Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Composer v1.6.4 Release (with Security Fix)
Apr 16, 2018 @ 10:50:02

Composer, the de-facto standard way to install PHP packages, has published a new release that includes a major security update. Jordi Boggiano made this comment about the release on Twitter:

After triaging/merging/fixing almost 200 issues in the last couple days, Composer v1.6.4 is out! ???? It contains a security fix and is therefore a much recommended update for all.

Other changes include fixes for:

  • a regression in version guessing of path repositories
  • the updating of package URLs for GitLab
  • init command not respecting the current php version when selecting package versions
  • exclude-from-classmap symlink handling

You can grab the latest version from the Composer site or you can use it's own self-update command.

tagged: composer release v164 security fix bugfix package

Link: https://twitter.com/seldaek/status/984744594566008832

Laravel News:
Learn to Create an RSS Feed from Scratch in Laravel
Apr 04, 2018 @ 10:47:52

On the Laravel News site there's a new tutorial showing you how to easily create an RSS feed with Laravel and the help of the spatie/laravel-feed package.

Creating an RSS feed in Laravel isn’t the most challenging task, but using a package and a few tips can help you create an RSS feed relatively quick.

We are going to use the spatie/laravel-feed package to walk through going from a brand new Laravel 5.6 project to serving RSS feeds.

The tutorial then goes through each step along the way, providing code and commands to get you up and running:

  • Setting up a new Laravel project
  • Modeling the data
  • Setting up the (event) model
  • Creating the Routes and the Events Controller
  • Linking to the feed

The result is a simple RSS feed that can be linked to from a link tag in your site and provide a list of upcoming events.

tagged: laravel tutorial rss feed spatie package

Link: https://laravel-news.com/learn-to-create-an-rss-feeds-from-scratch-in-laravel

Laravel News:
Uploading Avatar Images with Spatie’s Media Library
Mar 26, 2018 @ 10:48:05

On the Laravel News site, there's a new tutorial posted showing how you can use the Spatie Media Library package to help with the file uploads in your Laravel-based application to upload avatars for your users.

By default, the Laravel registration form contains only the name, email, and password, but often it’s useful to allow the user to upload a photo or an avatar. In this tutorial we will show you an easy way to add it, using [Spatie’s Media Library](https://github.com/spatie/laravel-medialibrary) package.

The remainder of the tutorial then breaks the implementation down into three steps:

  • Change the User Registration Form (to include the "avatar" field)
  • Upload and Store with the Media Library (installing the relation and changing the models)
  • Show an Avatar Thumbnail in the Top Navigation (using the package to resize the image)

Each step in the process includes the code or commands required to complete it. There are also several screenshots to help ensure you have the right information stored in your database.

tagged: tutorial upload avatar image spatie medialibrary package

Link: https://laravel-news.com/uploading-avatar-images

Maatwebsite:
Laravel Excel - Lessons Learned
Mar 20, 2018 @ 10:49:33

On the Maatwebsite Medium.com site they've posted a retrospective of their last several years of work on the Laravel Excel Open Source package.

Laravel Excel (https://github.com/Maatwebsite/Laravel-Excel) turned 4 years last November and has reached almost 6 million Packagist downloads. A good time to reflect on 4,5 years of open source development.

The article starts with a bit of history behind the initial development of the package as a simple wrapper around PHPExcel. It covers some of the initial syntax of the tool and features included from the start. The project moved on to v1.x with a complete rewrite and then into v2.x with support for the Laravel v5.x framework releases. It then talks about their "support conundrum" as they reached 1 (then, later, 6) million package downloads. They cover some of the usual project support issues, a reduction in their work on the package and how they worked to "fix it for everyone".

The post also talks about their "open source rehab" and how it changed their view from its recent "because 1 million people use it" back to making a difference in developers' lives. It finishes up talking about some of the "lessons learned" in how it worked with Laravel, a retrospective on its current state and a look forward at Laravel Excel v3.0.

tagged: laravel laravelexcel package opensource lesson learn motivation

Link: https://medium.com/@maatwebsite/laravel-excel-lessons-learned-7fee2812551

Yappa Blog:
(En)queue Symfony console commands
Mar 15, 2018 @ 12:13:06

The Yappa.be blog has a tutorial posted sharing the method they used to implement queued and scheduled execution of Symfony commands. This is made possible by the Enqueue package.

At Yappa, we have always used Johannes' JMSJobQueueBundle to run and schedule Symfony console commands for background jobs.

However, we've stumbled upon a much more elegant solution called Enqueue. [...] It's packed with features, supports major brokers such as RabbitMQ, Kafka, Amazon SQS, Google PubSub, Redis etc. and has a bundle ready to be used with Symfony.

[...] One downside is that the Enqueue Symfony bundle doesn't provide an out of the box solution to queue Symfony console commands and there's no 100% straight forward way to implement this. In this post I'll cover the basics in setting up the Enqueue Symfony bundle so we can easily queue Symfony console commands!

The tutorial then walks you through the installation of the Symfony bundle, adding it to the list of installed bundles and configuring it with basic parameters and queue connection details. Next they've included the code to create the processor used when a command is pushed to the queue. To handle the other side (execution of the command when the queue is handled) they create a "QueuedCommand" value object and a command handler class. With this structure in place they show the addition of test commands to the queue and the result when the queue is consumed.

tagged: symfony console command queue package handler tutorial

Link: http://tech.yappa.be/enqueue-symfony-console-commands

Sebastian De Deyne:
Server side rendering JavaScript from PHP
Mar 13, 2018 @ 10:21:24

Sebastian De Deyne has a tutorial posted to his site showing you how to use two packages to render Javascript on the server side via PHP.

Server side rendering is a hot topic when it comes to client side applications. Unfortunately, it's not an easy thing to do, especially if you're not building things in a Node.js environment.

I published two libraries to enable server side rendering JavaScript from PHP: spatie/server-side-rendering and spatie/laravel-server-side-rendering for Laravel apps.

Let's review some server side rendering concepts, benefits and tradeoffs, and build a server renderer in PHP from first principles.

The tutorial starts with a look at what "server-side rendering" means in this case, how it works with the browser and some of the benefits. It then talks about the rendering process and some of the tradeoffs between it and just using Javascript on the frontend. From there the post gets to the examples of the actual rendering process. If creates a simple Vue.js application that outputs a "Hello, world!" template. It then includes the code to use the packages (that, in turn, use the V8JS package) to render the Javascript and output the result.

tagged: serverside render javascript tutorial package spatie v8js

Link: https://sebastiandedeyne.com/posts/2018/server-side-rendering-javascript-from-php

Websec.io:
Using Canaries for Input Detection and Response
Feb 28, 2018 @ 11:27:51

The Websec.io site has posted a new tutorial today showing how to use "canary" values and the psecio/canary PHP package to detect and respond to potentially malicious input.

I'm sure you've heard the common phrase "a canary in a coal mine" when people talk about safety and detection of issues. When miners used to go down to work, there was a danger of trapped gasses being released as they were digging. Some of these gasses were hard for humans to detect and, if enough was breathed in, could lead to illness or even death. In order to help the miners detect and avoid these kinds of issues, they would take a canary (the bird) down into the mine with them.

[...] The idea of a "canary" value in the security world is pretty similar. A "canary" value is one that - real or faked - is somehow exposed outside of your own system. If this value is used you need to be notified immediately so you can take action and gather more information about the usage and any other associated issues.

The tutorial then introduces the psecio/canary package and shows some of its basic use detecting input and setting up notifications. It also covers some of the package's integrations for notifications with services like Slack, PagerDuty and custom Monolog handling. It also provides an example of it in a more "real world" situation of a Slim framework middleware that detects incoming GET parameters.

tagged: canary detect respond value tutorial package pseciocanary

Link: https://websec.io/2018/02/28/Canary-Input-Detect-Response.html

Cees-Jan Kiewiet:
ReactPHP with RecoilPHP: Creating for/http-middleware-psr15-adapter
Feb 09, 2018 @ 11:21:13

Cees-Jan Kiewiet is back with the latest tutorial in his series covering ReactPHP and RecoilPHP. In the previous parts he introduced some of the basic concepts and set up the first bits of code combining ReactPHP and RecoilPHP. In this latest tutorial (part three) he shows how to integrate this with a PSR-15 compliant middleware to evaluate response time.

There are more uses for coroutines than just making working with promises easier. In this post we're diving into the details on how they are used by the Friends of ReactPHP in the PSR-15 Middleware adapter for react/http.

When we started discussing how middleware for react/http should work we also look at the state of PSR-15 at the time. We decided against implementing it directly because of the fully blocking nature of PSR-15, in favour of callable. Which turned into an even better decision when return type hints where added to it to PSR-15. Now I love PSR-15, and middleware in general, which is why I created for/http-middleware-psr15-adapter to bridge the gap.

He starts with the code required to create a normal PSR-15 middleware and recreating the same functionality in a ReactPHP middleware. The article then shows how to use the package he developed to transform the middleware "on the fly" to enable it to be used both as a normal PSR-15 middleware and as a ReactPHP middleware. He ends the post with a word of caution and a bit of advice about using this method of rewriting - basically that just because you can doesn't mean you should.

tagged: reactphp recoil psr15 middleware translate onthefly package tutorial part3 series

Link: https://blog.wyrihaximus.net/2018/02/reactphp-with-recoilphp-party-three-http-middleware-psr-15-adapter/

Matin Hujer:
Consistence brings consistency to the PHP
Feb 06, 2018 @ 10:50:05

On his site today Matin Hujer has posted a tutorial covering the use of the Consistence library, a package that is designed to provide a consistent interface to PHP's functionality.

There is no argument, that PHP can sometimes be a bit inconsistent about naming stuff and maintaining order of parameters for related functions. Also, in some cases it is not strict and allows you to use the language and the functions in a wrong way. Sometimes you get false as a return value where an exception would be appropriate.

[...] Consistence provides opinionated strict wrappers with better error handling and consistent naming and consistent parameters order.

The remainder of the post goes through some of the functionality the package provides including:

  • Enums for better type safety
  • [Using] ObjectPrototype to disable magic methods
  • Consistent array manipulation functions
  • [Working with] Regular expressions

As a related piece he's also created PHPStan static analysis rules for the library to ensure it's being used correctly.

tagged: language consistency package library tutorial

Link: https://blog.martinhujer.cz/consistence-brings-consistency-to-the-php/

Laravel News:
Beautiful PHP CLI Menus for Laravel Artisan Commands
Feb 05, 2018 @ 10:33:53

On the Laravel News site today there's a post that highlights a package that makes it easier to create beautiful CLI menus for artisan commands in the Laravel framework.

Nuno Maduro, author of Laravel Zero and Collision (which nunomaduro/laravel-console-menu.

The post includes an example of code that can create the menu and its options. It also shows how you can change the look of the default menu, changing colors, the "selected" marker, padding and width. The package makes use of the php-school/cli-menu package for a lot of the base menu rendering and functionality.

tagged: tutorial menu cli artisan command laravel package

Link: https://laravel-news.com/beautiful-php-cli-menus-laravel-artisan-commands