Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
Libsodium Quick Reference: Similarly-Named Functions and Their Use-Cases
Jun 13, 2017 @ 12:17:55

In a new post to the Paragon Initiative blog Scott Arciszewski has shared a helpful reference for those that might be a little confused by the naming and functions involved in the use of libsodium in PHP. In this quick reference he lists out each of the functions, what type they are and an example use case.

Last Friday at Day Camp 4 Developers, I presented a talk titled Cooking with Sodium in PHP 7.2, which was largely live-demoing the various cryptography features provided by libsodium. One of the questions I was asked by attendees was about knowing which feature to use to solve specific problems. This is the sort of problem that I suspect many people run into, so here's a quick reference table followed by a detailed explanation.

In the table below, all encryption modes utilize authenticated encryption.

Following the quick reference table he then gets into more detail on each of the functions, describing in depth what they're for and examples of how to most effectively use them.

tagged: quickreference libsodium function guide usecase detail

Link: https://paragonie.com/blog/2017/06/libsodium-quick-reference-quick-comparison-similar-functions-and-which-one-use

Nikita Popov:
PHP 7 Virtual Machine
Apr 17, 2017 @ 17:42:47

Nikita Popov has a new post to his site sharing a look behind the curtain of how the PHP 7 virtual machine works, the latest version in the Zend Virtual Machine that powers the language.

This article aims to provide an overview of the Zend Virtual Machine, as it is found in PHP 7. This is not a comprehensive description, but I try to cover most of the important parts, as well as some of the finer details.

This description targets PHP version 7.2 (currently in development), but nearly everything also applies to PHP 7.0/7.1. However, the differences to the PHP 5.x series VM are significant and I will generally not bother to draw parallels.

Most of this post will consider things at the level of instruction listings and only a few sections at the end deal with the actual C level implementation of the VM.

He then goes through many different points and piece of functionality in the VM and how they work including:

  • variable types
  • the stack frame layout
  • fetch modes
  • exception handling
  • finally handling
  • generators

There's lots of information here and it's definitely interesting to see what happens inside the language to create the fast and functional PHP 7 applications we have now.

tagged: virtualmachine php7 zend detail behindthescenes example

Link: http://nikic.github.io/2017/04/14/PHP-7-Virtual-machine.html

TutsPlus.com:
Programming With Yii2: Using the Debugger
Jan 03, 2017 @ 11:52:29

The TutsPlus.com site continues their "Programming with Yii2" series of tutorials with the latest edition in the series, a look at using the Yii2 debugger to help track down issues in your code.

In today's tutorial, I'll show you how to install the Yii2 Debugger, and we'll explore its capabilities in detail. It's a powerful programming assistant which is often underutilized.

As you code and test your application, the debugger can show you your application path, queries and query variables, performance characteristics, server and framework settings, and much more.

The article starts off by showing you how to install the "yiisoft/yii2-debug" library (via Composer) and enable it in the "debug" section of your configuration. With it correctly installed you'll then be able to access it at the bottom of your pages. The debug console provides plenty of helpful information related to:

  • the route matched
  • a log of actions and events
  • load time
  • memory used
  • database queries performed

...among others. The tutorial walks you through these and other pieces of information the tool provides with screenshots of example output for each.

tagged: programming yii2 debugger tutorial series toolbar screenshot detail

Link: https://code.tutsplus.com/tutorials/programming-with-yii2-using-the-debugger--cms-26910

Kinsta.com Blog:
What’s New in PHP 7.1.0
Nov 25, 2016 @ 13:32:29

On the Kinsta blog there's a post detailing some of the new features that are coming in the next release in the PHP 7 series - PHP 7.10.

The newest version of PHP – 7.1.0 – is already at RC6 (Release Candidate 6) status, which means it will be out soon. After a huge update that took PHP from 5.6 straight to 7.0 increasing speeds considerably, PHP is now focusing on core language features that will help all of us write better code. In this article I’ll take a look at the major additions and features of PHP 7.1.0 which is just around the bend.

Their list of items includes:

  • nullable types
  • iterable and void returns
  • the use of keys in lists
  • number operators and malformed numbers

Each item in the list includes a brief description and some example code show the feature in use where it makes sense. If you're not overly familiar with what's coming in PHP 7.1 this is a great guide.

tagged: kinsta php71 upcoming version feature php71rc6 release detail

Link: https://kinsta.com/blog/php-7-1-0/

Kyle Mitchell:
The MIT License, Line by Line
Sep 27, 2016 @ 09:53:11

If you've been working with open source software for any amount of time, chances are you've seen licenses attached to the projects you've used (or even contributed to). There's quite a few of them out there and it can be confusing as to what's actually covered by them and how it effects you directly. In this recent post to Kyle E. Mitchell's site he explains, line-by-line, one of the most common Open Source licenses: the MIT license.

The MIT License is the most popular open-source software license. Here’s one read of it, line by line.

If you’re involved in open-source software and haven’t taken the time to read the license from top to bottom—it’s only 171 words—you need to do so now. Especially if licenses aren’t your day-to-day. Make a mental note of anything that seems off or unclear, and keep trucking. I’ll repeat every word again, in chunks and in order, with context and commentary. But it’s important to have the whole in mind.

He then walks you through the different sections of the license, explaining what it all means:

  • License title (header)
  • Copyright notice (header)
  • Grant scope (license grant)
  • Conditions (license grant)
  • Attribution notice, warranty disclaimer and limitation of liability

There's a lot of detail here but in the end you'll definitely understand the license in and out. He ends the post with links to a few other resources that have helped him better understand source licenses.

tagged: mit license opensource detail linebyline explanation

Link: https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line.html

Ibuildings Blog:
Programming Guidelines - Part 3: The Life and Death of Objects
Feb 02, 2016 @ 11:42:05

The Ibuildings blog has posted the latest part of their series looking at some general programming guidelines and principles that can help you in your own development work. In this latest article Matthias Noback talks about the "life and death of objects" in more detail including creating, updating and how they "die".

In the first part of this series we looked at ways to reduce the complexity of function bodies. The second part covered several strategies for reducing complexity even more, by getting rid of null in our code. In this article we'll zoom out a bit and look at how to properly organize the lifecycle of our objects, from creating them to changing them, letting them pass away and bringing them back from the dead.

He starts with a brief list of things that are true about objects (they live in memory, they hide implementation, etc) and some of the issues with poor object handling. He then gets into some of the basics: creating objects (meaningful & different ways), validating the input to constructors and methods and changing them to update properties and related objects. He also suggests preferring immutable objects and talks about value objects to help towards this goal. Finally he talks about the death of objects and some of the ways you can possibly "bring them back to life".

tagged: oop object detail introduction validate immutable valueobject revive lifecycle tutorial

Link: https://www.ibuildings.nl/blog/2016/02/programming-guidelines-part-3-the-life-and-death-objects

Julien Pauli:
Zoom on PHP objects and classes
Mar 26, 2015 @ 12:50:49

Julien Pauli has a recent post to his site that "zooms in" on objects and classes with a look behind the scenes at how they're handled in the PHP source (at the C level) with plenty of code examples and explanations as to how they work.

Everybody uses objects nowadays. Something that was not that easy to bet on when PHP5 got released 10 years ago (2005). I still remember this day, I wasn't involved in internals code yet, so I didn't know much things about how all this big machine could work. But I had to note at this time, when using this new release of the language, that jumps had been made compared to old PHP4. The major point advanced for PHP5 adoption was : "it has a new very powerful object model". That wasn't lies. [...] Here, I will show you as usual how all this stuff works internally. The goal is always the same : you understand and master what happens in the low level, to make a better usage of the language everyday.

The article does a great (if lengthy) job of covering everything that happens with PHP's objects and class system, including stats about memory consumption. He includes both the PHP code and the C code to illustrate what's happening with classes, interfaces, traits and object methods/attributes (including object references). He also talks about what "$this" is and how class destructors are handled.

tagged: object class behindthescenes detail c code memory usage

Link: http://jpauli.github.io/2015/03/24/zoom-on-php-objects.html

Anthony Ferrara:
What About Garbage?
Dec 03, 2014 @ 13:33:44

In his latest post Anthony Ferrara looks at a recent change in the Composer dependency management tool involving a major speed boost, just from disabling the garbage collection.

If you've been following the news, you'll have noticed that yesterday Composer got a bit of a speed boost. And by "bit of a speed boost", we're talking between 50% and 90% speed increase depending on the complexity of the dependencies. But how did the fix work? And should you make the same sort of change to your projects? For those of you who want the TL/DR answer: the answer is no you shouldn't.

He talks about what the actual (one line) change was that sped things up but goes on to talk about why doing this isn't necessarily a good thing. He covers how PHP handles variables internally, how it relates to "pointers" and the copy-on-write functionality. He includes code snippets and gives an overview of how each would be handled by the interpreter. Unfortunately, the way PHP handles things, deleting a variable only removes variable reference, not the value, but does decrement the reference count for it. When that hits 0, garbage collection kicks in and removes associated values too.

He talks about a few other kinds of garbage collection (the reference count method is just one of them) and circles back around to how this relates to Composer's functionality. He points out the number of objects created during the dependency resolution process and what can happen when the root buffer, populated with all of these objects, gets too full (hint: garbage collection). He finishes the post talking about how, in Composer's case, the garbage collection change yielded the performance impact it did, but doesn't suggest it for every project. He also makes a few suggestions as to things that could be done to improve PHP's garbage collection handling.

tagged: garbage collection handling composer disable detail

Link: http://blog.ircmaxell.com/2014/12/what-about-garbage.html

NetTuts.com:
Digging in to Laravel's IoC Container
Nov 25, 2014 @ 12:23:07

NetTuts.com has a new tutorial posted that digs into the Laravel IoC (Inversion of Control) container, one of the key features of the framework making it easy to create and use objects all around your applications.

Inversion of Control, or IoC, is a technique that allows control to be inverted when compared to classical procedural code. The most prominent form of IoC is, of course, Dependency Injection, or DI. Laravel's IoC container is one of the most used Laravel features, yet is probably the least understood.

He starts with an example of basic dependency injection (constructor injection) and how this relates to the Laravel framework's IoC handling (hint: it's all IoC). He includes examples of some built-in Laravel bindings and talks about the difference between shared and non-shared bindings. He also looks at conditional binding, how dependencies are resolved and how you can define your own custom binding implementations. Other topics mentioned include tagging, rebounds, rebinding and extending. He ends the article with a look at how you can use the IoC outside of Laravel too.

tagged: laravel ioc container inversionofcontrol framework tutorial introduction detail

Link: http://code.tutsplus.com/tutorials/digging-in-to-laravels-ioc-container--cms-22167

Anthony Ferrara:
A Lesson In Security
Nov 03, 2014 @ 09:11:49

In his most recent post Anthony Ferrara gives a lesson in security prompted by the recent major issue with a SQL injection vulnerability in Drupal. He gets into detail about the vulnerability itself and the ultimate question: "how could this happen?"

Recently, a severe SQL Injection vulnerability was found in Drupal 7. It was fixed immediately (and correctly), but there was a problem. Attackers made automated scripts to attack unpatched sites. Within hours of the release of the vulnerability fix, sites were being compromised. And when I say compromised, I'm talking remote code execution, backdoors, the lot. Why? Like any attack, it's a chain of issues, that independently aren't as bad, but add up to bad news. Let's talk about them: What went wrong? What went right? And what could have happened better? There's a lesson that every developer needs to learn in here.

He details (complete with code examples) where the vulnerability was, how it could be exploited and what the resulting SQL would look like when it was abused. Fortunately, the fix for the issue was relatively simple, but fixing is easy - distributing that fix is much more difficult.

How did this happen? Everyone makes mistakes. Everyone. It's going to happen sooner or later. Heck, this vulnerable code was in the database layer since 2008, and was just discovered two weeks ago. That says something about how complex vulnerabilities can be.

He suggests that the bigger lesson here isn't about who made the mistake or even the code that caused it. It's more about how it was handled, and that, in using any kind of CMS/framework like this there's always risk. People are human, people make mistakes - "the key is how you deal with it".

tagged: security drupal vulnerability detail lesson risk handle

Link: http://blog.ircmaxell.com/2014/10/a-lesson-in-security.html