Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
OctoberCMS CRUD – Building a Team/Project Management Plugin
Jan 28, 2016 @ 10:32:47

The SitePoint PHP blog continues their series covering the use of the OctoberCMS product to create a custom content management system tailored to your needs. In this new part of the series they show how to build a custom plugin for team management, showing how to use models and controllers along the way.

So far, we covered different aspects of OctoberCMS. This is a follow up article to discover how to use OctoberCMS for CRUD applications and take a detailed view at how to work with models, relations and controllers. [...] We are going to build a project management plugin where you can add different users to teams and assign them to projects.

You'll need to follow the first part of the series if you want to be able to follow along. Once you have that set up they show how to use the artisan command to create the plugin scaffold code and what the resulting pluginDetails function should look like. The tutorial then shows you how to create the related database tables and how to add the "team" column to the current user table. They then get in to creating the models to work with the tables, building out the controllers and view to manage the teams and the same kinds of handling for the "projects" the teams are related to. The post ends with a look at creating lists of projects/teams, adding in filtering and working with permissions for the management of teams.

tagged: octobercms series plugin custom team project management

Link: http://www.sitepoint.com/octobercms-crud-building-a-teamproject-management-plugin/

SitePoint PHP Blog:
More Tips for Defensive Programming in PHP
Jan 25, 2016 @ 12:07:48

The SitePoint PHP blog has posted a tutorial continuing on from some previous advice with even more defensive programming practices you can use in your PHP applications.

Many people argue against defensive programming, but this is often because of the types of methods they have seen espoused by some as defensive programming. Defensive programming should not be viewed as a way to avoid test driven development or as a way to simply compensate for failures and move on. [...] What are these methods, if not ways to anticipate that your program may fail, and either prevent those, or else ways in which to handle those failures appropriately?

They go on to talk about the ideas of "failing fast" when errors happen in your application with an extra suggestion added on - "fail loud" too. The tutorial then looks at four different places where more defensive programming techniques can be applied (and how):

  • Input validation
  • Preventing Accidental Assignment in Comparisons
  • Dealing with Try/Catch and Exceptions
  • Transactions

They end with a recommendation that, while you should fail fast and loud when issues come up, be sure it's not to the determent of the overall user experience or sharing messages with users that may just confuse them.

tagged: tutorial series defensive programming tips failfast input validation assignment trycatch transaction

Link: http://www.sitepoint.com/more-tips-for-defensive-programming-in-php/

Fortifying Security in WordPress, Part 1
Jan 25, 2016 @ 11:19:15

The TutsPlus.com site has posted the first part of a series wanting to help you secure your WordPress installation even more effectively. In part one of the series they cover some of the basics of securing the installation itself and the environment it lives in.

Do you think WordPress is secure? It's OK if you don't, because many people think WordPress is an insecure content management system, yet it's very far from the truth... at least today. [...] I'm sorry if you think the other way, but it doesn't. Frequent patches don't necessarily mean that a piece of software is poorly coded against security threats.

[...] The important thing here is to be responsive and preemptive, and that's something that WordPress excels at. [...] Yet, nothing is a hundred percent secure. We're living in times in which scientists are about to crack the code in our brains! Nothing is impenetrable, including our brains apparently, and WordPress is no exception. But the impossibility of 100% security doesn't mean we shouldn't go for 99.999%.

The remainder of the post is broken down into two different tips with the code/configuration changes and descriptions for what you need to update:

  • Securing the .htaccess File
  • Security Tricks for the wp-config.php File and Its Contents

The second item on that list also gets into some of the constant definitions and some advice on generating good "salt keys" for the configuration.

tagged: tutorial wordpress security series part1 htaccess configuration

Link: http://code.tutsplus.com/tutorials/fortifying-security-in-wordpress-part-1--cms-25403

Ibuildings Blog:
Programming Guidelines - Part 1: Reducing Complexity
Jan 21, 2016 @ 11:53:08

On the Ibuildings blog Matthias Noback has kicked off a series that wants to help PHP developers reduce the complexity of their applications. In part one he shares some general tips along with code snippets illustrating the change.

PHP is pretty much a freestyle programming language. It's dynamic and quite forgiving towards the programmer. As a PHP developer you therefore need a lot of discipline to get your code right. Over the years I've read many programming books and discussed code style with many fellow developers. I can't remember which rules come from which book or person, but this article (and the following ones) reflect what I see as some of the most helpful rules for delivering better code: code that is future-proof, because it can be read and understood quite well. Fellow developers can reason about it with certainty, quickly spot problems, and easily use it in other parts of a code base.

The rest of the article is broken up into several changes you can make to reduce complex code including:

  • Reduce the number of branches in a function body
  • Create small logical units
  • Using single (variable) types
  • Making expressions more readable

He ends this first post in the series with a mention of a few other books to read up on around the subject of "clean" and less complex code.

tagged: reduce complexity programming guideline series part1

Link: https://www.ibuildings.nl/blog/2016/01/programming-guidelines-php-developers-part-1-reducing-complexity

WP REST API: Setting Up and Using OAuth 1.0a Authentication
Jan 15, 2016 @ 10:54:12

The NetTuts.com site has a new tutorial posted showing you how to work with the authentication of the WordPress REST API and using its OAuth 1.0a handling. This is part three in their series of tutorials introducing the WordPress REST API.

In the previous part of the series, we set up basic HTTP authentication on the server by installing the plugin available on GitHub by the WP REST API team. [...] For using authentication on production servers, there needs to be a more secure way of sending authenticated requests without risking exposing the login credentials. Thanks to the OAuth authentication method, those requests can be sent without exposing the username and the password in an unsafe manner.

In the current part of the series, we will learn to set up and use the OAuth authentication method to be used with the WP REST API plugin.

They start the tutorial with a brief look at what OAuth is and how it's used to authenticate the end user/client/software/etc. They then walk through the flow of a simple OAuth-based authentication system and the pieces that make it up. Then the article gets into how to install the plugin for your WordPress instance and activate it from the command line. They show how to test that it's enabled and how to use a command line client to create tokens you can then use to access the API in your own clients.

tagged: wordpress tutorial wpapi api rest oauth authentication series part3

Link: http://code.tutsplus.com/tutorials/wp-rest-api-setting-up-and-using-oauth-10a-authentication--cms-24797

Derick Rethans:
New MongoDB Drivers for PHP and HHVM: Architecture
Jan 12, 2016 @ 09:37:59

Derick Rethans continues his look at the latest version of the MongoDB drivers for both PHP and HHVM with this look at their architecture and how it's different from previous versions.

We recently released a new version of the MongoDB driver for PHP (the mongodb extension). This release is the result of nearly a year and a half of work to re-engineer and rewrite the original MongoDB driver (mongo). In the previous blog post, I covered the back story of the how and why we undertook this effort. In this new blog post, I will talk about the architecture of the new driver.

He uses the goals stated at the end of his previous post and covers:

  • Support for Other PHP Engines like HHVM
  • [How/Why] The Driver Should Be Bare Bones
  • No Reinvention of the Wheel
  • Provide an Easy to Use API
  • Backwards Compatibility

From there he then gives an overview (complete with a handy graphic) of the overall MongoDB PHP ecosystem and where the extensions fit in the plan.

tagged: mongodb derickrethans drivers hhvm architecture series part2

Link: http://derickrethans.nl/new-drivers-part2.html

Matt Stauffer:
Form array validation in Laravel 5.2
Dec 17, 2015 @ 11:23:35

Matt Stauffer has kicked off a new series on his blog about some of the new features in Laravel 5.2 and how to use them effectively. In this first part of the series he looks at form array validation and using it on more complex form submissions.

Form array validation simplifies the process of validating the somewhat abnormal shape of data HTML forms pass in when the array syntax is used. If you're not familiar with it, a common use case is when you allow a user to add multiple instances of the same type on one form.

[...] But how do we validate this? Prior to 5.2, it's a bunch of manual work. Now, Laravel understands this nesting structure and can validate against it uniquely.

He compares the new validation handling with a standard validator (for a single text string) and shows how a "dot" (period) notation can be used to define the more complex rules. You can even use asterisks for wildcard making at any level. Definitely a nice addition to the validation handling in the framework.

tagged: form validation array laravel5.2 version wildcard complex tutorial series part1

Link: https://mattstauffer.co/blog/form-array-validation-in-laravel-5-2

SitePoint PHP Blog:
Liking, Watchlisting and Uploading through Vimeo’s API
Nov 26, 2015 @ 10:26:40

The SitePoint PHP blog continues their series looking at using the Vimeo API from PHP with the second part of their series, enhancing the previous functionality. In this new tutorial they show you how to hook in to the Vimeo API and "like" videos, add them to watchlists and even push them through as uploads.

In a previous post, we used the Vimeo API to build a rudimentary video application with Silex and Twig. We added login and user feed functionality and wrapped it all up with a video searching feature. In this one, we’ll add in liking a video, adding a video to a watchlist for later, and uploading videos via the Vimeo API.

You'll need to have the functionality from part one in place first. From there they take off running, showing you how to interact with videos to perform the "like" and "add to watchlist" actions. The interaction with the API is fired from Javascript on the page and passed through a backend script through to the API. They follow this with the handling for the uploads, using a standard file upload form for input with a few validations once submitted. The code then uses the library to pull in the contents of the file and push it through to the API.

tagged: vimeo api tutorial part2 series watchlist like upload video

Link: http://www.sitepoint.com/liking-watchlisting-and-uploading-through-vimeos-api/

Programming With Yii2: Using the Advanced Application Template
Nov 24, 2015 @ 10:10:47

NetTuts.com has continued their series around programming with the Yii2 framework in this latest tutorial looking at the use of the Advanced Application Template, an enhanced boilerplate system that provides a bit more built-in functionality than the default application setup.

In this Programming With Yii2 series, I'm guiding readers in use of the Yii2 Framework for PHP. As you begin to use Yii for real development, you may want to start your next project with its Advanced Application Template. Among other things, it provides integrated user management features as well as two applications, one for the consumer-facing front end and the other, an administrative back end.

In this tutorial, I'll introduce you to the Yii2 Advanced Template and guide you through the basic setup and usage.

They start with a look at how the Advanced Template is different from the default one (a checklist) and how to set up a new project using it. They show how to configure the database connection and execute the required migration to build out the user table. They also walk you through the Apache setup for local development and what the resulting "Congratulations" page should look like. The remainder of the post explores the user management section, showing how to configure email delivery, signup, login and password reset requests.

tagged: yii2 framework series advanced application template user management tutorial

Link: http://code.tutsplus.com/tutorials/programming-with-yii2-using-the-advanced-application-template--cms-24994

Alfred Nutile:
Laravel Training: The Laravel Maven and the Laravel Novice
Nov 11, 2015 @ 11:09:22

Alfred Nutile has posted information about a series of Laravel-related training videos that aim to help you go from "Laravel 0 to Deploy" as they walk you through the creation and deployment of a simple blog based on the Laravel framework features.

The two of us come together in this raw footage of building a Blog in Laravel. You get both the insights of an experienced Laravel Software Writer (Alfred Nutile) and the questions of a WordPress developer new to Laravel, (Joe Bacal)

As of the time of this post there's four episodes in the series with more planned:

Other topics to come include working with Homestead, managing Gulp dependencies, creating a contact form and working with single page applications.

tagged: laravel training screencast introduction beginner video series blog application

Link: https://alfrednutile.info/trainings/laravel