Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPBuilder.com:
How to Connect Your PHP Application to Google Cloud Storage
Jul 15, 2015 @ 12:47:27

On PHPBuilder.com they've posted a tutorial showing you how to connect your PHP applications to Google Cloud Storage with the help of a Google App Engine instance and their own SDK.

In this article, I'll show you how to take advantage of Google's Platform as a Service (PaaS) in order to create a scalable, highly available and secure PHP web application. Note: The instructions are for Mac OSX, but may work for Linux too. Slight modifications may be needed for Windows.

They show you how to use the SDK and a bit of configuration to create a simple script that connects to the Google Cloud Storage (via a simple file_get_contents call), fetches a list of images and pulls out a random "meme" image to show from the list. They've also posted a live demo if you'd like to see the result.

tagged: google appengine cloudstorage tutorial deploy connect sdk

Link: http://www.phpbuilder.com/articles/databases/how-to-connect-your-php-application-to-google-cloud-storage.html

NetTuts.com:
Programming With Yii2: AuthClient Integration With Twitter, Google and Other Networks
Jun 26, 2015 @ 10:58:36

NetTuts.com has posted the latest part of their "Programming with Yii2" series today, this time with a focus on AuthClient integration allowing for easy interfacing with social services like Google or Twitter.

In this Programming With Yii2 series, I'm guiding readers in use of the newly upgraded Yii2 Framework for PHP. In this tutorial, I'll guide you through integration of the built-in AuthClient support to provide sign-in from third party networks such as Twitter, Google and Facebook.

For these examples, we'll continue to imagine we're building a framework for posting simple status updates, e.g. our own mini-Twitter, using our hello codebase. Use the GitHub links on this page to download the code repository. In Programming With Yii2: Integrating User Registration, I walked through integration of the Yii2-User library for user registration and authentication. In this tutorial, we'll learn how to integrate AuthClient with Yii2-User and override its views.

The tutorial starts off with a look at AuthClient: what it is, what it supports out of the box and which they'll be integrating (Google and Twitter). He shows you how to install the library via Composer and where to configure it, including the keys or secrets needed to connect to the provider of choice. For Twitter, he shows how to register a new "application" on their side and how to hook it into your own application and code. He advocates using an ".ini" file outside of the code to store the service credentials too. Finally he shows how to integrate it with the frontend, including the widget to override the default user login handling.

tagged: programming yii2 authclient twitter google social oauth

Link: http://code.tutsplus.com/tutorials/programming-with-yii2-authclient-integration-with-twitter-google-and-other-networks--cms-23489

SitePoint PHP Blog:
Exploring Github’s Public Events with PHP and Google BigQuery
Jun 15, 2015 @ 13:10:14

The SitePoint PHP blog has a new tutorial posted showing you how to explore GitHubs public events through the GitHub API and handled via the Google BigQuery infrastructure taking the burden off your own systems.

If you’ve been following along with my previous articles about Github’s API, you know that Github’s developers are doing their best to ease the pain of interacting with Github data. In this article, we’re going to take a look at the Github public events API and we will build a small demo along the way.

They start off with a brief introduction to both GiHub events (like pushes, merges, etc) and the BigQuery system and the problem it solves. They use a stock Laravel framework-based application (on a Homestead Improved VM) and add in the Google API credentials and a BigQueryServiceProvider using Google's own client to make the connection. They also set up a middleware authentication mechanism to redirect the user if they're not authenticated. They then move over to the BigQuery side and show how to use it's web-based console to perform queries and view results. They then translate this over to a simple "top ten" query, listing the top repositories ordered by number of forks. Building on this, they add in a simple form that allows the user to specify the language to search for (PHP, Javascript, etc) and outputs the results via a Blade template.

tagged: google bigquery github event api tutorial topten forks

Link: http://www.sitepoint.com/exploring-githubs-public-events-php-google-bigquery/

SitePoint PHP Blog:
Displaying Youtube Videos in PHP
May 14, 2015 @ 11:49:41

The SitePoint PHP blog has a new post today showing you how to display YouTube videos inside your application as a part of this series. The series is using Laravel as a framework to create the application.

In this two-part article, we’re going to learn how to work with version 3 of the Youtube API and we’ll build a demo along the way. [...] We’re going to build a demo that lets the user browse popular videos on Youtube, search for a video, browse videos by categories, and select a video to watch. I will be using Laravel 5 as my framework of choice, and Vagrant for my development environment.

The end result will show a set of video thumbnails related to the selected category. He walks you through the steps to get the application set up and running including the configuration of your Google API connection. He creates a login controller to allow users to log in with their Google credentials and the callback to handle the API response. From there he makes the YouTube service provider, the "video list" endpoint (and view) and a single video page with an embedded player.

tagged: tutorial youtube api google integration laravel vagrant application

Link: http://www.sitepoint.com/displaying-youtube-videos-php/

Sameer Borate:
Integrating Googles new reCAPTCHA in PHP
Dec 17, 2014 @ 09:23:10

Recently Google announced their reCAPTCHA without a CAPTCHA technology to help make preventing automated systems (usually spammers) from causing issues in your applications. In this new post from Sameer Borate, he shows you how to implement this new kind of CAPTCHA in your PHP-based application.

For the past several years Google’s reCAPTCHA has helped verify that a user is not a bot by forcing you to decipher warped text. reCAPTCHA’s method of protecting websites from spam has always been a kind of burden on the end user who has to solve the captcha to prove that he is human and not a bot. [...] Google recently released a new captcha API called “No CAPTCHA” reCAPTCHA, which utilizes an Advanced Risk Analysis engine that is capable of discerning between users and bots. So instead of solving a jumbled box of text all a user has to do is check a box.

He walks you through the full process of the integration:

  • Signing up for an account/API keys
  • Rendering the HTML for the actual widget (using Google Javascript)
  • Validating the user's response via an API call
  • The PHP you'll need to perform the validation

He also briefly mentions some of the customization available and provides the code as a download so you can see it all working together.

tagged: google captcha nocaptcha recaptcha api tutorial configure setup

Link: http://www.codediesel.com/security/integrating-googles-new-nocaptcha-recaptcha-in-php/

Reddit.com:
Composer files being indexed by Google
Dec 10, 2014 @ 11:36:55

In an interesting thread on the /r/php subreddit on Reddit.com, a user noticed that Google is indexing Composer files that are in the document root of PHP applications. These files, like "composer.json" and "composer.lock" can provide detailed information about which packages and libraries are in use in the application (information disclosure).

The problem is that these files are placed in the web root of the application and not in a folder one level up, a recommended practice. The post links to a Google search that shows an example of current sites with the issue.

Another comment in the same post also reminds users not to have things like their ".git" files in the document root either as they can provide valuable information to would be attackers about your application's code. Things can be done to prevent direct access to these files in the web server configuration but it's far better to restructure the application to have them in a parent directory of the actual web root.

tagged: composer files composerlock composerjson index google search engine security

Link: http://www.reddit.com/r/PHP/comments/2ourf7/composer_files_being_indexed_by_google/

Laravel Podcast:
Episode 19 - Join the Live Stream
Nov 05, 2014 @ 09:43:08

The Laravel.io podcast has made an announcement that today (Wednesday, Oct 5th) they will be doing a live stream of episode #19 at 2pm EST.

Tomorrow at 2:00 PM EST the latest Laravel.io Podcast will be aired live on Google Hangouts. Currently no topics are listed but you will be able to ask questions live on the air.

If you'd like to join in, head over to this page around 2pm and join in on the conversation. If you're interested in other back episodes of the show and want to listen, check out the podcast page and subscribe to their feed.

tagged: laravelio podcast ep19 live google hangout stream conversation

Link: https://plus.google.com/events/clqi0dcpb07vs0qgiorjvd2fdis

SitePoint PHP Blog:
Using the Google Analytics API with PHP: Logging In
Oct 02, 2014 @ 09:47:08

The SitePoint PHP blog has a new tutorial posted from Younes Rafie showing you how to use the Google Analytics API from PHP (part one of a series) using the Google PHP API client library to make the connection.

In this series, we’re going to see how we can use the Google Analytics API to interact with our Google Analytics data via PHP. [...] In this article we’re going to build an app that looks like Google Analytics Explorer, but to make it short, we’re going to limit the functionality and discuss how we can extend our demo.

He starts with an overview of the different parts of the Google Analytics APIs including the metadata and real-time reporting systems. In the tutorial he'll be combining several of these to provide all the data needed. After walking you through the creation of a Google developer account, he starts in on the code. With credentials in hand and the library installed via Composer, he shows how to make the connection, check if it's logged in and makes a simple "home" controller that handles the login and OAuth validation process.

tagged: google analytics api login oauth composer tutorial library

Link: http://www.sitepoint.com/using-google-analytics-api-php-logging/

Sameer Borate:
PHP applications on Google App Engine
Apr 17, 2014 @ 10:40:02

Sameer Borate has posted a guide to his site today showing you how to get started with PHP applications on the Google App Engine now that it natively supports it (well, mostly).

A couple of years back if you needed to run PHP on Google App Engine you were required to use a open source tool like Quercus, a 100% Java implementation of PHP, to run your PHP applications on the App Engine. However, as you would have guessed, it was not easy to work as with using a native PHP implementation. Now that App Engine natively supports PHP and MySQL, you can easily write PHP applications.

He walks you through the setup and configuration of the App Engine SDK to interact with the service and shows how to create a simple "Hello World" PHP application and deploy it. He talks some about the overall advantages of using the Google App Engine for your application including the scalability it offers and the secured infrastructure it runs on. He finishes the post looking at the different options for data storage and how sessions should be handled (hint: memcache).

tagged: google appengine tutorial introduction sdk deploy

Link: http://www.codediesel.com/php/php-applications-on-google-app-engine/

Alison Gianotto:
Check User-Submitted URLs for Malware and Phishing in Your Application
Apr 07, 2014 @ 10:01:59

In her latest post Alison Gianotto looks at a few different ways that you can validate any URLs that your users might give you to ensure they're not anything malicious. She looks at two of the major services, the Google SafeBrowsing API and SURBLs, as well as mentioning a few others.

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links. Fortunately, there are several free options for you to better protect your systems and your users against bad guys, and they’re pretty simple to implement. (My examples are in PHP, but could easily be adapted to whatever language you prefer.)

She starts with an example call to the Google’s SafeBrowsing service, making a curl call and parsing the result. The other service, SURBL, makes use of DNS validation calls complete with code examples. She also talks about Phishtank and VirusTotal as other options. She finishes the post with a few suggestions for working with the rate limit restrictions on these services, including things like only checking on click-through and ensuring failure is handled well.

tagged: malware phishing url validate google safebrowsing surbl tutorial

Link: http://www.snipe.net/2014/04/check-user-submitted-urls-for-malware-and-phishing-in-your-application