Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matt Stauffer:
Routing changes in Laravel 5.3
Jul 28, 2016 @ 09:36:05

In another of his series of posts about the upcoming version of the Laravel framework (v5.3) Matt Stauffer focuses in on some of the changes in routing that are coming down the line.

The last few versions of Laravel have showed the way routing works shifting around a bit. This is usually a sign that we're feeling some sort of pain—something feels off—but haven't found the perfect solution yet. In 5.3, we may have found it.

He starts by looking at some of the routing changes that happened when v5.2 was released including the change away from two groups ("web" and "api"). In v5.3 the major change is the location of the routes definitions containing all of the routes in your application. In the update, this relocation (into a directory) allows you to define multiple route configurations that can be individually changed based on features rather than one global place. He also includes an example of how you can set up your RouteServiceProvider to load in custom configurations as well.

tagged: laravel v53 routing changes directory multiple files configuration

Link: https://mattstauffer.co/blog/routing-changes-in-laravel-5-3

Security Update:
Imagemagick - Multiple Vulnerabilities
May 05, 2016 @ 11:07:35

Imagemagick, a well-used alternative by PHP developers for graphics manipulation (an alternative to GD) has had several new vulnerabilities announced. These vulnerabilities allow for everything from remote code execution to initiating network requests. The Imagetragick site has more information:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick. If you use ImageMagick or an affected library, we recommend you mitigate the known vulnerabilities.

There's two mitigations listed to help with a more immediate fix: using a policy.xml file and verifying that image data starts with the right "magic bytes". The site also shares more information about the different vulnerabilities and what kind of attacks they could allow. It is highly recommended that you add the mitigations they show and update your installation to use the latest release (7.0.1-1) with fixes for these issues.

tagged: imagemagick vulnerabilities multiple upgrade mitigation

Link: https://imagetragick.com

Matthew Weier O'Phinney:
Benefits of multiple repositories (Zend Framework)
Apr 26, 2016 @ 12:09:34

Matthew Weier O'Phinney, of Zend and the Zend Framework project, has put together a Storify stream of tweets he posted about some of the benefits of having multiple repositories in a project.

I've seen a number of critiques and write-ups recently about how monolithic repositories are intrinsically better for developing large projects than using a multi-repository approach. In the past year, we went the other direction, splitting our monolithic repository into individual component repositories, each with their own history, tests, and documentation. This is a summary of our experience.

He goes through a list of six different things they learned as a part of splitting up the (Zend) framework into multiple repositories instead of one monolithic one. He includes the contents of each Tweet and a paragraph or two giving it a bit more context and some examples of the changes that were involved. There's also a bit in there about changes they made to the documentation for the project as a result of these repository splits.

I'm quite happy with the switch from a monolithic repository to individual component repositories. I think our code quality is improving dramatically as a result, and I'm excited about the future of these various code bases.
tagged: multiple repository storify twitter zendframework learn process

Link: https://storify.com/mwop/zf-components

Matt Stauffer:
Multiple authentication guard drivers (including API) in Laravel 5.2
Jan 25, 2016 @ 09:24:31

Matt Stauffer has a new post in his series looking at the features in the latest version of the Laravel framework (v5.2) with this look at guard drivers and how 5.2 allows you to use more than one at once.

Let's get back to Laravel 5.2 features, shall we? 5.2 introduced a significant boost to the power of the entire authentication system, including making it much simpler to have multiple "guards" running at once. The default authentication guard in Laravel prior to 5.2 (now named the web guard) is your traditional web-based application authentication layer: username and password post to a controller. [...] But what if you want to have an API running in the same app, and it uses JSON web tokens (or some other stateless, non-session authentication mechanism)? In the past you'd have to jump through a lot of hoops to have multiple authentication drivers running at the same time.

He shows how to edit the auth.php configuration file to add in more "guard" instances to the default request handling. He also talks about the new driver that backends the "api" guard: the token driver. He briefly introduces the driver and talks about how it works with the current authentication setup. He also looks at changes you can make to use non-default drivers in your auth requests and how to set up your own custom drivers.

tagged: multiple authentication api token guard driver tutorial laravel

Link: https://mattstauffer.co/blog/multiple-authentication-guard-drivers-including-api-in-laravel-5-2

Michelangelo van Dam:
PHP arrays - simple operations
Jan 06, 2016 @ 09:13:29

Michelangelo van Dam continues his series on some of the basics of PHP with another look at arrays (started in this article).

Like all things in life, we need to start with simple things. So, in order to understand what arrays are in PHP, we need to take a look at the PHP manual to read what it is all about. [...] The thing with PHP is that an array is probably one of the most used data structures in web applications build with PHP and used for a wide variety of purposes.

He covers the basics of:

  • storing multiple values in an array and pushing additional values onto the end
  • removing the last item added to the array
  • pulling the first element off of the array

In his next article, he plans on expanding this introduction to arrays by looking at associative arrays.

tagged: array introduction simple tutorial multiple shift pop

Link: http://www.dragonbe.com/2016/01/php-arrays-simple-operations.html

Zaengle Blog:
Laravel as an Intermediary
Dec 03, 2015 @ 11:11:21

In this tutorial on the Zaengle blog Jesse Schutt shows you how to use a Laravel application as an "intermediary" between several services and tie them together so a single action could kick off a series of events.

One of our clients recently came to us with the following workflow they'd like the Zaengle team to implement for them: They wanted to compose a blog entry in their CMS. Upon publishing of the entry, they wanted the content of the blog entry to be emailed to a filtered group of their customer database (stored in Marketo). Finally, they wanted to be able to track email metrics from within their customer database.

[...] After brainstorming with the team and client, we decided that since there were at least 3 different systems in play (CMS, Customer Database, & Mail Processor), we needed to write a custom application that would bring all of them together.

He then walks you through the solution they came up with, showing how it makes use of webhooks, API requests and work with their own database. He talks briefly about some of the benefits of the setup and how they arranged the testing of the data flow between the pieces of the system.

tagged: laravel intermediary multiple system process action

Link: http://zaengle.com/blog/laravel-as-an-intermediary

Matthew Weier O'Phinney:
On PSR7 and HTTP Headers
Jul 29, 2015 @ 09:47:59

Matthew Weier O'Phinney has a new post to his site talking about PSR-7 and HTTP headers and how they (headers) are handled in the structure of this PHP-FIG specification.

Yesterday, a question tagged #psr7 on Twitter caught my eye: "When I call $request->getHeader('Accept') for example, I was expected that I'll get [an array] but, in reality I got [a string]. Is this correct?" In this post, I'll explain why the behavior observed is correct, as well as shed a light on a few details of header handling in PSR-7.

He talks about the planning that went into PSR-7 and how they had to work around some of the "flexibility" (quirks) in the HTTP specification. This was especially true when it came to repeated headers. He also walks through their thoughts on multiple header handling and that custom header values are allowed. Because of these two things, they decided to treat all headers as collections and, despite there being separators already in the values. Instead they collected headers of the same types into these collections, some containing only one value while others could contain multiple. Back to the question - this explains why the "Accept" header they desired was still in its comma-separated form and not split into the array they expected.

The [...] example provides another good lesson: Complex values should have dedicated parsers. PSR-7 literally only deals with the low-level details of an HTTP message, and provides no interpretation of it. Some header values, such as the Accept header, require dedicated parsers to make sense of the value.
tagged: psr7 http header collection separator multiple single

Link: https://mwop.net/blog/2015-07-28-on-psr7-headers.html

SitePoint PHP Blog:
Multiple Editors per Node in Drupal 7
Jun 11, 2015 @ 09:57:49

The SitePoint PHP blog has posted a new Drupal tutorial about allowing multiple editors to work on the same node of content.

have encountered a practical use case where the default configuration options are not enough. Namely, if you need to have multiple users with access to edit a particular node of a given type but without them necessarily having access to edit others of the same type. In other words, the next great article should be editable by Laura and Glenn but not by their colleagues. However, out of the box, users of a particular role can be masters either of their own content or of all content of a certain type. So this is not immediately possible. In this article I am going to show you my solution to this problem in the form of a simple custom module called editor_list.

He walks you through the process, first creating the .info file needed to define the module and the changes needed for the .module file. He creates a few helper functions to get the editor listing for a node and its matching access rules. With the module created he then gets into building the fields, again making helper methods to get the editors for the fields. Finally he "tidies up" and adds an "Authored on" section to the node editor with a helper function to receive and handle the results of this field when the form is submitted.

tagged: multiple editor drupal node field tutorial

Link: http://www.sitepoint.com/multiple-editors-per-node-drupal-7/

PHP 5.6.8, 5.5.24 & 5.4.40 Released (Security Fixes)
Apr 17, 2015 @ 09:38:18

The PHP development group has released several different versions of PHP for the 5.5.x, 5.6.x and 5.4.x series with a long list of security issues fixed in each one (fourteen in total):

The PHP development team announces the immediate availability of PHP [5.4.40, 5.6.8, 5.5.24]. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

Other items were fixed besides the security issues, so check out the Changelog to see those few other fixes. It's highly recommended that you update your installations to these latest versions. You can grab the latest either from the downloads page (source) or Windows users can go to winodws.php.net.

tagged: language release multiple security fix changelog upgrade

Link: http://php.net/archive/2015.php#id2015-04-16-3

Building With the Twitter API: Tweet Storms
Jan 07, 2015 @ 12:49:22

NetTuts.com has posted the second part of their series about creating a Twitter client on top of the Yii framework. In this new tutorial they focus on "tweet storms", the use of a series of tweets to share a thought rather than just cramming it into one.

In April, investor and Netscape founder Marc Andreessen began expanding on the natural 140 character limits of Twitter by publishing his thoughts in sequences of tweets, which some have dubbed tweet storms. [...] A few services arose to make it easier for mere mortals like ourselves to publish tweet storms but they seemed a bit unreliable and inconsistent. I decided to build the feature myself and I think there's value in doing this with your own app.

He outlines the features that the "tweet storm" feature needs to support and the database models/migrations that you'll need to store the related data. He uses Yii's generators to create the needed skeleton classes for the models and controllers. He moves on to the code needed to handle the group tweets management and to compose the tweets that will make up the "storm". Finally, he includes the code you'll need to create the publishing feature, pushing it into both the models/database and out to the Twitter API. You can then use the "OEmbed" information provided by Twitter to view the series of tweets via another simple page (code included here too).

tagged: tutorial twitter storm multiple tweet yii framework series part2

Link: http://code.tutsplus.com/tutorials/building-with-the-twitter-api-tweet-storms--cms-22459