will have to evolve.

While there is still some uncertainty around certain parts, the article goes through some things you can do to help you prepare and make your application compliant including:

  • discovering and documenting the purpose of the data that is being collected
  • providing clear notification of data collection for the user
  • define retention periods and deletion policies
  • tracing any changes that happen with the data

The article does a good job providing a "checklist" of sorts you can use to ensure you're compliant. Of course, it's by no means an actual method of compliance but it does provide a good list to guide you in the right direction.

tagged: gdpr data protection personal information europe regulation

Link: https://magento.evozon.com/gdpr-a-brief-reality-check.html

Mattias Geniar:
Mitigating PHP’s long standing issue with OPCache leaking sensitive data
Feb 28, 2017 @ 11:39:33

In a new post to his site Mattias Geniar looks at an old security issue in PHP, opcache information leakage and how to mitigating the issue.

A very old security vulnerability has been fixed in PHP regarding the way it handles its OPCaches in environments where a single master process shares multiple PHP-FPM pools. This is the most common way to run PHP nowadays and might affect you, too.

He starts by talking about the vulnerability itself, that the PHP process doesn't validate the userid when fetching cached bytecode. This could result in information from other operations/scripts being exposed to other processes in a PHP-FPM pool. His solution? Upgrade PHP (the bug is fixed back in PHP 5.6.5) and set a few additional opcache ini settings to enforce the validation. Besides 5.6.29, it was also corrected in the PHP 7 releases (7.0.14 and 7.1.0). The post then talks about the potential exploit - an indirect local privilege escalation to root where the shared memory is read and access to outside information is possible.

tagged: opcache bytecode security issue leak sensitive information mitigation

Link: https://ma.ttias.be/mitigating-phps-long-standing-issue-opcache-leaking-sensitive-data/

Laravel News:
Laravel Cheat Sheet
Apr 07, 2016 @ 11:20:09

As is mentioned in this new post to the Laravel News site, there's a handy Laravel Cheat Sheet that's been published to help keep relevant Laravel information at your fingertips.

The Laravel Cheat Sheet is a new project from the EST Group that shows you many of the Laravel features from a filterable web app. For those that have used Laravel for a few years, you may notice the similarities to Jesse O’Briens.

Jesse hasn’t had time to keep his version up to date which left an opening for this new one. However, I’m disappointed in the similarities. Even though both are open source it just feels odd to me that this one looks so much like Jesse’s.

You can view the project directly (via GitHub pages) or grab the source if you'd like to check it out.

tagged: laravel cheatsheet project github information quick reference

Link: https://laravel-news.com/2016/04/laravel-cheat-sheet/

Damien Seguy:
Prepare for PHP 7 error messages (Series)
May 26, 2015 @ 09:35:11

For those looking forward to PHP 7, there's a new series of posts from Damien Seguy that can help you with some of the newer error messages and what might be causing them.

The first step to prepare for PHP 7 is to lint it : using the command line instruction ‘php -l script.php’, one can easily check that every file in a current application compile with PHP 7. The second step is to run the application and the unit tests : in short, execute it with PHP 7. And this is where we’ll learn about the new errors that PHP has prepared for us. In order to be one step ahead of the migration, this article will help you prepare here is a panorama on PHP error messages.

In part one he looks at some of the most often raised errors including the incorrect use of "$this" and undefined offsets. Part two gets into a few more complex messages about return type hinting, the constant scalar expression and using temporary expressions in a write context. Finally, part three looks at messaging around redefinition of identical parameters, bit shifting by a negative number, named constructor deprecation and strict typing. Each part of the series covers a few more than just the ones listed here too, so be sure to check each for more helpful error messages and solutions.

tagged: php7 error message help series part1 part2 part3 resolve information

Link: http://www.exakat.io/php-7-error-messages-part-1/

Derick Rethans:
Xdebug 2.3: Moar var_dump()
Feb 27, 2015 @ 09:58:40

Derick Rethans has a new post to his site starting a series of posts about the new features of Xdebug 2.3. In this new post he talks about an improvement that's been made to the output provided by var_dump with more information than before.

One of the new features relates to one of the first things that I added in the original Xdebug: making the var_dump() output "pretty". Xdebug replaces PHP's standard var_dump() function with its own version, as long as the xdebug.overload_var_dump setting is not set to 0. [...] Xdebug 2.3 enhances the overloading of var_dump() with the inclusion of the file name and line number where var_dump() is called at. This has been a long standing feature request.

He provides a few sample screenshots comparing the old and new output formats and mentions another handy setting, xdebug.file_link_format, that makes the resulting filename a link in a browser and lets you customize the format.

tagged: xdebug vardump overload file path information output improvement release

Link: http://derickrethans.nl/xdebug-2.3-overload-vardump.html

NetTuts.com:
A Practical Use of WordPress Global Variables
Sep 23, 2014 @ 11:54:09

On the NetTuts.com site there's a new post (a part of a series) that introduces you to the global variables available in WordPress and provides a practical use for them.

In the first article in this series, we reviewed an introduction to WordPress global variables. Specifically, we said that they are variables that hold a variety information that can be accessed from anywhere in the WordPress page lifecycle. We learned how to access a global variable and display various details about the latest post using the $post global variable. In today’s article, we will dive further into global variables by learning how to access them to display the author information.

In this post they focus on extracting user (author) data from the system via the "authordata" global variable. He shows an example of a print_r output of the data it contains and use this to filter posts, only showing three per-author.

tagged: wordpress global variable author information authordata

Link: http://code.tutsplus.com/tutorials/a-practical-use-of-wordpress-global-variables--cms-20854

SitePoint PHP Blog:
PHP and WMI – Dig deep into Windows with PHP
Dec 24, 2013 @ 12:30:25

On the SitePoint PHP blog they've posted a new tutorial that "digs deep" into PHP on Windows with WMI, the Windows Management Instrumentation functionality - a web-based architecture information gathering system.

There are many devices (servers, desktops, laptops, tablets, phones, etc) running a Windows operating system. Many of us who live in the nix based world have to work in this OS, or if we don't, we will, sooner or later. Besides the regular tools we can expect from a *nix system (say Apache, PHP, MySQL, C/C++ compilers, etc), Windows offers a set of unique features not present in any other OS, and WMI is one of them. In this article, we will address the questions like: What is WMI? How to use WMI with PHP? We will have some minimal sample codes to go through the basic programming techniques.

He starts off the post briefly explaining what WMI is and what kinds of problems it solves. He shows you how to check if it's installed (it probably is on most recent Windows machines) and that it's enabled. He also shows how to configure the firewall to allow WMI connections and the library you'll need to get the PHP support functional (php_com_dotnet.dll). He then gets into what kind of information you can get from WMI including local hardware information, BIOS details and memory usage. Some simple code is included using the COM functionality to connect to the server and run a query.

tagged: windows wmi information tutorial introduction com

Link: http://www.sitepoint.com/php-wmi-dig-deep-windows-php

Liip Blog:
How to preload ACL in order to get good performances
Oct 09, 2013 @ 10:40:34

On the Liip blog today Jean-Christophe Zulian shares an idea about gaining performance in your access controlled section of your application. He suggests preloading ACL information in Symfony2-based applications.

Symfony2 comes with an ACL mechanism that can help you whenever you need to add some permissions in your system. [...] Unfortunately we came across a situation where we had to do this kind of permission check on a very long list of items. [...] erformance will go bad (or very bad in our case) and as the system keep storing more and more of the same kind of data it become slower and slower. [...] Luckily for us Sf2 ACL system provides a way out of this. You can in a small amount of query load all the ACLs that are related to some given objects.

He includes a small snippet of code that takes in a set of blog posts (as an example) and calls a "findAcls" method to pre-fetch the information. That information is then available for the rest of the request. The fetch is done by packet instead of via one large query, making it a bit more performant.

tagged: symfony2 preload acl information performance

Link: http://blog.liip.ch/archive/2013/10/09/how-to-preload-acl-in-order-to-get-good-performances.html

PHPMaster.com:
6 Things to Consider when Choosing a Framework
Apr 08, 2013 @ 11:29:07

PHPMaster.com has posted a list of six things they think you should think about as you're selecting the framework for your next application.

You've decided that it makes sense to use a framework when writing your next new application, and chances are that if you're already familiar with a specific framework, then you'll probably be leaning towards using that one when you start. But are you sure it's really the most appropriate for the task at hand? In the name of due-diligence, here are some of questions that you should ask yourself before settling on a particular framework to make sure you're not programming "against the grain" and also to make sure it will be able to meet your needs now and in the long-term.

He doesn't get into any specifics of any PHP frameworks out there, but suggests general questions to ask even before getting too deep into the technology:

  • What do I need from the framework?
  • Do I expect the framework to help manage consistency?
  • Is good documentation available?
  • Is the framework actively developed, and does it have an active user base?
  • Does the framework work in what I run in production?
  • What business factors are influencing my decision?
Not every application needs to be written using a framework. But if you've decided that yours does, then it's beneficial to compare your needs against the features and benefits of the various framework offerings.
tagged: framework choice advice questions information

Link: http://phpmaster.com/6-things-to-consider-when-choosing-a-framework