PHP.net

Liip Blog: Of HHVM, Hack and the future of PHP

PHPDeveloper.org - Wed, 12/03/2014 - 18:09

Lukas Smith has posted some of his own thoughts on the Liip blog about the future of PHP, HHVM and Hack (related to this previous post from Anthony Ferrara) in the context of the company and the work they're doing.

I want to specifically comment on the part about HHVM and Hack. I have of course published my own opinion on the topic fairly recently on my private blog. Fellow Liiper Chregu has also done a very popular post on this very blog showing some very significant performance improvements that can be achieved with HHVM. [...] While Anthony does not recommend running HHVM in production, we are obviously getting ready to do just that. I totally agree however with the risks he points out.

He talks more about using HHVM in a production environment and some of the possible problems with it in the future (like maybe a change in it being incompatible with PHP someday). He also touches on the Hack language and how it is possible that Facebook's team will go wholly with Hack instead of PHP.

One of the big questions is why does Facebook even care about PHP mode if they are already moving their own code to Hack? To me one big reason for this could be that they actually want to use code produced in the community. [...] So maybe in the end the best way to ensure that PHP mode in HHVM remains a goal for Facebook is to keep churning out high quality PHP code? Link: http://blog.liip.ch/archive/2014/03/11/of-hhvm-hack-and-the-future-of-php.html

The PHP.cc Blog: PHPUnit 4.0: Test Proxies

PHPDeveloper.org - Wed, 12/03/2014 - 17:13

On thePHP.cc blog today there's another post looking at an improvement in the latest release of the popular PHP unit testing tool, PHPUnit 4.0.0. In the post Sebastian Bergmann looks at test proxies.

One of the highlights of PHPUnit 4.0, which was released last week, is improved support for integration testing through so-called test proxies. [...] PHPUnit has had built-in support for stubs and mocks for quite some time. These stubs and mocks can be used in every context where an object of the original class is expected. As it should be, the code of the original class is not executed when a method is called on the stub or mock. [...] PHPUnit 4.0 introduces the concept of test proxies [...] to have an object that provides the same API for expectations as a mock object while at the same time proxying method calls to the original class.

He includes some code examples to help illustrate. He creates a "SimpleWorkflow" class and shows how to test the execution of its "doWork" function to return the correct kind of "Result".

Link: http://thephp.cc/viewpoints/blog/2014/03/phpunit-4-0-test-proxies

Voices of the ElePHPant: Interview #2 with Larry Garfield : Drupal 8 & Object Oriented Programming

PHPDeveloper.org - Wed, 12/03/2014 - 16:07

The Voices of the ElePHPant podcast has posted the second part of their interview with Larry Garfield (part one is here) talking about Drupal 8 and OOP.

Topics mentioned include the D8FTW blog post series, Refactor Chicago and the Chicago Advanced Drupal User Group.

You can listen to this latest episode either through the in-page player or by downloading the mp3 directly. You can also subscribe to their mailing list for this and more great shows.

Link: http://voicesoftheelephpant.com/2014/03/11/interview-2-with-larry-garfield-drupal-8-object-oriented-programming/

Community News: Packagist Latest Releases for 03.08.2014

PHPDeveloper.org - Sat, 08/03/2014 - 16:07
Recent releases from the Packagist:

SitePoint PHP Blog: Simple Captchas with PHP and GD

PHPDeveloper.org - Fri, 07/03/2014 - 20:05

On the SitePoint PHP blog there's a new post by Mahul Jain looking at a simple way to create CAPTCHA images in PHP using the built-in GD libraries.

By now, we've all encountered captcha images in online forms. Captchas are a necessary evil, and this article will teach you how they're made. Please note that while there are better, automatic third party solutions for captchas out there such as ReCaptcha, this tutorial aims merely to explain and demonstrate how such technology actually works. We won't be explaining what captchas actually are, as it's assumed to be common knowledge and already covered in greater detail elsewhere.

He walks you through the whole process of making the sample CAPTCHA (like this one):

  • Display an empty image on the browser
  • Create a shape
  • Generate random lines
  • Generate random dots
  • Generate random text

There's screenshots all along the way too for reference as to what your result should look like. You can download the full code over on GitHub.

Link: http://www.sitepoint.com/simple-captchas-php-gd/

Master Zend Framework: Make Module Configs Cacheable with the ZF2 Factory Interface

PHPDeveloper.org - Fri, 07/03/2014 - 19:25

Matthew Setter has a new post today on the "Master Zend Framework" site looking at the use of caching for Zend Framework 2 module configurations.

For the longest time, I've been using closures in my Zend Framework 2 Modules Module class. I know they're not always the best approach, but they're not necessarily wrong either. But after reviewing Gary Hockin's recent talk at PHP Conference UK, I was reminded that outside of APC and OPCache, closures aren't cacheable. [...] So in today's tutorial, I'm going to show you a simple example of how to migrate from closures using [caching with Memcached, Redis and so on].

He starts with an example of the standard closure approach, returning an array from his "getServiceConfig" method with sub-array and object creation nested inside. He then refactors it to use the "FactoryInterface" to handle the configuration setup for the "delete form" handling.

Link: http://www.masterzendframework.com/tutorial/zf2-factory-interface-closure-migration

Dougal Campbell: mysql vs mysqli in WordPress

PHPDeveloper.org - Fri, 07/03/2014 - 18:59

In his latest post Dougal Campbell shares his findings from a bug he was having with a plugin in WordPress. It revolved around the use of mysql or mysqli and errors being thrown to his logs.

The plugin had previously worked fine (it generates a sidebar widget), and I wasn't actively working on my site, so I wasn't really sure when it had quit working. In the course of debugging the problem, I discovered that the plugin was throwing warnings in my PHP error log regarding the mysql_real_escape_string() function. As a quick fix, I simply replaced all of those calls with WordPress' esc_sql() function. Voila, problem fixed.

He was interested in why this worked, though, and went digging in the code. As it turns out, the WordPress code tries to determine which mysql extension you have support for. As it turns out, his installation fit the "mysqli profile" so the "mysql_real_escape_string" wasn't available. To the WordPress users out there, he suggests esc_sql or $wpdb->prepare() instead.

Link: http://dougal.gunters.org/blog/2014/03/06/mysql-vs-mysqli-wordpress

PHP Town Hall: Episode 20: A Nice Friendly Chat About Sculpin, Guzzle and PSR-7

PHPDeveloper.org - Fri, 07/03/2014 - 17:03

The PHP Town Hall podcast has released their latest episode today, Episode 20: A Nice Friendly Chat About Sculpin, Guzzle and PSR-7 with guests Beau Simensen and Michael Dowling.

This show has a history of talking about FIG stuff as it is hard to avoid. The group is working on so much cool stuff and prominent figures of the community are involved. We got two more prominent figures, who also happen to be involved with FIG stuff: Beau Simensen lead developer of Sculpin and Michael Dowling lead developer of the wonderful HTTP library Guzzle, who also works at AWS on their PHP SDK.

They talk about each of the projects mentioned and what's coming up for each. There's also some discussion around the PSR-7 HTTP spec that's been proposed and is in the works. You can listen to this latest show in a few different ways - either through the in-page audio player, by downloading the mp3 or you can watch the video of the live recording via Google Hangouts.

Link: http://phptownhall.com/blog/2014/03/06/episode-20-a-nice-friendly-chat-about-sculpin-guzzle-and-psr-7/

Community News: Packagist Latest Releases for 03.07.2014

PHPDeveloper.org - Fri, 07/03/2014 - 16:04
Recent releases from the Packagist:

PHP 5.4.26 Released

php.announce - Fri, 07/03/2014 - 08:52
Categories: PHP Community, PHP.net

Pádraic Brady: Thoughts on Composer's Future Security

PHPDeveloper.org - Thu, 06/03/2014 - 19:09

Pádraic Brady has a new "let's watch Paddy think aloud in a completely unstructured manner blog post" about the future of security when it comes to the popular PHP package manager Composer. It's recently come under criticism around its lack of package signing and TLS/SSL support.

The Composer issue, as initially reported by Kevin McArthur, was fairly simple. Since no download connection by Composer was properly secured using SSL/TLS then an attacker could, with the assistance of a Man-In-The-Middle (MITM) attack, substitute the package you wanted to download with a modified version that communicated with the attacker's server. They could, for example, plant a line of code which sends the contents of $_POST to the attacker's server.

He's been working on some updates to the project, one of with is TLS/SSL support as defined in this pull request currently pending. It enables peer verification by default, follows PHP 5.6 TLS recommendations and uses local system certificates in the connection. He talks some about other additional TLS/SSL measures that could be added in the future and how, despite it being safer than nothing, TLS/SSL is not the "cure all" for the problem.

He then moves on to package signing and suggests one method for implementation - signing the "composer.phar" executable and signing "everything else" (packages to be downloaded) to verify their validity.

The flaw in Composer's installer isn't that it's unsigned, it's that it doesn't afford the opportunity for the downloader to read it before it gets piped to PHP. It's a documentation issue. You can go down the route of using a CA, of course, but that's further down the rabbit hole than may be necessary. Signing the composer.phar file is another matter. Link: http://blog.astrumfutura.com/2014/03/thoughts-on-composers-future-security

PHP.net: PHP 5.5.10 released

PHPDeveloper.org - Thu, 06/03/2014 - 19:02

The PHP development group has announced the release of the latest version of the language in the PHP 5.5.x series today - PHP 5.5.10.

The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommend all PHP 5.5 users to upgrade to this version.

Other changes include fixes to date/time handling, JSON serializing and an upgrade to PCRE 8.34 for regular expression handling. As this release has several security-related fixes, it's highly advised that 5.5.x users upgrade. As always, you can get the latest release from the downloads page or for Windows users, windows.php.net.

Link: http://php.net/index.php#id2014-03-06-1

Lorna Mitchell: Working with PHP and Beanstalkd

PHPDeveloper.org - Thu, 06/03/2014 - 18:36

Lorna Mitchell has posted a new tutorial to her site today walking you through using Beanstalkd with PHP for a simple queuing setup in your application. Beanstalkd is "a simple, fast work queue. Its interface is generic, but was originally designed for reducing the latency of page views in high-volume web applications by running time-consuming tasks asynchronously."

I have an API backend and a web frontend on this project (there may be apps later. It's a startup, there could be anything later). Both front and back ends are PHP Slim Framework applications, and there's a sort of JSON-RPC going on in between the two. The job queue will handle a few things we don't want to do in real time on the application, such as: updating counts of things like comments, [...] cleaning up, [...] other periodic things like updating incoming data/content feeds or talking to some of the 3rd party APIs we use like Mailchimp and Bit.ly.

She starts with a look at how to add jobs to the queue (she assumes that you've already set up the Beanstalkd instance at this point). She uses the Pheanstalk library for the job handling and includes a sample call to configure the connection and create an instance to make the connection. The sample job contains an array of data including an "action" and "data" for it to use when processing. She also includes an example of a basic PHP-based Beanstalkd worker that will go through currently pending jobs and execute them based on the action/data combination. In the sample worker script, she defines the action as a method in the class to be executed directly on the worker instance. She finishes off the post with a few "things to remember" about working with workers and long-running PHP scripts.

Link: http://www.lornajane.net/posts/2014/working-with-php-and-beanstalkd

VG Tech: Swagger Docs in ZF2 with Examples - Part 2: Swagger UI

PHPDeveloper.org - Thu, 06/03/2014 - 17:52

On the VG Tech blog, they've posted a follow-up to their previous post about using the Zend Framework 2 to generate Swagger documentation for an API. In this new post (part 2) they focus more on Swagger UI.

This blog post on Swagger UI is a follow-up on my recent post on Swagger annotation parsing in ZF2. If you're not already set up with Swagger annotation parsing in you ZF2 app I recommend that you read part 1 first. In the last post we got ZF2 set up with annotation parsing and everything, and the only thing missing was Swagger UI for the neat presentation. I skipped that previously but today we'll add the last piece.

This second part of the series uses a custom package to create a "SwaggerUI" module. There's a few file updates that need to be made to the configuration, but the rest is handled for you. In the end, the result will look something like this, showing endpoints and allow you to interact with the API directly through forms and sample calls.

Link: http://tech.vg.no/2014/03/06/swagger-docs-in-zf2-with-examples-part-2-swagger-ui-2/

PHP 5.5.10 is released

php.announce - Thu, 06/03/2014 - 17:45
Categories: PHP Community, PHP.net

Community News: Packagist Latest Releases for 03.06.2014

PHPDeveloper.org - Thu, 06/03/2014 - 16:01
Recent releases from the Packagist:

Coding the Architecture: Five things every developer should know about software architecture

PHPDeveloper.org - Wed, 05/03/2014 - 19:57

While not specific to PHP, this new article on the Coding the Architecture blog gives some good insights on what developers should know about software architecture.

Now I may be biased, but a quick look at my calendar hints to me that there's a renewed and growing interest in software architecture. Although I really like much of the improvement the agile movement has provided to the software development industry, I still can't help feeling that there are a large number of teams out there who struggle with a lack of process.

[...] Put very simply, software architecture plays a pivotal role in the delivery of successful software yet it's frustratingly neglected by many teams. Whether performed by one person or shared amongst the team, the architecture role exists on even the most agile of teams yet the balance of up front and evolutionary thinking often reflects aspiration rather than reality. The big problem is that software architecture has fallen out of favour over the past decade or so. Here are five things that every software developer should know about it.

Each of the five things comes with a paragraph of explanation (and some links to additional resources):

  • Software architecture isn't about big design up front
  • Every software team needs to consider software architecture
  • The software architecture role is about coding, coaching and collaboration
  • You don't need to use UML
  • A good software architecture enables agility
Link: http://www.codingthearchitecture.com/2014/03/05/five_things_every_developer_should_know_about_software_architecture.html

MakeUseOf: Create The Perfect PHP Development Environment In Android

PHPDeveloper.org - Wed, 05/03/2014 - 18:39

On the MakeUseOf site there's a recent post showing how you can create the "perfect PHP development environment" on your Android-based device. Obviously, it's much more useful on a tablet, but in theory it could be used on a smartphone.

It turns out you can actually code on Android productively. For the longest time, it has been accepted that whilst computers are for productivity and creativity, Tablets exist purely to allow the passive consumption of content. I believed that as well. I'm a software developer by trade, and I use a 13" Macbook Pro to write all my code. I wouldn't have it any other way. OS X comes with everything I need to be productive as a developer, and I've built my workflow around that. Android on the other hand? I've never really thought about writing code on Android. [...] But then I bought a decent Bluetooth keyboard, and everything changed. I've now built a PHP development environment around my 2012 Nexus 7 tablet, and I love it.

He breaks it down and shows some of the tools he uses for his development including the use of VIM Touch for editing and the Palapa Web Server for local hosting of his applications. Screenshots of the setup and configuration are also included. Link: http://www.makeuseof.com/tag/create-perfect-php-development-environment-android/

Syndicate content