- Anna Filina: Common PHP Mistakes
- php[architect]: Sending HTML Emails with Drupal 7, Webform, and Mandrill
- SitePoint PHP Blog: Social Network Authentication: Twitter and Facebook
- NetTuts.com: Best Practices When Working With Sensitive Data: Securing Your Application
- Phil Sturgeon: Send PSR-0 to the Standards Farm in the Sky
Her list of seven touches on topics like caching, allowing SQL injection, disabling error reporting and ignoring accessibility. She also includes some configuration settings, code and links to other tools/resources to help provide information on preventing these other mistakes.Link: http://afilina.com/common-php-mistakes/
The tutorial comes in four different sections, each with plenty of description and some code to make it happen:
- Set up your site to send email
- Allow outgoing email to use HTML
- Formatting Outgoing Email
- Send Webform Submission as HTML Emails
The SitePoint PHP blog continues their series of tutorials showing how to authentication your users against various social networks. In the previous post they covered connecting to Google+ and in this latest post they move on to two other popular social networks: Facebook and Twitter.In the previous parts of this series, we created our initial interfaces, set up our Google+ login functionality and talked about how we can merge our accounts together. In this article, we will integrate Twitter and Facebook within our application. You will see a lot of similarities with the Google+ article, so if you could follow that one easily, you won't have much trouble with this one. If you haven't read that article yet, I suggest you read it first before continuing this article.
He starts off with the Twitter authentication, creating a new "SocialLogin" object type for it and defining the three required properties it needs to connect. Code is included to make the OAuth connection, pass along the callback URL and forward on the user to the Twitter site for approval. Code is also included to store the data about the Twitter user in your application. Next up is Facebook. The connection is very similar to the others with only a slight difference in the data that's required. You can find the full code for the tutorial so far in this Github repository.Link: http://www.sitepoint.com/social-network-authentication-twitter-facebook/
The NetTuts.com site has a new tutorial posted today sharing some tips about working with sensitive data in your applications and steps to secure it.In my previous article, I showed you how to protect your server from attacks and malicious software. This part will focus completely on the third layer of security - your application itself. So here, I will show you techniques that you can use to protect your application from attacks and intrusions.
There's three main topics covered here, each with a few subpoints and some code examples:
- Using a Database
- Use a Salt When Hashing
- POSIX: Drop Privileges When You Don't Need Them
In his latest post Phil Sturgeon makes a request of the PHP community - to "send PSR-0 to to Standards Farm in the Sky". Or, to put it another way, deprecate it in favor of the more recent autoloader handling of PSR-4.This article attempts to convince you that deprecating the PSR-0 auto-loading standard in favor of the PSR-4 auto-loading standard is not only a good idea, but a problemless wonderland of happy benefits, in the hope that when I try to get this done on the FIG mailing list, people will be happy about it instead of sad or rage-mode. [...] I believe it was talked about as an alternative at the time because we knew that the PHP community would drop their collective bricks if we tried to pull PSR-0 out from under them, right as they were just slowly getting used to using it.
He covers a few different topics and his opinions on each including the "hate" for PSR-0 (for wanting to get rid of it) and why it should even be considered for deprecation in the first place. He also reminds readers that he's advocating the deprecation of PSR-0, not the removal of it as a standard. It can still exist and be used but it will no longer be the "moving forward" method of autoloading (in favor of PSR-4). He also comments on the large user base out there on PHP <=5.2 that wouldn't be able to make the update to PSR-4 and a suggestion to projects wanting to encourage the migration.Link: http://philsturgeon.uk/blog/2014/07/deprecate-psr0
- justimmo/php-sdk (1.0.6)
PHP-SDK for the JUSTIMMO API
- econic/mobilant (0.2.0)
Utility class for the mobilant sms service
- jeremykendall/php-domain-parser (1.4.1)
Public Suffix List based URL parsing implemented in PHP.
- wegnermedia/presenter (0.1.0)
- ebussola/adwords-reports (1.2.3)
- endroid/symfony-application (1.6.11)
Endroid Symfony Application
- konstantin-kuklin/assetic-static-gzip-bundle (1.0.2, 1.0.1, 1.0.0)
Provide static gzip compression for css,js files via AsseticBundle
- byscripts/static-entity (2.1.1)
Provide some kind of static entities
- t1st3/t1st3-assets (0.15.3)
Assets used for T1st3's projects
- zoopcommerce/gateway-module (2.0.0)
Zend Framework 2 module that extends zoop's Shard Module with authentication services
- theantichris/simple-plugin-framework (v3.0.0)
A simple framework for creating WordPress plugins.
- zoopcommerce/gomi-module (2.0.0)
Zend Framework 2 Module that provides user management for zoop's Shard
- techdivision/rewritemodule (0.6.1)
A simple rewrite module for PHP based web servers.
- anh/content-block-bundle (v0.1.5, v0.1.4)
Content block bundle
- c33s/menu-bundle (v0.9.14)
routing-based menu system for symfony2
- happyr/google-analytics-bundle (3.0.1)
The Google Analytics Bundle lets you send data (like event tracking) to Google.
- imsamurai/cakephp-google-chart (1.0.0)
Helps draw google charts
- zoopcommerce/shard-module (4.0.0)
Zend Framework 2 Module for Shard
- spiffy/spiffy-application (1.0.0-alpha)
SpiffyApplication is an application built using SpiffyFramework.
- kohkimakimoto/earray (v2.0.0)
EArray is a small PHP class to provide convenient ways to access a PHP Array.
- zoopcommerce/shard (5.0.0)
Add new behaviours to Doctrine Mongo ODM Documents
- anh/tied-content-bundle (v2.0.0)
Tied content bundle
- sergeylukin/multisort-php (0.1.0)
Sort n-dimensional arrays
- netzmacht/contao-form-helper (0.2.1)
Library for supporting customized Contao form rendering
- ideea/async-event-dispatcher (v1.0)
Async send/receive events
- data-dog/php-ga (v1.2.1)
- earlhickey/pg-mailchimp (1.0)
ZF2 module for MailChimp 2.0 API
- figo/figo (1.1.3)
API wrapper for figo Connect.
- zhuravljov/yii2-debug (v1.3)
Yii debug toolbar
- jandrabek/nette-mailpanel (3.2)
MailPanel is extension for Nette Framework which captures sent e-mails in development mode and shows them from debugger bar.
- graham-campbell/navigation (v0.4.0-alpha)
Navigation Is A Navigation Bar Generator For Laravel 4.2+
- ruudk/payment-multisafepay-bundle (1.0.5)
A Symfony2 Bundle that provides access to the MultiSafepay API. Based on JMSPaymentCoreBundle.
- esteit/catalol-api-client (1.3.0)
- ruudk/payment-mollie-bundle (3.0.1)
A Symfony2 Bundle that provides access to the Mollie API. Based on JMSPaymentCoreBundle.
- payum/payum-yii-extension (0.9.1)
Rich payment solutions for Yii framework. Paypal, payex, authorize.net, be2bill, omnipay, recurring paymens, instant notifications and many more
- data-dog/php-nsq (0.1.0)
NSQ publisher for PHP
- ministryofjustice/opg-core-public-domain-model (0.21.3)
Domain model for the OPG Core project
There's a good conversation happening over on Reddit today about what constitutes the "PHP community" and how it can be defined. JordanLeDoux wonders if those who just write PHP are included in that group as well.One conversation was with a dev who hates PHP because (mostly) they work with code that was written by some non-PHP dev who was asked to write it. The other was with /u/krakjoe from the PHP internals team, where I was commenting on a sentiment that sometimes finds its way into the internals mailing list: if you want a real programming language, then go use one. In both cases, I made the assertion that most people who utilize PHP or edit a script aren't actually part of the PHP community. [...] How can someone that is functionally isolated from any other person working in PHP be part of the PHP community?
Responses to the post are, for the most part, encouraging suggesting that
- There's not a single "PHP community" but many smaller ones
- sub-communitiies can revolve around technology or a product
- The different definitions of community
- The broad range of skills that "PHP developers" are known to have
Check out the full post for more opinions and share your own!Link: http://www.reddit.com/r/PHP/comments/2ayxkg/what_constitutes_the_php_community/
Lorna Mitchell has a quick post to her site today showing you how to link up Travis-CI and phing to execute the phing build on the Travis-CI service.We've started using Travis CI on one of my projects to run some build processes to check that everything looks good before we merge/deploy code. One thing I ran into quite quickly was that I wanted to install phing in order to use the build scripts we already have and use elsewhere, but that it isn't provided by default by Travis CI.
To get it all cooperating, she uses the "before_install" settings/functionality Travis provides to use PEAR to discover and install phing. Then in the "script" section, the build can call the phing executable without problems. She does point out one "magic" kind of thing that rehashes the Travis environment and lets to know phing exists: the...well..."rehash" configuration setting.Link: http://www.lornajane.net/posts/2014/using-phing-with-travis-ci
He goes on and tries to answer the question a bit better, pointing out that "it's a problem for everyone" isn't really good enough to take action on. He works through the different pieces of the ADR pattern, trying to reason out where the right fit is. He suggests a "first filter" on the Controller level, more specifically at the Router level. That's not to say that the Router needs to know about content handling, but it does need to know how to pass that information on.Link: http://paul-m-jones.com/archives/6020
The 7PHP.com site has a new community spotlight posted today, focusing in on Michelangelo van Dam and providing his "VIP profile" (links to information about him).
Links for Michelangolo include:
- His own 7PHP interview
- His thoughts on PHPWomen
- His comments about unconferences
- His blog, Twitter and business links.
There's also several quotes included in the post about Michelangelo from other members of the community.Link: http://7php.com/michelangelo-van-dam/
- Community News: Packagist Latest Releases for 07.13.2014
- SitePoint PHP Blog: Paginating Real-Time Data with Cursor Based Pagination
- PEAR Blog: PEAR 1.9.5 is out
- Community News: Latest PEAR Releases for 07.14.2014
- Engine Yard Blog: Celebrating 10 Years of PHP 5.0.0
- Community News: Latest PECL Releases for 07.15.2014
- Symfony Blog: Improving REST in Symfony
- Community News: Recent posts from PHP Quickfix
- Matthias Noback: The PHP testing experience: Interview by Fernando Arconada
- 7PHP.com: Magento Certifications Tips & Tricks From Magento Certified Engineer Phillip Jackson
On the Toptal blog Ilya Sanosyan has a post sharing what he sees as the top ten most common mistakes PHP developers make on a day to day basis. While most of the tips are code-specific there are one or two that are a bit more abstract.PHP makes it relatively easy to build a web-based system, which is much of the reason for its popularity. But its ease of use notwithstanding, PHP has evolved into quite a sophisticated language, with many nuances and subtleties that can bite developers, leading to hours of hair-pulling debugging. This article highlights ten of the more common mistakes that PHP developers need to beware of.
Among the items on his list are things like:
- Leaving dangling array references after foreach loops
- Confusion about returning by reference vs. by value
- Memory usage headfakes and inefficiencies
- Assuming $_POST will always contain your POST data
- Thinking that PHP supports a character data type
Each of the items comes with a good description, some code and suggestions on how to avoid and/or fix it in your applications.Link: http://www.toptal.com/php/10-most-common-mistakes-php-programmers-make
The SitePoint PHP blog recently posted a new tutorial helping you get up and running with FluentPDO, a small PHP library that makes building queries easier and faster. In the tutorial Francesco Malatesta introduces you to the tool and creates a test project to show it in use.You know the story: writing SQL queries is so boring. Especially when you don't have time to do it. If you feel like me, today we are going to see something really cool: Fluent PDO. [...] The result? No more SQL queries. Maybe this is not the first one you have seen: there are many similar projects out there and every single one has its key features. Fluent's key feature is a great JOIN Query Builder.
His test project links a "wishlist" listing with a users table based on a "user_id" field. He includes the SQL to create the two tables and helps you get the library installed (via Composer). He shows some basic select operations using the fluent interface including where clauses, order by and group by handling. He also covers some basic examples of the other CRUD operations (create, read, update, delete) before getting into one of the more advanced features: the join query builder. Finally, he wraps up the post with a brief look at the query debugger, making it a bit simpler to tell where the failures might lie.Link: http://www.sitepoint.com/getting-started-fluentpdo/
The Qandidate.com blog has a new post today looking at fault tolerant programming in PHP applications. Essentially, this means writing your code so that error conditions are handled gracefully and with as little impact as possible.In your application, every time you call an "external" service you are vulnerable to the failure in that service. That either might be a third party API being down, your database being unresponsive or unexpected errors from the 3rd party library you are using. With many developers and companies being interested in composing applications out of microservices at the moment, guarding for failures because of broken dependencies gets even more important.
They describe a situation where data is coming from an external source (an inventory service) and a timeout or connection failure occurs. They propose a sort of "circuit breaker" to be put in place to protect the application, fail fast on error and maybe even retry until the request is successful. They also point out a library from oDesk, Phystrix, that allows for fault tolerant execution through a wrapper that traps errors and deals with them instead of just breaking. This is the first part of a series, so in part two they'll show the library in use along with the React HTTP client.Link: http://labs.qandidate.com/blog/2014/07/14/fault-tolerant-programming-in-php/
There's been an RFC that's recently made it through the voting process and was approved for inclusion in PHP6, the uniform variable syntax handling. When these changes are put into effect, some of the odd syntax you had to use for things like variable variables will be cleared up and standardized. However, Derick Rethans stood out as the only "no" vote, here's why...As you might have heard, PHP developers voted on an RFC called "Uniform Variable Syntax". This RFC "proposes the introduction of an internally consistent and complete variable syntax". In general, this RFC argues for making PHP's parser more complete for all sorts of variable dereferences. [...] Thirty people voted for, and one against: Me. Does that mean that I am against a unified variable syntax? No, I am not. I am actually quite a fan of having a consistent language, but we need to be careful when this hits existing users.
He points out that there's known backwards compatibility breaks in the changes and this breaks the semantics of the language. While the BC breaks are understood, Derick suggests that this is one of the worst changes a language can make: "...and this is exactly why people whine that PHP breaks BC and does not care about its users".Link: http://derickrethans.nl/uniform-variable-syntax.html
- Community News: "Laravel: From Apprentice To Artisan" Book Release
- CoderWall.com: Scale PHP on Ec2 to 30,000 Concurrent Users / Server
- EllisLab.com: EllisLab Seeking New Owner for CodeIgniter
- James Morris: PHPUnit Mocking and Method Chaining
- Community News: Latest Releases from PHPClasses.org
- MaltBlue.com: Basic CSV Output in Zend Framework 2
- PHPMaster.com: What's New in PHP 5.5
- Lingohub.com: PHP internationalization with gettext tutorial
- Phil Sturgeon: Building a Decent API
- Community News: Latest PECL Releases for 07.16.2013
- Gonzalo Ayuso: Bundles in Silex using Stack
- Brandon Savage: Using objects doesn't make an application object oriented
- Federico Cargnelutti: API Development Tips
- Jordi Boggiano: Composer: Installing require-dev by default
- PHP.net: PHP 5.5.1 Released
The SitePoint PHP blog continues their series looking at authenticating your application against other social networking services with this new post discussing the merging of accounts. This merging allows you to determine if the same user is using more than one account to log into your system.If you allow users to sign up through different social networks and perhaps your own registration system, there is a good chance some users will have multiple accounts. How annoying can it be for a user who signed up through Facebook earlier, to come back later and log in through Twitter because he thought he used that one? We can prevent this by letting the user merge manually or try to use an automatic system to try and identify duplicated users.
He tracks the information about the users in two different database tables, one for the user themselves and another representing that user's provider (the social network). He gives an overview of two methods you could use for merging these accounts: either doing it manually by suggesting it to the user or trying to do it automatically based on the data you already have.Link: http://www.sitepoint.com/social-network-authentication-merging-accounts/
On the Engine Yard blog Davey Shafik has a new post celebrating ten years of PHP 5 as of July 13th, 2014:Ten years ago yesterday on July 13th 2004, PHP 5.0.0 was unleashed onto the world. Bringing with it the Zend Engine 2, effectively a brand new PHP. [...] The truth is that until PHP 5, PHP was a mostly procedural language, while it supported classes and objects, they were a bolt-on feature. This history is still visible in the majority of its default feature set even today - including some of its newest additions like the new password hashing API.
He talks about the evolution of PHP even since version 5.0.0 and how other technologies, like Ruby on Rails, has influenced the language and its developers towards greater things. He shares his answers to a few questions including:
What is the most significant change to PHP in the last 10 years?
- What's the biggest change in the community in the last 10 years?
- What's the most pressing issue for PHP?
- What would you like to see in the next major version?
He also includes an infographic of the timeline that lead up to the PHP 5.0.0 release and the advancements since then. There's even a look at the "Future of PHP" with some emerging technologies and what might lie in store for "PHP 6" (whatever that may end up being).Link: https://blog.engineyard.com/2014/php-5-10th-anniversary
Hari KT has a new post to his site today about a book he's been working around around the Aura framework that provides the missing manual for v2 of the project. He's publishing it as a book over on Leanpub too, so it's easy to grab...and for free too.Aura has an awesome collection of libraries for different purpose. [...] If you are new to aura, there is probably something you may want to figure out yourself. Some of the components have version 1 and version 2 releases. There is a question of which branch corresponds to which version. [...] But people new to aura may be having hard time to find the specific documentation or may be stuck sometime. [...] I was talking with Paul M Jones regarding the documentation lately, and he too shared some concerns. Talking with him gave me some inspiration to start the missing manual for the aura framework.
The goal of the book it to provide a good resource for people to learn about the framework/components and their use and to help promote Aura. The book is available for free either on Github or Leanpub (or, to help support Hari and the project consider purchasing a copy).Link: http://harikt.com/blog/2014/07/15/aura-framework-v2-the-missing-manual/