Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
How to Safely Implement Cryptography Features in Any Application
Oct 07, 2015 @ 11:51:41

The Paragon Initiative blog has posted a new article showing you how to safely implement cryptography in any PHP-based application (or really just about any application) with the help of libsodium.

Why not {Mcrypt, OpenSSL, Bouncy Castle, KeyCzar, etc.}? These cryptography libraries are really building blocks that by and large must be used, with expert care, to build the interfaces you want developers to use. In most cases, libsodium is the interface you want developers to use. [...] By default, these libraries don't provide [authenticated encryption](https://tonyarcieri.com/all-the-crypto-code-youve-ever-written-is-probably-broken). Most of them force developers to use RSA (or ECDSA but certainly not EdDSA), which is [hard to get right](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html) and for which [index calculus attacks are improving each year](https://events.ccc.de/congress/2014/Fahrplan/system/attachments/2501/original/20141227.pdf).

He goes on to talk about NaCI as a possible option (libsodium is from a fork of it) but points out that NaCI isn't as easily available as libsodium to non-C/Python developers. He shares a few reasons why he thinks "libsodium is so great" and a few reasons not to use it (mostly dealing with outside limitations, not technical ones). Finally he points you in the right direction to help you get started using libsodium for PHP as a PECL extension.

tagged: cryptography feature safe guide tutorial introduction pecl extension

Link: https://paragonie.com/blog/2015/09/how-to-safely-implement-cryptography-in-any-application

Barry vd. Heuvel:
Using local repositories to easily install private Magento extensions with Compose
Sep 22, 2015 @ 09:02:26

In a post over on Medium.com Barry vd. Heuvel shows you how to use a recently added feature of Composer, the ability to use local repositories, to install Magento extensions quickly and easily.

I’m a fan of using Composer (in- and outside Magento), so I like to use that option. This works great for free packages listed on Magento connect or Firegento Packages, because you can just require the packages and run composer update. [...] This is all great for public packages, which are download through the Firegento repository. But what about private packages? Ideally we could also use Composer for the packages we purchase. [...] In this blog I’d like to explain how to tackle these 2 problems, so you can keep using the Composer workflow.

He walks you through the two steps you'll need to set up the module so it can be installed via Composer: creating a mapping (package.xml) and the composer.json. For the first he recommends using the Magerun modman tool to help with this. Creating/updating thecomposer.json file to work with the extensions is relatively easy. He makes use of the "path repositories" functionality to points the package at the "extensions/" directory using wildcards in the path name to allow for inclusion of all extensions without having to list each one (see this PR). Finally, to help make the process a bit more clear, he walks through a full example using the Amasty module.

tagged: magento composer install local repository extension packagexml tutorial

Link: https://medium.com/@barryvdh/using-local-repositories-to-easily-install-private-magento-extensions-with-composer-7eb966dec23e

Laravel News:
Behind the app: Chrome Weather Extension
Sep 18, 2015 @ 12:38:18

The Laravel News site has a post talking about a Chrome extension to fetch the weather, created by Tim Leland, that's powered by a Laravel-based backend application.

Tim Leland has created a new Chrome Extension for getting not only the current weather, but today’s outlook, and a 5-day forecast. The extension automatically calculates your location and viewing the current temperature is as simple glancing at the menu bar. The temperature is always visible and when you click the button it loads the modal window as shown above. It’s simple and intuitive.

The Extension itself uses a Laravel backend and I wanted to find out more how it works.

The rest of the post shares the Q&A with Tim all about the extension. He answers questions about:

  • why he created the extension
  • how it works with the backend to pull the latest weather
  • where Laravel fits into the process

You can find the extension over in the Chrome store and get it installed.

tagged: laravel chrome extension weather interview background

Link: https://laravel-news.com/2015/09/behind-the-app-chrome-weather-extension/

Lakion Blog:
Easy debugging on CI with Mink
Sep 18, 2015 @ 09:44:12

On the Lakion blog there's a post showing you how to debug your application's Behat tests easily as a part of your continuous integration process. In thieir case, they were trying to figure out why builds were breaking on a Travis-CI build instance.

Debugging Behat scenarios while using Mink to simulate the user is not always an easy job. Especially, if they are run on Continuous Integration server. That is why I came up with an idea to make it easier. During repairing our javascript test suite on Sylius everything went as bad as it could go. There were many errors that happened on Travis, but I was not able to reproduce them locally. [...] MinkDebugExtension was written to speed up that boring and tiring part of debugging on CI server. It consists of two parts: Behat extension and useful scripts.

The extension fires after failed steps and makes a log of the issue with content needed to recreate the issue (including possible screenshots). He also describes the scripts that come with it to help you browse through the results, uploading the resulting logs and screenshots to a place for public consumption.

tagged: mink easy debug travisci continuous integration extension log screenshot

Link: http://lakion.com/blog/mink-debug-extension

Edd Mann:
Developing a Resizable-Indexed Array as a PHP Extension with Joe Watkins
Aug 31, 2015 @ 12:43:11

Edd Mann has a post to his site sharing a new screencast about developing PHP extensions by Joe Watkins, specifically about using a resizable-indexed array.

Following on from our first screencast, which touched upon how to setup a PHP extension development environment and creating a simple ‘array_sum’ like function. We now further this topic by implementing a resizable-indexed array class which supplies very similar functionality to that of the SplFixedArray class. Throughout this discussion we look into creating a custom Zend object class, using this to invoke an implemented data-structure located in another file, implementing internal interfaces, object handlers and the importance of PHP extension tests.

You can watch the video either through the in-page video player or directly on YouTube if you'd like a bit more control over the sizing. You can find the resulting code for the extension in this repository on Joe's account.

tagged: resizable indexed array extension tutorial screencast youtube threedevsandamaybe

Link: http://eddmann.com/posts/developing-a-resizable-indexed-array-as-a-php-extension-with-joe-watkins/

How to Create a PHP C Extension to Manipulate Arrays Part 2: Adding ArrayAccess and
Aug 13, 2015 @ 12:33:04

Dmitry Mamontov has posted the second part of his "How to Create a PHP C Extension to Manipulate Arrays" series on PHPClasses, building on part one and adding in the ArrayAccess and Traversable interface functionality.

In the first part of this article we learned how to create an extension for PHP written in C to create a class that works like arrays. However, to make the class objects really behave as arrays you need to implement certain interfaces in the class.

Read this article to learn how to make a PHP class defined by a C extension implement ArrayAccess and Traversable interfaces, as well understand how to solve problems that you may encounter that can make your extension slower than you expect.

He takes the class he defined in part one and walks you through the addition of the two interfaces. He shows you where they're defined in the PHP source, what the code looks like and how they integrate with the class. He also shows you how to customize the object class handlers, making it possible to use the custom class (object) as an array. Adding Traversable is easier, adding an iterator return method that allows for the data internal to the class to be iterated through.

tagged: phpclasses series part2 extension class array manipulate arrayaccess traversable

Link: http://www.phpclasses.org/blog/post/306-How-to-Create-a-PHP-C-Extension-to-Manipulate-Arrays-Part-2-Adding-ArrayAccess-and-Traversable-interfaces.html

How to Create a PHP C Extension to Manipulate Arrays Part 1: Basic Array Class Exten
Aug 11, 2015 @ 10:27:24

Dmitry Mamontov has posted a the first part of a series looking at manipulating arrays in the PHP source and enhancing performance for certain handing as a PHP extension.

In PHP projects, arrays are used every where because they are useful and flexible to store all sorts of data structures. However, when you need to maximize the performance the manipulation of arrays for specific purposes, you can achieve great gains if you implement a PHP extension written in the C language. Read this tutorial to learn how to build your own basic array manipulation extension in C.

He covers all the steps you'll need to get start building the extension, introduces a few key concepts and starts on the code for the extension:

  • Building PHP from the Source
  • Building a PHP Extension (overview)
  • Brief Introduction to zval and Functions
  • Defining a Class in Our Extension
  • D for Dynamic (working with dynamic array values)

The C code needed is included through out the post. The next part in the series will build on this and show how to implement interfaces like ArrayAccess and Traversable.

tagged: extension array manipulate part1 series introduction source

Link: http://www.phpclasses.org/blog/post/304-How-to-Create-a-PHP-C-Extension-to-Manipulate-Arrays--Part-1-Basic-Array-Class-Extension.html

Simon Holywell:
International PHP dates with intl
Jul 22, 2015 @ 12:55:33

Following up on his previous post about date/time handling and localization, Simon Holywell has posted an update with information about using the "Intl" extension for PHP to get it working with the more powerful PHP DateTime handling.

I wrote about localising dates (and other data) in a recent blog post, but unfortunately there were some shortcomings where time zones were concerned. As I alluded to in that post there is a way around this via the Intl extension that exposes a simple API to format DateTime instances. Thankfully this follow up post will be quite short as the setup is very simple for those of you on Ubuntu/Debian you can use the repositories.

He includes the commands you'll need to install the extension (via apt-get), compile it via the "pecl" command and update your php.ini file to enable it. He also includes some code examples showing how to use the IntlDateFormatter handling to work with dates, formats and calendars.

tagged: international datetime intl extension tutorial aptget pecl

Link: https://www.simonholywell.com/post/2015/07/international-php-dates-with-intl/

Lorna Mitchell:
PHP 7 Benchmarks
Jul 06, 2015 @ 12:42:55

Lorna Mitchell has posted some preliminary PHP7 benchmarks from the current alpha release (alpha2). Good news - it's fast....very fast.

If you know anything at all about PHP7, you probably know it's fast. But did you know how fast? The alpha is out and looks very robust, so I decided I would create a new set of benchmarks to include it. Graphs first, disclaimers later :)

This graph shows the time it takes for each version of PHP to perform the same task, on average, with oldest PHP on the left and moving forward in time. [..] The benchmark is the Zend/bench.php that lives in the PHP sourcecode (run ten times for each version of PHP using the php7dev VM on an average laptop, and then the mean result for each version calculated). The script runs through a series of taxing algorithms, giving a sense of how quickly a series of computational instructions can be executed.

She also talks briefly about how this can effect more real-world applications, how realistic it is to upgrade from older installs (much less painful on 5.5 or 5.6) and some things you can do to help improve PHP7 for everyone. This includes testing, working on bugs and adding extensions to this list to ensure they're made PHP7 compatible.

tagged: php7 benchmark fast realworld help testing bugfix extension

Link: http://www.lornajane.net/posts/2015/php-7-benchmarks

Sammy Powers:
Contributing to the PHP Manual
Jun 19, 2015 @ 13:23:27

If you've wanted to contribute something back to PHP but aren't familiar with C (or don't feel comfortable enough with it) Sammy Powers offers another solution. In his latest post he shows you how to contribute to the PHP documentation and update the manual for new features, missing information or fixes to current code examples.

If you've been wanting to contribute to PHP internals, starting with the documentation can be a great entry point; especially because it doesn't require dusting off those old C books from college. But knowing where to start can be tricky since information on how to contribute to the docs is scattered across the internet. This article is a step-by-step guide of how to contribute documentation to the PHP manual.

He starts with the "quick and dirty" way of editing the manual through the edit.php.net site, but points out that it's really only useful for smaller changes, not large documentation updates. The rest of the post shows you how to set up the documentation locally and generate the results to validate your changes. He talks some about the DocBook format they're written in, the build process with the PhD (PHP docs generator) and running the php.net test suite against the changes. This ensures that nothing else has broken on the site in the process.

He shows you where to make your changes, how to generate it from either a skeleton or using the docgen script and submitting the changes back to the repository. There's also a few other random changes to make before committing the files back via SVN and pushing them back upstream. He ends the post talking about the GoPHP7-ext project and how to find extensions that are missing documentation or where it's incomplete (easy thanks to an included "check-missing-docs" file included in the repository).

tagged: contribute documentation phpnet manual extension gophp7ext docgen tutorial

Link: https://www.sammyk.me/how-to-contribute-to-php-documentation