News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Marc Aube:
Design Pattern Specification
May 25, 2015 @ 12:19:47

Marc Aube has a new post to his site that introduces you to the specification design pattern, a technique that's useful for ensuing the current state of an object is valid.

The specification pattern is a software design pattern used to codify business rules that state something about an object. These simple predicates determine if an object's state satisfies a certain business criteria. They can then be combined to form composite specifications using logical operators. Use a specification to encapsulate a business rule which does not belong inside entities or value objects, but is applied to them.

He suggests a few things the pattern could be useful for like validating the current state or define how an object should be created. He gives a few more "real world" examples and then gets into the code to create a custom specification. In his "CustomerIsPremium" spec he defines a single method on an interface to determine if the Customer given is correct. He then creates a class instance and encapsulates the logic inside its "isSatisfiedBy" method. He also includes a bit more complex example, showing how to create a composite specification for handling grouping like "and", "or" and "not" assertions. Finally he looks at how to build specifications that can be passed in and used as selection criteria. He does point out that this can leak database handling into the specification layer, however, and should really be avoided without a inversion of control method in place.

0 comments voice your opinion now!
specification designpattern pattern example composite select validate

Link: http://marcaube.ca/2015/05/specifications/

Eric Barnes:
How To Validate an array of form fields with Laravel
April 07, 2015 @ 09:48:34

Eric Barnes has a new post to his site showing you how to validate form input in a Laravel application using the form requests feature.

If you've used Laravel's form validation for any length of time, then you know it's a powerful system. It makes the tedious task of validation very simple while still keeping the door open for complex rules. In this tutorial, I want to show you a simple and easy way of validating forms that contain dynamic fields. A common use case for these types of forms is when you would like to allow a user to add more fields to a form.

His example uses a form with a handful of text fields rendered with a simple "for" loop in the template. He then helps you make a new Request instance (OrderRequest) and adding custom validation rules into its "rules" method. In this case, he sets a rule that the content is required and can be no longer than 255 characters. He also shows how to use the custom messages functionality, defining custom values for each of the form's fields.

0 comments voice your opinion now!
validate form data laravel formrequests example tutorial

Link: http://ericlbarnes.com/laravel-array-validation/

Joshua Thijssen:
Advanced user switching
February 25, 2015 @ 09:12:05

Joshua Thijssen has a new post today with a "neat trick" that the Symfony Security component allows - switching (impersonating) another user programatically.

This allows you to login as another user, without supplying their password. Suppose a client of your application has a problem at a certain page which you want to investigate. Sometimes this is not possible under your own account, as you don't have the same data as the user, so the issue might not even occur in your account. Instead of asking the password from the user itself, which is cumbersome, and not a very safe thing to begin with, you can use the switch-user feature.

He talks about how to enable it, how to use it to switch to another user and, most important, how to restrict its use. He points out that there's no way to define who a user can switch to built-in, so he's come up with a custom "switch listener" to help add in this protection. His "SwitchUserListener" class replicates some of the code in the original handling (well, the whole class) and updates the "attemptSwitchUser" method to check the user they're trying to switch to and see if they have the right role. Finally he shows how to add it to the services configuration and how it overrides the default listener.

0 comments voice your opinion now!
user switching advanced tutorial custom listener role access validate

Link: https://www.adayinthelifeof.nl/2015/02/24/advanced-user-switching/

Rob Allen:
Validating JSON with ZF2's ZendValidator
December 09, 2014 @ 10:42:40

Rob Allen has a quick post today showing how to use the ZendValidator component from Zend Framework 2 to handle JSON validation.

Let's say that you have an admin form where the user can enter JSON and you'd like to validate that the JSON parses before allowing the user to submit. To do this, you can use the rather excellent jsonlint project by Jordi Boggiano. Obviously, add it via Compser.

He starts with a quick example of using the "JsonParser" in isolation to validate a JSON string. Then he integrates it into the framework as a custom validator class (extending the AbstractValidator) and enabling the "isValid" call to be made and return a pass/fail result. You can find out more about the ZendValidator component in this page of the Zend Framework manual.

0 comments voice your opinion now!
zendframework2 json validate jslint custom validator

Link: http://akrabat.com/zend-framework-2/validating-json-with-zf2s-zendvalidator/

Master Zend Framework:
How to Use ZFTool Diagnostics To Ensure Your Modules Work
May 13, 2014 @ 10:55:19

The Master Zend Framework site has a new tutorial today showing you how to use the ZFTool diagnostics to make sure your modules are working correctly. The ZFTool is a stand-alone tool that can help with common tasks like working with application configuration and creating module and project skeletons.

Do you want to be sure that when you create Zend Framework 2 modules, that they'll work in whatever environment they're used in? At the very least, do you want a simple way for users to check, as well as something that's self-documenting? If so, you're in the right place. Last year, I gave a basic introduction to ZFTool, which is a command line tool to manage applications written in Zend Framework 2. [...] In addition to [the included diagnostic checks] we can write our own diagnostic checks, using the Success, Failure and Warning classes. So in today's tutorial, I'm going to show how to add diagnostics support to a module.

He's broken the rest of the tutorial up into four other parts, each with the code or commands you'll need:

  • Add Diagnostics Support
  • The Diagnostics Function
  • Running Module Diagnostics
  • When Checks Fail

You can find out more about the ZFTool and its usage in with diagnostics in the official manual

0 comments voice your opinion now!
zftool module diagnostic validate zendframework2

Link: http://www.masterzendframework.com/zftool-2/use-zftool-diagnostics-ensure-modules-work

Master Zend Framework:
Using Sessions In Zend Framework 2 - Part 2
May 06, 2014 @ 11:18:26

The Master Zend Framework continues its series about using sessions in Zend Framework 2 applications. In part two of the series he focuses on validators and some of the backend storage options the framework makes possible.

In last week's tutorial we covered the basics of sessions in Zend Framework 2, looking at how to implement them by making changes to module/Application/Module.php so that they're available application-wide then how to both set and retrieve information in the session. In this week's tutorial, we're going to take last week's post further, by looking at session validation as well as different backends. These two things will help protect your session data from session hijacking, as well as help you scale your application, by storing the information using a more universal backend, which a filesystem most often times will never be.

He starts off with a bit of background about the structure of an average session in the framework is like, broken out into sections via the "Container" object. Then he starts in on the validators and describes a two of the built-in methods: "HttpUserAgent" and "RemoteAddr". A few code examples are included before he moves on to the backend options (like Cache, DbTable and MongoDB) using a "StorageFactory" object in the configuration.

0 comments voice your opinion now!
session zendframework2 part2 series validate backend

Link: http://www.masterzendframework.com/sessions/using-sessions-zend-framework-2-part-2

Alison Gianotto:
Check User-Submitted URLs for Malware and Phishing in Your Application
April 07, 2014 @ 10:01:59

In her latest post Alison Gianotto looks at a few different ways that you can validate any URLs that your users might give you to ensure they're not anything malicious. She looks at two of the major services, the Google SafeBrowsing API and SURBLs, as well as mentioning a few others.

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links. Fortunately, there are several free options for you to better protect your systems and your users against bad guys, and they're pretty simple to implement. (My examples are in PHP, but could easily be adapted to whatever language you prefer.)

She starts with an example call to the Google's SafeBrowsing service, making a curl call and parsing the result. The other service, SURBL, makes use of DNS validation calls complete with code examples. She also talks about Phishtank and VirusTotal as other options. She finishes the post with a few suggestions for working with the rate limit restrictions on these services, including things like only checking on click-through and ensuring failure is handled well.

0 comments voice your opinion now!
malware phishing url validate google safebrowsing surbl tutorial

Link: http://www.snipe.net/2014/04/check-user-submitted-urls-for-malware-and-phishing-in-your-application

Mike Dalisay:
Salt, Hash and Store Passwords Securely with Phpass
April 08, 2013 @ 12:16:29

On Mike Dalisay's site there's a recent post showing how to use the Phpass tool to salt, hash and store passowrd data in your application.

I think the main reason why we have to hash passwords is to prevent passwords from being stolen or compromised. You see, even if someone steal your database, they will never read your actual or cleartext password. I know that some PHP frameworks or CMS already provide this functionality, but I believe that it is important for us to know how its implementation can be made.

His sample application stores the user data in a MySQL database and does the salting+hashing at the time of the request. It uses a hard-coded salt and a value of 8 for the hashing/stretching. Screenshots of each page in the example application are also included.

0 comments voice your opinion now!
phpass salt hash password mysql tutorial email validate

Link: http://www.codeofaninja.com/2013/03/php-hash-password.html#.UVziYKUm0sc.dzone

PHPMaster.com:
Creating a PHP OAuth Server
January 01, 2013 @ 11:56:46

On PHPMaster.com today there's a new tutorial posted about creating your own OAuth server in PHP using the oauth-php package to do the "heavy lifting".

If you've ever integrated with another API that requires security (such as Twitter), you've probably consumed an OAuth service. In this article, I'll explore what it takes to create your own three-legged OAuth server allowing you, for example, to create your own secure API which you can release publicly.

They include a visual representation of the OAuth authentication flow (it's not the simplest thing) and the database structure/sample code you'll need to get the server up and listening. Also included is a registration form and how to generate a request token and give back an access token. There's also some sample code showing how to validate the request and it's access token to check for a correct (and allowed) request.

0 comments voice your opinion now!
tutorial oauth server oauthphp flow authentication access validate


Reddit.com:
Protecting against attack?
May 18, 2012 @ 10:19:35

In this recent post to Reddit.com, the question of application security is asked - the poster wants recommendations on how he should keep his app safe from would-be attackers:

I can code fairly well in PHP these days, but my security isn't so hot. Is there a tutorial or plugin you guys can recommend as to how I should be protecting my php pages/inputs? I want to avoid common attacks like XSS, inputs with NULL or DROP TABLE etc?

Responses on the post include recommendations related to:

  • Using the Chorizo scanner to find common issues in your code
  • Using PDO for database connections (with bound parameters)
  • Not trusting "$_SERVER"
  • Data sanitization

There's also links to a few other resources with more details.

0 comments voice your opinion now!
security attack opinion xss pdo validate filter



Community Events

Don't see your event here?
Let us know!


example symfony framework application part2 community api introduction series interview yii2 language project php7 composer podcast laravel opinion testing list

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework