Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Building Your Startup:
Securing an API
May 22, 2017 @ 13:16:19

The TutsPlus.com site has continued their "Building Your Startup" tutorial series with a new post about APIs and security. In this series, they've been using the Yii2 framework to create a calendaring "startup" site. Now they're to the point of adding a "RESTful" API to the system and want to be sure it's secure.

Recently, I introduced you to Yii's simple REST API generation and Meeting Planner's new "RESTful" service API. At that time, I mentioned that these APIs were only loosely secured. Sure, there was a shared secret between the client and the server, but there were a couple of problems.

First, the secret key and user tokens were repeatedly transmitted in query parameters of SSL calls. And there was no other authenticity check for the data, allowing a middle-person attack. In today's episode, I'll guide you through how I secured the API against these weaknesses for a more robust API.

They start off looking at the API security that was previously put in place using an "app ID" and "app secret" values to identify the user. To improve on this, the system is updated to use the "app secret" value to sign the outgoing data via a HMAC hash that is sent along with the request.

tagged: api security tutorial yii2 build startup series hmac rest

Link: https://code.tutsplus.com/tutorials/building-your-startup-securing-an-api--cms-27867

SitePoint PHP Blog:
Re-Introducing Composer – the Cornerstone of Modern PHP Apps
May 22, 2017 @ 11:54:48

If you've been developing any kind of PHP applications lately, chances are you've at least heard of Composer. This package manager has dramatically changed the way we develop in PHP but there are still some out there wondering what all the fuss is about. In this tutorial from SitePoint author Claudio Ribeiro (re-)introduces this powerful tool and provides some basics of its use.

In this article, we will tackle the basics of Composer, and what makes it such a powerful and useful tool.

Before we go into detail, there are two things that we need to have in mind: what Composer is [and] what Composer is not. [...] Essentially, Composer allows you to declare and manage every dependency of your PHP projects.

He then walks you through the installation of the tool, running it either globally or locally (per-project). He lists out some of the basic commands, what they're for and helps you on your way to installing your first package: PHPUnit. He also covers the special "vendor" folder Composer creates, how autoloading works, various configuration values and installing packages globally rather than just locally. He then talks about the other side of the PHP package ecosystem: Packagist including how to submit packages and set up your own package's composer.json so it can be pulled in correctly.

tagged: composer introduction basics tutorial package packagist

Link: https://www.sitepoint.com/re-introducing-composer/

Rob Allen:
Inserting binary data into SQL Server with ZF1 & PHP 7
May 22, 2017 @ 09:34:51

In an interesting mix of "old" and "new" Rob Allen as shown in this new post to his site how to push binary data into a SQL Server database from a Zend Framework v1 application.

If you want to insert binary data into SQL Server in Zend Framework 1 then you probably used the trick of setting an array as the parameter's value with the info required by the sqlsrv driver as noted in Some notes on SQL Server blobs with sqlsrv.

[...] Working through the problem, I discovered that this is due to Zend_Db_Statement_Sqlsrv converting the $params array to references with this code. The Sqlsrv driver (v4) for PHP 7 does not like this! As Zend Framework 1 is EOL, we can't get a fix into upstream and update the new release, so we have to write our solution.

He includes the code for the "hack" that you'd normally have to do to push the binary data into the database. Zend Framework v1 is EOL (end of life) so the Zend_Db_Statement_Sqlsrv class can't be updated. Instead, he writes his own replacement, creating a new adapter specific to the application that handles the input as the SQL Server driver is expecting. He then updates the application configuration to force the new adapter to be used when the ZF1 application needs to connect to the SQL Server database.

tagged: insert binary data sqlserver zendframework php7 tutorial adapter

Link: https://akrabat.com/inserting-binary-data-into-sql-server-with-zf1-php-7/

Symfony Blog:
Preparing your Applications for PHP 7 with Symfony Polyfills
May 19, 2017 @ 11:07:50

The Symfony blog has posted an article showing you how to prepare your applications for a migration to PHP 7 with the help of various polyfill libraries. These libraries make it possible to use PHP 7 functionality in non-PHP 7 applications if the function in use isn't defined.

According to the May 2017 PHP Stats, 53% of PHP developers use PHP 7.0 or 7.1, but only 10% of Composer packages require PHP 7.0 or higher. In fact, 1 in 4 packages still require PHP 5.3, which is used by less than 1% of developers.

[...] Upgrading your development machines is usually a simple task, but upgrading the rest of the infrastructure (servers, tools, etc.) usually requires more resources. This is where Symfony Polyfills can help you preparing the code of your application for PHP 7.

The article briefly explains what polyfills are and how to load in the current Symfony set via a Composer install. There've provided functionality for PHP versions 5.4 through 5.6 as well as PHP 7.0 and 7.1 to ensure you have the most up to date functionality at your fingertips.

tagged: php7 application symfony polyfill library functionality composer tutorial

Link: http://symfony.com/blog/preparing-your-applications-for-php-7-with-symfony-polyfills

TutsPlus.com:
Programming With Yii2: Building Community With Voting, Comments, and Sharing
May 19, 2017 @ 10:27:21

The TutsPlus.com site has posted the latest in their "Programming with Yii2" series of tutorials with this new article looking at features for the application useful to build community around the site.

In today's tutorial, I'm going to show you how to extend Yii to easily mimic a site like Reddit with voting, comments, and sharing.

[...] I built some my latest Twitter API episodes on the early version of this platform, following friends on behalf of users and analyzing our followers. The site I described in those, Twixxr, forms the foundation of my Yii customization work.

So adding core functionality like voting, comments and sharing makes so much sense. As you expand your Yii codebase with these kinds of features, building new sites becomes faster, easier and increasingly powerful.

He then spends the rest of the article showing how to use three Yii2 plugins to help provide the community functionality he needed: a voting extension, a plugin for integrating Disquis and a "social extension" for other social plugins and widgets. He shows how to get these extensions installed and what code updates you'll need to make to use them across the application. This also includes screenshots of the results so you can be sure that you're on the right track.

tagged: tutorial series yii2 community voting comment disquis sharing

Link: https://code.tutsplus.com/tutorials/programming-with-yii-building-community-with-voting-comments-and-sharing--cms-27798

TutsPlus.com:
What Is WP-CLI? A Beginner’s Guide
May 18, 2017 @ 10:35:31

The TutsPlus.com site has posted a new tutorial introducing you to the WordPress command line tool, the WP-CLI.

WP-CLI has been around for quite some time now (circa 2011) and has steadily gained momentum in the WordPress developer community. But what is it exactly, and how can you use it in your WordPress workflow?

The idea behind WP-CLI is that it allows you to interact with, and manage, WordPress sites via a command line interface. According to the official documentation, it's a command line alternative to using the traditional WordPress admin user interface.

They starts by explaining some of what the tool can do and help you get it installed either manually (on Mac or Windows) or more automatically for the DesktopServer users out there. The tutorial then goes through the basics of using the wp command line tool including getting a listing of current settings, showing the version installed and getting a list of currently installed plugins and themes. It also shows how to install new plugins, list posts, pages and comments currently in the system. The post ends with some additional resources where you can get more information about the WP-CLI tool and its features.

tagged: wordpress wpcli tool commandline introduction tutorial

Link: https://code.tutsplus.com/tutorials/what-is-wp-cli-a-beginners-guide--cms-28649

Zend Framework Blog:
Context-specific escaping with zend-escaper
May 17, 2017 @ 09:44:25

The Zend Framework blog has continued their series spotlighting individual components of the framework and putting them to use outside of a ZF-based application. In the latest post they show how to use zend-escaper to handle context-specific escaping.

Security of your website is not just about mitigating and preventing things like SQL injection; it's also about protecting your users as they browse the site from things like cross-site scripting (XSS) attacks, cross-site request forgery (CSRF), and more. In particular, you need to be very careful about how you generate HTML, CSS, and JavaScript to ensure that you do not create such vectors.

As the mantra goes, filter input, and escape output.

They start with some of the main issues around escaping output in PHP (and some of the inconsistencies) and what zend-escaper can to to help. The tutorial then shows how to pull the component into your current application via Composer and set up a new Escaper instance. It briefly covers the built-in escaping methods and then provides some more real-world examples of how it can be used to protect your application.

tagged: zendescaper component tutorial introduction output escaping

Link: https://framework.zend.com/blog/2017-05-16-zend-escaper.html

Scotch.io:
User Authorization in Laravel 5.4 with Spatie Laravel-Permission
May 16, 2017 @ 11:28:09

On the Scotch.io site a new tutorial has been posted showing you how to use the Laravel-permission package (from Spatie) to more easily handle permission setup and validation in a Laravel application.

When building an application, we often need to set up an access control list (ACL). An ACL specifies the level of permission granted to a user of an application. For example a user John may have the permission to read and write to a resource while another user Smith may have the permission only to read the resource.

In this tutorial, I will teach you how to add access control to a Laravel app using Laravel-permission package. For this tutorial we will build a simple blog application where users can be assigned different levels of permission.

The tutorial then walks though the installation of the package and some of the new tables it adds to the database when you run the included migrations. It then talks about some of the methods that can be used, both on the backend and in Blade templates, to evaluate if the current user has the roles required. Next up is the creation of the controllers to handle the basic CRUD tasks and working with the blog posts and views to set up the permissions and roles. Finally the tutorial shows the code required to evaluate the roles and permissions of the user and an example of middleware that performs a pre-check to see if a user even has access to manage various pieces of the application.

tagged: tutorial spatie permission role package introduction blog acl ui interface

Link: https://scotch.io/tutorials/user-authorization-in-laravel-54-with-spatie-laravel-permission

SitePoint PHP Blog:
Booking Cookery Classes with Acuity Scheduling and Lumen
May 16, 2017 @ 10:44:09

The SitePoint PHP blog has recently posted a tutorial from author Lukas White showing how to create an online reservation system for cooking classes using Lumen and the Acuity Scheduling service.

I recently wrote an article about building an online system to book lessons with a driving instructor. [...] Cookery classes usually have a very well-defined limit on the number of students — you can only really teach as many people as you have cooking stations or cookers. That’s going to be the theme of this article — managing those “slots” in a cookery class. The principles remain the same for all sorts of other forms of tuition.

As before, we’re going to take advantage of Acuity Scheduling in order to manage bookings for our classes, and everything that entails.

First he walks you through exactly what he'll guide you through building and a real world scenario where it might be used. Next he shows how to set up an account on Acuity, create appointment types and get the credentials for the API integration. From there he gets into the implementation:

  • Creating a new Lumen project
  • installing the PHP SDK from Acuity
  • Getting a list of available class times and showing the list in a view
  • Setting up the booking form and handling the submit

This last step includes reaching out to the Acuity API and submitting the information for the appointment. It's not tracked on the application's side opting to use the Acuity service as a source of record.

tagged: tutorial cookery class online scheduling acuity api

Link: https://www.sitepoint.com/booking-cookery-classes-with-acuity-scheduling-and-lumen/

SitePoint PHP Blog:
PDS Skeleton by Example: A Standard for File and Folder Structure
May 15, 2017 @ 11:56:29

The SitePoint PHP blog has a tutorial posted by Younes Rafie introducing the php-pds/skelecton package definition and how it can be used to provide some structure and consistency across your package development.

Looking at the Packagist registry, we can see that most packages follow a pattern, with some small changes to fit their needs, while others have a weird folder structure that takes time to get your head around.

This problem has been solved in different ways by different people. Some frameworks have their own recommendations on how to structure your classes and assets, while others have a skeleton that you can use as a starting point. In this article, we’re going to explore the php-pds/skeleton and use it to build a small package as a demonstration.

He then uses a Laravel package example to show the build up of the package structure (based on the pds/skeleton definition). He goes through each portion of the skeleton structure talking about what they should contain:

  • config
  • resources
  • source files
  • tests
  • the "public" directory
  • bin/ folder
  • documentation
  • other files like README and LICENSE documents

He also suggests including a guide to contributing to the package and how to use the "validate" command to be sure this and the other items in the structure are in place.

tagged: pds skeleton package definition structure example tutorial

Link: https://www.sitepoint.com/pds-skeleton-by-example-a-standard-for-file-and-folder-structure/