Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php[architect]:
Mandrill Alternatives for PHP Applications
Apr 19, 2016 @ 12:07:16

With the recent (well, not too recent) announcement from MailChimp about the shift to a paid model for their Mandrill email service, PHP developers have been busy looking for alternatives. In this post to the php[architect] site Sandy Smith explores some of the other options out there, how they compare and what they have to offer.

n case you might have missed the announcement, MailChimp is changing Mandrill to be an add-on to paid MailChimp accounts, thus eliminating the generous free tier. We’re big fans of MailChimp and use its mailing list service for our own announcements, but a full MailChimp account isn’t going to be for everybody. [...] Many people also know Mandrill by reputation and will need options in the future. For you, we’ve put together this list of viable transactional email alternatives with PHP and major PHP application support.

Included in their list are services like:

For each service he includes a paragraph talking about what integrations and libraries there are for their use as well as what's included in their "free" levels.

tagged: mandrill alternative email service options sdk overview

Link: https://www.phparch.com/2016/04/mandrill-alternatives-for-php-applications/

Alejandro Celaya:
How to properly implement persistent login
Feb 10, 2016 @ 10:55:37

In his latest post to his site Alejandro Celaya shares some suggestions about how to make a good, safe persistent login feature for your application. This is usually referred to as the "remember me" handling and is widely used to help improve the overall user experience.

I'm sure you are familiar with those "remember me" checkboxes in login forms. They are a common way to allow a user to keep his/her session in a web application for an extended period of time when he is in a trusted computer.

One could think that it is a small and easy-to-implement feature, but it has indeed a lot of considerations. [...] In this article I’m not going to show you how to implement a persistent login in one or another programming language, but what are the good practices that should be followed when you implement it in the way you want.

He starts off with some thoughts about the wrong way to handle the persistent login (like just making a long-life cookie) and what some of the consequences could be. Instead he suggests using a cookie (with a random generated token) that's long running, maybe 2 weeks. The difference here is that this token is then refreshed once the token is validated and reset. This reduces the risk of an older token being used on another source too. He also shares some other security concerns to think about in this setup including the use of one-time tokens, potential multiple persistent sessions and when it might be good to re-prompt for the password.

tagged: persistent login security rememberme implementation advice options

Link: http://blog.alejandrocelaya.com/2016/02/09/how-to-properly-implement-persistent-login/

Lorna Mitchell:
OAuth2 with PHP's built in Streams Functions
Jan 07, 2016 @ 10:56:54

In a quick post to her site Lorna Mitchell reminds us that you can modify the options on the internal PHP streams (like for HTTP requests), more specifically to add a "Bearer" token value for OAuth2 integration.

For OAuth2, all I had to be able to do was to send an Authorization header with my web request from PHP. My second-favourite way of making API calls from PHP is to use PHP's stream handling, so I did that. It's not code you see very often but it's super-simple and it works on every PHP platform I've tried so far

She gives a few lines of code to show how to modify the options to add in the token value, basically using an array of options and a call to stream_context_create to create the context. This can then be used in future calls (like the file_get_contents she shows) to automagically send this information along with the request.

tagged: oauth2 http stream request builtin options bearer tutorial

Link: http://www.lornajane.net/posts/2016/oauth2-phps-built-streams-functions

ServerGrove Blog:
Symfony2 components overview: OptionsResolver
Apr 23, 2015 @ 08:23:32

The ServerGrove blog has posted another in their spotlights on specific Symfony2 components. In this latest post they look at the OptionsResolver component.

In the 13th post of the Symfony2 components series we will be talking about one little but extremely useful component: OptionsResolver. This component helps us to reduce the boilerplate code required to create an options system with default parameters. As stated in the official docs, is array_replace on steroids.

They start with a common situation, wanting to use options from user input, but only if they exist, and otherwise provide a default. This includes the use of the array_replace function but with the OptionsResolver there's an even easier way. A simple example is included showing how to use it to define options (and throw an exception when an undefined one is set). They show how to use a closure to set defaults on a specific option with more complex logic and how to use the validation and normalization handling.

tagged: optionsresolver component symfony2 overview options

Link: http://blog.servergrove.com/2015/04/13/symfony2-components-overview-optionsresolver/

Russell Walker:
Handling Global Data in PHP Web Applications
Sep 16, 2013 @ 12:31:07

Russell Walker has a post on his site sharing some suggestions about effectively dealing with global data in your PHP applications.

Almost every web application needs to handle global data. There are certain things that just have to be available throughout the entire code base, such as database connections, configuration settings, and error handling routines. As a PHP developer, you may have heard the mantra 'globals are evil', but this naturally begs the question 'what should I use instead of global variables?'

He includes four different options (five including the actual use of global variables):

  • Static classes
  • Singleton
  • Registry
  • Dependency injection

For each of the options he includes summaries of both the advantages and disadvantages as well as some sample code showing their use. Ultimately, he points out that it's up to the developer of the application which option fits best.

tagged: global variable data opinion options registry singleton dependencyinjection static

Link: http://russellscottwalker.blogspot.co.uk/2013_09_07_archive.html

Matthew Weier O'Phinney:
RESTful APIs with ZF2, Part 3
Feb 25, 2013 @ 12:21:30

Matthew Weier O'Phinney has posted the third part of his series about making RESTful APIs with Zend Framework 2 (parts one and two). In this latest part of the series, he talks more about documenting the API and what commands can be executed.

In this post, I'll be covering documenting your API -- techniques you can use to indicate what HTTP operations are allowed, as well as convey the full documentation on what endpoints are available, what they accept, and what you can expect them to return. [...] hy Document? If you're asking this question, you've either never consumed software, or your software is perfect and self-documenting. I frankly don't believe either one.

He covers a few reasons why you should document your API and where he thinks it should live to be the most useful. He includes a few different ideas and two things he definitely thinks should exist for your API - the use of OPTIONS and end-user documentation. The first is a HTTP header (ZF2 code example included) that tells the API consumer what they can do with an endpoint. The second type is more useful for the human reader, giving them a better overall perspective on what the API can do - still served through the API but in a bit more understandable format.

tagged: zendframework2 rest api tutorial series documentation options enduser

Link:

Chris Roane's Blog:
Options for Building a Website from a Developers Perspective
Jun 25, 2012 @ 08:28:27

Chris Roane has a new post to his blog outlining a few different options web developers today have for creating new websites or applications - static, custom, framework-based or CMS.

Over the years I’ve built many different types of websites. These range from being a few pages, to being very customized with advanced features. I’ve learned there is no clear definition in the best way to create a website. But I do think there are advantages and disadvantages to pursuing different methods. This article takes an analytical look at each option. Let’s take a closer look at the different approaches in building a website.

He includes a brief summary talking about each method and mentions things like benefits and downfalls of the approach and what can be involved in their development.

tagged: overview developer options website architecture

Link:

Henrik Bjørnskov's Blog:
Symfony2: Using the validator symfony1 style
Feb 03, 2012 @ 11:15:01

In this quick new post to his blog Henrik Bjørnskov shows how to use the validators in Symfony2 in a more traditional Symfony 1 style for a form.

Two of the more complicated components in Symfony2 is the Form and Validator component. The Validator is created in such a way it "always" need an Domain Object with Constraints associated through metadata. This is explained in detail here. But there is another way. A way that resemble's the symfony1 forms. Where you could specify the validations directly in your form class.

Code is included in the post to show how to load in a few of the validators (like NotBlank, Email and Choice) and how to use them in the settings defined in the "getDefaultOptions" method.

tagged: symfony2 validator form symfony1 options

Link:

Amazium Blog:
PHP in the Dark: Input/Output
Sep 05, 2011 @ 11:25:32

On the Amazium blog Jeroen Keppens has a recent post looking at some of tools available to you when needing to filter input and escape output in your applications. This post specifically covers filtering on command line applications.

When you need data input in a web context, you send a GET/POST request to your script. On the command line, things work differently. In this blog post, we will talk obout input and output in php-cli.

The post is broken up into a few different sections:

Tools mentioned include everything from getopt and PEAR's' Console_Getopt out to using file descriptors and working with readline.

tagged: input output filter arguments readline options

Link:

php|architect Blog:
PHP in the Cloud - New Options for Application Hosting
Feb 08, 2011 @ 09:14:19

On the php|architect blog today there's a new post from Joel Clermont about some of the recent cloud-based offerings that have popped up in the PHP world - Platform as a Service solutions that can help take the effort out of the usual application hosting issues.

Enter the newcomer to the world of PHP deployment options: Platform as a Service (PaaS). You may be rolling your eyes at the introduction of yet another buzzword and acronym, but before you dismiss it, consider how it might fit in to your application hosting strategy. I've heard Platform as a Service described as a "layer above the cloud," that is, it builds on the existing cloud infrastructure, like Amazon's EC2, but abstracts away all the setup and maintenance tasks of running an entire server. As David Coallier described it to me, the goal is to "deploy apps, not servers."

Joel mentions two different offerings that have popped up recently - PHPFog and Orchestra. Both services have some nice features that he gets into including application templates, git integration and configuration for specific kinds of technologies (like database support and memcache availability).

tagged: paas platform service phpfog orchestra options

Link: