Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework:
Convert objects to arrays and back with zend-hydrator
Jun 21, 2017 @ 11:32:01

The Zend Framework blog has posted another in their series of component spotlights, focusing in on a single component of the framework and its use. In this latest article they cover the zend-hydrator component, useful for converting objects to arrays and back.

APIs are all the rage these days, and a tremendous number of them are being written in PHP. When APIs were first gaining popularity, this seemed like a match made in heaven: query the database, pass the results to json_encode(), and voilà! API payload! In reverse, it's json_decode(), pass the data to the database, and done!

Modern day professional PHP, however, is skewing towards usage of value objects and entities, but we're still creating APIs. [...] Zend Framework's answer to that question is zend-hydrator. Hydrators can extract an associative array of data from an object, and hydrate an object from an associative array of data.

They start with the command to get the zend-hydrator package installed (and a dependency they'll need for their examples, zend-filter). A code example is included that shows how to convert a "book" object to an array using the ReflectionHydrator. Next is an example of switching it back, changing the array of data back into a book object. Next comes the integration with zend-filter, showing how to filter values out of objects/arrays you might not want in the end result by adding the filter to the hydrator. Also included are examples of modifying data (strategies), filtering on property names, delegation of the translation based on object type and a few other features included in the component that could be helpful.

tagged: zendframework component zendhydrator tutorial introduction filter translate

Link: https://framework.zend.com/blog/2017-06-21-zend-hydrator.html

Rob Allen:
Simple way to add a filter to Zend-InputFilter
Jun 21, 2017 @ 09:16:29

Rob Allen has a quick new post to his site sharing a simple way to add a filter to the Zend-InputFilter component when it's in use on your site.

Using Zend-InputFilter is remarkably easy to use. [...] How do you add your filter to it though?

He starts with an example of putting the component to use in requiring and filtering the value in "my_field" for the data provided. He then shows how to add his "simple filter that does absolutely nothing", the MyFilter, to the current set. He also shows the creation of a "filter factory" class that registers the custom filter into the chain with an alias of "MyFIlter". You can then use it just like you would any other filter and define it in your rules specification.

tagged: zendframework zendinputfilter component custom filter tutorial factory

Link: https://akrabat.com/simple-way-to-add-a-filter-to-zend-inputfilter/

Nikola Posa:
Using Monolog with Zend Service Manager
Jun 16, 2017 @ 12:09:27

Nikola Posa has a new post to his site showing you how to can combine Monolog for logging with Zend Service Manager, a component from the Zend Framework, defining the logger as a service that can be easily used (and re-used) across an application.

Without any doubt, Monolog and Zend Service Manager are two libraries that are almost always found in the composer.json file require section of my projects. In case you didn't know, Monolog is a PSR-3 compliant logging library that allows you to save logs to various storage types and web services, while Zend Service Manager is a PSR-11 compliant dependency injection container and a service locator implementation that facilitates management of application dependencies.

In this post I'm gonna show you how the two can work together.

He starts with an example of configuring the ServiceManager instance with a factory dependency that manually creates the Monolog logger inline. While this works, it's not idea, mixing configuration and functionality. He shows how to refactor the same functionality into a factory class that performs the same function but isolates it from the configuration. He then takes this further and separates out the environment-specific configuration from the handling and, finally, shows the creation of a more general logging factory that allows the definition of different kinds of loggers based on the need.

tagged: monolog zendservicemanager component tutorial combine factory configuration

Link: http://blog.nikolaposa.in.rs/2017/06/12/using-monolog-with-zend-service-manager/

Zend Framework Blog:
Validate data using zend-inputfilter
Jun 16, 2017 @ 09:22:37

Matthew Weier O'Phinney is back on the Zend Framework blog today with a spotlight on another component of the Zend Framework. This time he features zend-inputfilter, a useful component for filtering the data coming into your application from your users.

In our previous two posts, we covered zend-filter and zend-validator. With these two components, you now have the tools necessary to ensure any given user input is valid, fulfilling the first half of the "filter input, escape output" mantra.

[...] To solve [the single shot validation] problem, Zend Framework provides zend-inputfilter. An input filter aggregates one or more inputs, any one of which may also be another input filter, allowing you to validate complex, multi-set, and nested set values.

As in the other tutorials in the series, Matthew walks you through the installation of the component via Composer and briefly describes how it operates. He then includes a code example of creating a new InputFilter instance, making inputs, attaching validators to them and then ensuring everything validates in the chain with an isValid call. He then covers input specifications - configurations based on array values - to define validators on the input elements. He ends the post looking at input filters, how to manage them and defining them by specification. He also mentions a few other pieces fo functionality the component includes but he didn't cover here.

tagged: zendinputfilter component zendframework series input filter chain

Link: https://framework.zend.com/blog/2017-06-15-zend-inputfilter.html

Zend Framework Blog:
Validate input using zend-validator
Jun 14, 2017 @ 11:25:36

The Zend Framework blog has continued their series spotlighting various components of the framework with their latest installment. In this latest tutorial they cover the zend-validator component used to validate data against a set of rules for correctness.

In our previous post, we covered zend-filter, The filters in zend-filter are generally used to pre-filter or normalize incoming data. This is all well and good, but we still don't know if the data is valid. That's where zend-validator comes in.

The post starts with showing how to get the component installed via Composer and the optional dependency of the zend-service-manager component (to handle the use of ValidatorChain functionality). Code is included showing the interface the validators all conform to and an example of the validator in use. It then covers some of the built-in validation options and how to build up a validator "chain" of multiple checks. It also shows how to break the validation if one fails, setting priority (order of execution), evaluating values in certain contexts and registering your own custom validators.

tagged: zendvalidator zendframework validation tutorial introduction component series

Link: https://framework.zend.com/blog/2017-06-13-zend-validator.html

Zend Framework Blog:
Filter input using zend-filter
Jun 09, 2017 @ 10:58:19

The Zend Framework blog has posted a new tutorial covering a single component of the framework. In this latest article ZF lead developer Matthew Weier O'Phinney covers the zend-filter component for filtering input from your users.

When securing your website, the mantra is "Filter input, escape output." We previously covered escaping output with our post on zend-escaper. We're now going to turn to filtering input.

Filtering input is rather complex and spans a number of practices: filtering/normalizing input [and] validating input. For now, we're going to look at the first item, filtering and normalizing input, using the component zend-filter.

He shows you how to get the component installed, via Composer, and talks about some of the dependencies it needs, optional and required. Since they'll be using the "FilterChain" functionality, he also requires that. He moves into the code, showing the interface required for a validator to work (basically just defining a "filter" method). He talks about some of the common filtered included and how to refactor custom validation handling into a FilterChain performing the same operations. He ends with another example of reading from a file and how to use it on an array of values, each line as a string from the file.

tagged: zendframework component tutorial introduction zendfilter input

Link: https://framework.zend.com/blog/2017-06-08-zend-filter.html

SitePoint PHP Blog:
Re-Introducing Symfony Console – CLI PHP for the Uninitiated!
May 25, 2017 @ 11:38:02

The SitePoint PHP blog has posted a tutorial from author Claudio Ribeiro that wants to re-introduce you to the Symfony Console package, a component of the larger Symfony framework that makes it easier to create and work with command-line PHP scripts.

As software developers, we often feel the need to resort to command line tools. These kinds of tools are helpful when we need to do a sort of recurring task like migrating data, performing imports, or creating cron jobs.

The Symfony Console component tool provides us with a simple framework to create our own command line tools. Unlike many components in Symfony, this is a standalone package and is used by the likes of Laravel‘s Artisan and many other famous PHP packages.

The tutorial then walks you through the installation process, via Composer, and the creation of a new command. With this simple base created, he then adds in actual functionality, building out a command to hash and verify a password string. They show how to use the command and an example of its output. Next up, he creates another command example, this time verifying the password hash provided as an argument. The tutorial wraps up with a look at testing your console comamnds with PHPUnit tests via the included CommandTester functionality.

tagged: symfony console commandline cli package component tutorial introduction

Link: https://www.sitepoint.com/re-introducing-symfony-console-cli-php-uninitiated/

Zend Framework Blog:
Leverage Zend Component Plugin Managers in Expressive
May 19, 2017 @ 09:58:15

The Zend Framework blog has a new post from project lead Matthew Weier O'Phinney showing how you can use plugin managers in Expressive and how it can be used to integrate other components.

With the release of Expressive 2, one of the key stories was the ability to require ZF components within Expressive, and have their dependencies auto-wired into your application courtesy of the component installer.

However, we recently had a user in our Slack channel (need an invite?) indicating they were having issues with usage of custom validators, filters, and input filters. After a <a href=https://discourse.zendframework.com/t/validatormanager-not-calling-custom-validator-factory/109">more thorough writeup on our forums, I realized we'd missed something important when making these integrations, and set out to solve it.

The article then starts with the problem that they're trying to solve, mostly around configuration handling. The solution involved some work done on various packages (like zend-log, zend-filter and zend-form) to make the configuration loading a bit more automated (and with fallback handling).

tagged: zendexpressive module component manager update package

Link: https://framework.zend.com/blog/2017-05-18-plugin-managers.html

Zend Framework Blog:
Context-specific escaping with zend-escaper
May 17, 2017 @ 09:44:25

The Zend Framework blog has continued their series spotlighting individual components of the framework and putting them to use outside of a ZF-based application. In the latest post they show how to use zend-escaper to handle context-specific escaping.

Security of your website is not just about mitigating and preventing things like SQL injection; it's also about protecting your users as they browse the site from things like cross-site scripting (XSS) attacks, cross-site request forgery (CSRF), and more. In particular, you need to be very careful about how you generate HTML, CSS, and JavaScript to ensure that you do not create such vectors.

As the mantra goes, filter input, and escape output.

They start with some of the main issues around escaping output in PHP (and some of the inconsistencies) and what zend-escaper can to to help. The tutorial then shows how to pull the component into your current application via Composer and set up a new Escaper instance. It briefly covers the built-in escaping methods and then provides some more real-world examples of how it can be used to protect your application.

tagged: zendescaper component tutorial introduction output escaping

Link: https://framework.zend.com/blog/2017-05-16-zend-escaper.html

Zend Framework Blog:
Manage permissions with zend-permissions-acl
May 10, 2017 @ 13:19:23

The Zend Framework blog is back with their latest installment in their authentication and authorization series with the Zend Expressive framework. In this latest post they show the use of the zend-permissions-acl component to provide another kind of access control evaluation (as opposed to the role-based access control shown in a previous article).

The last couple posts have been around authorization, the act of determining if a given identity has access to a resource. We covered usage of role based access controls, as well as middleware that uses an RBAC.

In this post, we'll explore another option provided by Zend Framework, zend-permissions-acl, which implements Access Control Lists (ACL).

This post will follow the same basic format as the one covering zend-permissions-rbac, using the same basic examples.

They start off the post as they've done with the others, showing how to install the component and defining some basic vocabulary so everyone's on the same page. It then starts on creating an access control list instance, defining some roles in that ACL and some example isAllowed checks for evaluating those permissions. With that in place, the tutorial moves on to resources, role inheritance and resource inheritance. Finally, they talk about ACLs in general, what they should contain and how to add in custom assertions if the need should arise.

tagged: zendframework zendexpressive permissions zendpermissionsacl tutorial component

Link: https://framework.zend.com/blog/2017-05-09-zend-permissions-acl.html