Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework:
Convert objects to arrays and back with zend-hydrator
Jun 21, 2017 @ 11:32:01

The Zend Framework blog has posted another in their series of component spotlights, focusing in on a single component of the framework and its use. In this latest article they cover the zend-hydrator component, useful for converting objects to arrays and back.

APIs are all the rage these days, and a tremendous number of them are being written in PHP. When APIs were first gaining popularity, this seemed like a match made in heaven: query the database, pass the results to json_encode(), and voilà! API payload! In reverse, it's json_decode(), pass the data to the database, and done!

Modern day professional PHP, however, is skewing towards usage of value objects and entities, but we're still creating APIs. [...] Zend Framework's answer to that question is zend-hydrator. Hydrators can extract an associative array of data from an object, and hydrate an object from an associative array of data.

They start with the command to get the zend-hydrator package installed (and a dependency they'll need for their examples, zend-filter). A code example is included that shows how to convert a "book" object to an array using the ReflectionHydrator. Next is an example of switching it back, changing the array of data back into a book object. Next comes the integration with zend-filter, showing how to filter values out of objects/arrays you might not want in the end result by adding the filter to the hydrator. Also included are examples of modifying data (strategies), filtering on property names, delegation of the translation based on object type and a few other features included in the component that could be helpful.

tagged: zendframework component zendhydrator tutorial introduction filter translate

Link: https://framework.zend.com/blog/2017-06-21-zend-hydrator.html

Zend Framework Blog:
Validate input using zend-validator
Jun 14, 2017 @ 11:25:36

The Zend Framework blog has continued their series spotlighting various components of the framework with their latest installment. In this latest tutorial they cover the zend-validator component used to validate data against a set of rules for correctness.

In our previous post, we covered zend-filter, The filters in zend-filter are generally used to pre-filter or normalize incoming data. This is all well and good, but we still don't know if the data is valid. That's where zend-validator comes in.

The post starts with showing how to get the component installed via Composer and the optional dependency of the zend-service-manager component (to handle the use of ValidatorChain functionality). Code is included showing the interface the validators all conform to and an example of the validator in use. It then covers some of the built-in validation options and how to build up a validator "chain" of multiple checks. It also shows how to break the validation if one fails, setting priority (order of execution), evaluating values in certain contexts and registering your own custom validators.

tagged: zendvalidator zendframework validation tutorial introduction component series

Link: https://framework.zend.com/blog/2017-06-13-zend-validator.html

Zend Framework Blog:
Filter input using zend-filter
Jun 09, 2017 @ 10:58:19

The Zend Framework blog has posted a new tutorial covering a single component of the framework. In this latest article ZF lead developer Matthew Weier O'Phinney covers the zend-filter component for filtering input from your users.

When securing your website, the mantra is "Filter input, escape output." We previously covered escaping output with our post on zend-escaper. We're now going to turn to filtering input.

Filtering input is rather complex and spans a number of practices: filtering/normalizing input [and] validating input. For now, we're going to look at the first item, filtering and normalizing input, using the component zend-filter.

He shows you how to get the component installed, via Composer, and talks about some of the dependencies it needs, optional and required. Since they'll be using the "FilterChain" functionality, he also requires that. He moves into the code, showing the interface required for a validator to work (basically just defining a "filter" method). He talks about some of the common filtered included and how to refactor custom validation handling into a FilterChain performing the same operations. He ends with another example of reading from a file and how to use it on an array of values, each line as a string from the file.

tagged: zendframework component tutorial introduction zendfilter input

Link: https://framework.zend.com/blog/2017-06-08-zend-filter.html

SitePoint PHP Blog:
Re-Introducing Symfony Console – CLI PHP for the Uninitiated!
May 25, 2017 @ 11:38:02

The SitePoint PHP blog has posted a tutorial from author Claudio Ribeiro that wants to re-introduce you to the Symfony Console package, a component of the larger Symfony framework that makes it easier to create and work with command-line PHP scripts.

As software developers, we often feel the need to resort to command line tools. These kinds of tools are helpful when we need to do a sort of recurring task like migrating data, performing imports, or creating cron jobs.

The Symfony Console component tool provides us with a simple framework to create our own command line tools. Unlike many components in Symfony, this is a standalone package and is used by the likes of Laravel‘s Artisan and many other famous PHP packages.

The tutorial then walks you through the installation process, via Composer, and the creation of a new command. With this simple base created, he then adds in actual functionality, building out a command to hash and verify a password string. They show how to use the command and an example of its output. Next up, he creates another command example, this time verifying the password hash provided as an argument. The tutorial wraps up with a look at testing your console comamnds with PHPUnit tests via the included CommandTester functionality.

tagged: symfony console commandline cli package component tutorial introduction

Link: https://www.sitepoint.com/re-introducing-symfony-console-cli-php-uninitiated/

SitePoint PHP Blog:
Re-Introducing Composer – the Cornerstone of Modern PHP Apps
May 22, 2017 @ 11:54:48

If you've been developing any kind of PHP applications lately, chances are you've at least heard of Composer. This package manager has dramatically changed the way we develop in PHP but there are still some out there wondering what all the fuss is about. In this tutorial from SitePoint author Claudio Ribeiro (re-)introduces this powerful tool and provides some basics of its use.

In this article, we will tackle the basics of Composer, and what makes it such a powerful and useful tool.

Before we go into detail, there are two things that we need to have in mind: what Composer is [and] what Composer is not. [...] Essentially, Composer allows you to declare and manage every dependency of your PHP projects.

He then walks you through the installation of the tool, running it either globally or locally (per-project). He lists out some of the basic commands, what they're for and helps you on your way to installing your first package: PHPUnit. He also covers the special "vendor" folder Composer creates, how autoloading works, various configuration values and installing packages globally rather than just locally. He then talks about the other side of the PHP package ecosystem: Packagist including how to submit packages and set up your own package's composer.json so it can be pulled in correctly.

tagged: composer introduction basics tutorial package packagist

Link: https://www.sitepoint.com/re-introducing-composer/

What is PSR-7 and How to Use It
May 22, 2017 @ 10:18:50

On of the standards that have come out of the PHP-FIG (PHP Framework Interoperability Group) in the past few years has been PSR-7, a standards definition for working with HTTP requests and responses as PHP objects. While those that have worked with most of the PHP frameworks out there may be familiar with the concept, it can be confusing if you're just getting started with the idea. In this post on the Dotkernel site they introduce PSR-7, talking about its goals and what it defines to help bring everyone on the same page for HTTP requests.

PSR-7 is a set of common interfaces defined by PHP Framework Interop Group. These interfaces are representing HTTP messages, and URIs for use when communicating trough HTTP.

Any web application using this set of interfaces is a PSR-7 application.

They start off by defining (and linking to) the different interfaces involved in the PSR-7 specification (the spec doesn't define functionality, only the structure). From there the tutorial uses the Zend Diactoros component to illustrate an implementation of the PSR-7 structure. They cover two of the main tasks when working with HTTP requests/responses: working with the headers and fetching/writing to the body.

tagged: psr7 phpfig standard http request response introduction

Link: https://www.dotkernel.com/dotkernel3/what-is-psr-7-and-how-to-use-it/

What Is WP-CLI? A Beginner’s Guide
May 18, 2017 @ 10:35:31

The TutsPlus.com site has posted a new tutorial introducing you to the WordPress command line tool, the WP-CLI.

WP-CLI has been around for quite some time now (circa 2011) and has steadily gained momentum in the WordPress developer community. But what is it exactly, and how can you use it in your WordPress workflow?

The idea behind WP-CLI is that it allows you to interact with, and manage, WordPress sites via a command line interface. According to the official documentation, it's a command line alternative to using the traditional WordPress admin user interface.

They starts by explaining some of what the tool can do and help you get it installed either manually (on Mac or Windows) or more automatically for the DesktopServer users out there. The tutorial then goes through the basics of using the wp command line tool including getting a listing of current settings, showing the version installed and getting a list of currently installed plugins and themes. It also shows how to install new plugins, list posts, pages and comments currently in the system. The post ends with some additional resources where you can get more information about the WP-CLI tool and its features.

tagged: wordpress wpcli tool commandline introduction tutorial

Link: https://code.tutsplus.com/tutorials/what-is-wp-cli-a-beginners-guide--cms-28649

Zend Framework Blog:
Context-specific escaping with zend-escaper
May 17, 2017 @ 09:44:25

The Zend Framework blog has continued their series spotlighting individual components of the framework and putting them to use outside of a ZF-based application. In the latest post they show how to use zend-escaper to handle context-specific escaping.

Security of your website is not just about mitigating and preventing things like SQL injection; it's also about protecting your users as they browse the site from things like cross-site scripting (XSS) attacks, cross-site request forgery (CSRF), and more. In particular, you need to be very careful about how you generate HTML, CSS, and JavaScript to ensure that you do not create such vectors.

As the mantra goes, filter input, and escape output.

They start with some of the main issues around escaping output in PHP (and some of the inconsistencies) and what zend-escaper can to to help. The tutorial then shows how to pull the component into your current application via Composer and set up a new Escaper instance. It briefly covers the built-in escaping methods and then provides some more real-world examples of how it can be used to protect your application.

tagged: zendescaper component tutorial introduction output escaping

Link: https://framework.zend.com/blog/2017-05-16-zend-escaper.html

User Authorization in Laravel 5.4 with Spatie Laravel-Permission
May 16, 2017 @ 11:28:09

On the Scotch.io site a new tutorial has been posted showing you how to use the Laravel-permission package (from Spatie) to more easily handle permission setup and validation in a Laravel application.

When building an application, we often need to set up an access control list (ACL). An ACL specifies the level of permission granted to a user of an application. For example a user John may have the permission to read and write to a resource while another user Smith may have the permission only to read the resource.

In this tutorial, I will teach you how to add access control to a Laravel app using Laravel-permission package. For this tutorial we will build a simple blog application where users can be assigned different levels of permission.

The tutorial then walks though the installation of the package and some of the new tables it adds to the database when you run the included migrations. It then talks about some of the methods that can be used, both on the backend and in Blade templates, to evaluate if the current user has the roles required. Next up is the creation of the controllers to handle the basic CRUD tasks and working with the blog posts and views to set up the permissions and roles. Finally the tutorial shows the code required to evaluate the roles and permissions of the user and an example of middleware that performs a pre-check to see if a user even has access to manage various pieces of the application.

tagged: tutorial spatie permission role package introduction blog acl ui interface

Link: https://scotch.io/tutorials/user-authorization-in-laravel-54-with-spatie-laravel-permission

Packagist and the PHP ecosystem
May 11, 2017 @ 10:49:17

The BugSnag blog has posted a tutorial from a guest author, Graham Campbell, introducing you to Packagist and the PHP ecosystem continuing on from the previous post introducing the Composer tool.

In our last blog post we saw the basics of Composer, but skipped over where it actually finds its packages, and how to publish packages of your own. In this blog post, we will be looking at exactly this, plus some security considerations when using composer in your application.

The post starts off by introducing Packagist and how you can distribute your package there. There's a section that covers Open Source licenses, a few of the different types and how to list licenses of your currently installed packages. Following this the post talks about using branches and aliases to pull in the code you need (not just the latest release). The tutorial wraps up with a look at some of the security concerns around using packages and how to keep on top of new versions with new bugfixes.

tagged: packagist ecosystem introduction package license security

Link: https://blog.bugsnag.com/packagist-and-the-php-ecosystem/