News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PEAR Blog:
PEAR 1.9.5 is out
July 14, 2014 @ 11:09:24

The PEAR blog has posted a new announcement about the latest release of the PEAR PHP package manager, version 1.9.5.

The PEAR installer version 1.9.5 has been released today. The new version - three years after the last stable 1.9.4 and 2 weeks after the preview - is a bugfix only release. 13 bugs have been fixed.

Fixes include things dealing with broken Windows pathing and a change to report the correct php.ini setting for the installed XDebug.

0 comments voice your opinion now!
pear package manager release bugfix

Link: http://blog.pear.php.net/2014/07/12/pear-1-9-5/

Hannes Magnusson:
I have a dream
May 26, 2014 @ 09:23:54

In his latest post Hannes Magnusson describes his "dream" about a future for PHP where things like upgrading and working with extensions would be simpler, faster and more manageable.

Today we will revolutionize PHP. We will make it easier to upgrade the things you care about. We will make it easier to not upgrade things you don't want to upgrade. We will make it easier to distribute your extensions. We will make it easier to release according to your own schedule. We will make it easier to add functionality. We will make it easier to work. Ok, today is a white lie here maybe... I haven't actually implemented this, but bare with me here for a second.

With the introduction and huge growth of Composer, the PEAR package manager is fading in popularity and is slowly being abandoned. Unfortunately, it's still the primary mechanism for deploying and installing PHP extensions (PECL packages). He talks about some of his recent experience reviving a package and issues he had around the use of the packaging manager. He proposes the creation of a new "pecl install" tool - a package manager dedicated to PHP extensions, decoupled from PEAR.

The manager would just install basic PHP then leave it up to you to pick which features you need from there. The idea is still in its early stages, but the idea has taken roots and plans are being worked through to see if this idea will work for the future of the language.

0 comments voice your opinion now!
pear pecl future language package manager extension

Link: http://bjori.blogspot.com/2014/05/i-have-dream.html

Fabien Potencier:
The rise of Composer and the fall of PEAR
May 05, 2014 @ 09:17:32

Fabien Potencier has a new post to his site today talking about a recent trend in the PHP community around dependency and package management, the rise of Composer and the fall of PEAR.

As a good package manager to let user easily install plugin/bundles/MODs was probably also a big concern for phpBB, I talked to Nils about this topic during this 2011 hackday in San Francisco. After sharing my thoughts about libzypp, "..., I [Nils] wrote the first lines of what should become Composer a few months later". [...] So, what about PEAR? PEAR served the PHP community for many years, and I think it's time now to make it die.

He goes on to talk about how he personally has used PEAR in the past and when he stopped work on Phirum, a simplified PEAR channel manager. Based on some logging results, he found that most dependencies on his channels were related to PHPUnit's needs. When Sebastian Bergmann announced the move of PHPUnit away from PEAR Fabien decided to make his own move to deprecate and eventually remove new releases from the PEAR sources.

0 comments voice your opinion now!
composer pear package manage deprecate

Link: http://fabien.potencier.org/article/72/the-rise-of-composer-and-the-fall-of-pear

Matthias Noback:
There's no such thing as an optional dependency
April 11, 2014 @ 11:19:19

In his latest post Matthias Noback suggests the idea that there's no such thing as an optional dependency when it comes to working with packages and Composer.

On several occasions I have tried to explain my opinion about "optional dependencies" (also known as "suggested dependencies" or "dev requirements") and I'm doing it again: "There's no such thing as an optional dependency." I'm talking about PHP packages here and specifically those defined by a composer.json file.

So that everyone's on the same page, he starts with an example of a true dependency in a sample adapter class. He asks the usual question - "what's needed to run this code?" - and looking a bit deeper at the "suggested" packages. As it turns out, some of these dependencies turn into actual requirements when you need certain features of the tool. He points out that this is a problem with quite a few packages in the Composer ecosystem and proposes a solution - splitting packages based on requirements. He gives an example based on his adapter with a Mongo requirement split off into a "knplabs/gaufrette-mongo-gridfs" package that's more descriptive of the requirements.

0 comments voice your opinion now!
optional dependency composer packagist suggested package

Link: http://php-and-symfony.matthiasnoback.nl/2014/04/theres-no-such-thing-as-an-optional-dependency/

PHPClasses.org:
Did You Mean Advanced Email Validation in PHP
April 09, 2014 @ 11:50:21

In this most recent post to the PHPClasses.org blog Manuel Lemos talks about invalid email addresses and shows the use of this package to evaluate them.

When you take users' email addresses, for instance in a site sign-up form, there are great chances that the addresses may be incorrect because of a typing mistake or it is not possible to deliver the message to the specified address for some reason. This e-mail validation package can detect and prevent that users enter incorrect addresses even before you accept them.

He starts the post with a list of six types of invalid email addresses including everything from simple typing mistakes out to temporary rejection from "gray listing". He shows how set up the class and briefly covers some of its methods and what they do. Also included is an example if it in use to validate the address. There's also a brief section at the end talking about using OAuth to work around users not wanting "yet another account" or to share their details with an untrusted application.

0 comments voice your opinion now!
email validation tutorial package example

Link: http://www.phpclasses.org/blog/package/13/post/2-Did-You-Mean-Advanced-Email-Validation-in-PHP.html

ServerGrove Blog:
Composer 101
March 21, 2014 @ 12:14:12

You might have heard about Composer but aren't quite sure what all the fuss is about it. In this new tutorial on the ServerGrove blog, they introduce you to it, help you get it installed and show how it can help you make dependency management simpler.

Composer is a tool for dependency management in PHP. It allows us to declare the libraries (packages from now on) on which our project depends on and downloads them for us. With many high quality packages available to us, the are redefining they way we are building PHP software. You can browse through the wide variety of packages at the composer main repository packagist.org. Composer is a simple tool to use and this tutorial will go over the installation and usage basics.

They walk you through the installation (or either *nix or Windows) and help you get started with your first "composer.json" configuration file. They talk about "composer.lock" and the role it plays and how Composer uses is (and the json version) to pull in dependencies for your libraries of choice. The article also briefly covers the "composer" command and the options it provides.

0 comments voice your opinion now!
composer dependency management package introduction

Link: http://blog.servergrove.com/2014/03/19/composer-tutorial/

Pádraic Brady:
PHP Package Signing My Current Thoughts
March 10, 2014 @ 11:57:49

Pádraic Brady has a new post sharing some of his ideas around PHP package signing and a few possible ways to approach (and possibly solve) the problem.

We figured out how to write good code. We figured out how to write good code in a reusable way...for the most part. We figured out how to distribute and mix all that good reusable code in a sensible fashion. Can we now figure out how to do it all securely? [...] The problem with package signing from my perspective is tied up in a phrase most of you would know: The needs of the many outweigh the needs of the few. Thank you, Spock.

He compares two different alternatives, Public-key infrastructure (PKI) vs (Pretty Good Privacy) GPG, and how the idea of trust fits into the picture. He also points out an unfortunate fact when it comes to the initial adoption of package signing methods - people are lazy (and cheap). They want to get things done and not have extra steps. Signing their packages would be one of these steps. He suggests an alternative, though, using double signatures to verify the integrity and validity of its contents. He also talks about the role that metadata plays in the overall package ecosystem and how signing it as well could be part of the solution.

0 comments voice your opinion now!
package signature signing metadata packagist composer

Link: http://blog.astrumfutura.com/2014/03/php-package-signing-my-current-thoughts

Pádraic Brady:
Thoughts on Composer's Future Security
March 06, 2014 @ 11:09:06

Pádraic Brady has a new "let's watch Paddy think aloud in a completely unstructured manner blog post" about the future of security when it comes to the popular PHP package manager Composer. It's recently come under criticism around its lack of package signing and TLS/SSL support.

The Composer issue, as initially reported by Kevin McArthur, was fairly simple. Since no download connection by Composer was properly secured using SSL/TLS then an attacker could, with the assistance of a Man-In-The-Middle (MITM) attack, substitute the package you wanted to download with a modified version that communicated with the attacker's server. They could, for example, plant a line of code which sends the contents of $_POST to the attacker's server.

He's been working on some updates to the project, one of with is TLS/SSL support as defined in this pull request currently pending. It enables peer verification by default, follows PHP 5.6 TLS recommendations and uses local system certificates in the connection. He talks some about other additional TLS/SSL measures that could be added in the future and how, despite it being safer than nothing, TLS/SSL is not the "cure all" for the problem.

He then moves on to package signing and suggests one method for implementation - signing the "composer.phar" executable and signing "everything else" (packages to be downloaded) to verify their validity.

The flaw in Composer's installer isn't that it's unsigned, it's that it doesn't afford the opportunity for the downloader to read it before it gets piped to PHP. It's a documentation issue. You can go down the route of using a CA, of course, but that's further down the rabbit hole than may be necessary. Signing the composer.phar file is another matter.
0 comments voice your opinion now!
composer package signing tls ssl support security

Link: http://blog.astrumfutura.com/2014/03/thoughts-on-composers-future-security

VG Tech:
Swagger Docs in ZF2 with Examples - Part 2 Swagger UI
March 06, 2014 @ 09:52:25

On the VG Tech blog, they've posted a follow-up to their previous post about using the Zend Framework 2 to generate Swagger documentation for an API. In this new post (part 2) they focus more on Swagger UI.

This blog post on Swagger UI is a follow-up on my recent post on Swagger annotation parsing in ZF2. If you're not already set up with Swagger annotation parsing in you ZF2 app I recommend that you read part 1 first. In the last post we got ZF2 set up with annotation parsing and everything, and the only thing missing was Swagger UI for the neat presentation. I skipped that previously but today we'll add the last piece.

This second part of the series uses a custom package to create a "SwaggerUI" module. There's a few file updates that need to be made to the configuration, but the rest is handled for you. In the end, the result will look something like this, showing endpoints and allow you to interact with the API directly through forms and sample calls.

0 comments voice your opinion now!
swagger swaggerui tutorial series part2 package module

Link: http://tech.vg.no/2014/03/06/swagger-docs-in-zf2-with-examples-part-2-swagger-ui-2/

SitePoint PHP Blog:
Debugging with Xdebug and Sublime Text 3
February 28, 2014 @ 11:10:53

The latest post from the SitePoint PHP blog, a new tutorial by Peter Nijssen, shows you how to get started with Xdebug and Sublime Text 3 to debug your PHP applications.

Debugging - we all do it a lot. Writing code perfectly the first time around is hard and only a few (if any) succeed at it. More than a year ago, Shameer wrote an article on SitePoint about how you can debug your application using Xdebug and Netbeans. In this article, we are going to have a look at how we can debug using Xdebug in combination with Sublime Text.

He assumes you already have Xdebug installed (and links to the instructions for those that don't) and helps you configure it to find your listening editor. Back in Sublime, he shows you how to use the package manager to install the Xdebug client and configure the current project to use it. He shows how to set up breakpoints and view the stack/watch data when the point is hit.

0 comments voice your opinion now!
debug xdebug sublimetext remote tutorial package client

Link: http://www.sitepoint.com/debugging-xdebug-sublime-text-3/


Community Events





Don't see your event here?
Let us know!


list code release api series community testing introduction framework interview refactor threedevsandamaybe language laravel symfony2 developer opinion unittest podcast install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework