Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Testing Your Tests? Who Watches the Watchmen?
Jul 21, 2016 @ 12:10:48

In a tutorial posted to the SitePoint PHP blog Claudio Ribeiro tries to answer the question of "who watches the watchmen" (your application's tests) to ensure they're functioning as expected and are correct. In this new tutorial he introduces the Humbug mutation testing tool and how it can be used to verify your own tests.

Regardless of whether you’re working for a big corporation, a startup, or just for yourself, unit testing is not only helpful, but often indispensable. We use unit tests to test our code, but what happens if our tests are wrong or incomplete? What can we use to test our tests? Who watches the watchmen?

[...] Mutation Testing ( or Mutant Analysis ) is a technique used to create and evaluate the quality of software tests. It consists of modifying the tests in very small ways. Each modified version is called a mutant and tests detect and reject mutants by causing the behavior of the original version to differ from the mutant. Mutations are bugs in our original code and analysis checks if our tests detect those bugs. In a nutshell, if a test still works after it’s mutated, it’s not a good test.

He starts by helping you get it installed (a quick composer require) and creating a simple "calculator" test to show it in use. He then creates the test for the class with some simple testing methods for the basic calculator functionality. He then configures the Humbug installation (via a JSON config file) and executes it on the current tests, sharing the resulting output. He goes through the results showing how to interpret them and points out places where the tests could be improved.

tagged: testing unittest humbug mutation variation example tutorial output

Link: https://www.sitepoint.com/testing-your-tests-who-watches-the-watchmen/

IBM Security Intelligence:
The Webshell Game Continues
Jul 20, 2016 @ 11:50:15

On the IBM Security Intelligence site there's a new article posted talking about webshells. For those not familiar with webshells, they're scripts that can be used to control servers or work as a platform to access other systems put in place by attackers. In this article they introduce some of the basics around webshells and the rise they're seeing in their use.

The IBM X-Force Research team reported an increase in PHP C99 webshell attacks in April 2016. More recently, webshells dubbed b374k made their mark with attacks that the team has been tracking over the past few months.

Although this blog highlights some features of the b374k shell, the main objective is to call your attention to the fact that PHP applications are becoming an increasingly popular choice for attackers aiming to glean your data and deface your website without much hard work. This threat should be pushed to the top of your priority list — primarily because of the power of the tool used for this type of attack, but also because of the startling increase in this attack type this year.

They start off with some of the basics of webshells, more related to the PHP versions: what they are, what kind of functionality they commonly provide and an example of the UI of a shell. They then talk about some of the common delivery methods, potential entry points of these attacks and some of the "indicators of compromise" you can use to detect them. They also include mitigations you can perform to rid yourself of these webshells including adding additional plugins/software and locking down features of PHP itself.

tagged: webshell game introduction example features attack security

Link: https://securityintelligence.com/the-webshell-game-continues/

Adam Wathan:
Customizing Keys When Mapping Collections
Jul 19, 2016 @ 10:52:29

Adam Wathan has a new post to his site talking about mapping with collections and customizing the keys when injecting new data into your Laravel collections.

People often ask me, “how do I specify keys when I’m mapping a collection?”

It actually ends up being a pretty interesting topic, so I decided to cover it in a short screencast, as well as in written format below.

He shows how to translate a simple set of data into a much more slimmed down version. He points out that the "map" function could be used but it doesn't allow for setting keys. Instead he talks briefly about how the problem could be solved in Javascript (returning an object instead of an array) and how to use the "reduce" method to filter and reset the data as it goes through the array. He finishes out the post talking about learning from other languages, the "toAssoc" macro on Laravel collections and mapping the data back to an array with a custom macro.

tagged: customize key mapping collection laravel object javascript example screencast

Link: https://adamwathan.me/2016/07/14/customizing-keys-when-mapping-collections/

SitePoint PHP Blog:
Cleaning up Code: Is Refactoring for Aesthetics worth It?
Jul 18, 2016 @ 10:16:17

On the SitePoint PHP blog Tobias Schlitt has an article posted that tries to answer the question "is refactoring for aesthetics worth it" for most development groups out there.

Most development teams want to get their codebase into a better, more maintainable state. But what definition of better should be chosen? In many cases, it is not necessary to dig deep into Domain Driven Design (DDD) to achieve this goal. Sometimes, it's even counter productive. But one of the most basic collections of principles can help each team a lot already: Clean Code.

The Clean Code book by Robert C. Martin summarizes many simple and advanced improvements to get better, understandable, and therefore more maintainable code.

He goes on with a bit of example code, showing a getJobs method that has room for improvement. He makes recommendations on cleanup steps like: renaming variables for clarity and breaking up code more visibly based on functionality. He then talks about the "methodology of refactoring" and how to take "baby steps" in your updates rather than major jumps. He ends by pointing out that refactoring for "beauty" sake isn't a good idea nor is doing it without a sufficient level of automated testing to ensure changes didn't break the application.

tagged: refactoring aesthetics babysteps opinion example naming cleancode

Link: https://www.sitepoint.com/cleaning-up-code-is-refactoring-for-aesthetics-worth-it/

Nicolas Widart:
Writing modular applications with laravel-modules
Jul 13, 2016 @ 11:57:39

In a new post to his site Nicolas Widart introduces you to the idea of building Laravel applications a bit differently than you may normally: in a more modular structure. This structure makes use of this package to make it happen.

Let me start by saying Laravel is an amazing framework. However when it comes to writing more complex and bigger applications, I find the default structure laravel comes with cumbersome and not ideal.

The way the default laravel installation comes with is basically all the application logic inside an app/ folder. This works, but I would not suggest going this route. [...] This is what being modular is trying to resolve. You split of the business logic into different parts, which belongs together. If you're into Domain Driven Design, you can consider a module an aggregate.

Each module has its own resources (routes, models, views, etc) combined into a single "drop-in" structure. He provides an example of this structure and compares it to the more traditional Laravel "all-app" structure. The package he links to makes this modular structure simpler and points out that this system is what the AsgardCMS already uses behind the scenes.

tagged: modular application laravel tutorial example package asgardcms

Link: https://nicolaswidart.com/blog/writing-modular-applications-with-laravel-modules

TutsPlus.com:
Internationalizing WordPress Projects: A Practical Example, Part 1
Jul 06, 2016 @ 10:50:43

Tom McFarlin has continued his series covering internationalization in WordPress applications with this latest part of the series. In the previous part of the series he introduced some of the basic topics and terms. In this new tutorial he gets more into functionality creating the plugin he'll use in his examples.

Given that WordPress powers roughly 25% of the web and that the web is not local to your country of origin, it makes sense to ensure that the work that we produce can be translated into other locations.

To be clear, this does not mean that you, as the developer, are responsible for translating all of the strings in your codebase into the various languages that your customers may use. Instead, it means that you use the proper APIs to ensure someone else can come along and provide translations for them.

He then walks you through the download of the latest WordPress version (a Subversion checkout) and the creation of the plugin structure. He provides sample code to define the plugin and shows how it should look in the "Plugins" listing. He helps you add in the menu item with internationalized strings for the link text. They help you add a simple screen for the plugin and help you style the page a bit. The post ends with a brief mention of object-oriented programming but points out that OOP introduces other, not necessarily related, topics that could detract from the WordPress-related content (and so will not be used).

tagged: wordpress internationalization i18n tutorial series part2 plugin example practical

Link: http://code.tutsplus.com/tutorials/internationalizing-wordpress-projects-a-practical-example-part-1--cms-26676

Freek Van der Herten:
A package to log activity in a Laravel app
Jun 30, 2016 @ 09:46:17

In a new post to his site Freek Van der Herten shares information about a logging package they've developed for Laravel-based applications to make activity logging simpler throughout the app: laravel-activitylog.

n your apps there’s probably a lot going on. Users log in and out, they create, update and delete content, mails get sent and so on. For an administrator of an app these events provide useful insights. In almost every project we make at Spatie we log these events and show them in the admin-section of our site. [...] We made a new package called laravel-activitylog that makes logging activities in a Laravel app a cinch. In this blogpost I’d like to walk you through it.

He then goes through the basics of using the library, complete with code examples:

  • simple activity logging with messaging
  • providing the "acted on" object information
  • logging the information about who the actor was

There's also a section with details on automatic model logging, making it easier to see the changes on you data without having to log each one individually. He also shows you how to use multiple logs, providing a method to narrow down log records by type.

tagged: laravel application logging package example introduction model

Link: https://murze.be/2016/06/package-log-activity-laravel-app/

Laravel News:
Easily Test Email with MailThief
Jun 24, 2016 @ 11:50:56

The Laravel News site has a post that gives you a quick introduction to MailThief, a library created by the developers at Tighten Co. to make mail testing simpler.

MailThief is a new package by Tighten Co. that provides a fake mailer for your Laravel application. This makes it easy to test email without actually sending any.

They include a simple example of a script that sends an email on user registration using Laravel's own Mail library. They also include a test for the registration action showing how MailThief can be used to "hijack" the mailer and make it simpler to get information about the mail being sent. You can find out more about the tool and what prompted it in this video from Adam Wathan.

tagged: mailthief testing unittest mailer email example introduction

Link: https://laravel-news.com/2016/06/mailthief/

Richard Bagshaw:
Prophecy
Jun 24, 2016 @ 09:11:01

Richard Bagshaw has a post to his site sharing some of his experience with the Prophecy testing tool and how it compares to Mockery for creating test doubles (mocks and stubs).

For a while now I have been using Mockery as my test double framework of choice, however recently I have been taking a look at Prophecy as an alternative.

[...] "Prophecy is a highly opinionated yet very powerful and flexible PHP object mocking framework. Though initially it was created to fulfil phpspec2 needs, it is flexible enough to be used inside any testing framework out there with minimal effort."

He then gets into some basic usage of the tool - creating a basic mock, assigning expectations and behaviors and performing the test. He steps through each line of the example explaining what's happening and what can be expected as a result. He ends the post with some final thoughts comparing Prophecy to the normal PHPUnit mocking tools and points out several other features it makes easier to work with as well.

tagged: prophecy unittest doubles mock stub example introduction tutorial

Link: http://www.richardbagshaw.co.uk/prophecy/

Sherif Ramadan:
Bloom Filters in PHP
Jun 22, 2016 @ 10:56:26

On his site Sherif Ramadan has posted an interesting tutorial covering implementing bloom filters in PHP. Bloom filters are data structures that make it easier to determine if something is a member of a set.

Let's imagine you have built a music app like Spotify. You've finally grown this thing to sizeable amount of users and you have a decent number of titles in your content library. Let's also say this app has social elements to it so your users can connect with their facebook friends or twitter followers. Now, let's say each time your users play a song in your app you want to ask the question Which of this user's friends have NOT listened to this song yet? The intention being that you may recommend that song to them if they haven't listened to it.

One solution to this problem is to use a data structure known as a bloom filter. A bloom filter is basically a very space-efficient hash set with probabilistic tendency. If you aren't familiar with a hash set or sets in general, let's do a quick review of what they mean.

He goes on to explain what a bloom filter is and how it differs from normal sets, hash sets and hash maps. He then introduces some of the basic concepts involved in creating and using bloom filters. To help make things clearer, he provides a "contrived example" using lightbulbs and the probably that they've been turned on. From there he starts to get into something more practical, something more in the world of PHP. He includes a basic Bloomfilter class example and some of the results (performance) of using it over something like in_array (especially for large data sets).

tagged: bloom filter example tutorial introduction probability set

Link: http://phpden.info/Bloom-filters-in-PHP