Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Laravel Shareable Models Package
Sep 06, 2017 @ 11:56:26

On the Laravel News site there's a new post highlighting a shareable models package that allows for the creation of dynamic routes for models that are shared.

My initial use case was giving certain non-admin user access to a certain resource that is usually only accessible through the admin interface.

Instead of mucking around with special permissions I created this method to create a completely new link from the resource that I wanted to share, that I could then treat like any other route in my application. So a separate controller and separate views. In that route, you can then simply only expose the functionality that you want (make it read-only for example or only show certain fields).

The package allows the automatic creation of "shareable links" to models including functionality that allows for password protection and expiration times. A code example is included showing how to set up a link to an article entry and what the result looks like (a JSON response).

tagged: laravel package sharable model link spotlight

Link: https://laravel-news.com/laravel-shareable-models-package

Laravel News:
A Roundup of Laravel Testing Resources and Packages
Jul 12, 2017 @ 09:50:29

On the Laravel News site there's a new post sharing a list of Laravel testing resources and package that you can use for your Laravel-based applications to make testing easier and less work overall.

Testing code is one of the more challenging parts of programming, but luckily Laravel and some other tools are making it easier than ever. Research has even shown implementing a Test-Driven Development (TDD) approach can significantly reduce the number of bugs that make it to production. Testing provides many other benefits, like the freedom to refactor large parts of a system without (as much) fear of breaking things.

With all of the benefits of testing, it’s still challenging to continually test applications. If you are looking to start learning how to test Laravel applications or you want to expand your skills here is a list of great resources to help you.

Included in their list are resources like the official documentation, Laravel Dusk, the Laracasts Laravel Behat extension, the phpspec Laravel extension and Spatie Laravel packages. Each item on the list includes a screenshot, a brief description of the resource/tool and links to get more information about it.

tagged: laravel testing package tool list resource link

Link: https://laravel-news.com/laravel-testing-resources

Michael Dyrynda:
Switching PHP versions with Laravel Valet
Jan 24, 2017 @ 09:57:40

On his site Michael Dyrynda shows you how to switch PHP versions in Laravel Valet away from the current default of PHP 7.1 (should the need arise).

At the time of writing, Laravel Valet ships with PHP 7.1 but if you're like me, you have some legacy projects around the place that haven't quite lifted their dependencies to PHP 7 just yet.

A lot of folks might have previously used a VirtualBox Virtual Machine, or more recently considered Docker but a lot of the time and especially when dealing with simpler situations, Valet may be all that you need.

Luckily, the combination of Valet and brew on macOS makes switching PHP versions really easy.

With the help of the Homebrew tool it's as easy as telling it to install the PHP version you require and create the link to this needed version. He's included two screencasts in the post to show the process and commands you'll need to accomplish it.

tagged: laravel valet language version switch homebrew link tutorial

Link: https://dyrynda.com.au/blog/switching-php-versions-with-laravel-valet

SitePoint PHP Blog:
Let’s Kill the Password! Magic Login Links to the Rescue!
Dec 15, 2016 @ 12:36:17

On the SitePoint PHP blog there's a new tutorial posted from Christopher Vundi showing you how to create a password-less login system using "magic links". These links allow users to log into a service without requiring a password using a one-time code and a special URL.

Authentication is something that has evolved over the years. We have seen it change from email – password combination to social authentication, and finally password-less authentication. Actually, more like an “email only” authentication. In the case of a password-less login, the app assumes that you will get the login link from your inbox if the email provided is indeed yours.

[...] In this tutorial, we are going to implement such a system in a Laravel app. The complete code can be found here.

The tutorial then walks you through some of the setup of the application environment - creating the Laravel project, building out the database and running the "make:auth" to generate related controllers/views/models. They show you how to change the login link to point to the new "magic link" functionality and the matching controller and view. The tutorial then shows how to generate the tokens, email them to the user with the special URL and validate them once they come back in.

tagged: password magic login link tutorial token email

Link: https://www.sitepoint.com/lets-kill-the-password-magic-login-links-to-the-rescue/

Symfony Finland:
How to implement AMP (Accelerated Mobile Pages) on the eZ Platform CMS
Aug 29, 2016 @ 11:44:58

On the Symfony Finland site they've posted an introductory article showing you how to implement accelerated mobile pages (AMP) in an application based on the ez Platform CMS.

Accelerated Mobile Pages is an initiative from Google to speed up mobile browsing. AMP is an open standard based on HTML. It enforces performance by limiting functionality and includes remote caching.

Given Google's continuing dominance search both publishers and CMS vendors need to take AMP into account. In this article you'll learn the basics of how to implement AMP with eZ Platform CMS and Symfony.

The post starts out with a bit of background about AMP and how it relates back to the main content of the site. With that knowledge in place the author moves into the code, showing how to use annotations to create the route, building and returning the template including the meta and link tags required to link this AMP version back to the main content page.

tagged: tutorial amp mobile pages accelerated symfony twig meta link

Link: https://www.symfony.fi/entry/how-to-implement-amp-accelerated-mobile-pages-ez-platform-cms

Laravel News:
Easily Integrate HTTP/2 Server Push with a Laravel Middleware
Aug 12, 2016 @ 09:48:10

The Laravel News site has a recent post showing you how to integrate HTTP2 support into your Laravel-based application using some simple middleware.

As we all know technology changes fast and if you don’t stop and look around once in awhile, you could miss it. HTTP/2 is one area of our tech stack that I haven’t been keeping up with an honestly knew nothing about it until Laracon where Ben Ramsey gave a talk on the subject.

You can watch his talk here and his slide deck is available from his site to browse through. What amazed me is how easy it seemed to implement by utilizing server push or preload.

They describe this "Link" header process could work if done manually but points out that doing that manually for every asset is very time consuming. To help out they point out two packages that can help make it a bit more automatic. The post briefly shows their use (code example) basing the asset list on the contents of your Elixir configuration.

tagged: laravel middleware http2 push link header package

Link: https://laravel-news.com/2016/08/http2-server-push-middleware/

Creating a password-less, Medium-style, email-only authentication system in Laravel
Mar 14, 2016 @ 09:29:55

On the Tighten.co blog Matt Stauffer shows how to make a password-less authentication system similar to what the popular site Medium uses centered around emails sent to the account for the user.

Recently I was working on a project where one of our major pain points was users' passwords. Users were added to the application by administrators, so they didn't have passwords when they were first added, and forcing them to set and remember passwords was a big hitch on the project's usability.

So, we decided to try out a Medium/Slack-inspired password-less login. If you've never had the chance to work with this, the login system works like this: enter your email address on the login page, get emailed a login link, click the link, and now you're logged in. Access to your email address proves your identity without the need for a password.

He walks you through the process of disabling the current password-based flow by creating and modifying the default "make:auth" results. When the user comes to the site, they're asked to log in via sending an email. This email contains a unique token attached to a link that matches one on the server side related to the user. He shows how to build out this relation table, the matching model and the endpoint used to verify the hash once the user clicks on the link.

tagged: laravel password email login medium link random hash tutorial

Link: http://blog.tighten.co/creating-a-password-less-medium-style-email-only-authentication-system-in-laravel

Ben Ramsey:
Lack of Hypermedia
Nov 27, 2015 @ 09:37:38

In a post to his site today Ben Ramsey shares his response to a question about hypermedia in APIs and how they could make the API more brittle if used incorrectly.

One of the most common problems I see in API development is lack of hypermedia, or none at all. By hypermedia, I mean links that describe relationships among data in the API. When hypermedia isn’t used, the API becomes brittle, and those building clients that talk to the API are forced to code to URLs. The URLs become an important interface to the API, and if they change, they break everything. This leads to URL-based versioning schemes, and the only upgrade path for clients is to modify their code to accommodate the new versions.

He suggests that when APIs use hypermedia they tend to no longer rely on the URLs of the resources (as they're linked from the meta in other requests). He also shares the slides for a presentation he gave at this year's True North PHP Conference with more information on the topic.

tagged: hypermedia lack url resource link

Link: https://benramsey.com/blog/2015/11/lack-of-hypermedia/

Build A Link Sharing Website With Laravel
Jun 09, 2015 @ 10:02:31

The Vegatbit.com site has posted a tutorial today showing you how to build a link sharing site with Laravel, a simple application that lets you create "shortlinks" to make it easier to pass along URLs to others.

Building your own applications, even on a simple or small scale, is a great way to build your skills. This Link Sharing Website tutorial using Laravel will help us to to just that. If you’d like to save yourself a little time, you could just as easily head on over to http://www.easylaravelbook.com/ and pick up a great pre written application, PHPLeaks. PHPLeaks is a Link Sharing Website that has everything you need to get a nice starter project going.

They walk you through every step of the process, showing you all the code and commands you'll need to get the application, database and frontend set up and running. This even includes the installation of the Homestead virtual machine and configuration of your local machine. Don't be intimidated by the long list of steps - it's pretty quick thanks to several of the Laravel artisan commands.

tagged: link sharing tutorial application laravel stepbystep shortlinks

Link: http://vegibit.com/build-a-link-sharing-website-with-laravel/

Joshua Thijssen:
Symfony2: logging out
Oct 10, 2014 @ 10:51:03

In this new post to his site Joshua Thijssen talks about something that's usually considered a common task and might be overlooked when it comes to security: logging out (specifically in Symfony-based applications).

One of the “golden rules” of symfony2 is to never hardcode urls or paths inside your code or templates. And letting symfony deal with the generation of your urls and paths makes your life a lot easier as a developer. But one of the things I see regularly is that people are still hardcoding their logout urls like using “/logout”. But logging out is actually a bit more complex than it might seem, and using a simple /logout might work for most cases, but there are better ways to deal with this.

To give some context, he starts with an overview of the Security component of the Symfony framework, mentioning how it can be configured with different "secure" areas and how they handle the user authentication. He includes an example configuration of one of these "firewalls" in a YAML document with three different sections: "dev", "superadminstuff" and "main". He explains what each of these sections are configuring and how they will react when the user visits them. He talks some about the "logout: true" handling and what kind of defaults are also included when it's called. He suggests that, instead of a hard-coded "logout" URL in your application, you make use of the "logout_url" and "logout_path" functions to create the link for you, making it consistent across the application and easier to configure.

tagged: symfony logout security user login component link

Link: https://www.adayinthelifeof.nl/2014/10/06/symfony2-logging-out/