Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Easy Laravel Book:
How Laravel 5 Prevents SQL Injection, CSRF, and XSS
Jul 23, 2015 @ 16:05:15

Jason Gilmore has posted an article to the Easy Laravel Book site with a bit more detail about how the framework prevents some common security issues including SQL injection and cross-site request forgery.

A reader recently e-mailed me and asked about Laravel 5’s native security features. While I talk about various security-related matters throughout the book, this information isn’t consolidated into any particular chapter and so I thought it would be useful to do so in a single blog post. Laravel helps to secure your web application by protecting against three serious security risks: SQL injection, cross-site request forgery, and cross-site scripting.

He goes through each of the types and talks about the built-in functionality Laravel includes to protect against each one. A bit of code is tossed in when needed to help clarify the point too. Fortunately for the user, a good bit of the technical pieces of these protections are behind the scenes and don't need much effort to use.

tagged: laravel5 sqlinjection csrf xss prevention framework tools

Link: http://www.easylaravelbook.com/blog/2015/07/22/how-laravel-5-prevents-sql-injection-cross-site-request-forgery-and-cross-site-scripting/

Barry vd. Heuvel:
OAuth in Javascript Apps with Angular and Lumen, using Satellizer and Laravel Soci
Jul 22, 2015 @ 09:51:49

Barry vd. Heuvel has a post to his site sharing a step by step guide to setting up OAuth in a Lumen+AngularJS application via Socialite and Satellizer (an AngularJS library for OAuth and token based authentication).

In the last few weeks, Socialite was a popular topic to blog/tweet about. Coincidentally, I also needed Socialite for a project. But in my case, I wanted to use it in an Angular app, distributed using Cordova (Phonegap) as hybrid app on Android/iOS. There were some examples, but I couldn’t find much about it at the time. A few people asked to share my experience about it, so here it is!

He starts by linking to all of the tools you'll need to help get some background on them including a helpful guide to installing Satellizer. He then goes over the flow of the entire process, from the initial call from the AngularJS side to authenticate, through the backend Lumen/Socalite/Satellizer handling and then back out to the Javascript where the token is then stored. With this established, he gets into the implementation details starting with the Lumen code to make the API request to GitHub then working with the JWT tokens and responding back to the AngularJS frontend with the result.

tagged: angularjs lumen framework tutorial socialite satellizer oauth jwt token

Link: http://barryvdh.nl/laravel/lumen/angular/2015/07/19/oauth-in-javascript-apps-with-angular-lumen-using-satellizer-laravel-socialite/

Medium.com:
Laravel and Vue JS: Advanced Frontend Webapp Architecture
Jul 17, 2015 @ 08:46:10

On Medium.com Russ Weas has posted a tutorial showing you how to get Laravel and Vue.js working together to create a well-structured, two-way application.

Do you use Laravel PHP and Vue JS? Do you wish there was a better way to structure your applications you build? This tutorial is just for you! In it, we set up simple two-way communication between the different components of your front-end app.

While he does provide the end result as a GitHub repository, he still walks through the full integration process to fill in the gaps. He starts with a brief introduction to a Vue.js application structure (based off of this video) and what parts need to be in play to follow along. From there he gets into the two-way communication aspect, showing how to create the bridge between the application, its views and components. He talks about some of the "missing pieces" of the current structure including an update to pass in a dependency injection "container" on the Vue side similar to how Laravel's IOC container works.

The remainder of the post is split into three parts, each with an update to the view layer (on the client side) to work with the new IOC structure:

  • using this.app in each view
  • setting data for a particular view from other views or the main app
  • calling view functions

He concludes the post with the full code for the two files they've been working with, showing everything working together: the HTML template (Laravel view) and the "app.js" Javascript for the Vue.js code.

tagged: laravel tutorial architecture vuejs frontend framework

Link: https://medium.com/laravel-news/advanced-front-end-setup-with-vue-js-laravel-e9fbd7e89fe2

JetBrains Blog:
PHP Annotated Monthly – July 2015
Jul 16, 2015 @ 08:40:29

The JetBrains blog has just posted their latest edition of the "PHP Annotated Monthly" series with their review for July 2015.

Our July issue of PHP Annotated Monthly is here, bringing you updates on PHP, frameworks, tools, tips for coding, community, and more. Read this month’s digest curated by Mikhail Vink, PhpStorm Product Marketing Manager.

In this month's article there's mentions of things like:

  • New PHP versions released
  • Work on PHP7
  • Updates to various frameworks and tools
  • Being able to order an elePHPant on demand (and the funding of the woolly mammoth
  • PHP cheatsheets
  • Information about contributing back to PHP

Check out the full post for even more topics and links to other great resources.

tagged: jetbrains phpannotated monthly july2015 newsletter summary language community framework articles

Link: http://blog.jetbrains.com/phpstorm/2015/07/php-annotated-monthly-july-2015/

Larvel News:
Laravel Sydney – Live with Jeffrey Way
Jul 15, 2015 @ 08:56:15

The Laravel News site has posted a video from a recent Laravel Sydney meeting featuring Jeffrey Way, owner and operator of the popular Laracasts screencast tutorial service.

The Laravel Sydney user group had a special guest in their latest meeting. At 5:30am, his time, Jeffrey Way complete with blood-shot eyes and a massive coffee jar did a live question and answer interview with the group led by Ben Corlett.

You can watch the video either through the in-page player or by heading over to YouTube to watch it there directly.

tagged: laravelsydney jeffereyway laracasts video interview question answer meetup framework

Link: https://laravel-news.com/2015/07/laravel-sydney-live-with-jeffrey-way/

Matthias Noback:
Experimenting with Broadway
Jul 13, 2015 @ 08:40:57

Matthias Noback has posted about some of his experimentation with Broadway, a framework of testing helpers and structure to create CQRS/event sourced applications. CQRS is a design pattern (Command Query Responsibility Segregation) that essentially defines the use of a different method for reading data than for working with it (ex: updates or creates).

At the Dutch PHP Conference I attended a workshop by Beau Simensen and Willem-Jan Zijderveld. They showed us some examples of how to work with Broadway, a framework for event sourcing, with full Symfony integration, created by the smart people at Qandidate.

During my two weeks of funemployment, before starting my new job at Ibuildings, I decided to recreate one of my previous projects using Broadway. As it turns out, it's a great framework that's quite easy to use and is very powerful at the same time. Even though it's not a stable package (as in, it's still in the 0.x version range), I think it's safe to depend on it.

Matthias found that one of the main features of the models in Broadway is the serialization of them for storage, but wanted to reduce the amount of time to handle that...so he created this library. He also talks about something that several have pointed out as missing in the Broadway structure: how to use "sagas". He ends the post with an update on his own tool, SimpleBus, that handles eventing and via message busses, noting that it's not going anywhere but if you use Broadway, there's no reason to use SimpleBus too.

tagged: broadway event cqrs framework experiment simplebus library

Link: http://php-and-symfony.matthiasnoback.nl/2015/07/experimenting-with-broadway/

Reddit.com:
Why experienced developers consider Laravel as a poorly designed framework?
Jul 03, 2015 @ 11:41:03

There's a huge thread that's been going on over in the /r/php subreddit on Reddit.com with opinions on why experienced developers consider Laravel as a poorly designed framework.

I have been developing in Laravel and I loved it. My work colleagues that have been developing for over 10 years (I have 2 years experience) say that Laravel is maybe fast to develop and easy to understand but its only because it is poorly designed. He is strongly Symfony orientated and as per his instructions for past couple of months I have been learning Symfony and I have just finished a deployment of my first website. I miss Laravel ways so much.

Currently there's over 200 responses to the question with a wide range of opinions, everything from support of Laravel and its ways to the other side supporting Symfony and its structure. As is par for the course, there's also a share of "troll" comments in the mix, so be sure as you're reading through them to weed those out. There's also some interesting and enlightening things about Laravel, its structure and what it has to offer that those that may not be familiar with it could learn.

tagged: reddit rphp experienced developer laravel poorly designed framework opinion

Link: https://www.reddit.com/r/PHP/comments/3bmclk/why_experienced_developers_consider_laravel_as_a/

Symfony Finland Blog:
PHP and Symfony: Structure, Stability and Flexibility
Jul 03, 2015 @ 09:12:45

On the Symfony Finland blog they've posted a look at Symfony's past, present and future in terms of its structure and goals of stability and flexibility. This also includes some of the origins of PHP itself and how it evolved to the stage where creating framework made sense.

I like to think of modern PHP frameworks as glue to put together components to form something that is more than the sum of it's parts. [...] The Symfony Framework is a standard way (and framework code) to create applications using components. The application is always built with a specific structure, which allows code reuse of complete functionalities (Bundles in Symfony lingo) across projects. If you build using a collection of components, you'll need to invest time in learning how that software has decided to use the available components.

He talks more about the idea of components and how they make up a greater whole (like Symfony) and how they relate to the idea of "bundles". He then looks forward to the future of the framework, its long-term support and its work towards being fully PHP7 compatible.

The combination of the PHP language at 20 years and the Symfony framework at 10 years offers a stable platform with flexibility to adapt and grow in the future.
tagged: symfony framework past present future component bundle stability structure flexibility

Link: https://www.symfony.fi/entry/php-and-symfony-structure-stability-and-flexibility

Rob Allen:
First beta of Slim Framework 3
Jul 03, 2015 @ 08:03:18

Rob Allen has a new post about the tagging of the first beta of Slim Framework v3, the popular PHP microframework's latest version. In it he details a few of the major changes and requests help testing.

Last night, I tagged beta 1 of Slim Framework 3! This is a significant upgrade to v2 with a number of changes that you can read on the Slim blog. For me, the two key features that I'm most excited about are: PSR-7 support, [...and a] dependency injection container with container-interop compliance. [...] There's lots of other changes and we believe we have kept to the key tenants of Slim, keeping it focussed as a micro-framework suitable for building any application that you want to build.

He includes everything you'll need to test this newly tagged release with the help of his skeleton application. He also links to the new documentation that's a work in progress to replace the current set of docs. You can find more information on the full list of changes over on the Slim blog.

tagged: slim microframework framework slim3 beta tagged testing documentation

Link: http://akrabat.com/first-beta-of-slim-framework-3/

DigitalOcean Community Blog:
How To Deploy a Basic PHP Application using Ansible, Part2
Jun 26, 2015 @ 09:53:33

Digital Ocean has continued their series about deploying "advanced PHP applications" on an Ubuntu instance via Ansible in part two of the series. If you missed the first part of the series, you can check it out here.

This tutorial is the second in a series about deploying PHP applications using Ansible on Ubuntu 14.04. The first tutorial covers the basic steps for deploying an application, and is a starting point for the steps outlined in this tutorial.

In this tutorial we will cover setting up SSH keys to support code deployment/publishing tools, configuring the system firewall, provisioning and configuring the database (including the password!), and setting up task schedulers (crons) and queue daemons. The goal at the end of this tutorial is for you to have a fully working PHP application server with the aforementioned advanced configuration.

You'll need to finish the first tutorial if you want to follow along here. They pick up where they left off to finish the whole process, starting with a switch to a more advanced example repository. They modify the Ansible configuration and run the playbook to update the host. From there they break things down into several more steps:

  • Setting up SSH Keys for Deployment
  • Configuring the Firewall
  • Installing the MySQL Packages
  • Setting up the MySQL Database
  • Configuring the PHP Application for the Database
  • Migrating the Database
  • Configuring cron Tasks
  • Configuring the Queue Daemon

While a good bit of these steps relate to something Laravel needs (what they use for the sample application), it's still a good overview of the wide range of things you can do with Ansible during deployment.

tagged: deploy ansible digitalocean setup tutorial configure laravel framework part2

Link: https://www.digitalocean.com/community/tutorials/how-to-deploy-an-advanced-php-application-using-ansible-on-ubuntu-14-04