Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
The 2018 Guide to Building Secure PHP Software
Dec 12, 2017 @ 12:16:13

On the Paragon Initiative blog has a new post that shares some of their own tips and tricks of how to building secure PHP applications moving forward in to 2018.

As the year 2018 approaches, technologists in general—and web developers in particular—must discard many of their old practices and beliefs about developing secure PHP applications. This is especially true for anyone who does not believe such a feat is even possible.

This guide should serve as a complement to the e-book, PHP: The Right Way, with a strong emphasis on security and not general PHP programmer topics (e.g. code style).

The guide covers a wide rang of topics that can help you secure your applications (and not just PHP ones either) including:

  • working with security headers
  • safely handling file uploads
  • effective password hashing
  • general-purpose cryptography
  • searchable encryption
  • event logging with Chronicle

Each item in the list is a link to another part of the guide where the topic is discussed. In each there's plenty of good information about prevention and implementation as well as links to other tutorials and packages that can help.

tagged: secure application development guide 2018 introduction

Link: https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software

Gonzalo Ayuso:
Authenticate OpenUI5 applications and Lumen backends with Amazon Cognito and JWT
Dec 11, 2017 @ 10:26:21

On his site today Gonzalo Ayuso has a tutorial posted showing how to create authentication in OpenUI5 applications with the help of Lumen, Amazon Cognito and JWTs.

Today I want to create an UI5/OpenUI5 boilerplate that plays with Lumen backends. Simple, isn’t it? We only need to create a Lumen API server and connect our OpenUI5 application with this API server. But today I also want to create a Login also. The typical user/password input form. I don’t want to build it from scratch (a user database, oauth provider or something like that). Since this days I’m involved with Amazon AWS projects I want to try Amazon Cognito.

He then walks through the Cognito service and what it has to offer including user management and authentication handling. He starts with the OpenUI5 side, creating the basic application and login handling via the Congnito Javascript SDK. He then modifies this with some basic user handling and creates the view for the login form. He also includes functionality for password resets and the code required to inject the JWT into every request post-authentication.

tagged: openui5 application tutorial authentication amazon cognito lumen backend

Link: https://gonzalo123.com/2017/12/11/authenticate-openui5-applications-and-lumen-backends-with-amazon-cognito-and-jwt/

TutsPlus.com:
How to Manage Multiple Applications in CodeIgniter
Nov 28, 2017 @ 10:29:11

The TutsPlus.com site has posted a new tutorial showing the CodeIgniter users out there how to manage multiple sites written using the framework. Traditionally CodeIgniter applications needed to be run as separate instances but their method simplifies the setup by needing only one instance for all.

Today, we’re going to explore how you can manage multiple applications in the CodeIgniter web framework using a single codebase. In the course of that, we’ll go ahead and create two different CodeIgniter applications that will share the core CodeIgniter codebase.

Sharing the core codebase across different applications is not something new as it’s already practiced by different frameworks and open-source systems, and CodeIgniter is no different. It easily allows you to manage multiple applications that share the core CodeIgniter library and API files, and at the same time you could use different databases and site-specific configurations.

The article then starts with some of the benefits of using a multisite setup including simpler maintenance and the ability to use different databases for each. It then gets into the process for creating multiple applications using separate directories under an "applications" directory and creating sample "welcome" content under each. Finally, they make some changes to the configuration to use an environment variable to switch out which front controller (index.php) file to direct the request to (as set up in the web server config).

tagged: manage multiple application codeigniter tutorial website

Link: https://code.tutsplus.com/tutorials/manage-multiple-applications-in-codeigniter--cms-29795

Asmir Mustafic:
Modular Application Architecture - Intro
Nov 02, 2017 @ 13:56:23

Asmir Mustafic has kicked off a new series on his site with an introduction to modular application architectures. In the series he will work through the creation and management of modular applications as inspired by a session he attended in 2011.

When developing a software, one of the most common steps is taking care that the resulting application is extensible and modular.

Let's suppose we have our application or library. If we see it from outside, often it looks as a single thing. [...] As the application grows we can continue adding components... but this comes with a price. Components often knows too much of our application and there is a delicate equilibrium of dependencies between them and our application. When not handled carefully, a small change in one component might require changes in many other.

As a rule of thumb, I personally try to follow as much as possible the Acyclic dependencies principle Another way to allow extensibility but keeping the application "clean" is to introduce modules.

He starts by talking about modules and the major part they'll play in the overall architecture. He explains why modules are so key to the overall structure and what kind of advantages they bring along with their use. He spends the remainder of the post looking at some of the main challenges they'll face including the file/directory structure definitions, module registration methods and the configuration of each of the modules.

tagged: modular application architecture introduction tutorial series part1

Link: https://www.goetas.com/blog/modular-application-architecture-intro/

SitePoint PHP Blog:
How to Optimize MySQL: Indexes, Slow Queries, Configuration
Oct 31, 2017 @ 10:46:11

On the SitePoint PHP blog Bruno Skvorc has a post that offers some helpful advice about optimizing your MySQL database through the use of indexes, monitoring slow queries and configuration options.

MySQL is still the world’s most popular relational database, and yet, it’s still the most unoptimized – many people leave it at default values, not bothering to investigate further. In this article, we’ll look at some MySQL optimization tips we’ve covered previously, and combine them with novelties that came out since.

He starts off with the configuration changes that can be used to optimize the database, tweaking settings for Innodb pool, handling variable inspection and using a tuning tool to determine the best settings. Next up comes the look at indexes covering the different kinds first: fulltext, descending, unique/primary and regular indexes. Finally he covers some of the usual bottlenecks seen in MySQL's use in web applications, showing how to monitor for them via the slow query log.

tagged: optimize mysql database application tutorial index slowquery query configuration

Link: https://www.sitepoint.com/optimize-mysql-indexes-slow-queries-configuration/

Cloudways Blog:
Integrate CloudwaysCDN With Laravel Applications
Oct 30, 2017 @ 10:12:50

The Cloudways blog has a post showing you how to integrate their content delivery network (CDN) with Laravel applications to take some load off of your servers by serving up static content from a fast, remote location.

With the recent release of Laravel 5.5 and Laravel Horizon, the Laravel ecosystem has reached a whole new level of maturity. In effect, Laravel has become a great option for PHP projects. the whole new level.

[...] Cloudways has recently launched a Content Delivery System (CDN) to help the users provide a better UX their Laravel projects. In this article, I will demonstrate the process of implementing Laravel CDN.

With Cloudways account in hand they start by showing how to map a domain and enable the SSL certificate functionality (a requirement). Next they show how to enable the CDN functionality for your domain and get the source URL to use in your application. Next the tutorial moves over to the Laravel side including a custom handler that checks for a CDN configuration. If present, the asset() call returns that URL rather than a local one.

tagged: laravel integration cdn cloudwayscdn application tutorial asset

Link: https://www.cloudways.com/blog/integrate-cdn-in-laravel/

Symfony Finland:
PHP 7.1 vs 7.2 Benchmarks (with Docker and Symfony Flex)
Oct 17, 2017 @ 11:17:25

On the Symfony Finland site there's a new post sharing the results of some recent benchmarks of the differences between running the framework on PHP 7.1 and PHP 7.2:

PHP 7.2 will be launching soon, in fact, it has already reached Release Candidate status. I was exploring Symfony Flex with Docker setup and thought I would do a quick round of tests to compare the differences in PHP 7.1 and 7.2 (RC4) regarding performance with a few benchmarks.

[...] The benchmarked application is the Symfony Flex port of the hybrid application I did back in January. The project now has the required configuration to run it with Docker, and you can find the full source on GitHub.

The post then shares some of the results and conclusions of the test runs, showing the differences between the two versions. In one set of tests, they're calling the front page controller with Twig rendering and in the other a backend controller without the display rendering. PHP 7.2 ends up performing slightly better than PHP 7.1 overall but not by very much in most cases. The more dramatic change is on the backend, though, with a good jump in performance for a Symfony Flex application.

tagged: symfony flex application benchmark php71 php72 compare results graph

Link: https://symfony.fi/entry/php-7-1-vs-7-2-benchmarks-with-docker-and-symfony-flex

TutsPlus.com:
Build a React App With a Laravel Back End: Part 2, React
Oct 11, 2017 @ 09:43:49

The TutsPlus.com site has posted the second part of their series covering the creation of a React application with a Laravel backend. In part one of the series they started in on some of the setup for the application. In part two continues down that path and shows how to set up React and integrate it with the Laravel backend.

In the previous tutorial, we developed a Laravel application that responds to API calls. We created routes, a controller, and a model for the simple product listing application. Since it was the controller's job to return a response to the HTTP requests, the view section was entirely skipped.

[...] In this tutorial, we will be shifting our focus towards the front end. The first half of the tutorial is about setting up React in a Laravel environment. I will also introduce you to Laravel Mix (supported by Laravel 5.4 and later), which is an API for compiling assets. In the second half of the tutorial, we will start building a React application from scratch.

The tutorial walks through the the use of the Laravel artisan command to help with some of the setup tasks and the creation of some of the initial templates and Javascript files. Then it starts in on the application itself including the display of product data and functionality to add a new project.

tagged: react application laravel backend tutorial series part2

Link: https://code.tutsplus.com/tutorials/build-a-react-app-with-laravel-backend-part-2-react--cms-29443

Quick Admin Panel Blog:
Stripe Payments in Laravel: The Ultimate Guide
Oct 03, 2017 @ 09:24:54

On the Quick Admin Panel blog there's a tutorial posted showing you how to accept Stripe payments in your Laravel application using their "Stripe Checkout" functionality. This feature allows the Stripe platform to be the only one that handles the payment data and doesn't require you to store any information in your application.

Stripe is one of the most popular payment merchants for web, but information about Laravel integration is pretty fragmented, so I decided to write a really long tutorial about this topic.

We will cover: general logic how Stripe works, simple one-time payment integration, testing and production environment setup. [We will also cover] saving transaction data for future reference, recurring payments with Laravel Cashier [and] getting invoices data and PDF download.

The tutorial then gets into the use of the Stripe Checkout functionality on your site (after setting up an account) and the flow of the checkout and transaction. Then comes the Laravel portion of the tutorial. They show you how to set up a new application and create the view containing the required Stripe form. They show you where it integrate the keys specific to your application and how to test the implementation. Next they show how to handle the response back from Stripe that contains a token that can be used to identify the payment method in the future. This is used to charge the card via the Stripe SDK tools.

The tutorial finishes looking at Laravel Cashier to handle recurring billing and subscription plans. It shows you how to integrate this with your application and how to use it for payments and invoices.

tagged: stripe payment laravel application tutorial cashier

Link: https://quickadminpanel.com/blog/stripe-payments-in-laravel-the-ultimate-guide/

Gonzalo Ayuso:
PHP application in SAP Cloud Platform. With PostgreSQL, Redis and Cloud Foundry
Sep 25, 2017 @ 09:25:01

Gonzalo Ayuso has a tutorial posted to his site showing you how to create a PHP application on a SAP platform that includes PostgreSQL and Redis via Cloud Foundry.

Keeping on with my study of SAP’s cloud platform (SCP) and Cloud Foundry today I’m going to build a simple PHP application. This application serves a simple Bootstrap landing page. The application uses a HTTP basic authentication. The credentials are validated against a PostgreSQL database. It also has a API to retrieve the localtimestamp from database server (just for play with a database server). I also want to play with Redis in the cloud too, so the API request will have a Time To Live (ttl) of 5 seconds. I will use a Redis service to do it.

He then walks you through the process of setting up both the platform and the application:

  • creating the services in cloud foundry
  • create our application (with either Silex or Lumen)
  • built out the features
  • running the application locally for testing
  • connecting to the cloud servers for PostgreSQL and Redis
  • set up logging
  • set up basic authorization

Full code and configuration is included for each step of the way (with Lumen examples included because Silex is "dead").

tagged: application tutorial development sap cloud platform postgresql redis

Link: https://gonzalo123.com/2017/09/25/php-application-in-sap-cloud-platform-with-postgresql-redis-and-cloud-foundry/