Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Laravel News:
Generate a JSON Feed with Laravel
May 24, 2017 @ 10:49:46

In a new tutorial posted to the Laravel News site Eric Barnes shows you how to easily create JSON feed output from the data in a Laravel application. JSON feed is a new standard that's been defined to try to bring more structure to JSON responses for feeds, following in the tradition of RSS feed structure.

JSON Feed is a new standard to formalize a JSON based RSS feed that aims to simplify creating feeds by doing away with the XML standard. Implementing a feed for your site is simple, and the spec is surprisingly clear.

[...] I just implemented this feed format for Laravel News, and you can find the results here. As a quick example let’s go through setting up a feed like this.

He then walks you through the code required to create the feed, sharing a listing of posts (the latest 20) from the Laravel News site. He then defines the main feed data, adds in each of the posts to the "items" set and returns the resulting array for translation into JSON output.

tagged: jsonfeed standard laravel tutorial output json feed

Link: https://laravel-news.com/generate-a-json-feed-with-laravel

Dotkernel.com:
What is PSR-7 and How to Use It
May 22, 2017 @ 10:18:50

On of the standards that have come out of the PHP-FIG (PHP Framework Interoperability Group) in the past few years has been PSR-7, a standards definition for working with HTTP requests and responses as PHP objects. While those that have worked with most of the PHP frameworks out there may be familiar with the concept, it can be confusing if you're just getting started with the idea. In this post on the Dotkernel site they introduce PSR-7, talking about its goals and what it defines to help bring everyone on the same page for HTTP requests.

PSR-7 is a set of common interfaces defined by PHP Framework Interop Group. These interfaces are representing HTTP messages, and URIs for use when communicating trough HTTP.

Any web application using this set of interfaces is a PSR-7 application.

They start off by defining (and linking to) the different interfaces involved in the PSR-7 specification (the spec doesn't define functionality, only the structure). From there the tutorial uses the Zend Diactoros component to illustrate an implementation of the PSR-7 structure. They cover two of the main tasks when working with HTTP requests/responses: working with the headers and fetching/writing to the body.

tagged: psr7 phpfig standard http request response introduction

Link: https://www.dotkernel.com/dotkernel3/what-is-psr-7-and-how-to-use-it/

Community News:
Exakat - Static analysis tools for PHP
Feb 27, 2017 @ 14:25:25

On the Exakat GitHub account Damien Seguy has put together a pretty complete list of static analyzers you can use for your PHP applications.

The list is broken down into the types of scanners:

  • Bugs finders
  • Coding standards
  • DIY
  • Fixers
  • Metrics
  • SaaS
  • Misc

Each section includes a good list of tools and links to each of them (usually just to other GitHub repositories but some go to actual project pages). There's a lot of them to look through but be careful to evaluate the current state of the project. Just because it's linked here doesn't mean it's a complete tool.

tagged: static scanner tool language bug standard metrics saas list

Link: https://github.com/exakat/php-static-analysis-tools

Dev.to:
PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library
Feb 14, 2017 @ 12:10:29

In this post to the dev.to site Scott Arciszewski talks about a milestone in the PHP language, it being the first language to "add modern cryptography to its standard library" (PHP 7.2).

Last week, the voting phase closed on an RFC to add libsodium to PHP 7.2. The result was unanimous (37 in favor, 0 against).

When version 7.2 releases at the end of the year, PHP will be the first programming language to adopt modern cryptography in its standard library.

He goes on to talk about what "modern cryptography" is describing concepts like secure primitives and showing example of the high-level API the integration will provide. The post finishes out with a rebuttal against some of the nay-sayers around PHP and its reputation for security. They say that there's "no way PHP is more secure than " so Scott compares this libsodium addition to some of the features in other languages and where they're lacking in relation.

tagged: programming language cryptography standard library libsodium php72

Link: https://dev.to/paragonie/php-72-the-first-programming-language-to-add-modern-cryptography-to-its-standard-library

Paul Jones:
Package Development Standards: "pds/skeleton" Now Open For Review!
Dec 16, 2016 @ 10:54:14

Paul Jones has a post to his site with a proposal for a standard structure for PHP packages to help provide consistency across the PHP package ecosystem. His proposal - the Package Development Standards initiative - defines the structure of the repository instead of conventions to be used in the package itself (like naming or object structure).

The new pds/skeleton (and the related research) for public review. If you are a package author, you are invited to post your comments and criticisms of the publication as issues on the relevant Github repository.

The pds/skeleton publication describes a set of standard top-level PHP package directories and files. If you are an author of more than three packages on Packagist, chances are you already follow the standard! That’s because PDS initiative researches the PHP package ecosystem to recognize commonly adopted development practices.

He's putting it out there for public review for now until he can get some feedback from the community on the structure and recommendations made. He also recommends going a head and adding "pds/skeleton" to your "require-dev" section to indicate your compliance to the suggestions he's presented.

tagged: package structure repository standard definition opinion composer

Link: http://paul-m-jones.com/archives/6457

SitePoint PHP Blog:
From HTTP Messages to PSR-7: What’s It All About?
Oct 06, 2016 @ 11:57:03

The SitePoint PHP blog has a new tutorial posted hoping to demystify some of the confusion around HTTP and PSR-7, a standard from the PHP-FIG group around the handling of request and response messages in PHP applications.

The PHP Framework Interoperability Group (PHP-FIG) has relatively recently approved another proposal, the PSR-7: HTTP Messages Interface. The document crystallizes HTTP messages into 7 interfaces which a PHP library should implement if they subscribe to the specification. In PSR-7 By Example, Matthew Weier O’Phinney, editor of the PSR, gives an interesting overview of the specification. So what is it?

They start with the HTTP side of things, briefly covering what HTTP messages are and the format they're transmitted in. Using some example curl requests they show requests and responses involving normal responses, redirects and how they're broken down into objects implementing the MessageInterface, RequestInterface and ResponseInterface. They outline the PSR-7 specification in a UML diagram and talk about some of the challenges associated with PSR-7's handling (including the use of immutable objects and how it fits in with middleware handling).

The post ends with a listing of a few of the frameworks/libraries that already make use of the PSR-7 structure including Symfony, Slim, Guzzle and the HTTPlug client.

tagged: psr7 http messages tutorial introduction phpfig standard

Link: https://www.sitepoint.com/from-http-messages-to-psr-7-whats-it-all-about/

PHP Town Hall:
Episode 50: Low down on PSR-15
Jun 29, 2016 @ 09:20:22

The PHP Town Hall podcast has posted their latest episode (after a bit of hiatus) giving the low down on PSR-15, the proposed PHP-FIG standard for HTTP middleware.

n all star cast this episode, as Ben and Phil are joined by regular guest Anthony Ferrara - thinker of good ideas and long-time part-time side-line contributor to the PHP-FIG, Woody Gilk - one-speed rider & BDFL of Kohana, and Beau Simensen - author of a bunch of stuff including StackPHP.

Here we’re talking about some awesome stuff the PHP-FIG is working on: PSR-15 (HTTP Middleware). [...] We discuss all this, and the reason PSR-7 (HTTP Message) is not enough for the ecosystem to benefit from shareable middleware. [...] Woody provides a bit of the decision-making process in a very tricky aspect of the FIGs job, which is: should standards be built entirely to match existing implementations, or should standards try to improve on the learnings of the existing implementations to better them all as implementations change to support the standard. It’s all a bit chicken and egg, but a very worthy discussion to have.

You can catch this latest episode either through the in-page video player or directly on YouTube. If you enjoy the show, be sure to subscribe to their feed and get the latest as new shoes are released.

tagged: psr15 phpfig middleware proposal standard phptownhall podcast ep50

Link: https://phptownhall.com/episode-50-low-down-on-psr15/

Alex Bilbie:
OAuth 2.0 Device Flow Grant
Apr 20, 2016 @ 11:58:50

In a new post to his site Alex Bilbie looks at a good approach to simplifying the OAuth 2 authorization flow for a device and some of the simple PHP that can power it.

When signing into apps and services on devices such as a Playstation or an Apple TV it can be immensely frustrating experience. Generally you will ordeal something similar to one of the following scenarios: The utterly terrible experience whereby you don’t have anything other than an onscreen keyboard [or] A slightly less terrible experience whereby you can pair a bluetooth keyboard to enter your username and that crazy long password.

[...] There are some apps however - such as Youtube for Apple TV - that have a much better end user experience.

He talks more about this better experience involving a simple code presented to the user, a special URL to link the device and the typical OAuth-ish authorization page to link the request to your account. He then explains how it would work with a PHP backend: making the request to the auth server, returning a message with the codes and URL to pass along and the "device code" it responds with. He also includes a few examples of error responses for polling too quickly, pending authorization and a denied request. This is all based on the (currently in draft) OAuth 2.0 Device Flow Grant currently in the works.

tagged: device flow grant oauth2 example draft standard authorization

Link: http://alexbilbie.com/2016/04/oauth-2-device-flow-grant

PMG Blog:
Symfony from Scratch
May 21, 2015 @ 08:41:15

In the latest post to the PMG blog Chris Davis shows us how to create a Symfony application from scratch, that is without using the Symfony Standard repository/skeleton application.

The end goal here is to have an application that will send a simple Hello World message. So we’re going to cover the core framework stuff, but save things like templating, database access, ORMs, and forms for later. The goal here to see how to scaffold a Symfony app to better understand why symfony standard does what it does and where to deviate. We’ll end up with an app that uses the Symfony 3 directory structure.

Starting with the smallest "composer.json" he can (just symfony/symfony) he walks through the creation of the application one step at a time:

  • The Application Kernel
  • Handling Web Requests
  • What’s in a Bundle?
  • Stepping into Configuration
  • AppBundle
  • Hello, World

The end result is a simple page outputting a "Hello, World" message, but it gives you a good foundation to work from and understanding of the simplest pieces needed to make a Symfony application.

tagged: symfony scratch introduction simple application standard

Link: https://www.pmg.com/blog/symfony-from-scratch/

Matthew Weier O'Phinney:
PSR-7 Accepted!
May 20, 2015 @ 09:55:41

As Matthew Weier O'Phinney mentions in his latest post, the PSR-7 standard (HTTP) has passed and is officially accepted as a standard by the PHP-FIG group.

The road to PSR-7 was a long and winding one. It started in summer of 2012 as a draft proposal on HTTP clients by Benjamin Eberlei, during which others proposed that perhaps a smaller standard on the HTTP message interfaces themselves — which would also allow targeting server-side applications, as those rely on the messages.

He follows the proposal's flow through the PHP-FIG process, pointing out several others who contributed along the way and what changed along the way. He also includes a section of thanks for some of the other developers and PHP-FIG members that made contributions along the way.

tagged: psr7 phpfig accepted standard history

Link: https://mwop.net/blog/2015-05-18-psr-7-accepted.html