Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Exakat - Static analysis tools for PHP
Feb 27, 2017 @ 14:25:25

On the Exakat GitHub account Damien Seguy has put together a pretty complete list of static analyzers you can use for your PHP applications.

The list is broken down into the types of scanners:

  • Bugs finders
  • Coding standards
  • DIY
  • Fixers
  • Metrics
  • SaaS
  • Misc

Each section includes a good list of tools and links to each of them (usually just to other GitHub repositories but some go to actual project pages). There's a lot of them to look through but be careful to evaluate the current state of the project. Just because it's linked here doesn't mean it's a complete tool.

tagged: static scanner tool language bug standard metrics saas list

Link: https://github.com/exakat/php-static-analysis-tools

PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library
Feb 14, 2017 @ 12:10:29

In this post to the dev.to site Scott Arciszewski talks about a milestone in the PHP language, it being the first language to "add modern cryptography to its standard library" (PHP 7.2).

Last week, the voting phase closed on an RFC to add libsodium to PHP 7.2. The result was unanimous (37 in favor, 0 against).

When version 7.2 releases at the end of the year, PHP will be the first programming language to adopt modern cryptography in its standard library.

He goes on to talk about what "modern cryptography" is describing concepts like secure primitives and showing example of the high-level API the integration will provide. The post finishes out with a rebuttal against some of the nay-sayers around PHP and its reputation for security. They say that there's "no way PHP is more secure than " so Scott compares this libsodium addition to some of the features in other languages and where they're lacking in relation.

tagged: programming language cryptography standard library libsodium php72

Link: https://dev.to/paragonie/php-72-the-first-programming-language-to-add-modern-cryptography-to-its-standard-library

Paul Jones:
Package Development Standards: "pds/skeleton" Now Open For Review!
Dec 16, 2016 @ 10:54:14

Paul Jones has a post to his site with a proposal for a standard structure for PHP packages to help provide consistency across the PHP package ecosystem. His proposal - the Package Development Standards initiative - defines the structure of the repository instead of conventions to be used in the package itself (like naming or object structure).

The new pds/skeleton (and the related research) for public review. If you are a package author, you are invited to post your comments and criticisms of the publication as issues on the relevant Github repository.

The pds/skeleton publication describes a set of standard top-level PHP package directories and files. If you are an author of more than three packages on Packagist, chances are you already follow the standard! That’s because PDS initiative researches the PHP package ecosystem to recognize commonly adopted development practices.

He's putting it out there for public review for now until he can get some feedback from the community on the structure and recommendations made. He also recommends going a head and adding "pds/skeleton" to your "require-dev" section to indicate your compliance to the suggestions he's presented.

tagged: package structure repository standard definition opinion composer

Link: http://paul-m-jones.com/archives/6457

SitePoint PHP Blog:
From HTTP Messages to PSR-7: What’s It All About?
Oct 06, 2016 @ 11:57:03

The SitePoint PHP blog has a new tutorial posted hoping to demystify some of the confusion around HTTP and PSR-7, a standard from the PHP-FIG group around the handling of request and response messages in PHP applications.

The PHP Framework Interoperability Group (PHP-FIG) has relatively recently approved another proposal, the PSR-7: HTTP Messages Interface. The document crystallizes HTTP messages into 7 interfaces which a PHP library should implement if they subscribe to the specification. In PSR-7 By Example, Matthew Weier O’Phinney, editor of the PSR, gives an interesting overview of the specification. So what is it?

They start with the HTTP side of things, briefly covering what HTTP messages are and the format they're transmitted in. Using some example curl requests they show requests and responses involving normal responses, redirects and how they're broken down into objects implementing the MessageInterface, RequestInterface and ResponseInterface. They outline the PSR-7 specification in a UML diagram and talk about some of the challenges associated with PSR-7's handling (including the use of immutable objects and how it fits in with middleware handling).

The post ends with a listing of a few of the frameworks/libraries that already make use of the PSR-7 structure including Symfony, Slim, Guzzle and the HTTPlug client.

tagged: psr7 http messages tutorial introduction phpfig standard

Link: https://www.sitepoint.com/from-http-messages-to-psr-7-whats-it-all-about/

PHP Town Hall:
Episode 50: Low down on PSR-15
Jun 29, 2016 @ 09:20:22

The PHP Town Hall podcast has posted their latest episode (after a bit of hiatus) giving the low down on PSR-15, the proposed PHP-FIG standard for HTTP middleware.

n all star cast this episode, as Ben and Phil are joined by regular guest Anthony Ferrara - thinker of good ideas and long-time part-time side-line contributor to the PHP-FIG, Woody Gilk - one-speed rider & BDFL of Kohana, and Beau Simensen - author of a bunch of stuff including StackPHP.

Here we’re talking about some awesome stuff the PHP-FIG is working on: PSR-15 (HTTP Middleware). [...] We discuss all this, and the reason PSR-7 (HTTP Message) is not enough for the ecosystem to benefit from shareable middleware. [...] Woody provides a bit of the decision-making process in a very tricky aspect of the FIGs job, which is: should standards be built entirely to match existing implementations, or should standards try to improve on the learnings of the existing implementations to better them all as implementations change to support the standard. It’s all a bit chicken and egg, but a very worthy discussion to have.

You can catch this latest episode either through the in-page video player or directly on YouTube. If you enjoy the show, be sure to subscribe to their feed and get the latest as new shoes are released.

tagged: psr15 phpfig middleware proposal standard phptownhall podcast ep50

Link: https://phptownhall.com/episode-50-low-down-on-psr15/

Alex Bilbie:
OAuth 2.0 Device Flow Grant
Apr 20, 2016 @ 11:58:50

In a new post to his site Alex Bilbie looks at a good approach to simplifying the OAuth 2 authorization flow for a device and some of the simple PHP that can power it.

When signing into apps and services on devices such as a Playstation or an Apple TV it can be immensely frustrating experience. Generally you will ordeal something similar to one of the following scenarios: The utterly terrible experience whereby you don’t have anything other than an onscreen keyboard [or] A slightly less terrible experience whereby you can pair a bluetooth keyboard to enter your username and that crazy long password.

[...] There are some apps however - such as Youtube for Apple TV - that have a much better end user experience.

He talks more about this better experience involving a simple code presented to the user, a special URL to link the device and the typical OAuth-ish authorization page to link the request to your account. He then explains how it would work with a PHP backend: making the request to the auth server, returning a message with the codes and URL to pass along and the "device code" it responds with. He also includes a few examples of error responses for polling too quickly, pending authorization and a denied request. This is all based on the (currently in draft) OAuth 2.0 Device Flow Grant currently in the works.

tagged: device flow grant oauth2 example draft standard authorization

Link: http://alexbilbie.com/2016/04/oauth-2-device-flow-grant

PMG Blog:
Symfony from Scratch
May 21, 2015 @ 08:41:15

In the latest post to the PMG blog Chris Davis shows us how to create a Symfony application from scratch, that is without using the Symfony Standard repository/skeleton application.

The end goal here is to have an application that will send a simple Hello World message. So we’re going to cover the core framework stuff, but save things like templating, database access, ORMs, and forms for later. The goal here to see how to scaffold a Symfony app to better understand why symfony standard does what it does and where to deviate. We’ll end up with an app that uses the Symfony 3 directory structure.

Starting with the smallest "composer.json" he can (just symfony/symfony) he walks through the creation of the application one step at a time:

  • The Application Kernel
  • Handling Web Requests
  • What’s in a Bundle?
  • Stepping into Configuration
  • AppBundle
  • Hello, World

The end result is a simple page outputting a "Hello, World" message, but it gives you a good foundation to work from and understanding of the simplest pieces needed to make a Symfony application.

tagged: symfony scratch introduction simple application standard

Link: https://www.pmg.com/blog/symfony-from-scratch/

Matthew Weier O'Phinney:
PSR-7 Accepted!
May 20, 2015 @ 09:55:41

As Matthew Weier O'Phinney mentions in his latest post, the PSR-7 standard (HTTP) has passed and is officially accepted as a standard by the PHP-FIG group.

The road to PSR-7 was a long and winding one. It started in summer of 2012 as a draft proposal on HTTP clients by Benjamin Eberlei, during which others proposed that perhaps a smaller standard on the HTTP message interfaces themselves — which would also allow targeting server-side applications, as those rely on the messages.

He follows the proposal's flow through the PHP-FIG process, pointing out several others who contributed along the way and what changed along the way. He also includes a section of thanks for some of the other developers and PHP-FIG members that made contributions along the way.

tagged: psr7 phpfig accepted standard history

Link: https://mwop.net/blog/2015-05-18-psr-7-accepted.html

This Programming Thing:
Creating Your Own Standard in PHPCS
May 12, 2015 @ 08:55:30

On the This Programming Thing blog there's a recent post showing you how to define your own "sniff" settings for the popular PHP_CodeSniffer tool. The codesniffer lets you define standards that need to be in place for all code in your application and notifies you of violations.

At Zimco, we’ve started working on standardizing our coding but we ran into a little problem while we tried to automate the process of making sure our code adhered to that standard. [...] I think we get into our own way of doing things and everything else is wrong. This code makes me feel irrationally angry (so angry I’m having a hard time not fixing it…). Ultimately, the best way to fix these kinds of formatting problems is to sit down and discuss what’s best and have everyone stick to the same set of standards.

They talk some about the place for PSR in coding standards (specifically PSR-2) and the fact that there's already "sniffs" provided to check against those rules. However, they point out that running this against a non-PSR-2 codebase can be a mess and show you how to customize your own standard to more match your current state. They use an XML configuration file to update the tab width setting to four spaces and then apply the PSR-2 standards. They also show how to exclude certain rules and mention a handy plugin you can use in Sublime Text to keep your code within standards.

tagged: standard phpcs phpcodesniffer sniff configuration xml psr2 update exclude

Link: http://www.thisprogrammingthing.com/2015/creating-your-own-standard-in-phpcs/

PSR-7 Voting Canceled
Apr 02, 2015 @ 09:34:40

The voting phase for the PSR-7 proposal (HTTP messaging structure) has been cancelled due to the desire to improve and clarify the spec before approving it.

Since we put PSR-7 up for a vote, a number of issues have arisen that we feel require attention. In most cases these are clarifications that, had they been made during REVIEW, could have been merged without dropping the spec back to DRAFT. Sadly, since PSR-7 is now up for a vote, we cannot make clarifications to the spec. We cannot even make clarifications after the spec is accepted, either, except by way of annotations and errata in the meta document.

We've weighed the risk of leaving the spec as-is against canceling the vote and making the required changes directly to the spec itself. This has been an ongoing discussion since the middle of last week. I had a meeting with Mathew and Paul this morning in which we decided that it would be in the best interest of everyone for us to cancel the vote and make the changes directly.

The call was a tough one, but the discussions around the proposal have worked out a lot of the kinks, just not all of them. As is mentioned in the Google Groups post, the PSR will go back up for a vote in two weeks. PSR-7 outlines a standardized interface for working with HTTP requests and responses, providing interoperability between frameworks and tools at this basic level.

tagged: psr7 http standard http vote cancel rework review

Link: https://groups.google.com/forum/#!msg/php-fig/42WhFKJzgrQ/9YbhKdLEOp4J