Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Nikola Posa:
Keep PhpStorm metadata away from project sources
Mar 15, 2017 @ 11:54:57

In a new post to his site Nikola Posa shows the PHPStorm users out there how to keep metadata about your projects away from the source (the content in the ./idea directory it creates by default).

I fell in love with PhpStorm only few months ago ago when I switched from NetBeans, my favorite IDE by then. One thing that I was missing from the very start is the ability to separate project metadata (.idea/ directory) from sources, because I like to keep away everything that is unnecessary from my project directory, as well as from the .gitignore file. It turned out that something like that is possible, but in contrast to NetBeans it's not so evident and requires a little more effort

It's a pretty simple four step process and he shows what settings to change:

  • Create new project in a directory where you would usually keep metadata
  • Open Settings / Preferences dialog and click on Directories node
  • Click Add Content Root button and select project sources directory
  • Remove content root that keeps project metadata

Screenshots are also included for each step to help make sure you're in the right place at all times.

tagged: phpstorm metadata project source setting configuration

Link: http://blog.nikolaposa.in.rs/2017/03/09/phpstorm-metadata-away-from-project-sources/

Stovepipe Systems:
Using bitwise instead of booleans
Aug 18, 2016 @ 11:18:44

On the Stovepipe Systems blog there's a new post from Yannick de Lange that suggests using bitwose operations instead of booleans to evaluate an on/off setting.

The naive way of storing many boolean options (in a database) is to create for each option a field and storing a 0 when it is false and 1 when it is true. Which of course works, but adding options will require a new field, which might require creating a compatibility layer for your old data. There is an easier way to do this and it's even more efficient at checking fields.

This brings me to an old topic which I have to explain to all the new people at some point and even once explained not everybody understands how it actually works. So in this post I'm going to explain how to use bitwise operators and how it works internally.

He starts with a common example using the 0/1 storage method and refactors it a bit to use different values that are more compatible with bitwise operations. He includes the usage of this system and how to works to evaluate multiple potential option values.

tagged: bitwise option boolean storage enable setting tutorial

Link: http://stovepipe.systems/post/using-bitwise-instead-of-booleans

Aaron Saray:
Two Quick Tips for Securing PHP Sessions
Feb 15, 2016 @ 09:41:47

In a new post to his site Aaron Saray has shared two tips that can help you protect the information in your PHP sessions - two configuration options to enable that can enforce stricter standards and options enhancing their overall security.

Let’s talk a little bit about session fixation in PHP. Such a fun topic, right? Tons to get into here. But, let’s just touch the surface on two VERY SIMPLE things you can be doing now to make sure that your website is safe.

The two configuration options he mentions are ones that:

  • force the session identifier to use cookies (versus also allowing it from the URL)
  • enforce "strict mode" on the sessions

Each comes with a bit of description as to what the setting does and the recommended setting is to provide the most protection. One note, though: strict mode is only included in PHP 5.5.2 or greater.

tagged: session security tip strict mode cookies useonly phpini configuration setting

Link: http://aaronsaray.com/2016/two-quick-tips-for-securing-php-sessions

SitePoint PHP Blog:
Configuring Your Store’s Settings with the eBay Trading API
Jan 12, 2015 @ 11:18:22

The SitePoint PHP blog has posted the next article in their "eBay Trading API" tutorial series today. In this new tutorial they show you how to configure your store's settings.

In part 1, we explained the different parts of eBay’s developer dashboard and configured our test application. We also created our database. Now we’re ready to create a project. In this part, we’ll focus on store settings. In part 3, we’ll add new products to our store.

They include the "composer.json" contents you'll need to install all of the libraries they'll use for the tutorial. With those installed they start in on the code, creating a basic Slim application that uses Twig views and some custom configuration options. Then he starts in on the classes, creating an "Ebay" class to handle the application settings and creating a "post" method to handle the API request. He adds in a few other helper methods and builds a database object/query to get the application details from the database. Next up are the templates for the main page and the controller to handle the default, session and token requests. He adds in some additional route configurations, makes a "view action" for the store settings and to request the user preferences from the API.

tagged: configure store setting ebay trading api series part2

Link: http://www.sitepoint.com/configuring-stores-settings-ebay-trading-api/

Kevin Schroeder:
Why you should not use .htaccess (AllowOverride All) in production
Feb 25, 2013 @ 10:31:09

Kevin Schroeder has posted the results of some research he did around using the "AllowOverride" setting in Apache. He found some interesting differences when it was set to "all".

Commonly known as .htaccess, AllowOverride is a neat little feature that allows you to tweak the server’s behavior without modifying the configuration file or restarting the server. [...] Beyond the obvious security problems of allowing configuration modifications in a public document root there is also a performance impact. What happens with AllowOverride is that Apache will do an open() call on each parent directory from the requested file onward.

He includes the output from a strace call in the post - first showing the function calls with it set to "none" then the same request with the setting on "all". More "open" calls are being made in the second run, increasing the execution time by a decent amount.

tagged: apache allowoverride all htaccess production setting performance


Kevin Schroeder:
Setting max_input_time (with data!)
Jan 11, 2013 @ 09:20:46

Kevin Schroeder has a new post to his site today wondering about the "max_input_time" setting for PHP and why some recommend it being a large number despite the (usually) fast time PHP has accepting input.

I asked a question on Twitter on why some of the recommend max_input_time settings seem to be ridiculously large. Some of the defaults I’ve seen have been upwards of 60 seconds. However, after thinking about it I was a little confused as to why a C program (i.e. PHP) would take so long to process string input. The reason I was thinking about this was because I was thinking about ways to protect PHP from denial of service attacks.

So he ran some tests to see just how effective changes in this setting could be and how much time a typical PHP request would need to take in input. Using a Zend Framework 2 HTTP client, he simulated POSTS and tracked the start and end times for a file upload. He includes the timing results in the post based on both this setup and a change to only post regular text-based form data.

tagged: maxinputtime zendframework2 setting seconds benchmark


Rob Allen:
ZendServiceManager configuration keys
Nov 12, 2012 @ 11:09:47

Rob Allen has a new post to his site sharing some examples of the configuration possibilities for the ZendServiceManager module of the Zend Framework 2.

ZendServiceManager is usually configured in two places: an array in a config file or a method within your Module class. In either case, you provide a nested array of configuration information. [...] Within the service_manager array, there are a set of nested arrays which are generally used to configure how you want a given class to be instantiated. the names of these sub-arrays are hardcoded, so you just need to learn their names and the difference between them.

He lists out each of the options and includes a brief example and description for each. Values include "invokables", "aliases" and "initializers". He also touches on controllers, view helpers and controller plugins and how they hook into the ServiceManager.

tagged: zendframework servicemanager module configuration setting


ServerGrove Blog:
Error "Cannot find module 'less'" with Symfony2, Assetic and Twitter Bootstrap
Mar 19, 2012 @ 12:36:25

On the ServerGrove blog, there's a quick post with a handy tip for the Symfony2 + Assetic users out there - how to get it to recognize the "less" module.

Unfortunately the Symfony documentation does not provide any details on how to configure Assetic to use LESS. There is a blog post by Dustin Dobervich that gives some pointers, but after following the instructions, Assetic issued the following error: Cannot find module ‘less’. We searched around without much success. After several tries, we nailed the configuration.

It's an easy two-step process: first you be sure you have "npm" (the package manager) installed on your system, then you modify your Symfony app.yml file to point to the Node modules path.

tagged: twitter bootstrap module less css yml setting node module


A Tour of PHP.INI
Dec 12, 2011 @ 10:42:45

On PHPMaster.com today Callum Hopkins has written up an introduction to the php.ini, the heart and soul of any PHP installation. With configuration options for just about everything, it can be confusing. This tutorial hits some of the highs and most commonly updated settings.

Anyone who has a server using PHP has undoubtedly heard of php.ini - it's the configuration file used to control and customize PHP's run-time behavior. It provides a simple way to configure settings. [...] In this article I’ll give an overview of some important settings I believe you should be concerned with when tweaking your own php.ini file.

The tutorial's broken up into a few different topics:

  • the PHP engine
  • Short tags
  • Output buffering
  • Automatic headers and footers
  • Handling errors
  • Time zones
tagged: phpini configuration tutorial file setting


Robert Basic's Blog:
Importing Symfony2 security settings from a bundle
Aug 25, 2011 @ 11:58:40

In a new post to his blog Robert Basic takes a brief look at importing Symfony2 security settings from a bundle he's been creating back into the main configuration.

I started to work on/figuring out the security part in Symfony2 and one part where the docs fail so far is to explain how to import security settings from a bundle. Once I put some thinking into it, it’s pretty easy actually. Simply import the needed security file in your main config file.

His trick is to use the "imports" key in his YAML config file to define the resource to pull from in his config.xml. More information on the format of the security file can be found here in the Symfony documentation. It helps you define authentication mechanisms, authorization models and working with access control and roles.

tagged: import security setting symfoyny2 bundle configuration resource