Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Re-Introducing Composer – the Cornerstone of Modern PHP Apps
May 22, 2017 @ 11:54:48

If you've been developing any kind of PHP applications lately, chances are you've at least heard of Composer. This package manager has dramatically changed the way we develop in PHP but there are still some out there wondering what all the fuss is about. In this tutorial from SitePoint author Claudio Ribeiro (re-)introduces this powerful tool and provides some basics of its use.

In this article, we will tackle the basics of Composer, and what makes it such a powerful and useful tool.

Before we go into detail, there are two things that we need to have in mind: what Composer is [and] what Composer is not. [...] Essentially, Composer allows you to declare and manage every dependency of your PHP projects.

He then walks you through the installation of the tool, running it either globally or locally (per-project). He lists out some of the basic commands, what they're for and helps you on your way to installing your first package: PHPUnit. He also covers the special "vendor" folder Composer creates, how autoloading works, various configuration values and installing packages globally rather than just locally. He then talks about the other side of the PHP package ecosystem: Packagist including how to submit packages and set up your own package's composer.json so it can be pulled in correctly.

tagged: composer introduction basics tutorial package packagist

Link: https://www.sitepoint.com/re-introducing-composer/

Dotkernel.com:
What is PSR-7 and How to Use It
May 22, 2017 @ 10:18:50

On of the standards that have come out of the PHP-FIG (PHP Framework Interoperability Group) in the past few years has been PSR-7, a standards definition for working with HTTP requests and responses as PHP objects. While those that have worked with most of the PHP frameworks out there may be familiar with the concept, it can be confusing if you're just getting started with the idea. In this post on the Dotkernel site they introduce PSR-7, talking about its goals and what it defines to help bring everyone on the same page for HTTP requests.

PSR-7 is a set of common interfaces defined by PHP Framework Interop Group. These interfaces are representing HTTP messages, and URIs for use when communicating trough HTTP.

Any web application using this set of interfaces is a PSR-7 application.

They start off by defining (and linking to) the different interfaces involved in the PSR-7 specification (the spec doesn't define functionality, only the structure). From there the tutorial uses the Zend Diactoros component to illustrate an implementation of the PSR-7 structure. They cover two of the main tasks when working with HTTP requests/responses: working with the headers and fetching/writing to the body.

tagged: psr7 phpfig standard http request response introduction

Link: https://www.dotkernel.com/dotkernel3/what-is-psr-7-and-how-to-use-it/

TutsPlus.com:
What Is WP-CLI? A Beginner’s Guide
May 18, 2017 @ 10:35:31

The TutsPlus.com site has posted a new tutorial introducing you to the WordPress command line tool, the WP-CLI.

WP-CLI has been around for quite some time now (circa 2011) and has steadily gained momentum in the WordPress developer community. But what is it exactly, and how can you use it in your WordPress workflow?

The idea behind WP-CLI is that it allows you to interact with, and manage, WordPress sites via a command line interface. According to the official documentation, it's a command line alternative to using the traditional WordPress admin user interface.

They starts by explaining some of what the tool can do and help you get it installed either manually (on Mac or Windows) or more automatically for the DesktopServer users out there. The tutorial then goes through the basics of using the wp command line tool including getting a listing of current settings, showing the version installed and getting a list of currently installed plugins and themes. It also shows how to install new plugins, list posts, pages and comments currently in the system. The post ends with some additional resources where you can get more information about the WP-CLI tool and its features.

tagged: wordpress wpcli tool commandline introduction tutorial

Link: https://code.tutsplus.com/tutorials/what-is-wp-cli-a-beginners-guide--cms-28649

Zend Framework Blog:
Context-specific escaping with zend-escaper
May 17, 2017 @ 09:44:25

The Zend Framework blog has continued their series spotlighting individual components of the framework and putting them to use outside of a ZF-based application. In the latest post they show how to use zend-escaper to handle context-specific escaping.

Security of your website is not just about mitigating and preventing things like SQL injection; it's also about protecting your users as they browse the site from things like cross-site scripting (XSS) attacks, cross-site request forgery (CSRF), and more. In particular, you need to be very careful about how you generate HTML, CSS, and JavaScript to ensure that you do not create such vectors.

As the mantra goes, filter input, and escape output.

They start with some of the main issues around escaping output in PHP (and some of the inconsistencies) and what zend-escaper can to to help. The tutorial then shows how to pull the component into your current application via Composer and set up a new Escaper instance. It briefly covers the built-in escaping methods and then provides some more real-world examples of how it can be used to protect your application.

tagged: zendescaper component tutorial introduction output escaping

Link: https://framework.zend.com/blog/2017-05-16-zend-escaper.html

Scotch.io:
User Authorization in Laravel 5.4 with Spatie Laravel-Permission
May 16, 2017 @ 11:28:09

On the Scotch.io site a new tutorial has been posted showing you how to use the Laravel-permission package (from Spatie) to more easily handle permission setup and validation in a Laravel application.

When building an application, we often need to set up an access control list (ACL). An ACL specifies the level of permission granted to a user of an application. For example a user John may have the permission to read and write to a resource while another user Smith may have the permission only to read the resource.

In this tutorial, I will teach you how to add access control to a Laravel app using Laravel-permission package. For this tutorial we will build a simple blog application where users can be assigned different levels of permission.

The tutorial then walks though the installation of the package and some of the new tables it adds to the database when you run the included migrations. It then talks about some of the methods that can be used, both on the backend and in Blade templates, to evaluate if the current user has the roles required. Next up is the creation of the controllers to handle the basic CRUD tasks and working with the blog posts and views to set up the permissions and roles. Finally the tutorial shows the code required to evaluate the roles and permissions of the user and an example of middleware that performs a pre-check to see if a user even has access to manage various pieces of the application.

tagged: tutorial spatie permission role package introduction blog acl ui interface

Link: https://scotch.io/tutorials/user-authorization-in-laravel-54-with-spatie-laravel-permission

BugSnag:
Packagist and the PHP ecosystem
May 11, 2017 @ 10:49:17

The BugSnag blog has posted a tutorial from a guest author, Graham Campbell, introducing you to Packagist and the PHP ecosystem continuing on from the previous post introducing the Composer tool.

In our last blog post we saw the basics of Composer, but skipped over where it actually finds its packages, and how to publish packages of your own. In this blog post, we will be looking at exactly this, plus some security considerations when using composer in your application.

The post starts off by introducing Packagist and how you can distribute your package there. There's a section that covers Open Source licenses, a few of the different types and how to list licenses of your currently installed packages. Following this the post talks about using branches and aliases to pull in the code you need (not just the latest release). The tutorial wraps up with a look at some of the security concerns around using packages and how to keep on top of new versions with new bugfixes.

tagged: packagist ecosystem introduction package license security

Link: https://blog.bugsnag.com/packagist-and-the-php-ecosystem/

TutsPlus.com:
Working With PHP Arrays in the Right Way
Apr 26, 2017 @ 11:57:09

If you're relatively new to the PHP language and are just getting your feet wet, the massive amounts of array functionality included in the language could be confusing. This is where this new article on the TutsPlus.com site comes in, showing you how to work with PHP arrays "the right way".

n this tutorial, I am going to make a list of common PHP array functions with examples of usage and best practices. Every PHP developer must know how to use them and how to combine array functions to make code readable and short.

Also, there is a presentation with given code examples, so you can download it from the related links and show it to your colleagues to build a stronger team.

He starts out with some of the basics around using arrays in PHP and then quickly moves into other topics:

  • shortening code with functions like list
  • using the filtering functions
  • walking through array values
  • joining arrays
  • generating arrays
  • sorting the contents of arrays

He ends the post with a look at combining array functions to make it simpler to do things like remove empty values or return just the top three values.

tagged: tutorial introduction array functionality language

Link: https://code.tutsplus.com/tutorials/working-with-php-arrays-in-the-right-way--cms-28606

Gundars Meness:
Unit Testing - The Big Picture
Apr 24, 2017 @ 11:56:50

If you're still new to the world of testing in your applications, you should give this new guide from Gundars Meness a read. He's done a great job of providing "the big picture" of testing - why to do it and what it is.

This is not a crash course of what characters one needs to type in his code editor to produce unit tests. This is fuel the brain requires before attempting such actions.

The subject of Unit Testing is not as simple as one might think. Many of us, developers, go into unit testing based on pressure from clients, peers, colleagues, our heroes and so on. We quickly learn the value of it, and, once the tech setup is done, there is a tendency to forget the big picture, if it was ever learnt. This article will provide a short insight into what is and isn’t unit testing in PHP and in general, and unit test place in the quality assurance realm.

He then breaks up the article into a few different sections, each with a paragraph or two, covering different testing related topics:

  • What is testing?
  • What really is testing?
  • What is Unit Testing?
  • How to write a Unit test?

There's some great suggestions in here, for both those new to testing and those still trying to figure out some good practices.

tagged: unittest introduction bigpicture testing

Link: http://gundars.me/php/unit-testing-php-big-picture/

SitePoint PHP Blog:
Getting to Know and Love Xdebug
Apr 20, 2017 @ 17:55:59

On the SitePoint PHP blog editor Bruno Skvorc has posted a tutorial introducing you to Xdebug, the powerful debugging tool for PHP applications.

It’s been 15 years since Xdebug first came out. We think this is the perfect opportunity to re-introduce it to the world, and explain how and why it does what it does. Xdebug is a PHP extension (meaning it needs to be compiled and installed into a PHP installation) which provides the developer with some features for debugging.

It starts off by explaining some of the functionality that Xdebug brings to your debugging practices and the features that can help make it flow a little easier. It talks about how it differs from some of the IDE debugging tools and services like Blackfire.io. Next up is the example putting it to use and what the resulting errors look like. The post then gets into the integration of Vagrant with PhpStorm, using the profiler and how to force the rendering in Laravel output (it normally overrides the exception output with its own formatting).

tagged: tutorial know love xdebug introduction php debug debugging

Link: https://www.sitepoint.com/getting-know-love-xdebug/

Laravel News:
An Introduction to Laravel Authorization Gates
Apr 20, 2017 @ 15:21:20

On the Laravel News site there's a new post introducing you to "authorization gates" in Laravel, a feature that allows you to ensure a user has the permissions to perform the action being requested.

Laravel Gate has an elegant mechanism to ensure users are authorized to perform actions on resources. Before version 5.1, developers used ACL packages such as Entrust or Sentinel along with middlewares for authorization.

The problem with this approach is the permissions you attach to users are just flags; they don’t encode the complex logic of the permission for some use cases. We have to write the actual access logic within controllers.

They mention some advantages to using Gate over other external packages (like Sentinel or Entrust) by being "opinionated" about its use and the decoupling of access logic from business logic. They then share an example in a basic Laravel application, protecting "posts" based on the user's current roles. Models, migrations the auth generation are all included. They then show how to define policies in the AuthServiceProvider for CRUD operations on the posts and how to enforce their checks in the Post controller execution flow.

tagged: laravel gates authorization introduction tutorial

Link: https://laravel-news.com/authorization-gates