Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Lorna Mitchell:
Simple Access Control for CakePHP3
Apr 11, 2016 @ 09:35:01

Lorna Mitchell has a post to her site with some helpful instructions for the CakePHP3 users out there around access control. The framework comes with no built-in functionality for authentication so she shows how to set up your own.

The newest version of CakePHP doesn't ship with built in ACL, which means you need to write your own. Personally I think this is a smart move, having looked at the one-size-fits-all solutions for previous versions of the framework and knowing that every system has different requirements, this version has good hooks and documentation on how to add something that works for your application. I thought I'd share what worked for mine.

She starts with some of the initial setup: creating the relationship between the users and her custom roles table and "baking" the controllers and templates. She then goes through the use of the authorize method and how it can handle the user/request combination to determine access. She includes the code for her auth class, showing both the authorize method and a simplified userHasRole method. She walks you through the code and one downfall the setup has: not being able to validate access in views and templates.

tagged: access control cakephp3 user loggedin authorization tutorial

Link: http://www.lornajane.net/posts/2016/simple-access-control-cakephp3

SitePoint PHP Blog:
Control User Access to Classes and Methods with Rauth
Mar 17, 2016 @ 13:55:22

The SitePoint PHP blog has posted a tutorial from Bruno Skvorc showing you how to use Rauth, a tool that's designed to control access to parts of your application as set by annotations in the code.

Rauth is SitePoint’s access control package for either granting or restricting access to certain classes or methods, mainly by means of annotations.

[...] Traditional access control layers (ACLs) only control routes – you set anything starting with /admin to be only accessible by admins, and so on. This is fine for most cases, but not when: you want to control access on the command line (no routes there) or you want your access layer unchanged even if you change the routes Rauth was developed to address this need. Naturally, it’ll also work really well alongside any other kind of ACL if its features are insufficient.

He starts by dispelling the common thought (at least in most of the PHP community) that annotations are a bad thing and relying on them for functionality isn't a good practice to follow. With that out of the way, he shows a simple example: a set of users and fake routes that are evaluated by Rauth based on the annotations in a One controller-ish class. He describes what the evaluation is doing and how changing the annotations would make a difference in the results. He also includes a dependency injection example with PHP-DI and the Fast-Route package and a more "real world". He ends the post with a look at another handy feature of the library: bans (blocking based on other types of annotations, @auth-ban).

tagged: rauth access control class method annotation tutorial

Link: http://www.sitepoint.com/control-user-access-to-classes-and-methods-with-rauth/

SitePoint PHP Blog:
Voice controlled PHP apps with API.ai
Aug 31, 2015 @ 09:36:14

The SitePoint PHP blog has posted a tutorial showing you how to help your applications understand natural language with the help of the Api.ai service.

In this tutorial we’ll be looking into Api.ai, an API that lets us build apps which understand natural language, much like Siri. It can accept either text or speech as input, which it then parses and returns a JSON string that can be interpreted by the code that we write.

They start by explaining some of the concepts you'll need to know in using the service: agents, entities, intents, contexts, aliases and domains (each with a summary and examples). In their example, they show how to get the current time from any given places using their API. He shows you how to set up a free account and create a new agent. He then uses Guzzle (the HTTP client library) to make the request to the API with your API and subscription keys. They show the result of a query for "What's the current time in Barcelona Spain?" and how to extract the "location" value from the results. With this they then search the Google API for the local time of "Barcelona Spain". With the time in hand, they then use the responsive-voice.js library to convert the text to speech at the click of a button.

With all these concepts under your belt, they also walk you through a second application, a currency converter. It uses the same workflow as the previous example with the exception of using the CurrencyLayer.com API to perform the financial conversion. All code needed for this example is included as well. If you'd like to just jump to the end, they've also shared the complete code for both examples over on Github.

tagged: voice control api apiai tutorial localtime currency convert

Link: http://www.sitepoint.com/voice-controlled-php-apps-with-api-ai/

Optional Value Control-flows in PHP using Traits and Magic-methods
Jun 18, 2015 @ 09:44:02

The MyBuilderTech.com site has a new tutorial posted talking about the use of traits and magic methods for optional value handling.

Recently I have been interested in experimenting with different ways to handle optional values. Their are many examples that exist demonstrating the use of the Maybe/Optional structure within the PHP landscape. I would instead like to focus my attention on only looking into the concept of 'orElse', which I have found to be a prominent control-flow whilst using these types of value. Typically, in an imperative mind-set we are accustom to evaluating a value, and based on its existence - defined as falsely in this regard - follow a different course of action, and by-way result.

He gives an example of where a value is checked for null and something else happens when it is. This is a common practice in PHP development, but he's more interested in other ways of handling. The first of these ways is with traits. His example shows an "OrElse" trait that can be used to perform the same evaluation but does some extra magic based on the method name called (his example is "findByIdOrElse"). If the trait method isn't for you, he also offers another possible solution around the use of composition. In this case he uses the same trait but makes it a part of its own class that's then given the object to work with (his "repository").

The post ends with one more "bonus" method for handling optional values - a simple function ("_or") that evaluates the arguments given and returns the first that's "truthy".

tagged: optional value control flow trait magicmethod function truthy

Link: http://tech.mybuilder.com/optional-value-control-flows-in-php-using-traits-and-magic-methods/

Laravel News:
5 Resources to Learn about the Laravel IoC Container
Jan 02, 2015 @ 10:04:59

The Laravel News site has a post today linking to five handy resources you can use to learn about the Laravel IoC (inversion of control, dependency injection) container.

The Laravel IoC container is a powerful tool for managing class dependencies. It is widely used in Laravel and an important tool for your arsenal. The community has created several tutorials for this and here are five resources that will teach you all about it. [...] By reading these tutorials you’ll be up to speed in no time on the Laravel IoC container and also improve your code by implementing it in your application.

As a "bonus" there's also a link to a video narrated by Laravel creator Taylor Otwell himself about the IoC container and its use.

tagged: laravel inversion control ioc container dependency injection tutorials

Link: https://laravel-news.com/2014/12/5-resources-learn-laravel-ioc-container/

Thomas Weinert:
Carica Chip 101 - Controlling An LED With PHP
Nov 05, 2013 @ 10:18:40

Every once and a while someone uses PHP for something interesting and different than the usual web application. In this post to his site Thomas Weinert shares an example - he uses PHP to control a LED via Carica Chip.

Some time ago, in this blog post, I explained the basic stuff about Arduino, Firmata and PHP. Now it is time for the next step. Carica Io and Carica Firmata have grown and got a third layer called Carica Chip. [...] Carica Chip provides an easy way to control a device. So let's start with an "Interactive LED" example.

He uses the Carica Chip library and the "skeleton" application command from Composer to make a basic application. A simple HTML page with on and off links is made and and basic Carica Chip server is set up and executed. It's a simple example, but it gives you an idea of how to set it all up. The Carica Chip package also allows for other interactions including working with servos and motors.

tagged: carica chip introduction led arduino tutorial package control

Link: http://www.a-basketful-of-papayas.net/2013/11/carica-chip-101-controlling-led-with-php.html

Lorna Mitchell:
What Goes in Source Control?
Apr 30, 2013 @ 10:31:26

As developers, one of the best things you can do for a project is to use version control (or "source control") for your code. Lorna Mitchell suggest using it on a wider scale, though. She sees it as a great place for all sorts of other things around a project too.

Short answer: everything! However we need some good directory structures and source control configuration to make that a really practical answer, so this article is a quick outline of my usual advice for a good source control structure for a standard web project. The examples are for a PHP project but I'm sure you could apply this to your own language of choice, also.

These "other things" she suggests that should end up in source control including things like:

  • The actual "web root" of your application
  • Library code
  • Build scripts
  • Configuration files
  • Database patches
  • Tests (unit, functional, integration, etc)
tagged: source version control suggestion contents

Link: http://www.lornajane.net/posts/2013/what-goes-in-source-control

Round Table #1: Should Exceptions Ever be Used for Flow Control?
Mar 28, 2013 @ 10:20:39

On the NetTuts.com site today they've posted the transcript of a panel discussion they had with several developers about exceptions and whether or not they should be used for flow control.

I’m pleased to release our first ever round table, where we place a group of developers in a locked room (not really), and ask them to debate one another on a single topic. In this first entry, we discuss exceptions and flow control.

The opinions vary among the group as to what exceptions should be used for (even outside of the flow control topic). Opinions shared are things like:

  • Exceptions are situations in your code that you should never reach
  • Errors cause Failures and are propagated, via Exceptions.
  • So, essentially, exceptions are an “abstraction” purely to model the abnormality.
  • Personally, I envision exceptions more as “objections.”
  • Exceptions like this should be caught at some point and transformed into a friendly message to the user.

There's lots more than this in the full discussion so head over and read it all - there's definitely some good points made.

tagged: roundtable exceptions flow control panel discussion


Richard Rodger:
Why I Have Given Up on Coding Standards
Dec 05, 2012 @ 13:17:48

In a recent (controversial) post Richard Roger talks about why he's given up on coding standards and includes a few of the reasons that might make you think about your own proceses.

Every developer knows you should have a one, exact, coding standard in your company. Every developer also knows you have to fight to get your rules into the company standard. Every developer secretly despairs when starting a new job, afraid of the crazy coding standard some power-mad architect has dictated. It’s better to throw coding standards out and allow free expression. The small win you get from increased conformity does not move the needle. Coding standards are technical ass-covering.

He walks through the evolution of the average developer, the trip from their infancy of "just writing code" to the point of understanding that there needs to be standards to make code easier to read and understand. He includes a list of five "sins of control" that might make coding standards more desirable.

There are worse sins than these. You only need one of them to end up with a coding standard. The truly evil thing about coding standards is what they do to your heart, your team’s heart. They are a little message that you are not good enough. You cannot quite be trusted. Without adult supervision, you’ll mess up.

As you'd expect, there's plenty of comments on the post, so enjoy reading and maybe contribute some of your own.

tagged: coding standards opinion hurt control freedom


Creating a Custom ACL in PHP
May 11, 2012 @ 10:53:23

On Developer.com there's a recent tutorial showing you how to create a basic access control list in PHP (not in any specific framework). It allows you to define not only user permissions but groups and group permissions as well.

So, what are the advantages of an ACL model? The first advantage is security. Using this model will make your application more secure and less vulnerable to exploits. When securing any program, it is good to give to the user only the privileges he/she needs. That means that, for example, you should not give super administrator privileges to someone who will only manage website content. The ACL security model allows you to do just that. The second advantage is the easiness of user management. You can divide users into groups, while each group has certain access permissions. Also, you can easily add new user groups, delete the old ones or change group permissions.

They include the database structure you'll need to make the backend work (four tables) and the code to create an "Acl" class with methods to check a user+group for a permission, get the permissions for a user and get the permissions for a group. It's a pretty simple system and has a lot more that could be added to it to make it more robust, but it's a good start.

tagged: custom acl access control permission group tutorial database