Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Tips For Building Your First Laravel Package
Feb 23, 2017 @ 09:42:08

On the Laravel News site there's a tutorial posted from Dmitry G. Ivanov giving you some helpful tips on building your first Laravel package.

Laravel is a powerful and modern framework. It has tons of different features, which make our work faster and easier. But you can’t push everything into the single box. At one time or another, we’ve all been in need of something not implemented in the framework out of the box.

[...] A package can be a solution. Write your code once and use it in any number of projects. Maybe you found a bug, or want to make some changes? Do it just once in your package code and then pull required changes in all of your projects. Sounds good?

The article then breaks down the information into a few different categories:

  • The First Step (checking Packagist for something pre-existing)
  • Development
  • Testing
  • Documentation
  • Release

He ends the post by pointing out that there's several other things to consider when creating your package but they're a bit more in-depth than a short post like this could tackle.

tagged: laravel package tips development documentation testing release tutorial

Link: https://laravel-news.com/first-laravel-package-tips

Freek Van der Herten:
Packages that make developing Laravel apps easier
Feb 13, 2017 @ 09:46:12

Freek Van der Herten has a new post to his site sharing what he considers some of the most helpful Laravel package to help with your debugging.

In this post I’d like to share some of the packages that make developing a Laravel app easier.

His list of packages includes a wide range of testing tools like:

For each item on his list he includes a screenshot of it in action (either of a terminal or a UI) and a brief explanation of how it can help.

tagged: framework help debugging package laravel development

Link: https://murze.be/2017/02/packages-make-developing-laravel-apps-easier/

Rob Allen:
Rendering ApiProblem with PSR-7
Feb 02, 2017 @ 09:46:22

In a new post to his site Rob Allen shows you how he adapted a package of his own to work with a Slim framework based API to render "ApiProblem" types correctly (according to this specification).

In the API I'm currently building, I'm rendering errors using RFC 7807: Problem Details for HTTP APIs. As this is a Slim Framework project, it uses PSR-7, so I updated rka-content-type-renderer to support problem.

RFC 7807 defines a standard for sending details of an error in an HTTP response message. It supports both XML and JSON formats.

He starts with an example of the "Problem" response format that includes data for the type of error, details and links to other related objects. He points out this package from Larry Garfield that handles the actual output of the respose format but Rob needed a way to shift between JSON and XML formats too. This is where his updates to his package came in, changing it to include a ApiProblemRenderer that reads the "Accept" header of the incoming request and correctly formats the results accordingly.

tagged: rendering apiproblem problem api response accept json xml package

Link: https://akrabat.com/rendering-apiproblem-with-psr-7/

SitePoint PHP Blog:
Testing Frenzy – Can We BDD Test the Units?
Jan 30, 2017 @ 12:50:10

On the SitePoint PHP blog editor Bruno Skvorc has written up a tutorial about using the Peridot tool to do BDD style testing but on the units of code rather than the behavior of your integrated application (your business logic).

We’ve done our share of testing posts here at SitePoint, with more coming soon, but I wanted to show you a relatively new testing tool I found that caught my attention because of how unconventional it seemed.

Peridot is a BDD testing framework (so behavior driven testing) but for your units of code – not your business logic. Wait, what? Yes.

He gives an example of the test structure and how a similar kind of test would reduce down to assertions evaluating your units of code. He also includes an example of Peridot's human-friendly output for both passing and failing tests. He goes on to talk about the concurrency the tool allows, the feature to focus on/skip certain tests, use events and plugins, and output a code coverage report. Several more features are also discussed including custom scopes and the ability to define custom DSL definitions you might find easier to work with in your testing.

tagged: bdd test unittest peridot tool package tutorial introduction

Link: https://www.sitepoint.com/testing-frenzy-can-we-bdd-test-the-units/

Scotch.io:
Laravel Random Keys with Keygen
Jan 27, 2017 @ 12:44:13

On the Scotch.io site they've posted a new Laravel-related tutorial covering the use of the keygen package to generate random keys via four generator types. These keys can be used for just about anything in your application and can be customized to fit your length and complexity requirements. One thing to note, however, is that the strings it generates are random but should not be considered strong enough to use for actual encryption purposes.

When developing applications, it is usually common to see randomness come into play - and as a result, many programming languages have built-in random generation mechanisms.

[...] When your application is required to generate very simple random character sequences like those enumerated above, then the Keygen package is a good option to go for. Keygen is a PHP package for generating simple random character sequences of any desired length and it ships with four generators, namely: numeric, alphanumeric, token and bytes.

For their example they chose to create a simple REST API service that allows for user creation, viewing users and generating a random (temporary) password using the Keygen package. They start by helping you get the package installed (via Composer) and adding an alias to your Laravel config for "Keygen" to make it easier to access. They then create the user model and add in a "setEmailAttribute" method to verify the email value submitted (for format and uniqueness). Next up is the route definition for the "user" endpoints, creation of the API controller and implementing the Keygen tool to create a random eight digit code for the user. They also include a few strategies to ensure the code generated (and the resulting hash) is unique across all users. The reminder of the post shows the full user creation, and implementing the remaining methods required to view the user's details.

tagged: laravel random key keygen tutorial package rest api

Link: https://scotch.io/tutorials/laravel-random-keys-with-keygen

Matthew Weier O'Phinney:
PSR-7 Request and Method Utilities
Jan 27, 2017 @ 09:52:37

Matthew Weier O'Phinney has written up a new post for his site covering PSR-7 request and method utilities and a package that contains some handy tools to help with just that.

Some time ago, a few folks floated the idea of creating a utility repository related to the PSR-7 psr/http-message package, but containing some useful bits such as constants for HTTP request methods and status codes.

Six months ago, we released it... but didn't publicize it. I remembered that fact today while writing some unit tests that were utilizing the package, and thought I'd finally write it up.

The package is fig/http-message-util, and is available via Composer and Packagist.

He goes on to describe the two interfaces it provides (RequestMethod and StatusCode) and what they're designed to help with. He includes an example of middleware written using these interfaces, defining allowed methods and returning a "method not allowed" status code - based on a constant - in the response message object. He ends the post with two quick points to note in this example: how the interfaces are used and his use of aliases to make using the interfaces just a bit shorter.

tagged: psr7 middleware request method utility package httpmessageutil tutorial

Link: https://mwop.net/blog/2017-01-26-http-message-util.html

Matthias Noback:
Introducing the SymfonyConsoleForm package
Jan 20, 2017 @ 11:12:51

In a new post to his site Matthias Noback introduces you to a package that can help you in your Symfony-based console application, combining the Form and Console components, to make it easier to create "forms" on the CLI.

About 2 years ago I created a package that combines the power of two famous Symfony components: the Form component and the Console component. In short: this package allows you to interactively fill in a form by typing in the answers at the CLI. When I started working on it, this seemed like a pretty far-fetched idea. However, it made a lot of sense to me in terms of a the package in use, building a "form" that just asks the user to input a name. An image of the result is included as well. He ends the post with some of his other general findings during the process of creating the package and suggests a few common use cases including installation wizards that can be used in both the CLI and web interfaces.

tagged: symfonyconsoleform package tutorial console form component symfony

Link: https://php-and-symfony.matthiasnoback.nl/2017/01/introducing-symfony-console-form/

Freek Van der Herten:
Easily work with the Twitter Streaming API in PHP
Jan 16, 2017 @ 09:25:26

On his site ** has posted a tutorial showing you how to use the Twitter Streaming API from PHP with some help from the Phirehose package.

Twitter provides a streaming API with which you can do interesting things such as listen for tweets that contain specific strings or actions a user might take (e.g. liking a tweet, following someone,…). In this post you’ll learn an easy way to work with that API.

When researching on how to work with the streaming API in PHP it stumbled upon Phirehose. This package can authenticate and set up a connection with the streaming API.

Since the Phirehose API is a bit difficult to work with, he created a package (Laravel version) to help make it a bit easier. He then walks you through the integration of this service with a Laravel-based application, including showing you how to set up the app on the Twitter side and get the API key/secret for the connection. He shows how to add the Laravel package version's provider to the configuration and create a first stream type: listening for certain hashtags. He shows how the stream reacts to a simple tweet of his with the "#laravel" hashtag in a console application. He also includes another example showing a stream that listens for people performing actions on the current user's stream (like favoriting a tweet). You can find out more about the powerful Stream API in the official Twitter documentation for the service.

tagged: twitter streaming api tutorial package phirehose laravel

Link: https://murze.be/2017/01/easily-work-with-the-twitter-streaming-api-in-php/

DotDev.co:
Google ReCaptcha integration with Laravel
Jan 10, 2017 @ 09:26:28

On the DotDev.co site they've posted an article from Talevski Igor about integrating Google's ReCaptcha with Laravel for use in verifying forms and protecting them against automated attacks.

Today i have task to create ReCaptcha on contact form with in a Laravel Web page and I like to share the process of making this possible.

He then walks you through the process of getting the configuration you'll need for your domain and using this package to easily integrate it with Laravel and its forms. He adds the routes for both the GET and POST requests along with the matching view and controller. He then uses the env helper function to get the ReCaptcha key from the configuration and places it in the form. He also adds the "g-recaptcha-response" variable to the required values rules and creates a simple Guzzle HTTP client to make the request back to Google to verify the result.

tagged: recaptcha security laravel tutorial form integration package

Link: https://dotdev.co/google-recaptcha-integration-with-laravel-ad0f30b52d7d?gi=ec5b94e26a27#.qdpwauax0

Aidan Woods:
Secure Headers for PHP
Jan 09, 2017 @ 13:14:11

In a recent post to his site Aidan Woods shares information (and code) related to the use of secure headers in PHP applications. He's even created a package to help make it easier to drop them into a new or existing project without too much trouble.

Recently I've been working on a drop in class to manage certain "Secure Headers" in PHP. By "Secure Headers", I'm of course talking about those mentioned in the OWASP Secure Headers Project. The project, SecureHeaders is available on GitHub.

He starts by covering why he created the library and what it can help you with including making things like a CSP policy easier to maintain. The article goes on to talk about the Content-Security-Policy header is and what kind of prevention it applies. He also shares how the package displays errors, modifies cookies to secure them (HTTPOnly and Secure flags) as well as provide a "safe mode" that "place an upper limit on things like HSTS and HPKP, and remove flags like includeSubDomains or preload until the header is manually added as a safe mode exception, or safe mode is disabled."

tagged: header security package project csp https cookies

Link: https://www.aidanwoods.com/blog/secure-headers-for-php