PHPDeveloper.org

SitePoint PHP Blog: Can Great Apps Be Written in PHP - An Interview Series

Tue, 04/15/2014 - 19:05

Matthew Setter has started off a series of posts on the SitePoint PHP blog with the first post interviewing community members to answer one main question, "can great apps be written in PHP?"

I read an old post, circa 2010, on the MailChimp blog a little while ago, about their experience using PHP. It struck a chord with me, because the sentiments they shared I've felt myself, and heard echoed many times over the years. [...] Despite its successes, or people's successes with it (a la Facebook, MailChimp, Hailo, Google, and others), it's inferred we should use languages which had their foundations as pure languages; not ones which came to be a language, as PHP evolved into over time.

He references some of the other comments in the Mailchimp article about their experience with the language along with mentions of a few others. He wonders if these negative comments are true and, to get some answers, searches out other developers and their opinions. In this first interview he talks with Bobby Deveaux about his background in the language, what he'd like to see added and more.

Link: http://www.sitepoint.com/can-great-apps-written-php-interview-series

Master Zend Framework: Howto Use Constructor Injection In ZF2

Tue, 04/15/2014 - 18:50

The Master Zend Framework site has a new tutorial posted today introducing you to constructor injection in Zend Framework 2 applications, specifically in controller classes.

s it right to use setter injection? Or is it evil, to be avoided at all costs, for the explicitness of constructor injection? In today's post, we explore that and how to implement constructor injection in ZF2 controller classes. Recently on Master Zend Framework, I wrote about using Setter Injection in Zend Framework 2, to supply dependencies to Controller classes.

He talks about the "magic" that can come with frameworks and how constructor injection of the ServiceManager can help clarify and remove some of the problems associated with "magic". He walks you through three steps to getting the ServiceManager injected into the classes:

  • Implement a Class Constructor
  • Initialise your controllers via FactoryInterface
  • Use factories Instead of invokables

He also points out a few benefits to this method of injection, including that it makes the controllers easier to test and the main goal - lack of "magic" in dependencies.

Link: http://www.masterzendframework.com/tutorial/howto-constructor-injection-in-zf2

NetTuts.com: How to Use New Relic With PHP & WordPress

Tue, 04/15/2014 - 17:43

The NetTuts.com Code blog has posted the second part of their series showing how to use the New Relic monitoring service in various kinds of web applications. In the previous article they looked at using it in a Ruby application, but in this new post it's all about PHP.

Today, we will look at how to monitor a PHP application using New Relic. More specifically, we will set up a basic WordPress installation and get some performance data about it, in the New Relic dashboards. [...] With the PHP version of the agent, the environment is a lot more important, as the agent is installed and lives on the box where the application will be deployed, rather than being part of any particular app.

They use an EC2 instance for their example, but the steps can be applied on other systems. They help you get the needed software installed, validate they're correctly configured and do a basic setup of WordPress. Next up is the steps to install the New Relic "newrelic-php5" software and get it fully installed. They also include the updates you'll need to make to your Apache configuration to configure the New Relic instance and how to keep the agent up to date.

Link: http://code.tutsplus.com/tutorials/how-to-use-new-relic-with-php-wordpress--cms-20465

InfoTuts.com: Create Login With Google Plus in Your Website With PHP

Tue, 04/15/2014 - 16:20

On the InfoTuts.com site they've posted a tutorial showing you how to make a "Log in with Google" button for your application and make it work with a little PHP magic on the backend.

So you want to allow users to login into your website using their gmail credentials? You have seen various websites that allow their users to login in their websites using gmail, facebook, linked in, Microsoft, git hub credentials. It's time to integrate it in your website. We will cover all the login system in our posts one by one and this one is dedicated to create Google Plus login for your website with PHP using OAuth2. Google offers many APIs like Google Maps, translate API, Analytics ApI etc. Today we will use its Google Plus API so lets proceed with our tutorial.

They break the process down into about five steps:

  • Login to Google API Console. Go to APIs and you will have to turn on Google Plus API.
  • Go to APIs and Auth and then under credentials tab. Click on create new client ID as shown below.
  • Now when you will have to enter your website path and the file path (redirect URI) to get your new client ID.
  • Now you have to set Consent screen.
  • In consent screen if you have entered Google Plus page path then you will have to approve connection.

The code for the actual connection is in the last step. It uses Google's PHP client libraries to configure and make the request, fetch the access token and grab the Google+ user's data.

Link: http://www.infotuts.com/login-with-google-plus-in-your-website-php

Zumba Engineering Blog: Enforce code standards with composer, git hooks, and phpcs

Tue, 04/15/2014 - 15:13

The Zumba Engineering blog has a new post looking at a way you can control code quality and standards with the help of Composer, git hooks and the PHP Code Sniffer (phpcs) tools.

Maintaining code quality on projects where there are many developers contributing is a tough assignment. How many times have you tried to contribute to an open-source project only to find the maintainer rejecting your pull request on the grounds of some invisible coding standard? [...] Luckily there are tools that can assist maintainers. In this post, I'll be going over how to use composer, git hooks, and phpcs to enforce code quality rules.

These three technologies are combined together to make a more seamless experience for the developer while keeping the code quality high. Their method makes use of the "scripts" (post-install-cmd) feature of Composer to, after the installation of all packages, set up a git hook script that will run the phpcs checks on pre-commit. It's a pretty simple shell script that kicks back any errors it might find before the user can commit their changes.

Link: http://engineering.zumba.com/2014/04/14/control-code-quality

Community News: Packagist Latest Releases for 04.15.2014

Tue, 04/15/2014 - 14:05
Recent releases from the Packagist:

Community News: Latest PECL Releases for 04.15.2014

Tue, 04/15/2014 - 13:02
Latest PECL Releases:
  • protocolbuffers 0.2.6 Bumped up to 0.2.6 * fixed several compile warnings (thanks remi) [fixes] * (ExtensionRegistry) initialize class entry member when reallocating scheme.

  • amqp 1.4.0 1.4.0 Release: * Fix #72: Publishing to an exchange with an empty name is valid and should not throw an exception (lstrojny) * Fix #77: AMQPQueue::delete() now no longer returns a boolean, but an integer of how many messages were deleted. WARNING: this can potentially break BC (Bogdan Padalko) * Fix #75: adhering to the AMQP spec by closing channel and sometimes even the connection in case of certain errors (Bogdan Padalko) * Fix #81: Add optional arguments parameter to bind()/unbind() (Michael Squires) * Fix #82: additional getters (getChannel(), getConnection()) (Bogdan Padalko) * Fix #92: fix various memory leaks in the AMQPConnection class (Lars Strojny) * Using amqp_error_string2() instead of deprecated amqp_error_string() (Lars Strojny) * Fix memory leaks in setHost, setLogin, setPassword, setVhost (Lars Strojny, Bogdan Padalko) * Fixed a memleak in php_amqp_connect (Julien Pauli) * Use rabbitmq-c defaults for max channels and default frame size (Bogdan Padalko) * Fix socket timeout error when connecting over high-latency network (Bogdan Padalko) For a complete list of changes see: https://github.com/pdezwart/php-amqp/compare/v1.3.0...v1.4.0 1.3.0 Release: * Allow retrieving auto-delete exchanges (Guilherme Blanco) * Add connection timeout support. This requires bumping the version requirement for librabbitmq to >= 0.4.1 (Bogdan Padalko) For a complete list of changes see: https://github.com/pdezwart/php-amqp/compare/v1.2.0...v1.3.0 1.2.0 Release: * New methods AMQPChannel::getPrefetchCount() and AMQPChannel::getPrefetchSize() * Deprecate AMQPQueue::declare() in favor of AMQPQueue::declareQueue() * Deprecate AMQPExchange::declare() in favor of AMQPExchange::declareExchange() * Smaller fixes to our stubs For a complete list of changes see: https://github.com/pdezwart/php-amqp/compare/v1.0.10...v1.2.0 1.0.10 Release: * report correct version in module info (Lars Strojny) * fix class interface definitions (Vladimir Kartaviy) * add ability to bind a queue with an empty routing key (Vladimir Kartaviy) * fix constant AMQP_IFUNUSED (Florin Patan, Bernhard Weisshuhn) * added stubs for ide use (Vladimir Kartaviy, Bernhard Weisshuhn) * Fixed memory leak in queue->declareQueue (Ilya a.k.a. coodix) * support for php 5.5 (Lars Strojny) * add support for read and write timeouts (Bogdan Padalko) * fix memory leak in queue->consume (Dmitry Vinogradov) * add support for custom exchange types (empi89) * support for nested custom headers (Bernhard Weisshuhn) * fix memory (Bernhard Weisshuhn) For a complete list of changes see: https://github.com/pdezwart/php-amqp/compare/v1.0.9...v1.0.10 1.0.9 Release: * Fix pecl relase 1.0.8 Release: * Skip var_dump test on PHP 5.2 * Initialize consumer tag string length to zero * Support connection time outs * Adding consumer_tag parameter to AMQPQueue::cancel * Clean up error code handling 1.0.6 Release: * 62354: Segmentation fault when printing or dumping an object that contains an AMQP object * Adding in missing tests * Fixing release number in PHP information * Adding .gitignore info for Git users * Cleaning up debug handling 1.0.5 Release: * 62696: Incorrect exchange type * Handles server connections being closed during consume and publish correctly * 62628: Exception thrown in consume will lock PHP * 61533: Segmentation fault when instantiating channel, queue or exchange with wrong object, then using it 1.0.4 Release: * 62549: Fixing broken persistent connection * 62412: Fixing segfault due to destruction order * 62411: Fixing declaration overload bug * 62410: Fixing declaration overload for 5.4 * 61337: Adding License file * 61749: Fixing handling for binary content in envelope * 62087: Adding appropriate version information * 62354: Enabling debugging dumping of objects * 61351: Updating min PHP version requirements to 5.2.0 1.0.3 Release: * Fixing compilation issue with PHP 5.4 1.0.2 Release: Fixed bug: * Memory leak when using AMQPQueue::get from a queue with no messages 1.0.1 Release: Fixed bug: * 61247: Allow queue creation with empty queue name, and return auto generated name * 61127: Segmentation fault when cleaning up an AMQPChannel without calling AMQPConnection::connect first 1.0.0 Release: Changed/finalized API signature: * Exposing AMQPChannel * Exposing AMQPEnvelope * Exposing more queue and exchange arguments and flags * Exposing basic.qos Added persistent connections Cleaned up codebase Fixed memory leaks and segmentation faults 0.3.1 Release: Fixed bug: * 24323: Cannot get the name for auto-named reply-to queues 0.3.0 Release: Fixed memory leaks in many functions (courtesy Jonathan Tansavatdi and Andy Wick) Fixed consume method to return proper values Cleaned up variable usage Fixed bugs: * 22638: Unexpected exit code 1 with AMQPQueue::consume() * 22698: AMQPQueue::consume 0.2.2 Release: Made extension compatible with PHP lt 5.3 (courtesy John Skopis) Fixed wrong typing of message properties (courtesy John Skopis) 0.2.1 Release: Fixed refcount decrementing bug causing segfaults. 0.2.0 Release: Works with AMQP 0-8 and 0-9-1 (used by RabbitMQ 2.*) Modified AMQPConnection object: * Requires call to 'connect' method to connect (no longer connects on instantiation) * Added support for disconnect and reconnect * Added helper setters for port, host, vhost, login and password Improved consume method to block for MIN messages, and try to get MAX messages if available Fixed zval descoping bugs Fixed bugs: * 17809: Couldn't compile pecl extension under PHP 5.3 * 17831: Segmentation fault when the exchange doesn't exists * 19707: AMQPQueue::get() doesn't return the message * 19840: Connection Exception

  • protocolbuffers 0.2.5 Bumped up to 0.2.5. [bug fix] * (jsonSerialize) fix memory size problem on CentOS 64bit box.

  • protocolbuffers 0.2.4 Bumped up to 0.2.4 [bug fix] * don't implement jsonSerialize twice.

  • protocolbuffers 0.2.3 Bumped up to 0.2.3 [added] * supported jsonSerializable interface * added ProtocolBuffersEnum::toArray() method [bug fixes] * #33 Message::append on a repeated field causes segfault, batch assigning it throws exception * fixed refcounting problem

  • jsonc 1.3.5 - libjson-c CVE-2013-6371: hash collision denial of service - libjson-c CVE-2013-6370: buffer overflow if size_t is larger than int

  • swoole 1.6.12 - Added connection out_buffer - Added async file read/write - Added async dns lookup - Added long tcp connection - Added client timer - Added swoole_server->sendfile - Added signalfd usage - Fixed some bugs

PHP.net: PHP 5.6.0beta1 released

Mon, 04/14/2014 - 17:52

As is mentioned on the main PHP.net site, the release of the first beta of the PHP 5.6.0 series has been released (PHP 5.6.0beta1). This is only a preview release and should not be used in production.

The PHP development team announces the immediate availability of PHP 5.6.0beta1. This release adds new features and fixes bugs and marks the feature freeze for the PHP 5.6.0 release. All users of PHP are encouraged to test this version carefully, and report any bugs in the bug tracking system.

Among the new features coming in PHP 5.6.0 are things like the addition of a fread method on the SplFileObject, an update to the DateTimeImmutable class, support for marks to the PCRE extension and support for asynchronous connections and queries to the Pgsql extension. If you'd like to test out this latest beta release on your systems, you can download it from the PHP QA site (or the Windows QA site if you're so inclined).

Link: http://php.net/index.php#id2014-04-11-1

SitePoint PHP Blog: Getting Started with Assetic

Mon, 04/14/2014 - 16:37

The SitePoint PHP blog has a new post from Lukas White today looking at the Assetic asset management library and how you can get started using it in your application.

There was a time when asset management meant little more than inserting a <link> tag or two and a couple of <script> tags into your HTML. Nowadays, though, that approach just won't cut it. There's performance, for one thing. [...] Also, as client-side applications have become more and more sophisticated, managing dependencies amongst scripts and libraries has become increasingly complex. Furthermore, technologies such as Less, Compass and Coffeescript require assets to be compiled, adding yet another step to the process of managing assets. In this article I'm going to look at a PHP package called Assetic which helps manage, compile and optimize assets such as scripts, stylesheets and images.

He briefly discusses asset management first, just to get everyone on the same page as far as what "assets" are and some considerations about their use. Next is an introduction to the Assetic library itself and the install/usage of a simple "AssetCollection" object. He also shows how to add assets to the object and how to configure compression and generation of the files (like with LESS). He also shows how to use the AssetManager and FilterManager object types along with the AssetFactory handler. Finally, he talks about some of the sample output and caching the tool can do with file-based cache handling.

Link: http://www.sitepoint.com/getting-started-assetic

Allan MacGregor: Working with Psysh

Mon, 04/14/2014 - 15:24

Allan MacGregor introduces you to Psych in his latest post today. Psysh is a runtime developer console, interactive debugger and REPL for PHP.

Psysh is actually more than a simple REPL it's also an interactive debugger; which means you can say goodbye to the endless barrage of var_dump() and die() statements. But do we really need another REPL for PHP, well honestly we could probably get by with the solutions currently available however Psysh has an extremely interesting Ace under the sleeve, it can also function as a realtime debugger.

He includes a few terminalcasts showing some of the commands Psysh offers from the expected output of variable value out to a handy link to the PHP documentation. An example of the useful object output is also included, enabling the showing of methods and properties.

Link: http://coderoncode.com/2014/04/03/working-with-psysh.html

Community News: Packagist Latest Releases for 04.14.2014

Mon, 04/14/2014 - 14:09
Recent releases from the Packagist:

Community News: Packagist Latest Releases for 04.13.2014

Sun, 04/13/2014 - 14:00
Recent releases from the Packagist:

Community News: Packagist Latest Releases for 04.12.2014

Sat, 04/12/2014 - 14:01
Recent releases from the Packagist:

Matthias Noback: There's no such thing as an optional dependency

Fri, 04/11/2014 - 17:19

In his latest post Matthias Noback suggests the idea that there's no such thing as an optional dependency when it comes to working with packages and Composer.

On several occasions I have tried to explain my opinion about "optional dependencies" (also known as "suggested dependencies" or "dev requirements") and I'm doing it again: "There's no such thing as an optional dependency." I'm talking about PHP packages here and specifically those defined by a composer.json file.

So that everyone's on the same page, he starts with an example of a true dependency in a sample adapter class. He asks the usual question - "what's needed to run this code?" - and looking a bit deeper at the "suggested" packages. As it turns out, some of these dependencies turn into actual requirements when you need certain features of the tool. He points out that this is a problem with quite a few packages in the Composer ecosystem and proposes a solution - splitting packages based on requirements. He gives an example based on his adapter with a Mongo requirement split off into a "knplabs/gaufrette-mongo-gridfs" package that's more descriptive of the requirements.

Link: http://php-and-symfony.matthiasnoback.nl/2014/04/theres-no-such-thing-as-an-optional-dependency/

SitePoint PHP Blog: How to Speed Up Your App's API Consumption

Fri, 04/11/2014 - 16:51

The SitePoint PHP blog has some advice posted today from Jacek Barecki about how you can speed up your use of other APIs with a few performance increasing tips.

In the process of creating a PHP application you may come to a point when keeping it isolated from remote resources or services may become a barrier in its development. To move along with the project you may employ different API services to fetch remote data, connect with user accounts on other websites or transform resources shared by your application. [...] But using APIs in an incorrect way can quickly lead to performance issues and lengthen the execution time of your script. If you're looking for a way to avoid it, consider implementing some of the solutions described in the article.

He recommends four things you can think about doing to help make the most effective use of these services:

  • Make multiple requests at a time
  • Separate API calls from the app main flow
  • Build a smart cache engine
  • Master the API documentation
Link: http://www.sitepoint.com/speed-apps-api-consumption/

HHVM Blog: Hack Developer Day 2014: Keep Hacking

Fri, 04/11/2014 - 15:40

On the Facebook HHVM blog today there's a post about the Hack Developer Day they recently held in Menlo Park. The event brought in developers for a day of presentations from the Hack/HHVM engineers.

150+ Members of the PHP and developer community came to Facebook headquarters and joined over 2000 people online for presentations by the engineers of Hack and HHVM. Afterwards we held a five hour hackathon, where the attendees worked with those engineers to write Hack code, either by converting current codebases or writing new code from scratch.

For those that weren't able to attend or are interested in catching up on what was presented, they've posted videos of all of the sessions in a YouTube playlist as well as PDFs of all the slides. If you want the short version of what was presented, there's a quick list in the post or you can read a recap on the Facebook Engineering blog.

Link: http://hhvm.com/blog/4685/hack-developer-day-2014-keep-hacking

Edd Mann: Securing Sessions in PHP

Wed, 04/09/2014 - 18:14

In his most recent post Edd Mann shows you how to secure your session in PHP applications via a custom SessionHandler class and a bit of encryption. For those interested in the full code right away, check out this gist over on Github.

Following on from my previous post on Self-signed SSL certificates, I would now like to address the second most common Web application vulnerability (Broken Authentication and Session Management). When delving into the subject I was unable to find a definitive resource for an PHP implementation. Due to this, I set out to combine all the best practice I could find into a single Session handler, to help protect against the common attack vectors. Since PHP 5.4, you are able to set the Session handler based on a class instance that extends the default 'SessionHandler' class.

He walks through the code talking about some of the functionality it offers, how it encrypts the data and integrates expiration and validation (fingerprinting). There's also an interesting set of methods (get and set) to access values in the current session. One thing to note, this example is only for PHP 5.4 and above as it makes use of the newer SessionHandler interface.

Link: http://eddmann.com/posts/securing-sessions-in-php

PHPClasses.org: Did You Mean Advanced Email Validation in PHP

Wed, 04/09/2014 - 17:50

In this most recent post to the PHPClasses.org blog Manuel Lemos talks about invalid email addresses and shows the use of this package to evaluate them.

When you take users' email addresses, for instance in a site sign-up form, there are great chances that the addresses may be incorrect because of a typing mistake or it is not possible to deliver the message to the specified address for some reason. This e-mail validation package can detect and prevent that users enter incorrect addresses even before you accept them.

He starts the post with a list of six types of invalid email addresses including everything from simple typing mistakes out to temporary rejection from "gray listing". He shows how set up the class and briefly covers some of its methods and what they do. Also included is an example if it in use to validate the address. There's also a brief section at the end talking about using OAuth to work around users not wanting "yet another account" or to share their details with an untrusted application.

Link: http://www.phpclasses.org/blog/package/13/post/2-Did-You-Mean-Advanced-Email-Validation-in-PHP.html

SitePoint PHP Blog: Getting Started with PHP Extension Development via Zephir

Wed, 04/09/2014 - 16:26

The SitePoint PHP blog has posted an introductory tutorial helping you get started with extension development with Zephir, a language that aims to make extension development easy and fast.

This tutorial will explain how to create a PHP extension using a new language: Zephir, which is similar to C and Fortran. You can download the full source code from github. We've touched on the concept of Zephir before, so if you're interested in getting a broad overview, see our previous articles. Zephir can be looked at as a hybrid language that lets you write code that looks like PHP, but is then compiled to native C, meaning you can create an extension from it and come away with very efficient code.

He starts with a list of dependencies you'll need to get an extension compiled and working with Zephir including the gcc compiler and json-c. He shows you how to install Zephir from Github and update your path to make the executable available. As his example extension, he creates a tool that can calculate the result for the time-dependent Schrödinger equation (don't worry, the complete Zephir code for the extension is included in the tutorial). He includes the commands to initialize the Zephir project, code for the various classes involved and the expected output from the compilation. Finally, he includes a bit of PHP code to test out the newly built extension and its output.

Link: http://www.sitepoint.com/getting-started-php-extension-development-via-zephir/