Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Introduction to Elasticsearch in PHP
Aug 04, 2015 @ 09:31:05

The SitePoint PHP blog has posted an introduction to using Elasticsearch in your PHP applications. In it author Wern Ancheta covers some of the basics of this powerful tool and helps you get an example script up and running for testing.

In this tutorial, we’re going to take a look at Elasticsearch and how we can use it in PHP. Elasticsearch is an open-source search server based on Apache Lucene. We can use it to perform super fast full-text and other complex searches. It also includes a REST API which allows us to easily issue requests for creating, deleting, updating and retrieving of data.

He starts by helping you get Elasticsearch itself installed via the apt-get package manager (may slightly differ depending on your OS of choice) and tested with a simple web-based request to the port the server is running on. With the server set up he then moves on to the PHP aspect, helping you get the elasticsearch library installed via Composer and creating a new client instance. He then includes code examples of some of the main operations you'll perform with entries in the Elasticsearch instance: inserting a document, updating a document, deleting and - of course - searching for documents matching certain simple and more complex criteria.

tagged: introduction tutorial elasticsearch install library insert update delete search

Link: http://www.sitepoint.com/introduction-to-elasticsearch-in-php/

Paragon Initiative:
Secure Data Encryption in Web Applications with PHP
Aug 03, 2015 @ 10:58:47

The Paragon Initiative has posted a new white paper to their site covering secure data encryption in web applications written in PHP. The paper covers high level topics and offers some more practical suggestions about tools and guides to use in protecting your applications.

Encrypting network communications is absolutely essential to the security of anyone who wishes to use your website or application. The standard and most reliable form of network encryption is called Transport Layer Security (TLS), which was preceded by and older standard called Secure Socket Layer (SSL).

Websites that use SSL or TLS are accessible by typing https://domain.com into your browser instead of just http://domain.com. Consequently, the shorthand way to refer to HTTP over TLS is simply HTTPS. Contrasted with network cryptography, storing sensitive information is a much more challenging and interesting problem to solve, and is the focus of this paper.

Among the topics covered in the white paper are things like:

  • The flow of a HTTPS request (and if it's "fast" or not)
  • Secure password storage and handling
  • On-demand encryption/decryption
  • Cryptography library recommendations
  • Using asymmetric cryptography with public and private keys

They also point to this curated list of resources to help you learn more about general web application security including cryptography.

tagged: secure application cryptography https password library libsodium resources

Link: https://paragonie.com/white-paper/2015-secure-php-data-encryption

Alejandro Celaya:
Working with custom column types in Doctrine. Enums.
Jul 30, 2015 @ 08:37:45

Alejandro Celaya has a post to his site showing you how to work with custom types in Doctrine, more specifically with the "enum" type.

Doctrine is currently the most used ORM in PHP. It makes it very easy to work with databases in an object oriented way. It comes with a set of built-in column types that map database types with PHP types. For example, the datetime column type, persists the value of an entity column as a datetime in the database and handles it as a DateTime object when the entity is hydrated.

Type conversions work both ways, so column types take care of casting database to PHP types and vice versa. In this article I'm going to explain how to define custom column types so that we can persist our own objects into the database and hydrate them back.

He points out that, while PHP itself lacks the "enum" data type, you can simulate it with a library like this. He uses this library to create a custom Doctrine object type that mimic enums in the getting and setting of a value to one of a few options. In this case it's values representing the CRUD methods. He shows the code to link the Type back to the Action which then gives it understanding of what the valid enum values can be. He also points out another package that he published recently that takes some of the work out of creating the boilerplate code for the enum.

tagged: package action tutorial enum type doctrine custom library

Link: http://blog.alejandrocelaya.com/2015/07/28/working-with-custom-column-types-in-doctrine-enums/

SitePoint PHP Blog:
Console Wars – PHP CLI Libraries
Jul 27, 2015 @ 09:32:35

The SitePoint PHP blog has a post that compares some of the major PHP CLI libraries, three of them at least: the Symfony console component, Hoa console and the Webmozart solution.

I have always been a big fan of console commands and I try to provide a command line interface (CLI) as much as possible in most of my PHP projects. In this article, I’ll briefly compare three PHP console command libraries.

He starts with a brief history on each of the libraries, talking about their origins and age. He then talks about the necessary dependencies each requires and the overall complexity of the code they include. Next up is some practical examples putting each to use outputting a simple message back to the user using user input for both the message and output color.

tagged: console commandline library symfony hoa webmozart cli compare

Link: http://www.sitepoint.com/console-wars-php-cli-libraries/

Sameer Borate:
Cron Expression Parser in PHP
Jul 21, 2015 @ 10:15:09

If you've ever worked with the "cron" tool on a unix-based system, you know that there's a special syntax that comes along with defining when the commands should run. It can be difficult to get this timing exactly right, especially if you're very picky about the execution time. In this post from Sameer Borate he shows you a PHP library that can help not only parse current cron configurations but also provides shortcuts for common timings (ex: "daily" or "weekly").

Working with cron scheduling can many times be a frustrating affair. Although setting a few cron jobs at one time can be easy, calculating cron dates in the future in code can get time consuming quickly. The PHP cron expression parser described here can parse a CRON expression, determine if it is due to run, calculate the next run date of the expression or calculate the previous run date of the expression. You can calculate dates far into the future or past by skipping n number of matching dates.

He includes some examples of putting the library to use to define a cron object based on an expression (either via a shortcut or an actual cron time expression). You can then check to see if the cron is "due" or perform some various operations about its run dates. This includes a formatted output of the previous run time, the next run time and the calculation of the next/previous run time based on a relative timestamp.

tagged: cron parser library example tutorial run due evaluation datetime

Link: http://www.codediesel.com/php/cron-expression-parser-in-php/

SitePoint PHP Blog:
Validating your data with Respect Validation
Jul 20, 2015 @ 10:49:26

The SitePoint PHP blog has posted a tutorial showing you how to validate your data with Respect (well, their validation library) and ensure the data you're getting is exactly what you're expecting.

Validation is an important aspect of every application’s interaction with data. Instead of reinventing the wheel every time, the community collaborated on some useful packages like Symfony, Laravel, Zend, etc. In this article, we’re going to introduce a lesser known package called Respect Validation, which provides some nice new features.

He starts by mentioning some of the other popular validation packages used widely in the PHP community including the Symfony Validator and Laravel's Illuminate package. For each of these he shows code validating an email address, each with their own slight differences. Using this same example he shows how to implement it in the Respect library, first making use of their custom "email" validator class then via custom chained rules. He also shows how to set custom error messages and provides a more "real world" example with a simple Laravel application. His application takes in user data including username, password and credit card information and uses Respect's library to validate it via a full set of rules. He ends the post with a quick look at creating your own custom rule classes and how to "cross pollinate" them with Zend or Symfony validators.

tagged: respect validation library tutorial laravel example custom errormessage

Link: http://www.sitepoint.com/validating-your-data-with-respect-validation/

KnP University:
Introducing Guard: Symfony Security with a Smile
Jul 14, 2015 @ 09:15:05

The KNP University site has a post that talks about a new library they've created (and matching tutorial series) about an easier method to handle authentication in your Symfony applications: Guard.

Symfony’s authorization system - the stuff related to voters and roles - is awesome. It’s simple, it kicks butt, and it’s one of my favorite things, just behind fresh-baked cookies.

But then there’s that other part: authentication. This is how you login: maybe with a form or via OAuth, like Facebook login. This part is probably the single worst part of Symfony. It’s over-engineered, hard to customize and no fun to work with. [...] This problem was screaming for a solution. If we could make Symfony’s authentication system simple and fun, the whole security system would go from a pain, to a powerful tool.

The library they've created, Guard centralizes the authentication handling into one place (via an interface) and makes the basics of authentication handling simpler. In their tutorial they walk you through the use of Guard as a part of a bundle complete with examples of login form and API token authentication handling. He ends the post with a quick comment about a "secret goal" he has to try to have Guard included in symfony itself.

tagged: guard symfony authentication library bundle tutorial simple

Link: http://knpuniversity.com/blog/guard-authentication

Matthias Noback:
Experimenting with Broadway
Jul 13, 2015 @ 08:40:57

Matthias Noback has posted about some of his experimentation with Broadway, a framework of testing helpers and structure to create CQRS/event sourced applications. CQRS is a design pattern (Command Query Responsibility Segregation) that essentially defines the use of a different method for reading data than for working with it (ex: updates or creates).

At the Dutch PHP Conference I attended a workshop by Beau Simensen and Willem-Jan Zijderveld. They showed us some examples of how to work with Broadway, a framework for event sourcing, with full Symfony integration, created by the smart people at Qandidate.

During my two weeks of funemployment, before starting my new job at Ibuildings, I decided to recreate one of my previous projects using Broadway. As it turns out, it's a great framework that's quite easy to use and is very powerful at the same time. Even though it's not a stable package (as in, it's still in the 0.x version range), I think it's safe to depend on it.

Matthias found that one of the main features of the models in Broadway is the serialization of them for storage, but wanted to reduce the amount of time to handle that...so he created this library. He also talks about something that several have pointed out as missing in the Broadway structure: how to use "sagas". He ends the post with an update on his own tool, SimpleBus, that handles eventing and via message busses, noting that it's not going anywhere but if you use Broadway, there's no reason to use SimpleBus too.

tagged: broadway event cqrs framework experiment simplebus library

Link: http://php-and-symfony.matthiasnoback.nl/2015/07/experimenting-with-broadway/

Cees-Jan Kiewiet:
Test lowest, current, and highest possible on Travis
Jul 01, 2015 @ 10:57:50

In a new post to his site Cees-Jan Kiewiet talking about "highest" and "lowest" versions of Composer-installed libraries and testing them in Travis-CI builds.

During DPC I've had a talk with Rafael about making sure you test all your possible versions, lowest, current, and highest. The talk was ignited by the infamous composer.lock file (whether to commit it or not).

He goes on to show how you can set up a multiple-version build with the help of the "dependencies" environment variable in your ".travis.yml" configuration file. These are then used in "before_script" commands that tell the Composer install which versions to load. He includes a screenshot of the resulting build and ends with a reminder from Jordi Boggiano (lead developer of Composer) about the resources a build like this takes up and not to do it very often.

tagged: lowest highest library version composer install travisci build

Link: http://blog.wyrihaximus.net/2015/06/test-lowest-current-and-highest-possible-on-travis/

Kévin Dunglas:
Using PSR-7 in Symfony
Jun 24, 2015 @ 12:50:56

With the recent acceptance of the PSR-7 HTTP standard by the PHP-FIG, there's been a lot of articles about using it in various PHP frameworks. In this new post Kevin Douglas looks at the use of it in Symfony, how it relates to the HttpFoundation component and when it will be included in the framework itself.

Back in 2011, Symfony 2 introduced the HttpFoundation component, a PHP library representing HTTP messages with an object oriented API. HttpFoundation is a key in the success of the HTTP-centric approach of Symfony, and it definitely inspirited the PSR-7 specification. However, PSR-7 and HttpFoundation differ fundamentally in two aspects: PSR-7 messages are immutable, mutability is in the DNA of HttpFoundation and in PSR-7, almost everything is stream.

Because of immutability it is very hard to make HttpFoundation embracing PSR-7 without a huge backward compatibility break impacting thousands of existing applications and bundles.

Work was almost immediately started to support the PSR-7 specification in Symfony, however. As a result support will be ready to be included in Symfony 2.7 but, as the rest of the post shows, it can be introduced in versions 2.3 or greater through a "HTTP message bridge" library. He shows how to get this installed in your Symfony application instance and how to use it in your controllers to interact with Requests and Responses. He does point out, though, that while this can bring your release up to PSR-7 status it comes with some overhead that may not be worth it if you're concerned about performance.

tagged: psr7 symfony bridge httpfoundation performance library

Link: http://dunglas.fr/2015/06/using-psr-7-in-symfony/