PHPDeveloper.org

DigitalOcean Community Blog: Horizontally Scaling PHP Applications: A Practical Overview

Fri, 04/24/2015 - 19:06

On the Digital Ocean blog there's a new post with a "practical overview" of how to effectively scale PHP applications, specifically as it relates to horizontal scaling not vertical.

Shipping a website or application to production has its own challenges, but when it gets the right traction, it's a great accomplishment. It always feels good to see the visitor numbers going up, doesn't it? Except, of course, when your traffic increases so much that it crashes your little LAMP stack. [...] But fear not! There are ways to make your PHP application much more reliable and consistent. If the term scalability crossed your mind, you've got the right idea.

The article starts with a brief overview of what scalability is and the main difference between horizontal and vertical scaling (scaling out vs scaling up). They then get into a bit more detail about what horizontal scaling is and how it commonly works in relation to the average PHP application (complete with diagrams). They also talk about some things you can do inside your code to help make things flow a bit more smoothly including decoupling between services and user session/file consistency measures. There's also a bit at the end about load balancing but as that depends a good bit on what technology you're using and the actual load, they just provide an overview and some links to other articles and tutorials with more information.

Link: https://www.digitalocean.com/company/blog/horizontally-scaling-php-applications/

Christoph Rumpel: Hello world, I am Laravel (5)

Fri, 04/24/2015 - 18:46

With Laravel 5 out in the wild, you may be wondering what this new version has to offer either as someone already using the framework or brand new. In this recent post from Christoph Rumpel you can find out some of the highlights of this new release along with some code samples to illustrate.

So there is this thing called Laravel. You may have heard of it already, but you're not sure what it is actually about? Or you do, but want to know more about it and its great new features in version 5? Great, this post is especially for you! Laravel is at the same time one of the youngest and most popular PHP frameworks out there. So how does this work together? Let us take a closer look at why it is that popular and how it could be of use for you too. We will go through the main functionalities and talk about brand new features in version 5.

He touches on several different topics including: routing, use of the Eloquent ORM, the "artisan" command line tool, controllers, migrations and form request handling. Each section has some example code and a brief description of the feature. Obviously the Laravel documentation is a much more complete resource for each of these topics, but at least this gives you a feel for the framework and what it can do.

Link: http://christoph-rumpel.com/2015/04/hello-world-i-am-laravel/

ServerGrove Blog: Useful Linux command-line tools to work with PHP projects

Fri, 04/24/2015 - 17:16

The ServerGrove blog has posted a new tutorial with a selection of useful command line tools to help you in working with your PHP applications. None of them are PHP specific but are Unix-based commands that can help in every day development.

Linux provides a lot of interesting command-line tools that we can use when working with PHP projects. In this post we give you some useful commands.

They include examples of commands that can help with:

  • Find all PHP files in the current directory
  • Check the syntax of all PHP files in the current directory
  • Get the size of each Composer dependency
  • Find suspicious PHP files
  • Find files with abstract classes
  • List PHP settings for the xdebug extension
  • Find empty files and/or directories
  • List files currently open by a PHP process

As mentioned, most of the tools themselves are not PHP specific but these example commands do relate to things that are more in a PHP context.

Link: http://blog.servergrove.com/2015/04/23/useful-linux-command-line-tools-work-php-projects/

Pádraic Brady: TLS/SSL Security In PHP: Avoiding The Lowest Common Insecure Denominator Trap

Fri, 04/24/2015 - 16:30

In his latest post Pádraic Brady shares his thoughts about the state of TLS/SSL functionality in PHP and how he thinks developers should avoid the trap of "lowest common denominator" and opt for insecurity.

A few weeks back I wrote a piece about updating PHARs in-situ, what we've taken to calling "self-updating". In that article, I touched on making Transport Layer Security (TLS, formerly SSL) enforcement one of the central objectives of a self-updating process. In several other discussions, I started using the phrase "Lowest Common Insecure Denominator" as a label for when a process, which should be subject to TLS verification, has that verification omitted or disabled to serve a category of user with poorly configured PHP installations.

This is not a novel or even TLS-only concept. All that the phrase means is that, to maximise users and minimise friction, programmers will be forever motivated to do away with security features that a significant minority cannot support by default.

He goes on to talk about how, in some places, targeting the lowest common denominator is okay, security isn't one of them. He also includes four basic concepts developers can adhere to to prevent this targeting:

  • You should never knowingly distribute insecure code.
  • You should accept responsibility for reported vulnerabilities.
  • You should make every effort to fix vulnerabilities within a reasonable time.
  • You should responsibly disclose vulnerabilities and fixes to the public.

He follows these up with three steps you can follow to migrate an insecure architecture into something much more robust. This includes identifying the consequences of the update and documenting the solutions you've chosen, be those configuration updates or library changes.

Link: http://blog.astrumfutura.com/2015/04/tlsssl-security-in-php-avoiding-the-lowest-common-insecure-denominator-trap/

Sameer Borate: Adding WordPress like shortcodes to your web applications

Fri, 04/24/2015 - 15:14

Sameer Borate has posted a new tutorial showing you how to add shortcode-like handling to your application. Shortcodes are a feature that's common in tools like WordPress to make adding custom markup easier (like "[tag][/tag]").

One of the cool features of WordPress is its shortcode feature. There may be times one wished to add this capability to your PHP web applications. Recently I found one such library which allows you to add shortcode features to your web apps. The library discussed here implements WordPress style shortcode syntax as a standalone package. Its a small package and so can be easily integrated into you existing applications. Content from editors, databases, etc. can be scanned by the Shortcode Manager and the contents replaced by a custom callback.

He makes use of the maiorano84/shortcodes library (installable through Composer) that makes it simple to add the functionality to your existing application. He includes a few examples of tag formats that the library can parse and the code needed to parse and handle the formatting. The custom tags are processed via callbacks and can modify the incoming value easily. He also shows how to access any attributes that may be set on the codes and grouping all of his functionality into one self-contained class.

Link: http://www.codediesel.com/php/adding-wordpress-like-shortcodes-to-your-web-applications/

Graze.com Tech Blog: Sharing Controller Logic with Traits in PHP

Fri, 04/24/2015 - 14:53

On the Graze.com Tech blog there's a recent post about sharing logic between controllers with the help of traits. He makes use of the traits functionality in PHP to abstract out functionality common to multiple controllers (in his case, common user functionality).

There have been a few times I have come across a situation where I need to share some logic between controllers but it hasn't been as clear cut as abstracting that logic out into a library. I've been pondering the best way to tackle this problem and would like to share my thoughts.

In his example he shows how two different controllers, the Account and Signup controllers, both need to be able to look up an address and perform some simple checks on the results. The logic is duplicated so he first tries to move it out to an abstract controller but notes that it's not the most ideal solution. Next he tries moving the code out into a library but finds issues with separating out the necessary concerns. Finally he moves the logic into a trait (AddAddressTrait) that contains it and allows the direct integration of his "lookupPostalCode" method into the controller without inheritance or other design issues.

Link: http://tech.graze.com/2015/04/14/sharing-controller-logic-with-traits-in-php/

David Lundgren: When does Dependency Injection become an anti-pattern?

Thu, 04/23/2015 - 18:11

In a new post to his site David Lundgren wonders when dependency injection becomes an anti-pattern when used in PHP applications. The idea of dependency injection is to provide objects with instances of other objects representing things they'll need to get the job done (goes along with separation of concerns). Unfortunately, if used incorrectly, DICs - dependency injection containers - can become less useful and more of a hinderance than a positive part of the application.

During my tenure as a seasoned, and tenderized, PHP developer I have used many design patterns: adapters, factories, data mappers, facades, etc. The most recent one that I have been working with is Dependency Injection. Inversion of Control is not a new idea, at least not in the programming world, but in the PHP world it seems to have taken us by storm in recent years. Every framework will often have a Dependency Injector built in, or offer it as a component for use. It is the hip thing to do in PHP, but I believe we need to take a step back and evaluate it for what we are really trying to achieve. That is reducing the tight coupling that our objects may have. I view it as removing the new-able's from our objects code, and handing the object creation over to something else to deal with.

He talks about how dependency injection containers and service locators relate to each other. He also suggests that, at the heart of every dependency injection container, there's a service locator. He gives an example of a project where a large number of dependencies are being injected and how, despite the assumption of flexibility, his dependencies don't change that often, making the DIC and its functionality a bit less important.

Link: http://davidscode.com/blog/2015/04/17/when-does-dependency-injection-become-an-anti-pattern/

SitePoint PHP Blog: StackPHP Explained

Thu, 04/23/2015 - 17:40

The SitePoint PHP blog has a tutorial posted today that wants to help you understand StackPHP, the project centered around middleware, specifically related to the Symfony2 HttpKernelInterface.

Today we are going to look at StackPHP and try to understand what this thing is all about. Although this post will have some code, this article will be rather theoretical as we are interested in learning what StackPHP actually is, where it comes from and why it is useful. As the front page of the StackPHP project says, Stack is a convention for composing HttpKernelInterface middlewares. But, in order to actually understand this definition, we will have to cover a few concepts first. At the end, we will also illustrate the concepts we learned in the context of StackPHP with some example code.

They start with a brief look at the HttpKernelInterface and how it works with the overall request and response flow of a typical application request. From there they describe the Decorator design pattern that will be used to augment the request/response objects as they're going through the middleware process. Following this they look at how StackPHP fits into this picture and provides a few code examples showing both basic and a bit more complex middleware handling (including the use of StackBuilder).

Link: http://www.sitepoint.com/stackphp-explained/

BitExpert Blog: Processing CSV files in a memory efficient way

Thu, 04/23/2015 - 16:50

In their latest post Florian Horn shares some of his experience in using the PHPExcel tool to parse CSV files and the performance issues he ran into. Fortunately, he found a solution...in the form of another library.

A little while ago I had to dive deeper into the performance optimized usage of PHPExcel. Our users are uploading files like Excel or CSV with a lot data to process. Initially we used the PHPEXcel instance without any tuning of the default configuration which lead to heavy memory issues on relativly small files. So I had to avoid reading all file content at ones to the buffer (like file_get_contents does).

In my research mainly optimizing the usage of PHPExcel I came across a tiny library I am grown really fond of. It is called Goodby/CSV. Both tools have a very well grounded documentation to read in and understand the basics and the usage.

He describes some of the main differences between the two tools and includes some basic benchmark results comparing memory consumption and overall speed.

Link: https://blog.bitexpert.de/blog/processing-csv-files-in-a-memory-efficient-way/

PHP Town Hall Podcast: Episode 40: Return of the Ferrara

Thu, 04/23/2015 - 15:02

The PHP Town Hall podcast has posted a new episode today with the Return of the Ferrara. Hosts Ben Edmunds and Phil Sturgeon are joined once again by guest Anthony Ferrara to talk about, among other things, scalar type hints.

Regular guest Anthony Ferrara joins us "in the studio" to talk about the new version of his scalar type hints, which since recording - a f**king month ago - has been accepted for PHP 7. We thought it would be good to have a bit of a chat about the feature, the nonsense that surrounded it and a bunch of other random internals and PHP 7 related blathering.

You can catch this latest episode in a few different ways, either through the in-page audio player, by downloading the mp3 or through the video recording of the live session. If you enjoy the show, be sure to subscribe to their feed too.

Link: http://phptownhall.com/blog/2015/03/20/episode-40-ferrara-scalar-type-hints/

ServerGrove Blog: Symfony2 components overview: OptionsResolver

Thu, 04/23/2015 - 14:23

The ServerGrove blog has posted another in their spotlights on specific Symfony2 components. In this latest post they look at the OptionsResolver component.

In the 13th post of the Symfony2 components series we will be talking about one little but extremely useful component: OptionsResolver. This component helps us to reduce the boilerplate code required to create an options system with default parameters. As stated in the official docs, is array_replace on steroids.

They start with a common situation, wanting to use options from user input, but only if they exist, and otherwise provide a default. This includes the use of the array_replace function but with the OptionsResolver there's an even easier way. A simple example is included showing how to use it to define options (and throw an exception when an undefined one is set). They show how to use a closure to set defaults on a specific option with more complex logic and how to use the validation and normalization handling.

Link: http://blog.servergrove.com/2015/04/13/symfony2-components-overview-optionsresolver/

TechEmpower.com: Web Framework Benchmarks - Round 10

Wed, 04/22/2015 - 17:06

The TechEmpower.com site has posted round 10 of their PHP framework benchmarks that includes several test types and hardware configurations.

Round 10 of the Framework Benchmarks project is now available! It has been a little less than a year since the previous round and in that time, approximately 133 contributors have made 2,835 git commits. View Round 10 resultsThese contributions have improved the project's toolset and added many new framework test implementations.

Frameworks tested include Phalcon, Slim, Yii2, Fuel, Symfony2, Laravel and CodeIgniter. They've run tests on:

  • JSON serialization
  • Single queries (requests)
  • Multiple queries (requests)
  • Fortunes
  • Data updates
  • Plaintext output

If you click on each item in the tab list above the results, you'll also get a description of what each test entails. They also provide the results in multiple formats, not just in graphical form that include both latency and framework overhead. You can also read more commentary about the results in this related blog post.

Link: https://www.techempower.com/benchmarks/#section=data-r10

ServerGrove Blog: Symfony2 components overview: Filesystem

Wed, 04/22/2015 - 16:29

The ServerGrove blog has posted another in their series of Symfony2 component spotlights with a look at the Filesystem component.

The 15th post of the Symfony2 components series is focused on the Filesystem component, which provides some basic utilities to work with the filesystem. It extends PHP built-in functions such as mkdir() or copy() to make them more portable and easier to use and test.

They start by stating the common problems with working in the file system from PHP and the warnings/errors that can come with them. They show how this kind of thing can be prevented with the Filesystem component and the functionality it provides. They also list some of the other useful functions (besides mkdir and touch previous mentioned) including: chmod, rename, makePathRelative and mirror. They also briefly mention the file locking ability the component has to prevent issues with multiple services interacting with the same files.

Link: http://blog.servergrove.com/2015/04/22/symfony2-components-overview-filesystem/

Scotch.io: Build a Time Tracker with Laravel 5 and AngularJS - Part 2

Wed, 04/22/2015 - 15:38

Scotch.io has posted the second part of their series today showing you how to build a simple time tracking application with Laravel and AngularJS. In this latest part of the series he finishes the application and connect the two pieces.

This is the second of a two-part series on using Laravel 5 and AngularJS together to build a simple time tracking application. If you've gone through part 1, you'll have seen that we put together the front-end first and used a simple JSON file with some mocked-up data to test with. We left off with the ability to add new time entries and have the total time from all of them display on the side. We didn't include any way to edit or delete the time entries, and of course there was no persistence to a database. In this part we will complete the application so that the time entries get stored in a database and our Angular front-end and Laravel backend work together to create, read, update and delete from it.

He starts by helping you get a Laravel application up and running (time-tracker-2), set up the database and modify the configuration to point to the database location. He helps you run the migrations to set up the database tables and generate the related model code. Next up he shows how to inject the seed data, setting up the main index view and adding in routes for the Angular code to access. The rest of the article is just about as detailed and covers steps to:

  • View all the Available Routes
  • Return all Time Entries
  • Return All Users
  • Updating the front-end
  • Setting up the users list
  • Creating time entries
  • Updating time entries
  • Deleting time entires

Finally he wraps it all up with a few possible things that could be done to improve the application, both simple and a bit more complex. He challenges you the developer to implement those features.

Link: https://scotch.io/tutorials/build-a-time-tracker-with-laravel-5-and-angularjs-part-2

Full Stack Radio: 15: Everzet - Classicist and Mockist TDD

Wed, 04/22/2015 - 14:23

The latest episode of the Full Stack Radio podcast, episode #15, features a focus on Behat (the PHP BDD testing tool) and an interview with its creator Konstantin Kudryashov, aka everzet.

In this episode, Adam talks to Konstantin Kudryashov, creator of Behat and BDD Practice Manager at Inviqa. Konstantin and Adam talk about the schools of TDD, how to use test doubles effectively, and common challenges people face when trying to learn TDD.

They talk about several other subjects besides just BDD too including the book "Test Driven Development: By Example" and Ian Cooper's talk "TDD: Where did it all go wrong?". You can listen to this latest episode either through the in-page audio player or by grabbing the mp3. If you like the episode and want to hear more, be sure to subscribe to their feed too!

Link: http://fullstackradio.com/episodes/15/

PHP.net: PHP 5.6.8, 5.5.24 & 5.4.40 Released (Security Fixes)

Fri, 04/17/2015 - 15:38

The PHP development group has released several different versions of PHP for the 5.5.x, 5.6.x and 5.4.x series with a long list of security issues fixed in each one (fourteen in total):

The PHP development team announces the immediate availability of PHP [5.4.40, 5.6.8, 5.5.24]. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

Other items were fixed besides the security issues, so check out the Changelog to see those few other fixes. It's highly recommended that you update your installations to these latest versions. You can grab the latest either from the downloads page (source) or Windows users can go to winodws.php.net.

Link: http://php.net/archive/2015.php#id2015-04-16-3

Slim Framework Blog: Lumen

Fri, 04/17/2015 - 15:34

Josh Lockart, the lead developer and creator of the Slim framework, has responded to some questions and comments around the recently released Laravel microframework Lumen and how it relates to Slim and its own goals.

Lumen happened. It's a shiny new micro-framework from Taylor Otwell, and it joins the Laravel family today. It looks to be a pretty nice framework, and it shares many of the same features and goals as Slim 3.0. I'm sure this raises a few question about Slim's future roadmap. [...] Is there overlap between Slim and Lumen? Of course. They both have similar goals and solve similar problems. There are also differences.

He talks about some of the current work being done on version 3.0 of Slim, the PSR-7 support it offers and some of the differences between Slim and Lumen. He points out two main ones: that Slim has fewer dependencies and that it is a supporter of the PSR-7 HTTP interoperability standard. Josh talks about why you might choose Lumen over Slim and that, in the end, he welcomes alternative microframeworks and challenges the Slim community to help consistently improve Slim and its place in the community.

Link: http://www.slimframework.com/2015/04/14/lumen.html

IBM developerWorks: PHP renewed: Password security in modern PHP

Fri, 04/17/2015 - 14:53

The IBM developerWorks site has a new tutorial posted talking about how PHP has been "renewed" in recent versions, more specifically in the password security department.

When PHP was first crafted in the mid-1990s, the term web application didn't even exist yet. Password protection, then, wasn't one of the features that the PHP creators devoted resources to. After all, you didn't need to worry about passwords when you used PHP just to put a site-visit counter or a date-modified stamp on your web page. But 20 years have passed, and now it's almost unthinkable to create a web application that doesn't involve password-protected user accounts. It's of the utmost importance that PHP programmers safeguard account passwords by using the latest and most secure methods.

The article goes on to talk about the importance of using secure hashing methods for password storage, the speed at which "cracking" programs can run and the use of "rainbow tables". It then gets into some of the older methods commonly used for password storage and protection and shows how to refactor them into the new password hashing functionality introduced in PHP 5.5.

Link: http://www.ibm.com/developerworks/web/library/wa-php-renewed_2/index.html