Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
Handling OPTIONS and HEAD Requests with Expressive
Mar 29, 2017 @ 10:39:46

The Zend Framework blog has continued its series of posts focusing on the use of the Zend Expressive framework with a new tutorial covering handling OPTIONS and HEAD requests in an Expressive-based API.

In v1 releases of Expressive, if you did not define routes that included the OPTIONS or HEAD HTTP request methods, routing would result in 404 Not Found statuses, even if a specified route matched the given URI. RFC 7231, however, states that both of these request methods SHOULD work for a given resource URI, so long as it exists on the server. This left users in a bit of a bind.

[...] In the case of a HEAD request, the specification indicates that the resulting response should be identical to that of a GET request to the same URI, only with no body content. This would mean having the same response headers. In the case of an OPTIONS request, typically you would respond with a 200 OK response status, and at least an Allow header indicating what HTTP request methods the resource allows. Sounds like these could be automated, doesn't it? In Expressive 2, we did!

The tutorial then shows you the code you'll need to add to your Expressive v2 application for handling each kind of request. It involves some custom middleware using the route handling on the HEAD request type for one and the other for OPTIONS. The HEAD requests return an empty response while the OPTIONS requests return the data from a manually defined array (no automatic generation from routes or anything).

tagged: zendframework zendexpressive options head request handling

Link: https://framework.zend.com/blog/2017-03-28-expressive-options-head.html

Mark Baker:
Anonymous Class Factory – The Results are in
May 13, 2016 @ 12:15:17

Following up on his previous post about anonymous classes and a factory to generate them, Mark Baker has posted about the results of some additional research he's done on the topic and four options he's come up with.

A week or so ago, I published an article entitled “In Search of an Anonymous Class Factory” about my efforts at writing a “factory” for PHP7’s new Anonymous Classes (extending a named concrete base class, and assigning Traits to it dynamically); and about how I subsequently discovered the expensive memory demands of my original factory code, and then rewrote it using a different and (hopefully) more memory-efficient approach.

Since then, I’ve run some tests for memory usage and timings to assess just how inefficient my first attempt at the factory code was, and whether the new version of the factory really was better than the original.

His four options that finally worked somewhat as he'd wanted were:

  • A factory that returns an instance of a concrete class using the traits he wants
  • A factory that returns an anonymous class extending a concrete class that uses the traits
  • His original Anonymous Class factory and extending the result with the traits
  • His second version of the Anonymous Class factory that creates the instance, caches it and returns a clone

He also includes the code he used to run the tests of each factory method and shares some of the resulting benchmarks (with a few surprises).

tagged: anonymous class factory results options benchmark

Link: https://markbakeruk.net/2016/05/12/anonymous-class-factory-the-results-are-in/

Mandrill Alternatives for PHP Applications
Apr 19, 2016 @ 12:07:16

With the recent (well, not too recent) announcement from MailChimp about the shift to a paid model for their Mandrill email service, PHP developers have been busy looking for alternatives. In this post to the php[architect] site Sandy Smith explores some of the other options out there, how they compare and what they have to offer.

n case you might have missed the announcement, MailChimp is changing Mandrill to be an add-on to paid MailChimp accounts, thus eliminating the generous free tier. We’re big fans of MailChimp and use its mailing list service for our own announcements, but a full MailChimp account isn’t going to be for everybody. [...] Many people also know Mandrill by reputation and will need options in the future. For you, we’ve put together this list of viable transactional email alternatives with PHP and major PHP application support.

Included in their list are services like:

For each service he includes a paragraph talking about what integrations and libraries there are for their use as well as what's included in their "free" levels.

tagged: mandrill alternative email service options sdk overview

Link: https://www.phparch.com/2016/04/mandrill-alternatives-for-php-applications/

Alejandro Celaya:
How to properly implement persistent login
Feb 10, 2016 @ 10:55:37

In his latest post to his site Alejandro Celaya shares some suggestions about how to make a good, safe persistent login feature for your application. This is usually referred to as the "remember me" handling and is widely used to help improve the overall user experience.

I'm sure you are familiar with those "remember me" checkboxes in login forms. They are a common way to allow a user to keep his/her session in a web application for an extended period of time when he is in a trusted computer.

One could think that it is a small and easy-to-implement feature, but it has indeed a lot of considerations. [...] In this article I’m not going to show you how to implement a persistent login in one or another programming language, but what are the good practices that should be followed when you implement it in the way you want.

He starts off with some thoughts about the wrong way to handle the persistent login (like just making a long-life cookie) and what some of the consequences could be. Instead he suggests using a cookie (with a random generated token) that's long running, maybe 2 weeks. The difference here is that this token is then refreshed once the token is validated and reset. This reduces the risk of an older token being used on another source too. He also shares some other security concerns to think about in this setup including the use of one-time tokens, potential multiple persistent sessions and when it might be good to re-prompt for the password.

tagged: persistent login security rememberme implementation advice options

Link: http://blog.alejandrocelaya.com/2016/02/09/how-to-properly-implement-persistent-login/

Lorna Mitchell:
OAuth2 with PHP's built in Streams Functions
Jan 07, 2016 @ 10:56:54

In a quick post to her site Lorna Mitchell reminds us that you can modify the options on the internal PHP streams (like for HTTP requests), more specifically to add a "Bearer" token value for OAuth2 integration.

For OAuth2, all I had to be able to do was to send an Authorization header with my web request from PHP. My second-favourite way of making API calls from PHP is to use PHP's stream handling, so I did that. It's not code you see very often but it's super-simple and it works on every PHP platform I've tried so far

She gives a few lines of code to show how to modify the options to add in the token value, basically using an array of options and a call to stream_context_create to create the context. This can then be used in future calls (like the file_get_contents she shows) to automagically send this information along with the request.

tagged: oauth2 http stream request builtin options bearer tutorial

Link: http://www.lornajane.net/posts/2016/oauth2-phps-built-streams-functions

ServerGrove Blog:
Symfony2 components overview: OptionsResolver
Apr 23, 2015 @ 08:23:32

The ServerGrove blog has posted another in their spotlights on specific Symfony2 components. In this latest post they look at the OptionsResolver component.

In the 13th post of the Symfony2 components series we will be talking about one little but extremely useful component: OptionsResolver. This component helps us to reduce the boilerplate code required to create an options system with default parameters. As stated in the official docs, is array_replace on steroids.

They start with a common situation, wanting to use options from user input, but only if they exist, and otherwise provide a default. This includes the use of the array_replace function but with the OptionsResolver there's an even easier way. A simple example is included showing how to use it to define options (and throw an exception when an undefined one is set). They show how to use a closure to set defaults on a specific option with more complex logic and how to use the validation and normalization handling.

tagged: optionsresolver component symfony2 overview options

Link: http://blog.servergrove.com/2015/04/13/symfony2-components-overview-optionsresolver/

Russell Walker:
Handling Global Data in PHP Web Applications
Sep 16, 2013 @ 12:31:07

Russell Walker has a post on his site sharing some suggestions about effectively dealing with global data in your PHP applications.

Almost every web application needs to handle global data. There are certain things that just have to be available throughout the entire code base, such as database connections, configuration settings, and error handling routines. As a PHP developer, you may have heard the mantra 'globals are evil', but this naturally begs the question 'what should I use instead of global variables?'

He includes four different options (five including the actual use of global variables):

  • Static classes
  • Singleton
  • Registry
  • Dependency injection

For each of the options he includes summaries of both the advantages and disadvantages as well as some sample code showing their use. Ultimately, he points out that it's up to the developer of the application which option fits best.

tagged: global variable data opinion options registry singleton dependencyinjection static

Link: http://russellscottwalker.blogspot.co.uk/2013_09_07_archive.html

Matthew Weier O'Phinney:
RESTful APIs with ZF2, Part 3
Feb 25, 2013 @ 12:21:30

Matthew Weier O'Phinney has posted the third part of his series about making RESTful APIs with Zend Framework 2 (parts one and two). In this latest part of the series, he talks more about documenting the API and what commands can be executed.

In this post, I'll be covering documenting your API -- techniques you can use to indicate what HTTP operations are allowed, as well as convey the full documentation on what endpoints are available, what they accept, and what you can expect them to return. [...] hy Document? If you're asking this question, you've either never consumed software, or your software is perfect and self-documenting. I frankly don't believe either one.

He covers a few reasons why you should document your API and where he thinks it should live to be the most useful. He includes a few different ideas and two things he definitely thinks should exist for your API - the use of OPTIONS and end-user documentation. The first is a HTTP header (ZF2 code example included) that tells the API consumer what they can do with an endpoint. The second type is more useful for the human reader, giving them a better overall perspective on what the API can do - still served through the API but in a bit more understandable format.

tagged: zendframework2 rest api tutorial series documentation options enduser


Chris Roane's Blog:
Options for Building a Website from a Developers Perspective
Jun 25, 2012 @ 08:28:27

Chris Roane has a new post to his blog outlining a few different options web developers today have for creating new websites or applications - static, custom, framework-based or CMS.

Over the years I’ve built many different types of websites. These range from being a few pages, to being very customized with advanced features. I’ve learned there is no clear definition in the best way to create a website. But I do think there are advantages and disadvantages to pursuing different methods. This article takes an analytical look at each option. Let’s take a closer look at the different approaches in building a website.

He includes a brief summary talking about each method and mentions things like benefits and downfalls of the approach and what can be involved in their development.

tagged: overview developer options website architecture


Henrik Bjørnskov's Blog:
Symfony2: Using the validator symfony1 style
Feb 03, 2012 @ 11:15:01

In this quick new post to his blog Henrik Bjørnskov shows how to use the validators in Symfony2 in a more traditional Symfony 1 style for a form.

Two of the more complicated components in Symfony2 is the Form and Validator component. The Validator is created in such a way it "always" need an Domain Object with Constraints associated through metadata. This is explained in detail here. But there is another way. A way that resemble's the symfony1 forms. Where you could specify the validations directly in your form class.

Code is included in the post to show how to load in a few of the validators (like NotBlank, Email and Choice) and how to use them in the settings defined in the "getDefaultOptions" method.

tagged: symfony2 validator form symfony1 options