Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

IBM Security Intelligence:
The Webshell Game Continues
Jul 20, 2016 @ 11:50:15

On the IBM Security Intelligence site there's a new article posted talking about webshells. For those not familiar with webshells, they're scripts that can be used to control servers or work as a platform to access other systems put in place by attackers. In this article they introduce some of the basics around webshells and the rise they're seeing in their use.

The IBM X-Force Research team reported an increase in PHP C99 webshell attacks in April 2016. More recently, webshells dubbed b374k made their mark with attacks that the team has been tracking over the past few months.

Although this blog highlights some features of the b374k shell, the main objective is to call your attention to the fact that PHP applications are becoming an increasingly popular choice for attackers aiming to glean your data and deface your website without much hard work. This threat should be pushed to the top of your priority list — primarily because of the power of the tool used for this type of attack, but also because of the startling increase in this attack type this year.

They start off with some of the basics of webshells, more related to the PHP versions: what they are, what kind of functionality they commonly provide and an example of the UI of a shell. They then talk about some of the common delivery methods, potential entry points of these attacks and some of the "indicators of compromise" you can use to detect them. They also include mitigations you can perform to rid yourself of these webshells including adding additional plugins/software and locking down features of PHP itself.

tagged: webshell game introduction example features attack security

Link: https://securityintelligence.com/the-webshell-game-continues/

Matt Allan:
Understanding Dependency Injection Containers
Jul 18, 2016 @ 11:54:54

In this recent post to his site Matt Allan introduces a concept that's become an integral part of most major PHP frameworks and applications recently: dependency injection containers.

If you are writing modern PHP, you will run across dependency injection a lot. Basically all dependency injection means is that if an object needs something, you pass it in. So if you have a class [...] you would pass in (inject) the object it needs (the dependency) instead of instantiating it in the class. Dependency injection makes your code more flexible and easier to test. If you want to learn more about dependency injection in general, check out this summary in the PHP The Right Way guide.

He then breaks down the main concept, the container, and how it is usually used to store instances of various objects and other functionality. He includes the code to create a simple container, allowing for closures to be set to "entries" values. He also shows how to update the simple container to allow for singleton handling, creating an object once and returning it over and over (useful in some cases).

tagged: dependency injection container tutorial introduction

Link: http://mattallan.org/2016/dependency-injection-containers/

Thijs Feryn:
What are Type Errors in PHP 7?
Jul 15, 2016 @ 09:58:19

In a new post to his site Thijs Feryn has shared an overview of the different types of type errors that can pop up in PHP 7. This includes both a text-based and video based versions depending on your preference.

PHP 7 has a concept called Type Errors. These errors are thrown on a type mismatch when interacting with functions. They can be caught just like exceptions. I created a video that explains the situation. This blog post goes into more detail and has some code examples.

The post gets into the details of the type errors including topics like:

  • new type hints that were introduced
  • how you can manually throw type errors
  • when PHP itself would throw the errors
  • type coercion

There's also a brief section about strict typing and how that changes what errors PHP might throw in your scripts.

tagged: type error php7 introduction overview video tutorial

Link: https://blog.feryn.eu/type-errors-php-7/

Helge Sverre:
Database migrations in PHP with Phinx
Jul 04, 2016 @ 11:14:55

Helge Sverre has put together an introduction of a tool perfect for anyone that's been looking for a framework-agnostic way to handle database migrations: Phinx.

Phinx is a database migration tool written by Rob Morgan in PHP, what that means is that you can tell Phinx that you want to create a new database table, add a column or edit the properties of a column by writing “migrations”.

You can then run this migration using the Phinx tool and it will connect to your database with the configuration that you specified and perform the database updates for you automatically.

He then walks you through a full introduction to the tool, breaking it down into sections:

  • Getting Phinx installed (via Composer)
  • Configuring it via a YAML file
  • Writing your first simple migrations
  • Creating database seeders (including the use of Faker data)
  • Rolling back your migrations

All of these topics come with plenty of code, configuration and output examples, helping you ensure you're on the right track.

tagged: database migration phinx library introduction faker tutorial

Link: https://helgesverre.com/blog/database-migrations-in-php-with-phinx/

Freek Van der Herten:
A package to log activity in a Laravel app
Jun 30, 2016 @ 09:46:17

In a new post to his site Freek Van der Herten shares information about a logging package they've developed for Laravel-based applications to make activity logging simpler throughout the app: laravel-activitylog.

n your apps there’s probably a lot going on. Users log in and out, they create, update and delete content, mails get sent and so on. For an administrator of an app these events provide useful insights. In almost every project we make at Spatie we log these events and show them in the admin-section of our site. [...] We made a new package called laravel-activitylog that makes logging activities in a Laravel app a cinch. In this blogpost I’d like to walk you through it.

He then goes through the basics of using the library, complete with code examples:

  • simple activity logging with messaging
  • providing the "acted on" object information
  • logging the information about who the actor was

There's also a section with details on automatic model logging, making it easier to see the changes on you data without having to log each one individually. He also shows you how to use multiple logs, providing a method to narrow down log records by type.

tagged: laravel application logging package example introduction model

Link: https://murze.be/2016/06/package-log-activity-laravel-app/

TutsPlus.com:
Internationalizing WordPress Projects: The Introduction
Jun 28, 2016 @ 10:38:01

The TutsPlus.com site has kicked off a new set of posts today with he first part of their series covering internationalization in WordPress applications.

A few years ago, I wrote about the process of internationalizing WordPress-based projects. Though I think there are some times when tutorials don't necessarily need updating, refreshing, or revisiting, there are other times in which we can all benefit from revisiting the topic.

After all, software changes from year to year, and we also gain experience as we continue to work with a given piece of software. WordPress is no different.

They'll be covering what internationalization is, how it works within WordPress, the difference between internationalization and localization and more. In this first part of the series, though, they briefly cover some of the functions and functionality you might see as a part of WordPress already to make internationalization possible.

tagged: internationalization wordpress tutorial series part1 introduction

Link: http://code.tutsplus.com/tutorials/internationalizing-wordpress-projects-the-introduction--cms-26636

Laravel News:
Easily Test Email with MailThief
Jun 24, 2016 @ 11:50:56

The Laravel News site has a post that gives you a quick introduction to MailThief, a library created by the developers at Tighten Co. to make mail testing simpler.

MailThief is a new package by Tighten Co. that provides a fake mailer for your Laravel application. This makes it easy to test email without actually sending any.

They include a simple example of a script that sends an email on user registration using Laravel's own Mail library. They also include a test for the registration action showing how MailThief can be used to "hijack" the mailer and make it simpler to get information about the mail being sent. You can find out more about the tool and what prompted it in this video from Adam Wathan.

tagged: mailthief testing unittest mailer email example introduction

Link: https://laravel-news.com/2016/06/mailthief/

Richard Bagshaw:
Prophecy
Jun 24, 2016 @ 09:11:01

Richard Bagshaw has a post to his site sharing some of his experience with the Prophecy testing tool and how it compares to Mockery for creating test doubles (mocks and stubs).

For a while now I have been using Mockery as my test double framework of choice, however recently I have been taking a look at Prophecy as an alternative.

[...] "Prophecy is a highly opinionated yet very powerful and flexible PHP object mocking framework. Though initially it was created to fulfil phpspec2 needs, it is flexible enough to be used inside any testing framework out there with minimal effort."

He then gets into some basic usage of the tool - creating a basic mock, assigning expectations and behaviors and performing the test. He steps through each line of the example explaining what's happening and what can be expected as a result. He ends the post with some final thoughts comparing Prophecy to the normal PHPUnit mocking tools and points out several other features it makes easier to work with as well.

tagged: prophecy unittest doubles mock stub example introduction tutorial

Link: http://www.richardbagshaw.co.uk/prophecy/

Torben Köhn:
PHP Generators – A Guide and Tutorial
Jun 22, 2016 @ 13:45:44

For those that may have heard about generators but aren't too familiar with them or what they do, Torben Köhn has posted a great introduction to them and their functionality.

In my in-depth guide about iterators I talked about what iterators are exactly and how you can use them. At the end I told you that I’ll also write one for generators. Here it is.

First off, if you don’t know what an iterator is and you’d not be able to explain to someone else what it is, you will not have much fun with this because you won’t exactly recognize the use-cases. I suggest you read my iterator-guide first. After this, don’t get scared off by some confusing words used here, I’ll try to clarify every single one.

He breaks up the rest of the post into different sections, each walking you through different aspects of generators:

  • What is a generator?
  • The yield-keyword
  • Iterating a generator
  • Yielding keys
  • Yielding in a loop
  • An infinite generator

He wraps up the post sharing some real use-cases for generators to help you understand them with a bit more practical application (including stacking them, file system handling and co-routines).

tagged: generators tutorial introduction guide beginner

Link: http://tk.talesoft.io/2016/06/06/php-generators-a-guide-and-tutorial/

Sherif Ramadan:
Bloom Filters in PHP
Jun 22, 2016 @ 10:56:26

On his site Sherif Ramadan has posted an interesting tutorial covering implementing bloom filters in PHP. Bloom filters are data structures that make it easier to determine if something is a member of a set.

Let's imagine you have built a music app like Spotify. You've finally grown this thing to sizeable amount of users and you have a decent number of titles in your content library. Let's also say this app has social elements to it so your users can connect with their facebook friends or twitter followers. Now, let's say each time your users play a song in your app you want to ask the question Which of this user's friends have NOT listened to this song yet? The intention being that you may recommend that song to them if they haven't listened to it.

One solution to this problem is to use a data structure known as a bloom filter. A bloom filter is basically a very space-efficient hash set with probabilistic tendency. If you aren't familiar with a hash set or sets in general, let's do a quick review of what they mean.

He goes on to explain what a bloom filter is and how it differs from normal sets, hash sets and hash maps. He then introduces some of the basic concepts involved in creating and using bloom filters. To help make things clearer, he provides a "contrived example" using lightbulbs and the probably that they've been turned on. From there he starts to get into something more practical, something more in the world of PHP. He includes a basic Bloomfilter class example and some of the results (performance) of using it over something like in_array (especially for large data sets).

tagged: bloom filter example tutorial introduction probability set

Link: http://phpden.info/Bloom-filters-in-PHP