Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

AppDynamics PHP Blog:
Introduction to PHP Security – Part 2
Jul 22, 2015 @ 08:33:01

The

AppDynamics PHP blog has posted the second part of their series looking at some of the basics of PHP security. In part one they talked about some of the most common attacks and how to remediate them. In this latest part they "dive deeper" and get into some of the more advanced issues.

Truth be told, there are potentially an infinite number of ways in which a software product can be compromised and have its security breached. [...] New security flaws are regularly found, and routine patches are immediately released for most of the major software applications you utilize in your application stack. No matter whether your web or database server, your operating system, your PHP runtime, or even the MVC framework that your time adopted, your point(s) of exposure may exist anywhere within the various components that make up your application ecosystem.

They start with a few more advanced best practices including using SSL and keeping error messages away from the public eye. They briefly discuss other kinds of injection types (besides just SQL) and offer some tips about securing the data that lives in the application as well.

tagged: security introduction series part2 advanced bestpractice injectiondata

Link: https://blog.appdynamics.com/php/introduction-to-php-security-part-2

NetTuts.com:
Programming With Yii2: Specialized Validations
Jun 03, 2015 @ 10:53:23

NetTuts.com continues their series covering development with the Yii2 framework today with a new post looking at specialized validations (expanding on their previous post covering some of the basic built-in validations).

In this Programming With Yii2 series, I'm guiding readers in use of the newly upgraded Yii2 Framework for PHP. This tutorial is our second part, looking at Yii2's validators. Validators simplify the code needed to validate input, i.e. verify conformance or non-conformance of data input, typically from users via web forms. Specifically, we're going to explore some of the built-in specialty validations that are common to web development.

They cover some of the more complex validators in this tutorial including:

  • CaptchaValidator
  • ExistValidator
  • ImageValidator
  • RegularExpressionValidator
  • UniqueValidator
  • UrlValidator

They cover each of them with a brief summary of what they can do and a code example showing them in action. In some cases (like with the CAPTCHA validator) a screenshot is also included of the output.

tagged: yii2 series tutorial programming advanced validators

Link: http://code.tutsplus.com/tutorials/programming-with-yii2-specialized-validations--cms-23427

SitePoint PHP Blog:
Mastering Composer – Tips and Tricks
May 26, 2015 @ 11:02:32

The SitePoint PHP blog has a new tutorial today from editor Bruno Skvorc with some tips and tricks to help you master Composer, the widely popular PHP package management tool.

Composer has revolutionized package management in PHP. It upped the reusability game and helped PHP developers all over the world generate framework agnostic, fully shareable code. But few people ever go beyond the basics, so this post will cover some useful tips and tricks.

Tips in his list include:

  • Installing Composer globally
  • Using "composer require" to install packages
  • Committing your composer.lock file
  • Options to provide profiling information
  • Speeding up Composer installations

...and many more. If you're looking to take your Composer usage and knowledge beyond the basics, definitely check out this article.

tagged: master composer tips tricks advanced list

Link: http://www.sitepoint.com/mastering-composer-tips-tricks/

Alejandro Celaya:
Composer advanced concepts
Apr 28, 2015 @ 11:42:34

Alejandro Celaya has shared some advanced concepts when using Composer that you may or may not know this popular tool could do.

Composer is The Tool in any modern PHP project. Nowadays I can't imagine to work without it. It is much more powerful than some people think, easily solving the integration of third party components in our projects, but there are some advanced features that are less known. I'm going to try to explain some of the best practices and mechanisms bundled with composer.

His list of more advanced techniques and concepts includes:

  • Globally installing composer
  • Create the composer.json file (with composer init)
  • Production environments (and flags to customize the installation)
  • Executing CLI scripts

There's several more items in his list and each includes a description of the feature/practice and commands or code where appropriate.

tagged: composer advanced concept practice install configure tutorial

Link: http://blog.alejandrocelaya.com/2015/04/25/composer-advanced-concepts/

Laracasts:
Advanced Eloquent (Video Series)
Mar 05, 2015 @ 09:28:31

The Laracasts site has launched a new video series with some advanced tips on using Eloquent, the ORM layer from the Laravel framework.

Sure, you've learned the essentials of using Eloquent in your applications, but do you really understand what's going on under the hood? Well, that's specifically what we're interested in for this series. How do all the bits and pieces fit together?

There's two videos posted so far helping you build a basic application to work inside of and looking behind the scenes of "find" to see what happens when it's executed. Only the first video in the series is free, but it gives you an idea of what will be covered and the style of the videos.

tagged: advanced eloquent video series laracasts

Link: https://laracasts.com/series/advanced-eloquent

Joshua Thijssen:
Advanced user switching
Feb 25, 2015 @ 09:12:05

Joshua Thijssen has a new post today with a "neat trick" that the Symfony Security component allows - switching (impersonating) another user programatically.

This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don’t have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.

He talks about how to enable it, how to use it to switch to another user and, most important, how to restrict its use. He points out that there's no way to define who a user can switch to built-in, so he's come up with a custom "switch listener" to help add in this protection. His "SwitchUserListener" class replicates some of the code in the original handling (well, the whole class) and updates the "attemptSwitchUser" method to check the user they're trying to switch to and see if they have the right role. Finally he shows how to add it to the services configuration and how it overrides the default listener.

tagged: user switching advanced tutorial custom listener role access validate

Link: https://www.adayinthelifeof.nl/2015/02/24/advanced-user-switching/

SitePoint PHP Blog:
Developing PHP Extensions with C++ and PHP-CPP: Advanced
Jan 08, 2015 @ 11:17:47

On the SitePoint PHP blog today Taylor Ren continues his look at using the PHP-CPP library to help build custom extensions. In this latest post he sheds some light on some more advanced topics.

In my earlier articles, I have introduced the PHP-CPP lib to create an extension for PHP using C++ (first article and second article). In the latter, I demonstrated a bit of the OO side of writing a PHP extension with a Complex class doing complex number manipulations. That introduction is not complete as the main focus of that article is more on the demonstration of the OO capability of PHP-CPP, not on the OO implementation details. In this article, we will further drill down the Complex lib development, adding more member functions, and addressing some advanced topics in writing a PHP extension with OO features using PHP-CPP

He breaks up the advanced topics into sections, providing code examples for each:

  • Returning this pointer in C++
  • Returning a Complex object pointer
  • Exposing the __toString magical method
  • Chaining member function calls
  • Exception throwing and handling in PHP

With the code in place, he then shows how to test all of the new functions you've added with a bit of simple PHP code.

tagged: tutorial advanced extension cplusplus phpcpp series part3

Link: http://www.sitepoint.com/developing-php-extensions-c-php-cpp-advanced/

NetTuts.com:
Building Advanced Email Features With IMAP and PHP
Oct 21, 2014 @ 12:19:47

On the NetTuts.com site they've posted a tutorial showing you how to build advanced features with IMAP and PHP. He bases it on the SimplifyEmail project and incldues examples of three different features to get you started.

Analysis of my own email showed I was receiving email from more than 230 automated senders, far fewer actual people. I was tired of constructing filters in Gmail and filling in a myriad of unsubscribe forms. I wanted to have more control over managing my email and simplifying my life. Finally, this past year, I decided to build the features I needed. The result is Simplify Email (SE), a small web app you can host yourself which offers a variety of cool new email features all of which you can check out on the project website. The coolest thing about SE is that it's a platform for reading, analyzing, routing and managing your email - the possibilities abound. Simplify Email is essentially a programmable playground for "hacking" your own email.

His three examples show you how to:

  • Checking your inbox and filter messages
  • Implement a Whitelist challenge to unknown senders
  • Reporting unanswered email

Each of these comes with plenty of code examples, screenshots and output examples (as well as some places where you might need to change some SE configuration values).

tagged: advanced email imap tutorial feature simpleemail filter whitelist reporting

Link: http://code.tutsplus.com/tutorials/building-advanced-email-features-with-imap-and-php--cms-22059

SitePoint PHP Blog:
PHP and RabbitMQ: Advanced Examples
Oct 20, 2014 @ 14:19:33

On the SitePoint PHP blog Miguel Ibarra Romero continues his series looking at the use of RabbitMQ with PHP in part two. He builds on the code (and setup) from the first part of the series and gets into some more advanced examples this time.

In part 1 we covered the theory and a simple use case of the AMQP protocol in PHP with RabbitMQ as the broker. Now, let’s dive into some more advanced examples.

The remainder of the post includes two examples of more advanced operations:

  • Example 1: send request to process data asynchronously among several workers
  • Example 2: send RPC requests and expect a reply

Each example includes a diagram of the overall flow of the process, the code to make it happen both for the sender and receiver.

tagged: rabbitmq advanced example tutorial series part2

Link: http://www.sitepoint.com/php-rabbitmq-advanced-examples/

SitePoint PHP Blog:
Using Solarium with SOLR for Search – Advanced
May 08, 2014 @ 11:56:46

The SitePoint PHP blog has finished off their series showing you how to integrate searching with SOLR (via Solarium) into your PHP application. In this last part of the series, Lukas White gets into some of the more advanced topics around searching and handling the resulting output in your views.

In the first three parts we installed and configured SOLR and Solarium and started building an example application for searching movies. We’ve also looked at faceted search. We’re going to wrap up the series by looking at some more advanced features of SOLR, and how to use them with Solarium.

He's broken up the rest of the tutorial to talk about a few of these more advanced features like:

  • Highlighting search matches in the output of documents (depending on the type of match)
  • Using the searching for an autocomplete
  • Configuring and making the request with an array-based configuration (a more manual process)
  • Adding additional cores to the search (allowing for more flexibility on search styles and configurations)

He also points to two other resources that could be handy along your path to SOLR dominance: the SOLR reference guide and the official Solarium documentation.

tagged: solr search solarium library tutorial series part4 advanced

Link: http://www.sitepoint.com/using-solarium-solr-search-advanced/