On the SitePoint PHP blog there's a new post by Mahul Jain looking at a simple way to create CAPTCHA images in PHP using the built-in GD libraries.

By now, we've all encountered captcha images in online forms. Captchas are a necessary evil, and this article will teach you how they're made. Please note that while there are better, automatic third party solutions for captchas out there such as ReCaptcha, this tutorial aims merely to explain and demonstrate how such technology actually works. We won't be explaining what captchas actually are, as it's assumed to be common knowledge and already covered in greater detail elsewhere.

He walks you through the whole process of making the sample CAPTCHA (like this one):

• Display an empty image on the browser
• Create a shape
• Generate random lines
• Generate random dots
• Generate random text

There's screenshots all along the way too for reference as to what your result should look like. You can download the full code over on GitHub.

Matthew Setter has a new post today on the "Master Zend Framework" site looking at the use of caching for Zend Framework 2 module configurations.

For the longest time, I've been using closures in my Zend Framework 2 Modules Module class. I know they're not always the best approach, but they're not necessarily wrong either. But after reviewing Gary Hockin's recent talk at PHP Conference UK, I was reminded that outside of APC and OPCache, closures aren't cacheable. [...] So in today's tutorial, I'm going to show you a simple example of how to migrate from closures using [caching with Memcached, Redis and so on].

He starts with an example of the standard closure approach, returning an array from his "getServiceConfig" method with sub-array and object creation nested inside. He then refactors it to use the "FactoryInterface" to handle the configuration setup for the "delete form" handling.

In his latest post Dougal Campbell shares his findings from a bug he was having with a plugin in WordPress. It revolved around the use of mysql or mysqli and errors being thrown to his logs.

The plugin had previously worked fine (it generates a sidebar widget), and I wasn't actively working on my site, so I wasn't really sure when it had quit working. In the course of debugging the problem, I discovered that the plugin was throwing warnings in my PHP error log regarding the mysql_real_escape_string() function. As a quick fix, I simply replaced all of those calls with WordPress' esc_sql() function. Voila, problem fixed.

He was interested in why this worked, though, and went digging in the code. As it turns out, the WordPress code tries to determine which mysql extension you have support for. As it turns out, his installation fit the "mysqli profile" so the "mysql_real_escape_string" wasn't available. To the WordPress users out there, he suggests esc_sql or $wpdb->prepare() instead.

The PHP Town Hall podcast has released their latest episode today, Episode 20: A Nice Friendly Chat About Sculpin, Guzzle and PSR-7 with guests Beau Simensen and Michael Dowling.

This show has a history of talking about FIG stuff as it is hard to avoid. The group is working on so much cool stuff and prominent figures of the community are involved. We got two more prominent figures, who also happen to be involved with FIG stuff: Beau Simensen lead developer of Sculpin and Michael Dowling lead developer of the wonderful HTTP library Guzzle, who also works at AWS on their PHP SDK.

They talk about each of the projects mentioned and what's coming up for each. There's also some discussion around the PSR-7 HTTP spec that's been proposed and is in the works. You can listen to this latest show in a few different ways - either through the in-page audio player, by downloading the mp3 or you can watch the video of the live recording via Google Hangouts.

• watson/active (1.0.2, 1.0.1, 1.0.0) Laravel 4 helper for recognising the current route, controller and action
  
  
• watson/sitemap (1.0.0) Generate Google Sitemaps in Laravel 4
  
  
• impleri/laravel-toolbox (1.0.0) A set of tools for building modular Laravel sites.
  
  
• bugsnag/bugsnag-wordpress (v1.1.0)
  
  
• bugsnag/bugsnag (v2.2.0) Official Bugsnag notifier for PHP applications.
  
  
• novosga/novosga (1.1.1, 1.1.0) Sistema de Gerenciamento de Atendimento
  
  
• irestful/classmetadatas (13.11.28)
  
  
• watson/autologin (0.2.4, 0.2.3, 0.2.2, 0.2.1) Autologin package for Laravel 4
  
  
• irestful/concreteclassmetadataretrievercriterias (13.11.28)
  
  
• killswitch/laravel-starter (1.1.0) This is my starter project for anything built in Laravel
  
  
• andrew13/cabinet (1.0.3, 1.0.2, 1.0.1) Laravel 4 file upload package.
  
  
• matthewfl/restful (1.0.0) Library for writing RESTful PHP clients.
  
  
• travisscheidegger/wp-instagram-subscription (0.1) Add an Instagram subscription to Wordpress
  
  
• okeyaki/relevent (v0.1.1, v0.1.0) An event system library for PHP 5.3+.
  
  
• myerp/myerp-php-api-client (v1.0.1) A PHP client library for myERP's REST API
  
  
• dreamfactory/service-oauth (0.4.8) DreamFactory Oasys(tm) Open Authentication System
  
  
• lablog/stringy (1.0.0)
  
  
• kisma/kisma (0.2.30) PHP Utility Belt
  
  
• mikejestes/ornamental (0.1.2) A library to send templated transactional emails, and easily test.
  
  
• jayalfredprufrock/codeigniter-boilerplate (v0.5.6, v0.5.4) A starting point for a codeigniter 3.0 project, installable via composer and preloaded/configured with several useful sparks and libraries.
  
  
• jayalfredprufrock/winx (v0.5.6, v0.5.5, v0.5.4, v0.5.3, v0.5.2, v0.5.1) An ajax-powered app framework built on top of Codeigniter 3 and Bootstrap 3, installable via composer.
  
  
• fol/core (v1.5.1) The core of FOL framework
  
  
• fol/fol (v1.4.1) PHP framework
  
  
• bonndan/release-manager (0.5.3) Release Manager for semantic version releases of composer packages and projects.
  
  
• dmyers/laravel-pages (v1.0.0) A simple static pages package for Laravel 4.
  
  
• irestful/concreteclassmetadatas (13.11.28)
  
  
• voceconnect/voce-post-meta-media (v1.1.2) Extension of Voce Post Meta Plugin to create media meta fields
  
  
• dosomething/messagebroker-phplib (0.1.9, 0.1.8) A library of functionality shared between the components that make up the DoSomething.org Message Broker system.
  
  
• typo3/eel (2.2.0-beta1) The Embedded Expression Language (Eel) is a building block for creating Domain Specific Languages
  
  
• typo3/flow (2.2.0-beta1) TYPO3 Flow Application Framework
  
  
• typo3/fluid (2.2.0-beta1) Next-Generation Templating Framework for TYPO3 Flow and TYPO3 Neos, also backported to TYPO3 CMS
  
  
• typo3/kickstart (2.2.0-beta1) A simple generator for controller and views.
  
  
• typo3/party (2.2.0-beta1) A PHP implementation of the OASIS Customer Information Quality (CIQ) XML Standard.
  
  
• typo3/welcome (2.2.0-beta1) This package provides a start screen for the TYPO3 Flow distribution with links to online resources.
  
  
• typo3/flow-base-distribution (2.2.0-beta1) TYPO3 Flow Base Distribution
  
  
• tomkyle/rbac (1.0.4, 1.0.2) Role-based Access Control: Roles, Permissions and ACL
  
  
• crazedsanity/cs-webapplibs (v0.10.0, v0.9.8, v0.9.7, v0.9.6, v0.9.5) Web application framework containing various libraries, an extension to cs-content
  
  
• sajanp/status-blog (v0.1) A quick, easy to use status blog for providers of all sort.
  
  
• adambrett/shell-wrapper (0.2) An object oriented wrapper for shell commands
  
  
• prelude/prelude (0.4.7) Prelude, A small preface for your masterpiece.
  
  
• comur/image-bundle (0.2.3) Symfony ComurImageBundle
  
  
• jms/job-queue-bundle (1.1.0) Allows to schedule Symfony2 console commands as jobs.
  
  
• mike182uk/cart (v2.2.0) A flexible and modern shopping cart package
  
  
• mcfedr/awspushbundle (2.4.6) A set of services to simplify using AWS to send push notifications
  
  
• syntax/core (2.0.0) A core set of features for laravel sites.
  
  
• stillman/autoloader (v1.0.2, v1.0.1) Extended autoloader class with support of PSR-4 and Zend file naming standards
  
  
• predaddy/predaddy (2.0.0-RC2) Common DDD classes and utilities
  
  
• rywa/silverstripe-foundation (1.1.2) Foundation 5 Prototyping Theme for SilverStripe
  
  
• condenast/pangea (0.0.12)
  
  
• dominionenterprises/chef (v0.1.1, v0.1.0) A library that wraps jenssegers/php-chef and adds some functionality and support for knife-ec2.
  
  
• mcfedr/twitterpushbundle (2.2.1) A bundle for pushing tweets are push notifications
  
  
• mcfedr/youtubelivestreamsbundle (1.0.1, 1.0.0) A bundle for fetching a list of live streams
  
  
• jiabin/julius-referer-bundle (v1.0.0) Julius referer manager
  
  
• jeremykendall/ultra-facade (1.0.0) Implements the Facade pattern to build SplIterators.
  
  
• voceconnect/voce-post-meta-date (v2.0.1, v1.2.3) Extension of Voce Post Meta Plugin to create date meta fields
  
  
• ebussola/ads-reports-facebook (0.5.0) Ads Reports Facebook
  
  
• tedivm/stash (v0.11.5) The place to keep your cache.
  
  
• maatwebsite/excel (v0.3.0) Laravel wrapper for PHP Excel
  
  
• lazy/lazy (2.1.4, 2.1.3, 2.1.2)
  
  
• scubaclick/keenio (1.0.2, 1.0.1, 1.0.0)
  
  
• sulu/content-bundle (0.1.2) TODO
  
  
• phastlight/phastlight (v0.3.0) Phastlight -- Asynchronous, event-driven command line tool and web server written in PHP 5.3+ inspired by Node.js
  
  
• emailbidding/advertiser-client-php (v1.0.4) Advertiser client
  
  
• andheiberg/image (1.0.2) Image processing library with on the fly processing of image requests.
  
  
• irestful/classmetadatarepositories (13.11.28)
  
  
• undefinedoffset/silverstripe-advancedwidgeteditor (0.1.0) Replaces the Widget Editor to enable support for advanced form fields such as UploadField
  
  
• aequasi/cache-bundle (2.2.3) Creates services in Symfony 2, for cache, that can also be used with doctrines three cache types (metadata, result, and query). It also provides functionality for session handler support, and Router support.
  
  
• zendframework/zend-version (2.2.6, 2.1.6)
  
  
• zendframework/zend-loader (2.1.6)
  
  
• krisanalfa/bono-blade (0.0.2, 0.0.1) Laravel Blade template engine for Bono PHP Framework
  
  
• ebussola/facebook-ads (1.2.2) Facebook Ads SDK
  
  
• zendframework/zendframework (2.2.6, 2.1.6) Zend Framework 2
  
  
• irestful/classmetadataretrievercriterias (13.11.28)
  
  
• mparaiso/silex-simplerest (0.0.9) Restfull controller for silex
  
  
• paypal/adaptivepayments-sdk-php (v2.6.110) PayPal adaptivepayments SDK for PHP
  
  
• five-say/laravel-auth-extend (1.0.0)
  
  
• csanquer/colibri-csv (v1.0.6, v1.0.5) Lightweight and performant CSV reader and writer library
  
  
• kylekatarnls/insearch (1.1) The Laravel Framework.
  
  
• mafields/laravel-scss (1.0.4) Laravel service provider for quickly and easily compiling SCSS files to CSS
  
  
• paymentsuite/payment-core-bundle (v1.1.1, v1.2) Payment Core Bundle, part and core of Mmoreram Payment Suite
  
  
• ebidtech/geoziplocation (v0.4.1) Geo zipcode location
  
  
• pmg/webstalk (1.0.1) A set of silex utilities for creating a beanstalkd web interface
  
  
• dyaa/pushover (1.3.0) Laravel 4.1 Pushover Package
  
  
• lixiongyou/pudding (v0.1.4-alpha) A simple PHP Framework.
  
  
• uam/tcpdfx (3.0.4) Extension of TCPDF library and FPDI library with added convenience methods.
  
  
• christophehurpeau/php-importer (0.1.0) Interfaces and CSV Importer in PHP
  
  
• packaged/dispatch (0.0.1)
  
  
• sanpi/gtmetrix (0.4.0) A PHP REST client for the Web Testing Framework (WTF) Testing Service API. Currently only supports GTmetrix
  
  
• jetbrains/phpstorm-workshop (1.0.2, 1.0.1) Materials for the PhpStorm workshop. Check https://github.com/jetbrains/phpstorm-workshop/ for more info.
  
  
• delahaye/dlh_googlemaps (2.0.6) Google maps module for Contao
  
  
• mongator/factory (v1.0.2)
  
  
• ponyfleisch/fpdf-stream (v0.0.2) FPDF Version that supports streaming directly to the browser
  
  
• joachim/helpers (1.0) Misc helper functions intended as a personal library
  
  
• hostnet/dead-tool (1.2.1, 1.2.0) Dead Code Identification Toolbox
  
  
• dzangocart/dzangocart-bundle (0.1.7) Symfony 2 bundle for dzangocart
  
  
• gusdecool/bunga-wire (v1.6.2, v1.6.1, v1.6.0) Bunga Mata CMS for Company Profile based on ProcessWire
  
  
• cargomedia/cm (1.6.0)
  
  
• keboola/gooddata-writer-php-client (1.5.3) PHP Client for KBC GoodData Writer
  
  
• keboola/syrup (1.2.2) Syrup - Concentrated extract(or)s
  
  
• petersuhm/flat (v0.0.1, v0.0.2) Flat file content management package for PHP.
  
  
• netzmacht/contao-bootstrap (0.1.0-beta1, v0.1.0-beta1) Provides modules, content elements and templates for integrating Bootstrap into Contao
  
  
• knplabs/friendly-contexts (v0.5) Some BEHAT contexts
  
  
• netzmacht/contao-font-awesome (4.0.0-rc2) Integrates Font Awesome into Contao frontend and backend
  
  
• ujm/exo-bundle (1.2.2)
  
  
• yajra/laravel-oci8 (v1.4.4) Oracle DB driver for Laravel 4 via OCI8
  
  
• nicmart/universal-matcher (v0.2.0) A rules based matcher engine for php
  
  
• dearon/slim-mustache (0.1.0) Mustache View Parser package for the Slim Framework
  
  
• okeyaki/comphy (v1.0.2) A configuration library for PHP 5.3+.
  
  
• netzmacht/contao-form-helper (0.1.0-beta1) Library for supporting customized Contao form rendering
  
  
• opensolutions/vimbadmin (3.0.6) ViMdAdmin :: Virtual Mailbox Administration
  
  
• anlutro/l4-repository (0.5.14) Repository classes for Laravel 4.
  
  
• knplabs/rad-bundle (v2.5.0-beta3) The "KnpLabs Rad Edition" bundle
  
  
• pugx/generator-bundle (v2.4.2) Extension of SensioGeneratorBundle
  
  
• imagecow/imagecow (v0.6.0) PHP library to manipulate and generate responsive images
  
  
• amstaffix/extjs-entity-gatherer (0.1.3, 0.1.2)
  
  
• hajime-matsumoto/seaf (0.0.4) Simple Easy Acceptable Framework
  
  
• fightbulc/moment (1.3.5, 1.3.4) DateTime Wrapper
  
  
• plateau/mezzanine (v1.01) Mezzanine is a Laravel4 package for easy asset management. His main feature is to provide a dual source management to each asset, meaning you can use a local file for your developpment needs, then use a faster CDN source for production, without modifying your code.
  
  
• domisys/image_barcode2 (3.0.0) A PHP5 revamp of the Image_Barcode package
  
  
• vspvt/kohana-helpers (0.1.9.3, 0.1.9.1) Helpers module for Kohana 3.3.1
  
  
• cypresslab/angular-ng-routing-bundle (0.1.2) A way to expose your Symfony2 routing to Angular $resource service.
  
  
• naldz/dbpatcher-bundle (v1.0.3, v1.0.2)
  
  
• eberhm/phoenix-server-bundle (v0.0.3) This bundle integrates eberhm/phoenix library into Symfony2 framework as a bundle.
  
  
• carlescliment/calendar-bundle (2.4.0) A bundle for handling events in calendar
  
  
• zenify/framework (v2.0.22) Simple, practice inspired, Nette based framework.
  
  
• components/handlebars.js (v2.0.0-alpha.2) Handlebars.js and Mustache are both logicless templating languages that keep the view and the code separated like we all know they should be.
  
  
• bcrist22/mu-plugin-loader (1.0.4) Enables the loading of plugins sitting in mu-plugins (as folders)
  
  
• dzangocart/client (0.2.9) Client library for dzangocart
  
  

• Coding the Architecture: Five things every developer should know about software architecture
• Mastering Zend Framework: Gary Hockin's Maximising Zend Framework 2 Performance Talk (Review)
• Community News: Latest PEAR Releases for 03.03.2014
• SitePoint PHP Blog: Debugging with Xdebug and Sublime Text 3
• MakeUseOf: Create The Perfect PHP Development Environment In Android
• Simon Holywell: HHVM vs Zephir vs PHP: The showdown
• Ross Tuck: Persisting Value Objects in Doctrine
• ServerGrove Blog: Symfony2 components overview: Validator
• Gonzalo Ayuso: Auto injecting dependencies in PHP objects
• Community News: Packagist Latest Releases for 02.28.2014

Pádraic Brady has a new "let's watch Paddy think aloud in a completely unstructured manner blog post" about the future of security when it comes to the popular PHP package manager Composer. It's recently come under criticism around its lack of package signing and TLS/SSL support.

The Composer issue, as initially reported by Kevin McArthur, was fairly simple. Since no download connection by Composer was properly secured using SSL/TLS then an attacker could, with the assistance of a Man-In-The-Middle (MITM) attack, substitute the package you wanted to download with a modified version that communicated with the attacker's server. They could, for example, plant a line of code which sends the contents of $_POST to the attacker's server.

He's been working on some updates to the project, one of with is TLS/SSL support as defined in this pull request currently pending. It enables peer verification by default, follows PHP 5.6 TLS recommendations and uses local system certificates in the connection. He talks some about other additional TLS/SSL measures that could be added in the future and how, despite it being safer than nothing, TLS/SSL is not the "cure all" for the problem.

He then moves on to package signing and suggests one method for implementation - signing the "composer.phar" executable and signing "everything else" (packages to be downloaded) to verify their validity.

The flaw in Composer's installer isn't that it's unsigned, it's that it doesn't afford the opportunity for the downloader to read it before it gets piped to PHP. It's a documentation issue. You can go down the route of using a CA, of course, but that's further down the rabbit hole than may be necessary. Signing the composer.phar file is another matter.

The PHP development group has announced the release of the latest version of the language in the PHP 5.5.x series today - PHP 5.5.10.

The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommend all PHP 5.5 users to upgrade to this version.

Other changes include fixes to date/time handling, JSON serializing and an upgrade to PCRE 8.34 for regular expression handling. As this release has several security-related fixes, it's highly advised that 5.5.x users upgrade. As always, you can get the latest release from the downloads page or for Windows users, windows.php.net.

Lorna Mitchell has posted a new tutorial to her site today walking you through using Beanstalkd with PHP for a simple queuing setup in your application. Beanstalkd is "a simple, fast work queue. Its interface is generic, but was originally designed for reducing the latency of page views in high-volume web applications by running time-consuming tasks asynchronously."

I have an API backend and a web frontend on this project (there may be apps later. It's a startup, there could be anything later). Both front and back ends are PHP Slim Framework applications, and there's a sort of JSON-RPC going on in between the two. The job queue will handle a few things we don't want to do in real time on the application, such as: updating counts of things like comments, [...] cleaning up, [...] other periodic things like updating incoming data/content feeds or talking to some of the 3rd party APIs we use like Mailchimp and Bit.ly.

She starts with a look at how to add jobs to the queue (she assumes that you've already set up the Beanstalkd instance at this point). She uses the Pheanstalk library for the job handling and includes a sample call to configure the connection and create an instance to make the connection. The sample job contains an array of data including an "action" and "data" for it to use when processing. She also includes an example of a basic PHP-based Beanstalkd worker that will go through currently pending jobs and execute them based on the action/data combination. In the sample worker script, she defines the action as a method in the class to be executed directly on the worker instance. She finishes off the post with a few "things to remember" about working with workers and long-running PHP scripts.

On the VG Tech blog, they've posted a follow-up to their previous post about using the Zend Framework 2 to generate Swagger documentation for an API. In this new post (part 2) they focus more on Swagger UI.

This blog post on Swagger UI is a follow-up on my recent post on Swagger annotation parsing in ZF2. If you're not already set up with Swagger annotation parsing in you ZF2 app I recommend that you read part 1 first. In the last post we got ZF2 set up with annotation parsing and everything, and the only thing missing was Swagger UI for the neat presentation. I skipped that previously but today we'll add the last piece.

This second part of the series uses a custom package to create a "SwaggerUI" module. There's a few file updates that need to be made to the configuration, but the rest is handled for you. In the end, the result will look something like this, showing endpoints and allow you to interact with the API directly through forms and sample calls.