Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Tomas Votruba:
How to Criticize like a Senior Programmer
Mar 21, 2018 @ 12:45:29

In a new tongue-in-cheek (humor) post to his site, Tomas Votruba shows you how to criticize like a senior programmer when offering feedback on code errors or architecture decisions.

As I spend most of my socials online time on Github and PHP-related discussion, I've noticed many people do so many wrong things while giving critics. I want to correct this once and for all, so I've prepared a guide for you.

His recommendations (again, the opposite of what is actually useful) include and eight step process to find a bug, never reversing your stance, repeating the same comments over and over and always telling, never asking. Following this list of "not to dos" he also includes a list of "to dos" correcting the misconceptions. This list includes:

  • asking if feedback is desired
  • determining your motivation for the feedback
  • replacing "you" with "I"

In each recommendation there's examples of phrasing and comments that give you some guidance on how you can be more effective at giving feedback on projects and code.

tagged: criticism senior programmer humor recommendation feedback motivation opinion

Link: https://www.tomasvotruba.cz/blog/2018/03/19/how-to-criticize-like-a-senior-programmer/

Symfony Blog:
Diversity initiative update
Mar 21, 2018 @ 11:18:10

On the Symfony blog they've posted an update about recent advancements in their diversity initiative. They share a few different updates, resources and changes that have been made to help improve the overall diversity of the community around this popular framework.

Updates included in the post cover:

  • Respectful Review Comments (a guide on writing them)
  • Mentorship program
  • Code of conduct and enforcement process
  • Context and Slack discussions
  • New slack channels

The post ends with a few "final words" from Lukas Kahwe Smith about another initiative that's been started to help improve the representation from specific groups in the Symfony community and ecosystem.

tagged: symfony diversity initiative lukassmith review comments mentorship codeofconduct slack

Link: http://symfony.com/blog/diversity-initiative-update

Domain-Driven Design - Alternative Relational Database Mapping
Mar 21, 2018 @ 10:37:16

The Pehapkari.cz blog has continued their series covering domain-driven design with the latest post in the series showing some alternative relational database mapping techniques.

Do you think that multilingual text must always be in a separate database table? Than this article is for you!

We will show that not all arrays have to be mapped as database tables. And we will also show the Doctrine implementation.

The article starts with a bit of background on what they're trying to accomplish: adding internationalization functionality to an e-commerce application. In order to make it simpler to work with the multi-language requirements they show the abstraction of its handling out into a LangValue value object that's used to store the product name value for each language. They then use this and some JSON encoded data to store the different language strings in the database directly with the product record rather than a different table. It then shows how to create the matching Doctrine entity for the LangValueType to work with the serialized column data and extract data from it's JSON blob.

tagged: domaindrivendesign series part4 relational database mapping internationalization doctrine

Link: https://pehapkari.cz/blog/2018/03/21/domain-driven-design-alternative-mapping/

Laravel News:
Getting Started with Signed Routes in Laravel
Mar 21, 2018 @ 09:58:26

On the Laravel News site there's a tutorial showing you how to use a feature that's been added in the latest release of the Laravel framework: signed routes. These signed routes allow you to create routes that work with signatures and help with their validation.

In the latest Laravel 5.6.12 Release a new signed URLs feature was introduced. In this article, we’ll work on enabling signed URLs in an application and look at a few options of how to use them.

The tutorial starts by helping you update your installation to the latest version and change the configuration to add the new ValidateSignature middleware to the route middleware list. They also provide an example of a route definition that contains several "id" type of values that could potentially be modified by an attacker. It then shows how to use the Url helper to generate a new signed route that includes a signature based on the URL contents. The tutorial also provides an example of temporary URL signatures that will include a timeout value as a part of the hash so it will expire after a certain amount of time.

tagged: signed route signature integrity laravel tutorial introduction

Link: https://laravel-news.com/signed-routes

Community News:
Recent posts from PHP Quickfix (03.21.2018)
Mar 21, 2018 @ 08:05:01

Recent posts from the PHP Quickfix site:



That Podcast:
Episode 49: The One Where the Events Are the Sauce and Not the Meat
Mar 20, 2018 @ 12:55:50

That Podcast, hosted by PHP community members Beau Simensen and Dave Marshall, has posted their latest episode - Episode #49: The One Where the Events Are the Sauce and Not the Meat.

Beau and Dave discuss EventSauce (eventsauce.io) with Frank de Jonge.

In the episode they talk with Frank some of his previous work on the Flysystem library and, more recently, on EventSauce. Other topics include other event-driven packages such as Prooph and Broadway as well as the Hardcore History series by Dan Carlin. You can listen to this latest episode either using the in-page audio player or by downloading the mp3. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter for updates on when new shows are released.

tagged: thatpodcast ep49 events eventsauce frankdejonge guest

Link: https://thatpodcast.io/episodes/episode-49-the-one-where-the-events-are-the-sauce-and-not-the-meat

Deploy PHP Web Applications Using Laravel Forge
Mar 20, 2018 @ 11:09:46

The TutsPlus.com site has posted a new tutorial showing you how to make use of the Laravel Forge service to deploy your PHP applications. Laravel Forge provides the configuration and automation tools to deploy your applications to servers on your own accounts (like DigitalOcean or AWS).

Developers love to automate things—for every process between development and production, they are keen to have a script that makes their workflow easier. This is also the case with deployment. The process of pushing the final build and deploying the app should be as easy as pressing a Deploy now button, but that is not what happens most of the time.

[...] Don't let the Laravel brand name mislead you. Apart from Laravel, you can use the service to host WordPress, Symphony, Statamic, or any other web project as long as it's PHP. Personally, I like Laravel Forge for its simplicity and ease of getting used to.

In this tutorial, I am going to take you through the steps to hook Laravel Forge with AWS and explore what it has to offer.

The tutorial starts with an overview of the service and what kind of setup and configuration the resulting servers have (by default). It then covers the various configuration options available and walks you through the process of setting it up with your AWS account. It also includes details about the server management system Forge provides, site management, SSH key addition and PHP/MySQL configuration. A few other helpful hints are also tossed in at the end covering task scheduling, daemons, monitoring and network/firewall configuration.

tagged: application deployment laravelforge laravel tutorial aws introduction

Link: https://code.tutsplus.com/tutorials/deploy-php-web-application-using-laravel-forge--cms-30329

Laravel Excel - Lessons Learned
Mar 20, 2018 @ 10:49:33

On the Maatwebsite Medium.com site they've posted a retrospective of their last several years of work on the Laravel Excel Open Source package.

Laravel Excel (https://github.com/Maatwebsite/Laravel-Excel) turned 4 years last November and has reached almost 6 million Packagist downloads. A good time to reflect on 4,5 years of open source development.

The article starts with a bit of history behind the initial development of the package as a simple wrapper around PHPExcel. It covers some of the initial syntax of the tool and features included from the start. The project moved on to v1.x with a complete rewrite and then into v2.x with support for the Laravel v5.x framework releases. It then talks about their "support conundrum" as they reached 1 (then, later, 6) million package downloads. They cover some of the usual project support issues, a reduction in their work on the package and how they worked to "fix it for everyone".

The post also talks about their "open source rehab" and how it changed their view from its recent "because 1 million people use it" back to making a difference in developers' lives. It finishes up talking about some of the "lessons learned" in how it worked with Laravel, a retrospective on its current state and a look forward at Laravel Excel v3.0.

tagged: laravel laravelexcel package opensource lesson learn motivation

Link: https://medium.com/@maatwebsite/laravel-excel-lessons-learned-7fee2812551

Christop Rumpel:
Content Security Policy, Hash-Algorithm and Turbolinks
Mar 20, 2018 @ 09:31:47

Following up on his previous Content Security Policy and Laravel posts, Christoph Rumpel continues the series and looks at how to fix his site's integration with Turbolinks. Turbolinks makes it easier to load only partial portions of a site when links are clicked rather than reloading the entire page.

My last week was all about Content Security Policy (CSP). It was an emotional rollercoaster. I loved the concept of CSP and was happy that I managed to integrate it into my site. But then I noticed that caching and Turbolinks weren't working anymore because of the CSP nonces. I had to turn them off. Then yesterday, I found a way to use CSP nonces with the Laravel Response Caching package. I was super excited about it.

Still, Turbolinks weren't working.

He starts by describing the issue with the CSP policy and the Turbolinks tool, mostly that the nonces in the response header no longer match the ones in the embedded script tags of the new content. He ended up finding a solution in the hash-algorithm CSP directive. This allowed him to create a hash of the requested script and validate it without the need for a nonce. He includes the code changes to his previous Laravel Response Cache middleware setting this hash-algorithm directive on the script tag output.

tagged: contentsecuritypolicy csp laravel response hashalgorithm turbolinks

Link: https://christoph-rumpel.com/2018/03/content-security-policy-hash-algorithm-and-turbolinks