Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Master Zend Framework:
How to Migrate from Zend Expressive Version 1 to 2 with Command-Line Tooling
Jun 27, 2017 @ 10:43:30

On the Master Zend Framework site Matthew Setter has written up a new tutorial showing you how to migrate from Zend Expressive v1 to v2 with the help of some command line tooling support provided as a part of recent updates to the project.

In part one of this series, we started learning about the tooling support available for Zend Expressive, provided by Zend Expressive Tooling There, we learned how we can use the package to create, register, and deregister middleware, and scaffold new modules. But that's only half of what the package can do.

Here, in part two, let's learn about the other half, which removes some of the heavy lifting required when migrating Zend Expressive applications from version one to two.

He first defines some of the main differences between the two versions, a checklist of things the tooling will help you more automagically update. He talks more specifically about migration support, moving to "programatic pipelines" in Expressive v2 and scanning for deprecated error middleware. There's also information about locating the legacy request and response handling and how they're refactored to the newer format.

tagged: tutorial zendexpressive zendframework migrate version update tooling commandline

Link: http://www.masterzendframework.com/tooling/migrating-to-version-2/

Zend Framework:
Convert objects to arrays and back with zend-hydrator
Jun 21, 2017 @ 11:32:01

The Zend Framework blog has posted another in their series of component spotlights, focusing in on a single component of the framework and its use. In this latest article they cover the zend-hydrator component, useful for converting objects to arrays and back.

APIs are all the rage these days, and a tremendous number of them are being written in PHP. When APIs were first gaining popularity, this seemed like a match made in heaven: query the database, pass the results to json_encode(), and voilà! API payload! In reverse, it's json_decode(), pass the data to the database, and done!

Modern day professional PHP, however, is skewing towards usage of value objects and entities, but we're still creating APIs. [...] Zend Framework's answer to that question is zend-hydrator. Hydrators can extract an associative array of data from an object, and hydrate an object from an associative array of data.

They start with the command to get the zend-hydrator package installed (and a dependency they'll need for their examples, zend-filter). A code example is included that shows how to convert a "book" object to an array using the ReflectionHydrator. Next is an example of switching it back, changing the array of data back into a book object. Next comes the integration with zend-filter, showing how to filter values out of objects/arrays you might not want in the end result by adding the filter to the hydrator. Also included are examples of modifying data (strategies), filtering on property names, delegation of the translation based on object type and a few other features included in the component that could be helpful.

tagged: zendframework component zendhydrator tutorial introduction filter translate

Link: https://framework.zend.com/blog/2017-06-21-zend-hydrator.html

Rob Allen:
Simple way to add a filter to Zend-InputFilter
Jun 21, 2017 @ 09:16:29

Rob Allen has a quick new post to his site sharing a simple way to add a filter to the Zend-InputFilter component when it's in use on your site.

Using Zend-InputFilter is remarkably easy to use. [...] How do you add your filter to it though?

He starts with an example of putting the component to use in requiring and filtering the value in "my_field" for the data provided. He then shows how to add his "simple filter that does absolutely nothing", the MyFilter, to the current set. He also shows the creation of a "filter factory" class that registers the custom filter into the chain with an alias of "MyFIlter". You can then use it just like you would any other filter and define it in your rules specification.

tagged: zendframework zendinputfilter component custom filter tutorial factory

Link: https://akrabat.com/simple-way-to-add-a-filter-to-zend-inputfilter/

Zend Framework Blog:
Validate data using zend-inputfilter
Jun 16, 2017 @ 09:22:37

Matthew Weier O'Phinney is back on the Zend Framework blog today with a spotlight on another component of the Zend Framework. This time he features zend-inputfilter, a useful component for filtering the data coming into your application from your users.

In our previous two posts, we covered zend-filter and zend-validator. With these two components, you now have the tools necessary to ensure any given user input is valid, fulfilling the first half of the "filter input, escape output" mantra.

[...] To solve [the single shot validation] problem, Zend Framework provides zend-inputfilter. An input filter aggregates one or more inputs, any one of which may also be another input filter, allowing you to validate complex, multi-set, and nested set values.

As in the other tutorials in the series, Matthew walks you through the installation of the component via Composer and briefly describes how it operates. He then includes a code example of creating a new InputFilter instance, making inputs, attaching validators to them and then ensuring everything validates in the chain with an isValid call. He then covers input specifications - configurations based on array values - to define validators on the input elements. He ends the post looking at input filters, how to manage them and defining them by specification. He also mentions a few other pieces fo functionality the component includes but he didn't cover here.

tagged: zendinputfilter component zendframework series input filter chain

Link: https://framework.zend.com/blog/2017-06-15-zend-inputfilter.html

Zend Framework Blog:
Validate input using zend-validator
Jun 14, 2017 @ 11:25:36

The Zend Framework blog has continued their series spotlighting various components of the framework with their latest installment. In this latest tutorial they cover the zend-validator component used to validate data against a set of rules for correctness.

In our previous post, we covered zend-filter, The filters in zend-filter are generally used to pre-filter or normalize incoming data. This is all well and good, but we still don't know if the data is valid. That's where zend-validator comes in.

The post starts with showing how to get the component installed via Composer and the optional dependency of the zend-service-manager component (to handle the use of ValidatorChain functionality). Code is included showing the interface the validators all conform to and an example of the validator in use. It then covers some of the built-in validation options and how to build up a validator "chain" of multiple checks. It also shows how to break the validation if one fails, setting priority (order of execution), evaluating values in certain contexts and registering your own custom validators.

tagged: zendvalidator zendframework validation tutorial introduction component series

Link: https://framework.zend.com/blog/2017-06-13-zend-validator.html

Zend Framework Blog:
Filter input using zend-filter
Jun 09, 2017 @ 10:58:19

The Zend Framework blog has posted a new tutorial covering a single component of the framework. In this latest article ZF lead developer Matthew Weier O'Phinney covers the zend-filter component for filtering input from your users.

When securing your website, the mantra is "Filter input, escape output." We previously covered escaping output with our post on zend-escaper. We're now going to turn to filtering input.

Filtering input is rather complex and spans a number of practices: filtering/normalizing input [and] validating input. For now, we're going to look at the first item, filtering and normalizing input, using the component zend-filter.

He shows you how to get the component installed, via Composer, and talks about some of the dependencies it needs, optional and required. Since they'll be using the "FilterChain" functionality, he also requires that. He moves into the code, showing the interface required for a validator to work (basically just defining a "filter" method). He talks about some of the common filtered included and how to refactor custom validation handling into a FilterChain performing the same operations. He ends with another example of reading from a file and how to use it on an array of values, each line as a string from the file.

tagged: zendframework component tutorial introduction zendfilter input

Link: https://framework.zend.com/blog/2017-06-08-zend-filter.html

Zend Framework Blog:
Zend Framework and PHP 7.1
Jun 07, 2017 @ 12:18:45

On the Zend Framework blog Matthew Weier O'Phinney has a new post covering the state of the Zend Framework project and how it relates to PHP 7.1.

When we announced Zend Framework 3 last year, one of the changes was setting the minimum supported PHP version to 5.6. Our initial plan was to support 5.6 until it reaches end-of-life, which occurs 31 December 2018.

PHP 5.6, however, stopped receiving active support almost five months ago, on 19 Jan 2017. This means that it is no longer receiving bugfixes, only critical security fixes. As such, a number of contributors have been pushing for us to up our minimum supported version to support only actively supported PHP versions, which would mean only PHP 7 versions.

[...] Our view is that the new features in PHP 7 will allow us to simplify our code dramatically, reduce bugs (primarily by increasing type safety), make our code more easily maintainable (less code required to check types; less repetitive code), provide stronger and more predictable interfaces to our users, and simultaneously provide users access to more and better language features.

He also talks briefly about their thoughts about HHVM support and if it makes sense to keep moving forward with it (given the small percentage of their user base). He then lays out a plan for the framework moving forward that includes the release of PHP 7.1+ only components and security patches on 5.6 versions until end of life.

tagged: zendframework php71 version future roadmap php56 hhvm project

Link: https://framework.zend.com/blog/2017-06-06-zf-php-7-1.html

Rob Allen:
Inserting binary data into SQL Server with ZF1 & PHP 7
May 22, 2017 @ 09:34:51

In an interesting mix of "old" and "new" Rob Allen as shown in this new post to his site how to push binary data into a SQL Server database from a Zend Framework v1 application.

If you want to insert binary data into SQL Server in Zend Framework 1 then you probably used the trick of setting an array as the parameter's value with the info required by the sqlsrv driver as noted in Some notes on SQL Server blobs with sqlsrv.

[...] Working through the problem, I discovered that this is due to Zend_Db_Statement_Sqlsrv converting the $params array to references with this code. The Sqlsrv driver (v4) for PHP 7 does not like this! As Zend Framework 1 is EOL, we can't get a fix into upstream and update the new release, so we have to write our solution.

He includes the code for the "hack" that you'd normally have to do to push the binary data into the database. Zend Framework v1 is EOL (end of life) so the Zend_Db_Statement_Sqlsrv class can't be updated. Instead, he writes his own replacement, creating a new adapter specific to the application that handles the input as the SQL Server driver is expecting. He then updates the application configuration to force the new adapter to be used when the ZF1 application needs to connect to the SQL Server database.

tagged: insert binary data sqlserver zendframework php7 tutorial adapter

Link: https://akrabat.com/inserting-binary-data-into-sql-server-with-zf1-php-7/

Zend Framework Blog:
Manage permissions with zend-permissions-acl
May 10, 2017 @ 13:19:23

The Zend Framework blog is back with their latest installment in their authentication and authorization series with the Zend Expressive framework. In this latest post they show the use of the zend-permissions-acl component to provide another kind of access control evaluation (as opposed to the role-based access control shown in a previous article).

The last couple posts have been around authorization, the act of determining if a given identity has access to a resource. We covered usage of role based access controls, as well as middleware that uses an RBAC.

In this post, we'll explore another option provided by Zend Framework, zend-permissions-acl, which implements Access Control Lists (ACL).

This post will follow the same basic format as the one covering zend-permissions-rbac, using the same basic examples.

They start off the post as they've done with the others, showing how to install the component and defining some basic vocabulary so everyone's on the same page. It then starts on creating an access control list instance, defining some roles in that ACL and some example isAllowed checks for evaluating those permissions. With that in place, the tutorial moves on to resources, role inheritance and resource inheritance. Finally, they talk about ACLs in general, what they should contain and how to add in custom assertions if the need should arise.

tagged: zendframework zendexpressive permissions zendpermissionsacl tutorial component

Link: https://framework.zend.com/blog/2017-05-09-zend-permissions-acl.html

Zend Framework Blog:
Manage permissions with zend-permissions-rbac
May 02, 2017 @ 09:23:48

Continuing on from their previous tutorial looking at auth in Expressive middleware, the Zend Framework blog (and author Matthew Weier O'Phinney) shows an example of using the "zend-permissions-rbac" package from the Zend Framework to handle role-based access control in your application.

In our previous post, we covered authentication of a user via Expressive middleware. In that post, we indicated that we would later discuss authorization, which is the activity of checking if an authenticated user has permissions to perform a specific action, from within the context of a middleware application.

Before we do that, however, we thought we'd introduce zend-permissions-rbac, our lightweight role-based access control (RBAC) implementation.

The article starts off with the Composer command to get the package installed and some basic vocabulary around the role-based access control system. It then gets into some of the basics around creating a role and checking to see if a user (by identifier) has access to a permission. The post also includes an example of how to handle undefined roles more gracefully than the default exception. It goes on to cover role inheritance and the creation of a first "real world" example using the package for complex evaluation. This also includes assigning users roles using an Identity class and how to write custom assertions.

tagged: permissions zendframework rbac rolebased accesscontrol permission role tutorial package

Link: https://framework.zend.com/blog/2017-04-27-zend-permissions-rbac.html