Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Sebastian De Deyne:
TypeScript With Laravel Mix
May 25, 2017 @ 10:21:16

In a post to his site Sebastian De Deyne shows how to use Laravel Mix to work with Typescript right alongside other packages and libraries included in your mix configuration.

In a recent Spatie project we decided to give TypeScript a shot for the business critical part of a new application. TypeScript provides static analysis to reduce the chance of introducing bugs, to have self-documenting code, and to improve our tooling (autocompletion!)

We've been happily using Laravel Mix since it's release with Laravel 5.4. Luckily, extending Mix isn't too hard with some webpack knowledge. [...] As long as you've configured an appropriate loader, you could import anything from a plain old JavaScript file to an animated gif. This means that if we want to support TypeScript with Laravel Mix, we don't need to change any configuration, we only need to add the ability to bundle TypeScript files.

The remainder of the article is broken down into the four steps (and a bonus) for getting Mix and TypeScript playing together nicely:

  • Install The Necessary Dependencies
  • Configure TypeScript
  • Configure Laravel Mix
  • Write Some TypeScript!

The bonus at the end shows how to use this working setup to go one step further and use TypeScript in the Vue.js components in your Laravel application.

tagged: laravel laravelmix typescript combination tutorial configuration

Link: https://sebastiandedeyne.com/posts/2017/typescript-with-laravel-mix

SitePoint PHP Blog:
Game Development with ReactJS and PHP: How Compatible Are They?
Mar 29, 2017 @ 11:56:13

The SitePoint PHP blog has a new tutorial posted from Christopher Pitt (known for his "interesting" uses of PHP) covering the combination of ReactJS and PHP in game development. He wants to answer the question of how compatible they are and provide an example to help illustrate.

I started thinking about this the moment I decided to try and build a game using PHP and ReactJS. The trouble is that I knew nothing about the dynamics of multiplayer games, or how to think about and implement player-based economies.

I wasn’t even sure that I knew enough about ReactJS to justify using it. [...] I once watched a talk, by dead_lugosi, where she described building a medieval game in PHP. Margaret inspired me, and that talk was one of the things that lead to me writing a book about JS game development. I became determined to write about my experience. Perhaps others could learn from my mistakes in this case, too.

He hops right in to the code from there, starting with the setup of the backend functionality making use of Aerys for the HTTP/WebSocket handling. He creates a few basic routes then moves on to the frontend using Laravel Mix to pull in the dependencies he needs and perform the steps needed to build things out. He then goes through the process of creating the application frontend and connecting the WebSocket requests to a "GameSocket" endpoint. He finishes up the post with updates the Javascript to add in functionality to send a message to all users connected to the WebSocket.

tagged: reactjs game development combination tutorial aerys laravelmix

Link: https://www.sitepoint.com/game-development-with-reactjs-and-php-how-compatible-are-they/

Anthony Ferrara:
Security Issue: Combining Bcrypt With Other Hash Functions
Mar 13, 2015 @ 09:32:02

Anthony Ferrara has a new post today looking at a potential security issue in PHP applications when using bcrypt with encryption and other hashing functions. His findings have to do with some research he did on long passwords and denial of service attacks they might lead to.

The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It's a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn't be vulnerable. But I chose to dig in further to be sure. What I found surprised me.

To find out exactly how things are processed he gets down into the C code behind the PHP functionality in the crypt function. He discovers something interesting about the way it determines the length of the input password. It loops over the key, taking one byte at a time but resetting when it comes across a null byte. While this method is safe in itself, he points out the real issue - using pre-hashing before the bcrypt password checking to, possibly, allow for longer passwords.

The problem is that this method could lead to those null bytes and cause issues with the password checking, especially if opting for the use of raw data. He includes a simple script to illustrate this problem, finding a few collisions for his made up key and "random looking" password. Thankfully, he includes a method for checking to ensure the hash doesn't contain a null byte. He points out that not all hashing combinations are at risk and suggests a few alternatives that can keep your application 100% safe.

The underlying problem is that combining cryptographic operators that weren't designed to be combined can be disastrous. Is it possible to do so safely? Yes. Is it a good idea to do it? No. This particular case is just one example where combining operations can be exceedingly dangerous.
tagged: bcrypt hash function combination issue crypt null byte

Link: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html

Cal Evans' Blog:
Microsoft and PHP
May 06, 2009 @ 10:26:33

In some of his research into PHP and Windows recently, Cal Evans has come across two surprising things about the (usually dismissed) combination of the two:

  • It actually runs well if setup properly
    I don't have a spare computer so I'm not going to discuss performance or show benchmarks. I am talking about ease of use in getting things setup. [...] No, I'm not nearly ready to give up my Linux servers in production and despite Sam Ramji's recent pleas to their open source vendors not to compete on price but compete on value, I can still fail fast and cheap using open source software and operating systems.
  • A lot of open source developers just don't trust Microsoft, just because.
    I am, however, willing to give them the benefit of the doubt. I am part of the slim majority on the above poll who thinks they are sincere. The reason I am willing to give them the benefit of the doubt is not because I believe that the core of Microsoft has changed in any way [...] but because I believe that inside of Microsoft, there are pockets of brilliance.

Check out more of Cal's thoughts on the matter and the results of his "unscientific" polls he mentions in the rest of the post.

tagged: microsoft opinion combination windows run well trust

Link:

Felix Geisendorfer's Blog:
With jQuery & CakePHP to World Domination (Slides)
Feb 27, 2008 @ 08:47:00

Felix Geisendorfer has posted his slides from his presentation at this year's CakeFest covering the powerful combination of jQuery and the CakePHP framework.

Sorry this took so long, but here you can download the PDF or the much better Keynote version of my slides.

He also has an embedded Slideshare player on the post of you want to check out the presentation without the download.

tagged: cakephp framework cakefest2008 presentation jquery combination

Link:

Zend Developer Zone:
Decorating with External Data
Sep 27, 2006 @ 08:50:00

On the Zend Developer Zone today, there's this new tutorial that looks at making the move from PHP4's object-oriented programming up to the "more complete obejct model of PHP5" - specifically with the Decorator design pattern.

While working on a project I realized one particular solution was a pretty good way to demonstrate the decorator design pattern together with some of PHP5's features, including abstract classes, interfaces, type hinting, the final keyword and the visibility of properties and methods. This article is intended for those of you who, like myself, are moving from object-oriented programming, including some use of design patterns, in PHP4, to the more complete object model of PHP5.

He sets up a scenario about the development of an online pizza ordering system to show how to "decorate" a pizza with each of the toppings on a list (instead of having to list out every pizza in every possible topping combination). Of course, all of the code is included and explained so you understand exactly what's happening. Finally, there's a demonstration of its usage - a simple call that grabs the stock level/name/cost of each of the items in stock (pizza combinations).

tagged: decorator pattern pizza object oriented combination decorator pattern pizza object oriented combination

Link:

Zend Developer Zone:
Decorating with External Data
Sep 27, 2006 @ 08:50:00

On the Zend Developer Zone today, there's this new tutorial that looks at making the move from PHP4's object-oriented programming up to the "more complete obejct model of PHP5" - specifically with the Decorator design pattern.

While working on a project I realized one particular solution was a pretty good way to demonstrate the decorator design pattern together with some of PHP5's features, including abstract classes, interfaces, type hinting, the final keyword and the visibility of properties and methods. This article is intended for those of you who, like myself, are moving from object-oriented programming, including some use of design patterns, in PHP4, to the more complete object model of PHP5.

He sets up a scenario about the development of an online pizza ordering system to show how to "decorate" a pizza with each of the toppings on a list (instead of having to list out every pizza in every possible topping combination). Of course, all of the code is included and explained so you understand exactly what's happening. Finally, there's a demonstration of its usage - a simple call that grabs the stock level/name/cost of each of the items in stock (pizza combinations).

tagged: decorator pattern pizza object oriented combination decorator pattern pizza object oriented combination

Link: