Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Mail Logging in Laravel 5.3: Extending the Mail Driver
Sep 26, 2016 @ 11:54:40

On the SitePoint PHP blog there's a new tutorial posted by Younes Rafie looking at logging of mail handling in Laravel by extending the already included driver with your own updates.

One of the many goodies Laravel offers is mailing. You can easily configure and send emails through multiple popular services, and it even includes a logging helper for development.

[...] Laravel also provides a good starting point for sending mails during the development phase using the log driver, and in production using smtp, sparkpost, mailgun, etc. This seems fine in most cases, but it can’t cover all the available services! In this tutorial, we’re going to learn how to extend the existing mail driver system to add our own.

They start by helping you create the service provider used to log the mail information to a database table (the DBMailProvider). The extend the existing mail provider class and set it up to register the Swift Mailer provider if the configuration for the mailer is not set to "db". The the tutorial shows how to update the provider to override the swift.mailer instance in the application dependency injection container and include the code to override the "send" method. A migration is created to hold the mail data and a matching Emails model is used to save the mail results.

tagged: laravel email logging database tutorial driver swiftmailer configuration

Link: https://www.sitepoint.com/mail-logging-in-laravel-5-3-extending-the-mail-driver/

TutsPlus.com:
Building Your Startup With PHP: Email Commands
Sep 15, 2016 @ 11:22:40

TutsPlus.com has continued their "Building Your Startup with PHP" series in this latest tutorial covering the use of email commands in their "Meeting Planner" example application.

This tutorial is part of the Building Your Startup With PHP series on Envato Tuts+. In this series, I'm guiding you through launching a startup from concept to reality using my Meeting Planner app as a real-life example. [...] In the last tutorial, we began emailing meeting invitations which included numerous links for participants to respond, i.e. view the meeting page, accept all places and times, reject a place or time, etc.

In this tutorial, I'll review how I chose to construct and process those links in a secure, functional manner.

He then starts in on the idea of "commands" explaining a bit about what they are and what kind of commands are needed for the planner application. Code is included to create some of these commands and how to integrate them into the rest of the Yii-framework based application.

tagged: startup build tutorial series email command yii framework

Link: https://code.tutsplus.com/tutorials/building-your-startup-with-php-email-commands--cms-23288

Scotch.io:
Easy and Fast Emails with Laravel 5.3 Mailables
Aug 26, 2016 @ 11:32:01

The Scotch.io blog has posted another Laravel-related tutorial, this time focusing in on "mailables", a new feature in the latest release of Laravel (v5.3) that makes sending emails simpler.

Laravel 5.3 has just been released and there are a ton of great new features. One of the major improvements is in how you send mail in your applications.

They start with a look at how you might send emails in previous versions of the Laravel framework using the Mail::send method with a set of options and a callback. The tutorial then moves on to v5.3 and introduces the idea behind "mailables" and some simple examples. They show how to create a custom mailable-based class and the resulting code. They walk you through how to pass data into the email views, changing up the mailer configuration, sending extra parameters and sending the emails. They also include information about email queueing using Laravel's built-in queuing functionality.

tagged: easy email laravel v53 mailable tutorial introduction

Link: https://scotch.io/tutorials/easy-and-fast-emails-with-laravel-5-3-mailables`

Laravel News:
Easily Test Email with MailThief
Jun 24, 2016 @ 11:50:56

The Laravel News site has a post that gives you a quick introduction to MailThief, a library created by the developers at Tighten Co. to make mail testing simpler.

MailThief is a new package by Tighten Co. that provides a fake mailer for your Laravel application. This makes it easy to test email without actually sending any.

They include a simple example of a script that sends an email on user registration using Laravel's own Mail library. They also include a test for the registration action showing how MailThief can be used to "hijack" the mailer and make it simpler to get information about the mail being sent. You can find out more about the tool and what prompted it in this video from Adam Wathan.

tagged: mailthief testing unittest mailer email example introduction

Link: https://laravel-news.com/2016/06/mailthief/

SitePoint PHP Blog:
Using Halite for Privacy and Two-Way Encryption of Emails
Jun 23, 2016 @ 11:18:17

On the SitePoint PHP blog there's a new tutorial posted showing you how to use the Halite package to encrypt the contents of emails. The Halite library sits on top of the libsodium functionality to provide tested, hardened cryptographic results.

Cryptography is a complex matter. In fact, there is one golden rule: "Don’t implement cryptography yourself." The reason for this is that so many things can go wrong while implementing it, the slightest error can generate a vulnerability and if you look away, your precious data can be read by someone else.

[...] Some libraries out there implement cryptography primitives and operations, and leave a lot of decisions to the developer. [...] Nevertheless, there is one library that stands out from the rest for its simplicity and takes a lot of responsibility from the developer on the best practices, in addition to using the libsodium library. In this article we are going to explore Halite.

The tutorial then starts of helping you get the libsodium package installed on your system (assuming it's unix-based). They then start on the sample application - a basic "email" client able to send/receive messages between users. They set up RESTful endpoints to get the messages, use the Doctrine ORM for a database interface and show the use of the Halite Crypto class to encrypt/decrypt the message contents.

tagged: halite privacy twoway encryption email message tutorial libsodium

Link: https://www.sitepoint.com/using-halite-for-privacy-and-two-way-encryption-of-emails/

Adam Wathan:
Writing Your Own Test Doubles
May 11, 2016 @ 10:19:58

In this recent post to his site Adam Wathan about writing your own custom test doubles (fakes) to help make your tests cleaner and improve their overall readability/maintainability.

Once in a while I run into a situation where trying to use a mocking library hurts the readability of my test. For example, say I’m building out a basic user registration flow where someone signs up and receives a welcome email. [...] To test that an account is created correctly, I can make a request to the endpoint and verify that the new account exists in a test database. [...] This covers creating the account itself, but what’s the best way to test the welcome email?

He goes through a few of the options that could be used to test this including using Mockery to replace the mailer class with a spy or actually sending emails. There's downfalls to both of these methods and he suggests using a custom "fake" where the mailer class is swapped out with an "in-memory" option with the same kind of interface. He does point out a few issues with this method, however, and offers a few tips to remember when using them.

tagged: custom test unittest doubles email example video screencast

Link: http://adamwathan.me/2016/01/25/writing-your-own-test-doubles/

Matt Stauffer:
Using SparkPost for Transactional emails with Laravel
Apr 27, 2016 @ 10:54:42

Matt Stauffer has a post to his site for the Laravel users out there wanting to seed "transactional emails" from their applications. In this tutorial he shows you how to use the SparkPost service to send emails with very little effort.

Recently, Mandrill announced that they'd be sunsetting their transactional email service and instead rolling it in to a secondary service for paid MailChimp users. That's fine for them, but many of us were using it for small one-off apps and weren't interested in all of a sudden paying money to send 100 emails a month.

[...] But right when Mandrill announced their pricing change, a new transactional email provider came out of nowhere: SparkPost. [...] So let's walk through the process of signing up and moving Giscus, my app for notifying you of comments on your gists, from Mandrill to SparkPost.

First he walks you through the process of getting a SparkPost account set up and configured to receive messages from your application. He then moves over to the Laravel side, upgrades his installed version and configures it with the "secret" value SparkPost provides and changes the MAIL_DRIVER value - that's basically it.. He also includes some screenshots of other parts of the SparkPost admin interface to show some of the other functionality included.

tagged: tutorial laravel sparkpost service transaction email send

Link: https://mattstauffer.co/blog/using-sparkpost-for-transactional-emails-with-laravel

SitePoint PHP Blog:
What is SparkPost?
Apr 25, 2016 @ 13:50:47

The SitePoint PHP blog has a post to their site introducing SparkPost, an email delivery service (in the same vein as Mandrill) that you can hook into your PHP applications to prevent the need to run your own mail servers.

I’ve used Mandrill for as long as I can remember. It sends transactional email, like the kind you receive when you sign up for a new account. Like me, many have been happy to use a free account for sending a relatively low number of emails a month. That is, until recently, when Mandrill caused a bit of a stir. The heart of the matter is that Mandrill removed their free tier. Anybody wishing to send mail through Mandrill now requires a paid-for MailChimp account

[...] Mindful that people are looking for alternatives (to power their personal newsletters or whatever), I spoke to Aydrian Howard. Aydrian is the Developer Advocate at SparkPost, whom I met at FluentConf. We talked for a bit about SparkPost and what makes it different from MailChimp.

After the little bit of Q&A about the service, the tutorial gets in and shows you how to get SparkPost set up for your application. They help you install their own client library and send a first test email using your account. Code is provided showing the configuration of the client with your key and the options you can define when sending the message.

tagged: sparkpost email send tutorial introduction mandrill

Link: http://www.sitepoint.com/what-is-sparkpost/

Jelle Raaijmakers:
Dissecting a spammer’s spam script
Apr 19, 2016 @ 13:48:37

In this post to his site Jelle Raaijmakers dives into a script that's commonly injected into vulnerable sites and used by spammers to send messages without the knowledge of the site owner.

Let’s take a look at a PHP script used to send spam. These types of scripts run on servers all over the world and might give you some insight into a spammer’s dedication to annoy the hell out of you. Spammers abuse known flaws in unsecured websites and applications to break into a server and install scripts that are able to send loads of spam.

[...] Everyone running a mildly popular WordPress site knows that exploits can be really easily introduced by installing plugins from a less than reputable source – or by not keeping your plugins up to date. Sometimes, a zero-day exploit for a popular WordPress plugins becomes known and thousands of installations worldwide are infected at once.

He then goes through a script he found in an infected WordPress instance of his own on a shared hosting provider. He talks about what these kinds of scripts usually look like (an encoded eval injected into current scripts) and the process he followed to dissect it:

  • Step 1: determine method of obfuscation
  • Step 2: introduce newlines
  • Step 3: replace the $j10 values
  • Step 4: concatenate constant strings
  • Step 5: replace function invocations
  • Step 6: prettify the PHP code
  • Step 7: remove default $j10 argument
  • Step 8: decode the $pate payload
  • Step 9: replace $_POST references
  • Step 10: map function and variable names

It's not a super simple process, but in the end he's left with the complete PHP script that loads a remotely defined configuration, tries to send the emails and even retries if there's a failure. He includes a few noteworthy things about the script including STMP connection auto-detection and DNS lookups over UDP.

tagged: spammer script dissection reverse engineer email spam security

Link: https://jelleraaijmakers.nl/2016/04/dissecting-spammers-spam-script

php[architect]:
Mandrill Alternatives for PHP Applications
Apr 19, 2016 @ 12:07:16

With the recent (well, not too recent) announcement from MailChimp about the shift to a paid model for their Mandrill email service, PHP developers have been busy looking for alternatives. In this post to the php[architect] site Sandy Smith explores some of the other options out there, how they compare and what they have to offer.

n case you might have missed the announcement, MailChimp is changing Mandrill to be an add-on to paid MailChimp accounts, thus eliminating the generous free tier. We’re big fans of MailChimp and use its mailing list service for our own announcements, but a full MailChimp account isn’t going to be for everybody. [...] Many people also know Mandrill by reputation and will need options in the future. For you, we’ve put together this list of viable transactional email alternatives with PHP and major PHP application support.

Included in their list are services like:

For each service he includes a paragraph talking about what integrations and libraries there are for their use as well as what's included in their "free" levels.

tagged: mandrill alternative email service options sdk overview

Link: https://www.phparch.com/2016/04/mandrill-alternatives-for-php-applications/