Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Barry vd. Heuvel:
Comparing Blade and Twig templates in Laravel
Aug 26, 2015 @ 10:02:32

Anyone that has looked at using a templating library in their application has probably come across both Blade (in Laravel) and the Twig libraries. In a post to his site Barry vd. Heuvel compares these two templating libraries based on their features, security and (briefly) performance.

In my company, we use Twig instead of Blade for our Laravel projects. I know there are a lot of developers that also prefer Twig over Blade. So the question ‘Why choose Twig over Blade?’ often pops up. The reason is usually just a matter of preference, but in this post we’re going to compare the Blade and Twig templating engines side-by-side.

He starts with an "about" for each library, giving some basic background and examples of simple templates. He talks about using Twig in Laravel (vs Blade) and then lists some similarities and differences between the two. Following this high-level list he gets into more detail on each feature of the libraries including:

  • Outputting variables
  • Control structures
  • Template inheritance and sections
  • Security and context

Each section includes a description of the feature and a template example showing how it's put to use. He ends the post with his thoughts on which one you should pick for your project, but notes that, like many things in development, the answer is "it depends" on your project and team's needs.

tagged: compare blade template twig library feature overview example

Link: http://barryvdh.nl/laravel/twig/2015/08/22/comparing-blade-and-twig-templates-in-laravel/

Rob Allen:
Slim-Csrf with Slim 3
Aug 25, 2015 @ 09:49:48

In a post to his site Rob Allen shows you how to help secure your Slim 3-based applications with the help of the slim3-csrf package. A CSRF (cross-site request forgery) attack happens when another site requests a page in your application, possibly performing an action.

In addition to the core Slim framework, we also ship a number of add-ons that are useful for specific types of problems. One of these is Slim-Csrf which provides CSRF protection. This is middleware that sets a token in the session for every request that you can then set as an hidden input field on a form. When the form is submitted, the middleware checks that the value in the form field matches the value stored in the session. If they match, then the all is okay, but if they don't then an error is raised.

He shows how to add the middleware to your Slim 3 application and how to add the token to each form. The library generates random values for both the name of the token and the value making it compatible with applications that may involve multiple browser windows. He also shows you how to validate the token, either using the built-in "Guard" handling or manually by deferring the check to the route.

tagged: slim3 csrf token package library install configure validate

Link: http://akrabat.com/slim-csrf-with-slim-3/

Andrew Embler:
Q&A: Using Composer in a concrete5 Package
Aug 21, 2015 @ 11:30:46

Andrew Embler has posted a guide to his site showing you how to use Composer with concrete5 to integrate third party libraries quickly and easily. concrete5 is an open source content management system under the MIT license and is flexible and easy to extend.

Let's say I'm creating a statistics package and I want to use LavaCharts in it. For those who don't know, LavaCharts is a PHP library that abstracts Google's JavaScript Chart API to PHP. Instead of writing JavaScript, you build your charts with object-oriented PHP. It's nice. LavaCharts is available through Composer, so I'll include it that way.

He uses this particular package as an example, showing you how to create the composer.json file to include the LavaCharts library and run Composer to install it. He then shows the integration of the package with the concrete5 CMS instance, including the Composer autoloader in the "on start" handling. From there it's just a matter of referencing the library via its namespace and using it to populate and generate the resulting chart.

tagged: composer lavacharts tutorial integration library package concrete5 cms

Link: http://andrewembler.com/2015/08/q-using-composer-concrete5-package/

SitePoint PHP Blog:
Drupal 8 Theming Revamped – Updates and New Features
Aug 11, 2015 @ 11:08:28

The SitePoint PHP blog has a tutorial posted introducing some of the updates to the theme functionality in Drupal 8 including some new features.

If you are a Drupal developer who has dabbled in theming older versions of Drupal (5, 6, 7) you understand why frustration is the trusty companion of any Drupal themer. Luckily, though, Drupal 8 promises so many improvements that even the Angry Themer is happy for a change. It is only natural we jump in and start looking at what these improvement are.

They talk about the changes in:

  • creating a module and defining its theme
  • that Twig is now the template library
  • updates to template handling
  • how to debug themes/templates
  • working with assets and libraries

Each topic includes a summary of the changes or more information about the topic including links to other resources with more information about each.

tagged: drupal8 update theme feature twig template debug asset library

Link: http://www.sitepoint.com/drupal-8-theming-revamped-updates-and-new-features/

SitePoint PHP Blog:
Introduction to Elasticsearch in PHP
Aug 04, 2015 @ 09:31:05

The SitePoint PHP blog has posted an introduction to using Elasticsearch in your PHP applications. In it author Wern Ancheta covers some of the basics of this powerful tool and helps you get an example script up and running for testing.

In this tutorial, we’re going to take a look at Elasticsearch and how we can use it in PHP. Elasticsearch is an open-source search server based on Apache Lucene. We can use it to perform super fast full-text and other complex searches. It also includes a REST API which allows us to easily issue requests for creating, deleting, updating and retrieving of data.

He starts by helping you get Elasticsearch itself installed via the apt-get package manager (may slightly differ depending on your OS of choice) and tested with a simple web-based request to the port the server is running on. With the server set up he then moves on to the PHP aspect, helping you get the elasticsearch library installed via Composer and creating a new client instance. He then includes code examples of some of the main operations you'll perform with entries in the Elasticsearch instance: inserting a document, updating a document, deleting and - of course - searching for documents matching certain simple and more complex criteria.

tagged: introduction tutorial elasticsearch install library insert update delete search

Link: http://www.sitepoint.com/introduction-to-elasticsearch-in-php/

Paragon Initiative:
Secure Data Encryption in Web Applications with PHP
Aug 03, 2015 @ 10:58:47

The Paragon Initiative has posted a new white paper to their site covering secure data encryption in web applications written in PHP. The paper covers high level topics and offers some more practical suggestions about tools and guides to use in protecting your applications.

Encrypting network communications is absolutely essential to the security of anyone who wishes to use your website or application. The standard and most reliable form of network encryption is called Transport Layer Security (TLS), which was preceded by and older standard called Secure Socket Layer (SSL).

Websites that use SSL or TLS are accessible by typing https://domain.com into your browser instead of just http://domain.com. Consequently, the shorthand way to refer to HTTP over TLS is simply HTTPS. Contrasted with network cryptography, storing sensitive information is a much more challenging and interesting problem to solve, and is the focus of this paper.

Among the topics covered in the white paper are things like:

  • The flow of a HTTPS request (and if it's "fast" or not)
  • Secure password storage and handling
  • On-demand encryption/decryption
  • Cryptography library recommendations
  • Using asymmetric cryptography with public and private keys

They also point to this curated list of resources to help you learn more about general web application security including cryptography.

tagged: secure application cryptography https password library libsodium resources

Link: https://paragonie.com/white-paper/2015-secure-php-data-encryption

Alejandro Celaya:
Working with custom column types in Doctrine. Enums.
Jul 30, 2015 @ 08:37:45

Alejandro Celaya has a post to his site showing you how to work with custom types in Doctrine, more specifically with the "enum" type.

Doctrine is currently the most used ORM in PHP. It makes it very easy to work with databases in an object oriented way. It comes with a set of built-in column types that map database types with PHP types. For example, the datetime column type, persists the value of an entity column as a datetime in the database and handles it as a DateTime object when the entity is hydrated.

Type conversions work both ways, so column types take care of casting database to PHP types and vice versa. In this article I'm going to explain how to define custom column types so that we can persist our own objects into the database and hydrate them back.

He points out that, while PHP itself lacks the "enum" data type, you can simulate it with a library like this. He uses this library to create a custom Doctrine object type that mimic enums in the getting and setting of a value to one of a few options. In this case it's values representing the CRUD methods. He shows the code to link the Type back to the Action which then gives it understanding of what the valid enum values can be. He also points out another package that he published recently that takes some of the work out of creating the boilerplate code for the enum.

tagged: package action tutorial enum type doctrine custom library

Link: http://blog.alejandrocelaya.com/2015/07/28/working-with-custom-column-types-in-doctrine-enums/

SitePoint PHP Blog:
Console Wars – PHP CLI Libraries
Jul 27, 2015 @ 09:32:35

The SitePoint PHP blog has a post that compares some of the major PHP CLI libraries, three of them at least: the Symfony console component, Hoa console and the Webmozart solution.

I have always been a big fan of console commands and I try to provide a command line interface (CLI) as much as possible in most of my PHP projects. In this article, I’ll briefly compare three PHP console command libraries.

He starts with a brief history on each of the libraries, talking about their origins and age. He then talks about the necessary dependencies each requires and the overall complexity of the code they include. Next up is some practical examples putting each to use outputting a simple message back to the user using user input for both the message and output color.

tagged: console commandline library symfony hoa webmozart cli compare

Link: http://www.sitepoint.com/console-wars-php-cli-libraries/

Sameer Borate:
Cron Expression Parser in PHP
Jul 21, 2015 @ 10:15:09

If you've ever worked with the "cron" tool on a unix-based system, you know that there's a special syntax that comes along with defining when the commands should run. It can be difficult to get this timing exactly right, especially if you're very picky about the execution time. In this post from Sameer Borate he shows you a PHP library that can help not only parse current cron configurations but also provides shortcuts for common timings (ex: "daily" or "weekly").

Working with cron scheduling can many times be a frustrating affair. Although setting a few cron jobs at one time can be easy, calculating cron dates in the future in code can get time consuming quickly. The PHP cron expression parser described here can parse a CRON expression, determine if it is due to run, calculate the next run date of the expression or calculate the previous run date of the expression. You can calculate dates far into the future or past by skipping n number of matching dates.

He includes some examples of putting the library to use to define a cron object based on an expression (either via a shortcut or an actual cron time expression). You can then check to see if the cron is "due" or perform some various operations about its run dates. This includes a formatted output of the previous run time, the next run time and the calculation of the next/previous run time based on a relative timestamp.

tagged: cron parser library example tutorial run due evaluation datetime

Link: http://www.codediesel.com/php/cron-expression-parser-in-php/

SitePoint PHP Blog:
Validating your data with Respect Validation
Jul 20, 2015 @ 10:49:26

The SitePoint PHP blog has posted a tutorial showing you how to validate your data with Respect (well, their validation library) and ensure the data you're getting is exactly what you're expecting.

Validation is an important aspect of every application’s interaction with data. Instead of reinventing the wheel every time, the community collaborated on some useful packages like Symfony, Laravel, Zend, etc. In this article, we’re going to introduce a lesser known package called Respect Validation, which provides some nice new features.

He starts by mentioning some of the other popular validation packages used widely in the PHP community including the Symfony Validator and Laravel's Illuminate package. For each of these he shows code validating an email address, each with their own slight differences. Using this same example he shows how to implement it in the Respect library, first making use of their custom "email" validator class then via custom chained rules. He also shows how to set custom error messages and provides a more "real world" example with a simple Laravel application. His application takes in user data including username, password and credit card information and uses Respect's library to validate it via a full set of rules. He ends the post with a quick look at creating your own custom rule classes and how to "cross pollinate" them with Zend or Symfony validators.

tagged: respect validation library tutorial laravel example custom errormessage

Link: http://www.sitepoint.com/validating-your-data-with-respect-validation/