Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Building Your Startup:
Securing an API
May 22, 2017 @ 13:16:19

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with a new post about APIs and security. In this series, they've been using the Yii2 framework to create a calendaring "startup" site. Now they're to the point of adding a "RESTful" API to the system and want to be sure it's secure.

Recently, I introduced you to Yii's simple REST API generation and Meeting Planner's new "RESTful" service API. At that time, I mentioned that these APIs were only loosely secured. Sure, there was a shared secret between the client and the server, but there were a couple of problems.

First, the secret key and user tokens were repeatedly transmitted in query parameters of SSL calls. And there was no other authenticity check for the data, allowing a middle-person attack. In today's episode, I'll guide you through how I secured the API against these weaknesses for a more robust API.

They start off looking at the API security that was previously put in place using an "app ID" and "app secret" values to identify the user. To improve on this, the system is updated to use the "app secret" value to sign the outgoing data via a HMAC hash that is sent along with the request.

tagged: api security tutorial yii2 build startup series hmac rest

Link: https://code.tutsplus.com/tutorials/building-your-startup-securing-an-api--cms-27867

TutsPlus.com:
Building Your Startup: Using Routes for Schedule With Me
May 01, 2017 @ 12:15:16

On the TutsPlus.com site they've posted the latest tutorial of their "Building Your Startup" series. In this latest article author Jeff Reifman focuses on adding routes and handling for the "schedule with me" functionality.

For a long time since I began this project, I've wanted Meeting Planner and Simple Planner to have a publicly accessible page you can share with people to schedule a meeting with you. In other words, "Sure, let's meet, just visit my schedule with me page at Meeting Planner, I'm Bernie Sanders (no space)."

In today's tutorial, I'll show you I've done it using Yii's routing and some of the related issues that came up.

He starts with a screencast of the feature (the end result) showing how the UI functions and what features it includes. He then takes a step back and starts on the development process beginning with the planning quickly followed by the code. He shows the creation of the initial view, making the routing changes and how to handle signup and login for the "Schedule With Me" page.

tagged: build startup series meetingplanner meeting schedule tutorial

Link: https://code.tutsplus.com/tutorials/building-your-startup-using-routes-for-schedule-with-me--cms-27796

TutsPlus.com:
Building Your Startup With PHP: Bootstrap Your Home Page
Apr 17, 2017 @ 18:30:58

The TutsPlus.com site has posted the latest article in their "Building Your Startup with PHP" tutorial series today. In this latest tutorial author Jeff Reifman shows how to improve the home page for the application to make it more visually appealing and well-structured.

A web service's home page has many roles. Functionally, it must make it easy for people to sign up and get started with the application. But it must also aesthetically touch visitors and give them a professional impression that your service delivers what the home page tells them it does.

Since I've been so focused to this point building the scheduling functionality for Meeting Planner, I haven't had time to focus on polishing the home page—and frankly it was falling short, leaving first-time visitors unimpressed.

He shows the updates he's made to the home page for the service, adding in some additional formatting with Bootstrap and CSS to replace the current bland look. He starts by laying out the improvements visually then moving over to the code to make it a reality. Code is included showing how to implement the changes and add in other features like a mobile-friendly version and embedded videos.

tagged: startup build tutorial series bootstrap design

Link: https://code.tutsplus.com/tutorials/building-your-startup-with-php-bootstrap-your-home-page--cms-27565

TutsPlus.com:
Building Your Startup: Running Multiple Domains
Mar 17, 2017 @ 10:53:11

The TutsPlus.com site has posted their latest tutorial in their "Building Your Startup" series today. In this new article they show you how to update the application to support multiple domains in one Yii2 application.

The Yii2 advanced template allows you to run a number of sites in one code tree. I used its front-end tree to build Meeting Planner and its back-end tree to build the administrative suite of tools for the service. Today, however, I'll focus on launching another domain on top of the existing front-end tree—and all the small and large complexities that go along with this.

[...] I presumed it would be fairly simple (no pun intended) to launch Simple Planner, but it ended up taking a few days of work.

He points out that the work to get the frontend of the application working with a different domain name was relatively simple. It was the update to the email handling that took the most time (the application is very email-driven). He then shows the configuration changes required to add multiple domains, how to change the homepage for each domain and update images/links/etc to match the new domain. He then moves on to configuring the services used for each domain and, finally, the pieces that need to be updated to have the emails support the multiple domains.

tagged: startup build tutorial series yii2 multiple domain

Link: https://code.tutsplus.com/tutorials/building-your-startup-running-multiple-domains--cms-27459

TutsPlus.com:
Building Your Startup: Requesting Scheduling Changes
Feb 07, 2017 @ 12:44:23

The TutsPlus.com site has continued their "Building Your Startup" series with this new article enhancing the application they've already created to send requests for scheduling changes.

As the Meeting Planner alpha testing phase began, the clearest feature gap was the inability to change a meeting after it had been scheduled. It's not an easy problem. Is it okay to just change a meeting without a participant's permission? Or should you ask? Or do either, depending on your role in organizing the meeting? What if you just want to ask if it's okay to meet 15 minutes later—that should be easy, right?

Solving all this required some reflecting on the social aspects of adjusting a meeting. Over time, I realized that the ability to adjust meetings easily after they've been scheduled could make or break the Meeting Planner brand.

He then starts out by describing the "tall mountain to climb" in the number of changes to backend, frontend and UX/UI functionality required to add the feature. He includes all of the code changes and additions that need to be made including:

  • migrations to add new tables
  • UI updates to add options for rescheduling requests
  • form changes
  • handling request submissions

Each point on the list includes code, screenshots and anything else that was required to make the update.

tagged: startup build scheduling change yii2 tutorial ui backend frontend

Link: https://code.tutsplus.com/tutorials/building-your-startup-requesting-scheduling-changes--cms-27076

TutsPlus.com:
Building Your Startup: Advanced Scheduling Commands
Jan 30, 2017 @ 10:56:17

The TutsPlus.com site has updated their "Building Your Startup" series with their latest tutorial showing you how to build advanced scheduling commands allowing for things like repeating meetings, updating the meeting details and rescheduling.

I also began to realize that the ability to adjust meetings easily after they've been scheduled could make or break the Meeting Planner brand. [...] In today's tutorial, I'll cover expanding the navigation bar using Bootstrap and the basics of building some of the advanced scheduling features within Meeting Planner. Next week, I'll review building the more complex feature for participants to request change(s) and for others to accept or decline them.

He starts with the frontend, updating the navigation bar to include links to other functionality for meeting changes, repeating and showing planning activities for the meeting. He uses Bootstrap's single-button dropdowns for this and includes the code to add them to the UI with a bit of code in the view. He then gets into the main functionality of these changes showing the code to:

  • make changes to a current meeting
  • reschedule a meeting
  • repeat a meeting
  • resend invitations

The next part in the series will take a look into social engineering and UX needs for the application along with some other smaller changes.

tagged: startup tutorial series advanced scheduling commands change update meeting

Link: https://code.tutsplus.com/tutorials/building-your-startup-advanced-scheduling-commands--cms-27075

NetTuts.com:
Building Your Startup: Automatic Time-Zone Detection
Jan 25, 2017 @ 12:43:43

The TutsPlus.com site continues their "Building Your Startup" series of tutorials with the latest in the series covering automatic timezone detection based on the user's local time.

For the alpha release of Meeting Planner, I provided people the opportunity to change their time zone in user settings. However, for anyone outside of the western United States, they may have been wondering why their calendar appointments were at the wrong times. You have to know to look for the settings page.

As I approach the beta, I realized I needed to fix this as soon as possible. So I began to reflect on how best to resolve this. In today's episode, I'm going to walk you through my approach to automatic time-zone detection and how I integrated it into the user experience.

The tutorial starts off with a look at the current state of timezone detection, linking to two options that do mostly the same thing. Eventually, however, he decided on the jsTimezoneDetect library as it fit best with the needs of the application. He covers some of the thoughts that went into designing the user experience and the code required to integrate the Javascript library with his Yii2-based application. He ends the tutorial with a few additional considerations worth keeping in mind including timezone representation in ical exports and virtual meetings.

tagged: timezone detection tutorial startup series yii2 automatic

Link: https://code.tutsplus.com/tutorials/building-your-startup-automatic-timezone-detection--cms-27041

TutsPlus.com:
Building Your Startup: Preparing for Text Messaging
Jan 23, 2017 @ 09:44:52

The TutsPlus.com site has posted the latest in their (lengthy) series of tutorials showing how to use PHP to "build your startup". In this new tutorial they show how to integrate SMS functionality into the application. This is the first part covering this topic and mostly covers the setup and testing of the connection to send the necessary SMS messages.

In today's episode, I'm going to walk you through the first half of my SMS configuration for the Meeting Planner application. Basically, I'll cover choosing an SMS provider, setting up the account, building the initial application infrastructure, and trial texting.

In the next episode, I'll build specific texting scenarios into the Meeting Planner application and walk you through those decisions and the coding that followed.

He starts off talking about one of the main choices you'll have to make early on: which SMS provider you want to use to send your messages. While they list several, for the sake of the tutorial they move ahead with Twilio. He show you how to set up an account with the Twilio service and where to get the credentials to connect your application to their API. After talking a bit about things like SMS pricing and handling incoming messages he starts on the integration with Yii2 via this package. Once installed and configured he creates a simple class to send a message via Twilio and tries it out with a "First test" message.

tagged: startup build tutorial series yii2 framework twilio sms notification

Link: https://code.tutsplus.com/tutorials/building-your-startup-preparing-for-text-messaging--cms-26912

TutsPlus.com:
Building Your Startup: Ajax for Meeting Times and Places
Jan 02, 2017 @ 13:10:42

The TutsPlus.com site has posted the next in their "Building Your Startup" series of tutorials covering the use of Yii2 to create a calendaring application. In this new part of the series they continue migrating some functionality over to use an Ajax-powered system, reducing the need for page reloads.

Last week, I delved deeper into Ajax to transform the meeting scheduling experience into a fully ajaxified model and eliminated the need for page refreshes. I got about halfway, focusing mostly on the straightforward elements.

In today's tutorial, I'll guide you through the more complex content panels that required a lot more troubleshooting, research, debugging, brainstorming, and recoding. [...] I'm also going to show you how I used Google's Chrome browser developer console to help me identify the broken areas—which can be especially difficult when working with Ajax between PHP and JavaScript. It's like light at the end of the tunnel of darkness.

The tutorial then walks through the updates needed to move over various pieces of functionality to the Ajax-driven model:

  • adding meeting participants
  • adding dates and times
  • adding meeting places

There's also a few screenshots included of the Chrome developer console and what some of the example request/responses look like, helping you debug your own development work.

tagged: startup ajax meeting time place series refactor feature tutorial

Link: https://code.tutsplus.com/tutorials/building-your-startup-ajax-for-meeting-times-and-places--cms-27327

TutsPlus.com:
Building Your Startup: Security Basics
Dec 20, 2016 @ 11:55:58

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with this latest article covering the "security basics" you'll need to adequately protect your application. This tutorial touches on both the server-level and code-level security aspects.

In today's episode, we'll dive into the basics of web server security. I'll cover securing the Linux VPS running Meeting Planner and some basic Yii security. In the next episode, I'll dive more into programmatic Yii application security.

The article starts off with the server side of things, introducing hosting options, keeping the server updated, configuring SSH for logins, setting up a firewall and SSL. With that solid base in place, it then starts on the code side covering the built-in functionality used to secure the backend and frontend functionality.

tagged: tutorial series yii2 startup security basics server code

Link: https://code.tutsplus.com/tutorials/building-your-startup-security-basics--cms-26702