Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matt Stauffer:
Login Throttling in Laravel 5.1
Aug 03, 2015 @ 08:35:57

Matt Stauffer has posted the eleventh part in his series looking at new features of the latest release of the Laravel framework (well, version 5.1). In this tutorial he shows you how to setup and configure the login throttling for your Laravel-based application with the help of the Laravel Throttle package.

Whether or not you know it, any login forms are likely to get a lot of automated login attempts. Most login forms don't stop an automated attack trying email after email, password after password, and since those aren't being logged, you might not even know it's happening.

The best solution to something like this is to halt a user from attempting logins after a certain number of failed attempts. This is called login throttling, or rate limiting. Graham Campbell wrote a great package called Laravel Throttle to address this in previous versions of Laravel, but in Laravel 5.1 Login throttling comes right out of the box.

He shows how to use the ThrottleTrait in your AuthController to have some of the "behind the scenes" work done for you. He shows you how to update your view to relay the possible error message back to the user (and includes a quick screencast of the result). He ends the post with a quick look at what the throttling functionality is doing under the covers: creating a temporary cache item based on username+IP address as a "lock" indicator. Finally, he points out two properties you can find on the auth controller to give a bit more detail on the current configuration: lockout time and max login attempts.

tagged: laravel login throttle tutorial authcontroller laravelthrottle package cache username ipaddress

Link: https://mattstauffer.co/blog/login-throttling-in-laravel-5.1

ServerGrove Blog:
Introduction to the PHAR format
Jul 31, 2015 @ 12:15:44

The ServerGrove blog has posted an introduction to the PHAR format, a built-in method to use PHP and create self-contained functional scripts as a single *.phar file making it much easier to transport.

In the last years there is a trend in the PHP community to release tools, especially command line utilities, as PHAR files, so you can package an entire PHP application into a single file for convenience. But, how PHAR files work? In this post we will try to explain it.

They cover a few of the basic topics first: what is a PHAR file and a few examples of them being provided by major PHP projects. They then get into the creation of an archive, showing how to make a super simple PHAR "Hello World" archive, created with just a bit of PHP. They then get into the structure behind the archive and get into detail on each section (stub, manifest, file contents and signature).

tagged: phar format introduction archive package

Link: http://blog.servergrove.com/2015/07/30/introduction-phar-format/

Alejandro Celaya:
Working with custom column types in Doctrine. Enums.
Jul 30, 2015 @ 08:37:45

Alejandro Celaya has a post to his site showing you how to work with custom types in Doctrine, more specifically with the "enum" type.

Doctrine is currently the most used ORM in PHP. It makes it very easy to work with databases in an object oriented way. It comes with a set of built-in column types that map database types with PHP types. For example, the datetime column type, persists the value of an entity column as a datetime in the database and handles it as a DateTime object when the entity is hydrated.

Type conversions work both ways, so column types take care of casting database to PHP types and vice versa. In this article I'm going to explain how to define custom column types so that we can persist our own objects into the database and hydrate them back.

He points out that, while PHP itself lacks the "enum" data type, you can simulate it with a library like this. He uses this library to create a custom Doctrine object type that mimic enums in the getting and setting of a value to one of a few options. In this case it's values representing the CRUD methods. He shows the code to link the Type back to the Action which then gives it understanding of what the valid enum values can be. He also points out another package that he published recently that takes some of the work out of creating the boilerplate code for the enum.

tagged: package action tutorial enum type doctrine custom library

Link: http://blog.alejandrocelaya.com/2015/07/28/working-with-custom-column-types-in-doctrine-enums/

Remi Collet:
New "remi-php70" repository
Jul 24, 2015 @ 12:09:05

Remi has announced the release of the remi-php7 repo, available for Fedora ≥ 21 and Enterprise Linux ≥ 6.

Current version is PHP 7.0.0beta2 with about 25 extensions which are already compatible. This repository provides development versions which are not suitable for production usage. [...] As for other remi's repositories, it is disabled by default, so the update is an administrator choice.

This repository can be installed just like other similar remi repos via the "yum" command to add the repository to the list of available ones, then another to upgrade the PHP installation.

tagged: php7 remi repository available package yum install beta2

Link: http://blog.remirepo.net/post/2015/07/24/New-remi-php70-repository

Freek Van der Herten:
Speed up a Laravel app by caching the entire response
Jul 20, 2015 @ 08:12:55

Freek Van der Herten has written up a tutorial for his site showing the Laravel users out there how to cache their entire response to speed up the overall performance of their application.

A typical request on an dynamic PHP site can do a lot of things. It’s highly likely that a bunch database queries are performed. On complex pages executing those queries and hydrating them can slow a site down. The response time can be improved by caching the entire response. The idea is that when a user visits a certain page the app stores the rendered page.

With a little help from his package it's easy to enable. Just install the package, add the service provider and you're ready to go. All successful responses will be cached unless told otherwise and cache files will be written out to files by default. He does point out that caching like this, while handy and a nice "quick fix" shouldn't be used in place of proper application tuning methods though. He also links to two other external technologies that could be used for the same purpose: Varnish and Nginx's own cache handling.

tagged: laravel application response cache output serviceprovider package

Link: https://murze.be/2015/07/speed-up-a-laravel-app-by-caching-the-entire-response/

Matt Stauffer:
Using Github authentication for login with Laravel Socialite
Jul 17, 2015 @ 10:17:25

In a tutorial posted to his site Matt Stauffer shows you how to integrate Laravel with GitHub's authentication to link a user's profile to your application, made possible through the Socialite package.

Laravel's Socialite package makes it simple to authenticate your users to Facebook, Twitter, Google, LinkedIn, GitHub and Bitbucket. You can authenticate them for the purpose of connecting their pre-existing user account to a third-party service, but you can also use it as your primary login mechanism, which we'll be talking about here. I'm working on a new little micro-SaaS that is purely dependent on GitHub in order to operate, so there's no reason to set up any user flow other than just GitHub.

He starts with just a bit of insight into the overall flow of an OAuth connection with an application (which this is) and the pieces involved. Next he helps you get Socalite installed and working with your Laravel application. With this in place he shows you how to create a simple GitHub application and configure your Laravel instance with the provided client ID/secret and redirect URL. He adds in some routes to handle the two page requests and the controller methods to process the input. He makes a simple "users" migration to hold user information and a model to match. Finally he shows the result, stepping through the authorization flow, complete with screenshots.

tagged: laravel github social authentication login socalite package tutorial

Link: https://mattstauffer.co/blog/using-github-authentication-for-login-with-laravel-socialite

Matt Stauffer:
Sublime Text (3) for PHP Developers
Jun 29, 2015 @ 09:25:55

Matt Stauffer has posted a set of helpful hints for developers using Sublime Text (3) to help make them more efficient and writing code much easier.

A lot of folks in the PHP community have been checking out PHPStorm lately, including myself and most of the developers I work with. We love the code intelligence we get from PHPStorm, but still miss the speed, quick boot-up, and convenience of Sublime Text. Before I blindly assume PHPStorm is the only way to go, I wanted to see: Can I bring the things a PHP-focused IDE provides PHP developers back to Sublime Text and get the best of both worlds?

He starts with a list of "must haves" for him to be able to move from PHPStorm, features it provides that Sublime, an editor not IDE, might not come with out of the box. Most of his suggestions use the Package Control functionality in Sublime so you'll need that installed to try out his examples. He then shows several tools you can install including:

  • Sublime PHP Companion (package)
  • AllAutocomplete (package)
  • Cmd-click for function definition
  • Integrating Code sniffing and PHP_CodeSniffer
  • DocBlockr (package)
  • Git helpers

...and many more. If you're a Sublime Text user, definitely take a look at his list and see if you can find something to help make your development easier.

tagged: sublimetext phpstorm editor ide features package tips integration

Link: https://mattstauffer.co/blog/sublime-text-3-for-php-developers

Frank de Jonge:
Packages vs. Components: The Dependency Problem.
Jun 26, 2015 @ 11:12:18

In a new post to his site Frank de Jonge makes a distinction between packages versus components, pointing out that components are always packages but packages are not always components, and what it really boils down to is a problem of dependency.

The PHP landscape has fully transitioned into its Package Age™ [...] However, due to PHP's nature, there are some problems. While packages are great for re-use outside of frameworks, dependencies are still an issue. Namespaces resolve conflicts between classnames, but they do not offer a solution to package versioning. Especially in a framework-context, this can become very problematic. A real-world-example for this is Guzzle.

In his Guzzle example he describes the main problem - when packages restructure or make changes incompatible with prior versions and dependencies conflict and both must be installed. He also points out that, while this is bad for just packages, it can be made even worse working with components (his name for framework-based packages). Problems he mentions are the previously mentioned dependency conflicts but also some unexpected quirks with how Composer chooses to install packages. He gives an example of this second one with the installation of the Symfony EventDispatcher component and how, upon closer inspection, Composer seems to be installing two versions of the library at once.

tagged: package component dependency problem conflict versions guzzle eventdispatcher

Link: http://blog.frankdejonge.nl/packages-vs-components/

Community News:
PHPPackages.org
Jun 17, 2015 @ 11:48:32

A new community resource, built on top of the excellent Composer and Packagist technology that's popular in today's PHP development world, has been released and provides more context about libraries and provides a "rank" for each one - PHPPackages.org.

PHPPackages.org was built to solve the following problems: [it] defines popularity rank for php packages, provide a space for discussion and [helps to] discover which packages use a specific package.

The About page has more information about the site, how they calculate the "popularity" metric, what the various icons mean and what kinds of things you can do on the site. It's a great resource, especially for those wondering who is using their packages and to discover new packages that are more widely used. It has a lot of the same information that the Packagist site contains but that little extra bit of data is quite useful.

tagged: phppackages composer packagist metadata library package popularity

Link: https://phppackages.org/

Pádraic Brady:
Self-Updating PHARs: Stable phar-updater packages now available
Jun 03, 2015 @ 08:28:12

Pádraic Brady has a new post to his site today talking about creating self-updating phars in PHP using his package created based on previous recommendations.

In all seriousness, phar-updater is my implementation of recommendations I made in a previous blog post around self-updating PHAR files. Those recommendations were, predictably for me, largely concerned with self-updating from a security perspective. Implementing it brought ease of use and flexible integration to the fore also. It can be surprising what a little extra work, testing and packaging can accomplish for reuse compared to throwing code into one file and calling it a day. It’s been integrated into Humbug with nary an issue.

The package makes it simple to integrate the self-update functionality into your existing phar package deployment including updating running versions, enforcement of TLS connections and allows for configuration of updates based on version numbers. You can see his own example in his Humbug package's "SelfUpdate" class.

tagged: phar selfupdate package pharupdater packagist composer

Link: http://blog.astrumfutura.com/2015/06/self-updating-phars-stable-phar-updater-packages-now-available/