Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Easily Test Email with MailThief
Jun 24, 2016 @ 11:50:56

The Laravel News site has a post that gives you a quick introduction to MailThief, a library created by the developers at Tighten Co. to make mail testing simpler.

MailThief is a new package by Tighten Co. that provides a fake mailer for your Laravel application. This makes it easy to test email without actually sending any.

They include a simple example of a script that sends an email on user registration using Laravel's own Mail library. They also include a test for the registration action showing how MailThief can be used to "hijack" the mailer and make it simpler to get information about the mail being sent. You can find out more about the tool and what prompted it in this video from Adam Wathan.

tagged: mailthief testing unittest mailer email example introduction

Link: https://laravel-news.com/2016/06/mailthief/

SitePoint PHP Blog:
Using Halite for Privacy and Two-Way Encryption of Emails
Jun 23, 2016 @ 11:18:17

On the SitePoint PHP blog there's a new tutorial posted showing you how to use the Halite package to encrypt the contents of emails. The Halite library sits on top of the libsodium functionality to provide tested, hardened cryptographic results.

Cryptography is a complex matter. In fact, there is one golden rule: "Don’t implement cryptography yourself." The reason for this is that so many things can go wrong while implementing it, the slightest error can generate a vulnerability and if you look away, your precious data can be read by someone else.

[...] Some libraries out there implement cryptography primitives and operations, and leave a lot of decisions to the developer. [...] Nevertheless, there is one library that stands out from the rest for its simplicity and takes a lot of responsibility from the developer on the best practices, in addition to using the libsodium library. In this article we are going to explore Halite.

The tutorial then starts of helping you get the libsodium package installed on your system (assuming it's unix-based). They then start on the sample application - a basic "email" client able to send/receive messages between users. They set up RESTful endpoints to get the messages, use the Doctrine ORM for a database interface and show the use of the Halite Crypto class to encrypt/decrypt the message contents.

tagged: halite privacy twoway encryption email message tutorial libsodium

Link: https://www.sitepoint.com/using-halite-for-privacy-and-two-way-encryption-of-emails/

Adam Wathan:
Writing Your Own Test Doubles
May 11, 2016 @ 10:19:58

In this recent post to his site Adam Wathan about writing your own custom test doubles (fakes) to help make your tests cleaner and improve their overall readability/maintainability.

Once in a while I run into a situation where trying to use a mocking library hurts the readability of my test. For example, say I’m building out a basic user registration flow where someone signs up and receives a welcome email. [...] To test that an account is created correctly, I can make a request to the endpoint and verify that the new account exists in a test database. [...] This covers creating the account itself, but what’s the best way to test the welcome email?

He goes through a few of the options that could be used to test this including using Mockery to replace the mailer class with a spy or actually sending emails. There's downfalls to both of these methods and he suggests using a custom "fake" where the mailer class is swapped out with an "in-memory" option with the same kind of interface. He does point out a few issues with this method, however, and offers a few tips to remember when using them.

tagged: custom test unittest doubles email example video screencast

Link: http://adamwathan.me/2016/01/25/writing-your-own-test-doubles/

Matt Stauffer:
Using SparkPost for Transactional emails with Laravel
Apr 27, 2016 @ 10:54:42

Matt Stauffer has a post to his site for the Laravel users out there wanting to seed "transactional emails" from their applications. In this tutorial he shows you how to use the SparkPost service to send emails with very little effort.

Recently, Mandrill announced that they'd be sunsetting their transactional email service and instead rolling it in to a secondary service for paid MailChimp users. That's fine for them, but many of us were using it for small one-off apps and weren't interested in all of a sudden paying money to send 100 emails a month.

[...] But right when Mandrill announced their pricing change, a new transactional email provider came out of nowhere: SparkPost. [...] So let's walk through the process of signing up and moving Giscus, my app for notifying you of comments on your gists, from Mandrill to SparkPost.

First he walks you through the process of getting a SparkPost account set up and configured to receive messages from your application. He then moves over to the Laravel side, upgrades his installed version and configures it with the "secret" value SparkPost provides and changes the MAIL_DRIVER value - that's basically it.. He also includes some screenshots of other parts of the SparkPost admin interface to show some of the other functionality included.

tagged: tutorial laravel sparkpost service transaction email send

Link: https://mattstauffer.co/blog/using-sparkpost-for-transactional-emails-with-laravel

SitePoint PHP Blog:
What is SparkPost?
Apr 25, 2016 @ 13:50:47

The SitePoint PHP blog has a post to their site introducing SparkPost, an email delivery service (in the same vein as Mandrill) that you can hook into your PHP applications to prevent the need to run your own mail servers.

I’ve used Mandrill for as long as I can remember. It sends transactional email, like the kind you receive when you sign up for a new account. Like me, many have been happy to use a free account for sending a relatively low number of emails a month. That is, until recently, when Mandrill caused a bit of a stir. The heart of the matter is that Mandrill removed their free tier. Anybody wishing to send mail through Mandrill now requires a paid-for MailChimp account

[...] Mindful that people are looking for alternatives (to power their personal newsletters or whatever), I spoke to Aydrian Howard. Aydrian is the Developer Advocate at SparkPost, whom I met at FluentConf. We talked for a bit about SparkPost and what makes it different from MailChimp.

After the little bit of Q&A about the service, the tutorial gets in and shows you how to get SparkPost set up for your application. They help you install their own client library and send a first test email using your account. Code is provided showing the configuration of the client with your key and the options you can define when sending the message.

tagged: sparkpost email send tutorial introduction mandrill

Link: http://www.sitepoint.com/what-is-sparkpost/

Jelle Raaijmakers:
Dissecting a spammer’s spam script
Apr 19, 2016 @ 13:48:37

In this post to his site Jelle Raaijmakers dives into a script that's commonly injected into vulnerable sites and used by spammers to send messages without the knowledge of the site owner.

Let’s take a look at a PHP script used to send spam. These types of scripts run on servers all over the world and might give you some insight into a spammer’s dedication to annoy the hell out of you. Spammers abuse known flaws in unsecured websites and applications to break into a server and install scripts that are able to send loads of spam.

[...] Everyone running a mildly popular WordPress site knows that exploits can be really easily introduced by installing plugins from a less than reputable source – or by not keeping your plugins up to date. Sometimes, a zero-day exploit for a popular WordPress plugins becomes known and thousands of installations worldwide are infected at once.

He then goes through a script he found in an infected WordPress instance of his own on a shared hosting provider. He talks about what these kinds of scripts usually look like (an encoded eval injected into current scripts) and the process he followed to dissect it:

  • Step 1: determine method of obfuscation
  • Step 2: introduce newlines
  • Step 3: replace the $j10 values
  • Step 4: concatenate constant strings
  • Step 5: replace function invocations
  • Step 6: prettify the PHP code
  • Step 7: remove default $j10 argument
  • Step 8: decode the $pate payload
  • Step 9: replace $_POST references
  • Step 10: map function and variable names

It's not a super simple process, but in the end he's left with the complete PHP script that loads a remotely defined configuration, tries to send the emails and even retries if there's a failure. He includes a few noteworthy things about the script including STMP connection auto-detection and DNS lookups over UDP.

tagged: spammer script dissection reverse engineer email spam security

Link: https://jelleraaijmakers.nl/2016/04/dissecting-spammers-spam-script

php[architect]:
Mandrill Alternatives for PHP Applications
Apr 19, 2016 @ 12:07:16

With the recent (well, not too recent) announcement from MailChimp about the shift to a paid model for their Mandrill email service, PHP developers have been busy looking for alternatives. In this post to the php[architect] site Sandy Smith explores some of the other options out there, how they compare and what they have to offer.

n case you might have missed the announcement, MailChimp is changing Mandrill to be an add-on to paid MailChimp accounts, thus eliminating the generous free tier. We’re big fans of MailChimp and use its mailing list service for our own announcements, but a full MailChimp account isn’t going to be for everybody. [...] Many people also know Mandrill by reputation and will need options in the future. For you, we’ve put together this list of viable transactional email alternatives with PHP and major PHP application support.

Included in their list are services like:

For each service he includes a paragraph talking about what integrations and libraries there are for their use as well as what's included in their "free" levels.

tagged: mandrill alternative email service options sdk overview

Link: https://www.phparch.com/2016/04/mandrill-alternatives-for-php-applications/

Scotch.io:
The Ultimate Guide to Sending Email in Laravel
Apr 01, 2016 @ 12:35:21

On the Scotch.io site today there's a new tutorial giving you the ultimate guide to sending emails in Laravel - from choosing your provider out to sending both text and HTML emails (some with attachments).

Sending emails in web applications has become so essential. Marketing, notifications, newsletters, adverts, etc are some of the reasons why we send emails to our clients. I'd say the majority of websites send automated emails at least via a "Contact us" form.

Let's explore the many possible ways to send emails in a Laravel application.

They start off with a brief look at three different services you can set up out of the box with Laravel: Mailgun (for regular sending), Mailtrap (for debugging) and Mandrill (for bulk emails). They show you how to configure each service in Laravel and setting one of them up as the default. The tutorial then gets into sending the actual emails through a simple EmailController::send endpoint. They show the code to set up the Mail. They show examples of what the resulting emails look like and how they show up in the related mail services. There's also instructions on attaching files, using queues to optimize email sending and a "bonus" about sending bulk emails with MailChimp.

tagged: send email laravel tutorial ultimate guide mailchimp mailtrap mailgun

Link: https://scotch.io/tutorials/ultimate-guide-on-sending-email-in-laravel

Scotch.io:
Why Laravel Queues Are Awesome
Mar 18, 2016 @ 10:08:42

In a new tutorial to the Scotch.io site they take a look at Laravel's queuing functionality and explain why they think it's awesome for handling asynchronous operations in your applications.

Otwell took his time to build Laravel and it's documentation and one of the major features that really amaze me is what we are going to experiment with, Queues.

Queues in Laravel are used to make a smooth sailing application cycle by stacking heavy tasks to be handled as jobs and dispatching these jobs when it is asked to or when it does not disrupt the user's experience.

They then show how to use the queuing system to send out emails asynchronously rather than waiting for them to send via the application and making the user wait. First they show how to send them a bit more manually, making use of the Mailtrap service for testing the emails being sent. They set up a basic controller with a "send" endpoint that uses the Mail functionality to send a simple HTML email. Next they show how to refactor this into something that uses queues to handle the email sending via a SendWelcomeEmail job. He talks about performance differences between the queued and non-queued version and links to a demo repository if you'd like to see it all working together.

tagged: laravel queue tutorial introduction email mailtrap

Link: https://scotch.io/tutorials/why-laravel-queues-are-awesome

Tighten.co:
Creating a password-less, Medium-style, email-only authentication system in Laravel
Mar 14, 2016 @ 09:29:55

On the Tighten.co blog Matt Stauffer shows how to make a password-less authentication system similar to what the popular site Medium uses centered around emails sent to the account for the user.

Recently I was working on a project where one of our major pain points was users' passwords. Users were added to the application by administrators, so they didn't have passwords when they were first added, and forcing them to set and remember passwords was a big hitch on the project's usability.

So, we decided to try out a Medium/Slack-inspired password-less login. If you've never had the chance to work with this, the login system works like this: enter your email address on the login page, get emailed a login link, click the link, and now you're logged in. Access to your email address proves your identity without the need for a password.

He walks you through the process of disabling the current password-based flow by creating and modifying the default "make:auth" results. When the user comes to the site, they're asked to log in via sending an email. This email contains a unique token attached to a link that matches one on the server side related to the user. He shows how to build out this relation table, the matching model and the endpoint used to verify the hash once the user clicks on the link.

tagged: laravel password email login medium link random hash tutorial

Link: http://blog.tighten.co/creating-a-password-less-medium-style-email-only-authentication-system-in-laravel