Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christoph Rumpel:
Content Security Policy 101
Mar 15, 2018 @ 09:52:43

In a new post to his site Christoph Rumpel shares an introduction to the use of Content Security policies to prevent client-side security issues in your applications. While his examples are more Laravel-specific, the concepts can be applied to just about any framework or home-grown solution.

As more and more services get digital these days, security has become a significant aspect of every application. Especially when it comes to third-party code, it is tough to guarantee safety. But in general, XSS and Code Injection is a big problem these days. Content Security Policy provides another layer of security that helps to detect and protect different attacks. Today, I will introduce this concept and its main features, as well as show real-world examples.

He starts with a general look at web application security vulnerabilities and, more specifically, cross-site scripting issues. These are the ones that a Content Security Policy (CSP) can help prevent. He then covers the basics of the CSP header and gets into the implementation. In his example he sets up the addition of the CSP header as a middleware so that it's included on every request. With the default header all resources are blocked so he walks through the process of restoring access to the scripts, fonts and styles his blog needs to work correctly.

With the basics covered he then gets into a few more advanced features of CSP policies such as nonces for resource identification, iframe handling and the submission of forms. The post ends with a recommendation of the Laravel CSP package for use in Laravel applications. If you're looking for something more framework agnostic you might want to look into ParagonIE's CSP Builder library.

tagged: contentsecuritypolicy csp beginner tutorial laravel middleware framework

Link: https://christoph-rumpel.com/2018/03/content-security-policy-101

Mustafa Magdi:
Introduction to PHP Reflection API
Dec 28, 2017 @ 11:55:43

Mustafa Magdi has written up a tutorial that introduces you to PHP's Reflection API, functionality included with the language that allows for introspection of the code and some real-time modifications.

When I started PHP coding, I wasn’t aware of the power of Reflection API and the main reason is that I didn’t need it to design my simple class, module or even my package, then I started to find it in many areas playing a major role. So in this part we will introduce Reflection API.

The post is then broken down into a few sections covering the basics of the Reflection functionality, examples of it in use and some other references you can use to get more information. Code examples are included to show how to use the API to do things like:

  • get the parent class for a current class
  • get the docblock comment of a method
  • making private methods available for testing

He also links to two packages that make use of the Reflection API heavily to generate documentation and build a dependency injection container.

tagged: reflection api introduction tutorial beginner

Link: https://medium.com/@MustafaMagdi/introduction-to-php-reflection-api-4af07cc17db4

Torben Köhn:
PHP Generators – A Guide and Tutorial
Jun 22, 2016 @ 13:45:44

For those that may have heard about generators but aren't too familiar with them or what they do, Torben Köhn has posted a great introduction to them and their functionality.

In my in-depth guide about iterators I talked about what iterators are exactly and how you can use them. At the end I told you that I’ll also write one for generators. Here it is.

First off, if you don’t know what an iterator is and you’d not be able to explain to someone else what it is, you will not have much fun with this because you won’t exactly recognize the use-cases. I suggest you read my iterator-guide first. After this, don’t get scared off by some confusing words used here, I’ll try to clarify every single one.

He breaks up the rest of the post into different sections, each walking you through different aspects of generators:

  • What is a generator?
  • The yield-keyword
  • Iterating a generator
  • Yielding keys
  • Yielding in a loop
  • An infinite generator

He wraps up the post sharing some real use-cases for generators to help you understand them with a bit more practical application (including stacking them, file system handling and co-routines).

tagged: generators tutorial introduction guide beginner

Link: http://tk.talesoft.io/2016/06/06/php-generators-a-guide-and-tutorial/

Symfony Blog:
Virtual Symfony Hack Day - March 12th!
Mar 08, 2016 @ 13:41:08

On the Symfony blog they've officially announce their latest virtual Symfony Hack Day coming in March (on the 12th). This event is a concentrated effort from the project and developers to come together and solve issues over several hours.

Symfony has always been a project driven by a huge and active community. [...] Because Symfony has a predictable release schedule, we know that feature freeze for Symfony 3.1 will be at the end of this month (March). That makes the next few weeks of development really important!

That's why we've decided to organize an online hack day, and I would love if you'd join us. If you're an experienced contributor, great! If you're new, even better! This hack day will focus on teaching you how to contribute.

The event will be happening March 12th from 3pm to 8pm CET / 9am to 2pm EST and will focus around the #symfony-dev channel on the Freenode IRC network. They'll be focusing on how to get started contributing to the framework including a mini-workshop showing how to triage issues to creating a pull request.

tagged: symfony framework hackday march virtual symfonydev freenode irc beginner contribute howto

Link: http://symfony.com/blog/virtual-symfony-hack-day-march-12th

Step by Step Guide to building your first Laravel Application
Mar 07, 2016 @ 09:25:04

On the DotDev.co site they've posted a tutorial showing you how to create your first Laravel application. In their case they show how to create a simple link collection tool to help illustrate the process.

The Laravel framework has experienced exponential growth since it’s initial release in 2011. In 2015 it became the most starred PHP framework on GitHub and has risen to be the go-to framework for people all over the world. [...] My goal with this is to create a guide for those just learning the framework. It is setup to take you from the very beginning of an idea into a real deployable application.

He starts by pointing out some prerequisites you'll need (like a local PHP environment and having PHPUnit installed). He then gets into the first step in any good application, planning, and some recommendations to think about. Once the planning is done, then the real code starts. He's broken it up into a few sections to help make it easier to follow:

  • The first steps (setting up the basic Laravel application)
  • Building a list of links
  • Submitting Links

In each step he also provides examples of tests that can be written and used to ensure your application is working as expected. Templates for the link output and the submission form are also included.

tagged: laravel application introduction beginner links tutorial first

Link: https://dotdev.co/tutorials/step-by-step-guide-to-building-your-first-laravel-application/

Community News:
phpschool.io Announced
Feb 04, 2016 @ 12:45:55

A new service has launched in an effort to help teach PHP to those looking to learn in a different sort of way. The phpschool.io site provides you with a series of exercises that walk you through both the fundamentals of the language and a few more complex topics.

PHP School is a set of ever expanding workshops to teach you basic to advanced concepts in PHP. We launch with one workshop: Learn You PHP. [...] Each exercise increases in difficulty, guiding you through the core concepts of PHP.

Currently the tutorials cover topics like "My First IO", separation of concerns, working with exceptions and handling dependencies. The installation of the lessons is as simple as making a composer require call and installing the packages and dependencies required by the tool. They're also actively looking for community contributions to add more workshops to the based on the Learn You PHP package currently included. The training was inspired by what NodeSchool provides for the Node.js language.

tagged: phpschool learning training beginner language tutorial

Link: http://www.phpschool.io/

Alfred Nutile:
Laravel Training: The Laravel Maven and the Laravel Novice
Nov 11, 2015 @ 11:09:22

Alfred Nutile has posted information about a series of Laravel-related training videos that aim to help you go from "Laravel 0 to Deploy" as they walk you through the creation and deployment of a simple blog based on the Laravel framework features.

The two of us come together in this raw footage of building a Blog in Laravel. You get both the insights of an experienced Laravel Software Writer (Alfred Nutile) and the questions of a WordPress developer new to Laravel, (Joe Bacal)

As of the time of this post there's four episodes in the series with more planned:

Other topics to come include working with Homestead, managing Gulp dependencies, creating a contact form and working with single page applications.

tagged: laravel training screencast introduction beginner video series blog application

Link: https://alfrednutile.info/trainings/laravel

Rob Allen:
The beginner's guide to contributing to a GitHub project
Sep 24, 2015 @ 12:08:10

If you've ever wanted to contribute to an open source project but didn't have any idea where to begin, Rob Allen has a few suggestions to help you get started. His guide is a bit more on the technical level than others that talk more about finding a project or community to be a part of, though.

This is a guide to contributing to an open source project that uses GitHub. It's mostly based on how I've seen Zend Framework, Slim Framework and joind.in operate. However, this is a general guide so check your project's README for specifics.

He walks you through a four step process to getting ready to contribute and make that first submission to the project of your choice:

  • Set up a working copy on your computer
  • Do some work
  • Create the PR (Pull Request)
  • Review by the maintainers

Naturally, some of this depends on the process that the project follows to take in new submissions, either from an issues list or just random buxfixes. It's a pretty standard GitHub-centric guide to follow though. He also recommends reading this article from Lorna Mitchell about code reviews and what the maintainers of most open source projects will look for in submissions.

tagged: beginner guide opensource github contribute project

Link: http://akrabat.com/the-beginners-guide-to-contributing-to-a-github-project/

How to create a PSR-4 PHP package
Sep 09, 2015 @ 10:55:01

In a tutorial posted to the Cullit.com site Philip Brown shows you how to create a PSR-4 compliant package that can be installed quickly and easily through Composer. The PSR-4 standard is a part of the set of standards defined by the PHP Framework Interoperability Group (PHP-FIG) to help make it easier to work with libraries and tools across frameworks and platforms. The PSR-4 standard replaces the slightly more complex PSR-0 to define a pattern for autoloading files.

A couple of weeks ago I wrote a tutorial on the general principles behind building PHP packages. In that article I mentioned the PSR-4 standard for creating PHP packages. In this tutorial I’m going to walk you through setting up the structure of a PHP package. By having an agreed upon structure for PHP packages we make our code a lot more interchangeable and reusable for the greater Open Source community.

He starts with the basics, creating a simple "nacho" directory in a git repository and introducing Composer (and the composer.json) briefly. He also talks about the "dotfiles" that are included with the use of Composer including a sample Travis-CI configuration. He then gets into the code and shows how to use namespaces, relate them to the directory names for autoloading and even writing a simple test or two. From there he talks about documentation and, finally, pushing the package up to GitHub and adding it to Packagist for others to download.

tagged: psr4 package composer packagist autoload tutorial beginner

Link: http://culttt.com/2014/05/07/create-psr-4-php-package/

PHP Object-Oriented Programming Beginner's Guide
Aug 12, 2015 @ 09:45:14

For those working to move from procedural PHP into a more object-oriented world but may be having some trouble with the transition, the Star Tutorial site has a great beginner OOP in PHP guide you should check out.

They cover all of the basics you'll need to get started with objects in PHP including:

  • classes versus objects
  • visibility
  • inheritance
  • polymorphism
  • interfaces versus abstract classes

Each section is a quick definition and a bit of code to help illustrate the point. This isn't going to be a hand-holding kind of tutorial showing you each step to making an OOP application. Instead, it provides quick, high level summaries of the main OOP concepts to get you on the right road.

tagged: oop object beginner concepts guide tutorial section concepts

Link: http://www.startutorial.com/homes/oo_beginner