Feed aggregator

Ralph Schindler: Authentication & Authorization in Apigility

PHPDeveloper.org - Thu, 27/03/2014 - 18:04

Those interested in the Apigility project from Zend might want to check out this new post from Ralph Schindler on how it handles authentication and authorization for all of the requests.

Apigility takes a lightweight, layered, yet extensible approach to solving both problems of authentication and authorization. The infrastructure is already in place and ready to be configured to use, or for more advanced use cases: to be extended. Many of these feature can be easily explored through the Apigility user interface.

He gets into authentication first, defining it briefly before getting into the Apigility-specific implementation. He talks about the three methods (HTTP basic, HTTP digest and OAuth2) and mentions where it falls in the execution as well as some screenshots of its setup. Following this he talks about the other half of the equation, authorization. He covers the "Authentication" header, the identity types and where you can find the configuration settings. He finishes off the post with an in-depth look at the different components, events and services/models that make up the authentication and authorization system and make it work.

Link: http://ralphschindler.com/2014/03/26/authentication-authorization-in-apigility

Matthew Turland: Travis and Composer and virtPHP, oh my!

PHPDeveloper.org - Thu, 27/03/2014 - 17:28

Matthew Turland has a new post today to his site looking at the combination of three different technologies - TravisCI, Composer and VirtPHP - and an odd error he was getting from his build about a missing requirement "php".

In the first build, everything worked fine under 5.4 and 5.5, but upon getting to the composer install instruction to install project dependencies and PHPUnit, the job for 5.3 failed with some rather unintuitive output from Composer that implied it didn't recognize the platform package requirement that I'd provided for the minimum PHP version. [...] Since the cause of my issue wasn't immediately obvious from Composer's output, my first thought was that I needed to begin my attempt at troubleshooting the issue by replicating it on my local machine.

This is where VirtPHP came in. This tool provides an environment where you can install and configure multiple PHP configurations and switch between them easily. It provides a "glue" between the phpenv and php-build projects to make management of the results simpler. He talks about how he configured and set up his environments...and figured out his Composer problem.

Link: http://matthewturland.com/2014/03/26/travis-and-composer-and-virtphp-oh-my

ClearCode: Symfony - Project Tamed

PHPDeveloper.org - Thu, 27/03/2014 - 16:44

On the ClearCode blog today there's a new post for the Synfomy2 users out there with some recommendations about taming your project to make it more manageable and maintainable.

When managing projects based on Symfony2, from the technical side, it is a good idea to establish a set of rules for the project. If you haven't established and implemented such rules yet, then they should be created as soon as possible. Why? Well, no matter how many people are working on the project, the code needs to look like it was written by one person. [...] Symfony documentation doesn't specifically focus on this issue, and the bundles that are written by the community have their own set of rules. [...] Learning from mistakes as you go along cannot only be costly, but also time consuming. It is good to have a starting point, something that at least has worked for someone else. This is how the idea to share the guidelines on the Taming Symfony Project came about.

They list out some of the guidelines of the project centered around various aspects of the implementation and the directory structure. They also talk about standards around the use of Doctrine, Twig and Services.

Link: http://clearcode.cc/2014/03/symfony-project/

HHVM and New Relic

Planet-PHP - Thu, 27/03/2014 - 16:04

As discussed in one of my last blog posts, we really like New Relic for performance metrics and use it a lot. Unfortunately there isn't an extension for HHVM (yet) and HHVM is becoming an important part in our setup. But - a big great coincidence - New Relic released an Agent SDK and with that, an example extension for HHVM and WordPress. That was a great start for me to get behind the whole thing.

I had mainly two goals for this. Have an API compatible extension to the official New Relic PHP extension, so that we can use the same code for the Zend PHP Engine and HHVM. In our Symfony2 projects, we use the Ekino New Relic Bundle and we didn't want to have to change that. And as a bonus, make profiling as informative as possible so that we can see which part of the call takes how long.

Writing hhvm extension is surprisingly easy (at least if you have a template ;)), you can even write the easy stuff in PHP (or Hack) and only for the more advanced stuff switch to C++, see newrelic.php as an example of that.

New Relic is continuously adding new features to their Agent SDK and today, we're almost API complete (the only important thing missing is being able to change the license key or the appname from within HHVM).

If you want to use New Relic on your HHVM server, just compile and install the extension from github.com/chregu/hhvm-newrelic-ext/ and you're good to go. You can send attributes, errors and it will also send the time your requests needed.

Profiling data

Of course, one of the main features of New Relic is to see, where your requests spend their time. That needed a little bit more work. And I came up with two solutions.

Solution 1 needs a patched and recompiled HHVM and hooks into the HOTPROFILING of HHVM. This is disabled by default, so you have to enable this with cmake -D HOTPROFILER:BOOL=ON . before compiling HHVM (you also have to do that, if you want to use xhprof). And of course my patched HHVM, which adds the possibility to send profiling data to New Relic. You can then enable it with newrelic_profiling_enable($level) in your code, where level is the amount of levels (depth) you want to collect. If you set that too high, you won't see everything.

If you enable profiling with newrelic_profiling_enable(), it will make your requests approx. 20-50% slower (but still much faster than with Zend PHP), so it's advised not to use that all the time. If you don't use that call, I couldn't see any performance difference to an HHVM without HOTPROFILER compiled in (I'm sure there is, but it must be really low).

Solution 2 doesn't need a patched HHVM (just the HHVM New Relic extension), but will make it much slower (2-3 times as slow, depending on how many function calls you have). It uses the HHVM function fb_setprofile, which will get called on every function request and collects data this way. It's also enabled with newrelic_profiling_enable($level), the extension automatically chooses the better option.


With this new relic extension and the patched HHVM, we can now collect almost the same data into New Relic as with the official PHP extension, which helps a lot in finding performance problems and bottlenecks. It's not perfect yet, but we will get there (unless New Relic publishes an official HHVM extension before that, which would be great of course as well).

I also want to thank New Relic for their quick support and fixing when I had questions or found something dubious. Really appreciated (but of course it would sometimes have been easier, if the source code to the Agent SDK was available ;))

Feel free to use and extend the extension and patches of course are always welcome.

Categories: Open Source, PHP Community

Community News: Packagist Latest Releases for 03.27.2014

PHPDeveloper.org - Thu, 27/03/2014 - 15:02
Recent releases from the Packagist:

Travis and Composer and virtPHP, oh my!

Planet-PHP - Thu, 27/03/2014 - 02:26

I recently ran into an issue with one of my repos on GitHub when integrating it with Travis. When I installed dependencies with Composer and ran the PHPUnit tests on my local system running Ubuntu 13.10 and its stock PHP 5.5.3 apt package, they passed. However, I’d configured Travis to also do this under current 5.3 and 5.4 versions as well.

In the first build, everything worked fine under 5.4 and 5.5, but upon getting to the composer install instruction to install project dependencies and PHPUnit, the job for 5.3 failed with some rather unintuitive output from Composer that implied it didn’t recognize the platform package requirement that I’d provided for the minimum PHP version.

Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package php could not be found in any version, there may be a typo in the package name.

Side note: While Travis does support Composer, the version of it available by default when running a job is frequently behind the current build. I’ve brought this up with them, but it doesn’t seem they’ve addressed it as of this writing. In any case, it’s easy enough to work around by including a composer self-update instruction as part of the build like so. This ensures that you won’t be affected by any recently fixed bugs in Composer.

Since the cause of my issue wasn’t immediately obvious from Composer’s output, my first thought was that I needed to begin my attempt at troubleshooting the issue by replicating it on my local machine. My second thought was that seemed like an abysmally miserable prospect, as it would require that I have several different versions of PHP installed other than the current one on my system.

I’d heard recently about a new project recently via Twitter called virtPHP that purported to be PHP’s answer to virtualenv for Python or rvm for Ruby. Thinking that my situation seemed a great use case for it, I proceeded to install it.

First, you have to read a bit past the cursor installation instructions on the landing page of virtPHP’s web site, particularly the “Using phpenv and php-build” section of virtPHP’s README file including the portion on package requirements. virtPHP doesn’t accomplish this great feat all on its own. It actually builds on two other existing projects by Christoph Hochstrasser, phpenv and php-build, and functions (in a rather PHP-like vein) more like glue to make working with these projects and managing what they produce easier. More specifically, it provides support for things like differing per-project PHP, PECL, and PEAR configurations.

In reality, all I ended up

Truncated by Planet PHP, read more at the original (another 1754 bytes)

Categories: Open Source, PHP Community

Authentication & Authorization in Apigility

Planet-PHP - Thu, 27/03/2014 - 00:07

Apigility takes a lightweight, layered, yet extensible approach to solving both problems of authentication and authorization. The infrastructure is already in place and ready to be configured to use, or for more advanced use cases: to be extended. Many of these feature can be easily explored through the Apigility user interface.

While much of the terminology might be similar, Authentication and Authorization IS NOT the same as HTTP allowed methods. These methods are labeled as _allowed_ in the sense that a particular REST or RPC service can respond to that method regardless of what Authentication/Authorization is configured, or which identity is present on any given request to that particular service. HTTP allowed methods have more to do with the semantic operation of the service in question, and little to do with Authentication and Authorization.


Authentication is the process by which when an identity is presented to the application, the application can validate the identity is in fact who they say they are. In terms of API’s and Apigility, identities are delivered to the application from the client through the use of the ‘Authorization’ header. This header, if present, is parsed and utilized in one of the configured authentication schemes. If no header is present Apigility assigns a default identity known as a *Guest* identity. The important thing to note here is that Authentication is not something that needs to be turned on, it is always on, it just needs to be configured to handle when an identity is presented to Apigility. If no authentication scheme is configured, and an identity is presented in a way that Apigility cannot handle, or is not configured to handle, the Guest identity will be assigned.

Apigility delivers 3 methods to authenticate identities: HTTP basic authentication, HTTP digest authentication and OAuth2 by way of Brent Shaffer’s PHP OAuth2 package. For HTTP basic and HTTP digest authentication, these can be configured to be used with minimal tools.

Authentication is something that happens “pre-route”, meaning it is something that is configured per-application instead of per module/API that is configured. So if you need per-api groups of users for your API’s, it might make sense to either break your API’s out into their own Apigility powered applications or use a more advanced code driven extension to the authentication module.

To get started with any of the configurable authentication schemes, click “Settings”, then “Authentication”:


Once here, you will be presented with the aforementioned authentication schemes to be configured.

HTTP Basic Configuration

HTTP basic authentication is the easiest to setup and requires only one outside tool that you are likely already familiar with: the `htpasswd` utility. This command line utility is generally delivered as part of an Apache web server installation. If this tool is not present on your system, there are a number of web based tools that will also produce a valid htpasswd file, simply google for “htpasswd generator”.

The first thing to do, before anything else, is to create an htpasswd file that contains at least one username and password. _(NOTE: It is important that this file exists before configuration as having a path to a non-existent file in the configuration could break the Apigility installation.)_
A good place to store this file would be in `data/users.htpasswd`.


Once the file has been created, it’s path can be used to configure the required htpasswd file input of the HTTP basic authentication configuration screen:


Of the configuration entered into this screen, the generated configuration is split between two files in your local

Truncated by Planet PHP, read more at the original (another 12337 bytes)

Categories: Open Source, PHP Community

ServerGrove Blog: Symfony2 components overview: Finder

PHPDeveloper.org - Wed, 26/03/2014 - 19:12

The ServerGrove blog has posted the latest in their series focusing in on the components in the Symfony2 framework. In this new post they look at the Finder component, used to locate files or directories in your project.

This is the 9th post in this series about the Symfony2 components. Today's post covers one of the most popular PHP packages: the Finder component. According to Packagist it is the 14th most used PHP package, and the 3rd Symfony2 component, only after the EventDispatcher and Console ones.

They walk you through the installation (via Composer) and show some code examples of it in use, including the output. They list out some of the options you can specify when using the component and go "under the hood" to detail the interfaces, adapters and objects that make it all work. There's also a list of other applications (outside of the Symfony2 framework) that use it as an independent package.

Link: http://blog.servergrove.com/2014/03/26/symfony2-components-overview-finder/

Getting Started with PHP Extension Development via PHP-CPP

Planet-PHP - Wed, 26/03/2014 - 19:00

This tutorial will get the reader up and running with PHP extension development in C++ via the PHP-CPP library. Taylor Ren covers some very basic introductory aspects, preparing the grounds for the followup articles about real world use cases.

Continue reading %Getting Started with PHP Extension Development via PHP-CPP%

Categories: Open Source, PHP Community

/Dev/Hell Podcast: Episode 42: Hacking Difficult People

PHPDeveloper.org - Wed, 26/03/2014 - 18:48

The /Dev/Hell podcast has posted the latest episode of their show, Episode #42 - Hacking Difficult People. This show features hosts Ed Finkler and Chris Hartjes joind by guest Laura Thomson, a Manager at Mozilla.

For episode 42 we are blessed by the wonderful and talented Laura Thomson, Senior Engineering Manager at Mozilla. Laura drops science on managing engineers, Minimum Viable Bureaucracy, HHVM and Hack, and her mid-Atlantic coast accent. This is a must-listen for folks who manage tech teams.

Some of the topics mentioned in this episode include RCS, "The Tyranny of Structurelessness", the HHVM blog and the CodeIgniter project's search for a new home. You can listen to this episode either through the in-page player or by downloading the mp3.

Link: http://devhell.info/post/2014-03-24/hacking-difficult-people/

CiteWorld.com: Facebook's Hack language a silver bullet for user-developers

PHPDeveloper.org - Wed, 26/03/2014 - 17:41

In this new post to CiteWorld.com, they're making the claim that the Hack language from the developers at Facebook is the "silver bullet for user-developers".

How do you modernize the way we build the web? That's the question at the heart of the release of a flurry of new languages and development platforms -- all from companies that run and build large scale web services. [...] While getting more out of CSS is good, as is replacing JavaScript; Facebook's HHVM and Hack combo is targeting one of the foundations of the modern web: rapid application development.

They talk some about the overall goals of Hack (improved performance, a stricter typing system) and include a brief example of some Hack code. They consider it to be a "more modern language" that brings PHP-based development up into a different level of languages. He also talks about HHVM a bit, migration from PHP to Hack and the potential for Hack to be adopted on other platforms outside of the current HHVM runtimes.

Link: http://www.citeworld.com/development/23156/hack-future

PHP Town Hall: Episode 22: The Great Joomla! License Battle of 2014

PHPDeveloper.org - Wed, 26/03/2014 - 16:59

The PHP Town Hall podcast has released their latest episode today - Episode 22, The Great Joomla! License Battle of 2014 with guests David Stanley and Don Gilbert.

This week Ben Edmunds is joined by new guest David Stanley and recurring guest Don Gilbert to discuss the latest Joomla! framework licensing drama. Phil was too busy having a real world life to join us this week, boo! Don does a great job of articulating why switching the Joomla! Framework to an LGPL license would be best for everyone and just might cure cancer. Ben tries to play devil's advocate but eventually can't even maintain the ruse. David talks now and then, mostly about his new found love of the AeroPress.

You can catch this latest episode in a few different ways: either through the in-page audio player, by downloading the mp3 or you can watch the video of the live recording.

Link: http://phptownhall.com//blog/2014/03/25/episode-22-the-great-joomla-license-battle-of-2014/

Community News: Packagist Latest Releases for 03.26.2014

PHPDeveloper.org - Wed, 26/03/2014 - 15:05
Recent releases from the Packagist:

Walking the London LOOP - part 4

Derick Rethans - Tue, 25/03/2014 - 11:09
Walking the London LOOP - part 4

Another weekend, and another section of the LOOP. This time Morag and I left home a bit earlier as we knew this was one of the longer sections of the LOOP at 9 miles.


We took the train to Hayes (Kent) and followed a slightly different route to the start of the section. At the end of last one we really could do without the two fairly steep hills. After getting to the start, we soon found ourselves on the Greenwich Meridian, even though the GPS indicated crossing the line about 200 meters earlier. Passing St. John's church the LOOP wanted to takes us right through a "lake", previously the Sparrows Den Playing Fields, but currently flooded due to high levels of ground water. Some jokers had also put a bunch of yellow rubber ducks on the "lake".


We found our way around the field and continued towards our first wooded section, afraid of more mud. Instead, we were greated by a collapsed tree on the path. Some mud did show up, but not nearly as much as on previous sections. We came out of the woods and had to follow a decent stretch along a road, then past a "high school" and its playing fields until we came past a promising looking pub, The Sandrock. Although it was open, it was so quiet in there that we continued by climbing up the Addington Hills to treat us to a fine panorama over London. Wembley Stadium, the City and Canary Wharf were all very easy to spot.

loop4-d36_4917.jpg loop4-d36_4933.jpg

After a quick break and avoiding having Chinese food we came onto Tramlink station Coombe Lane after which we disappear in more woods. This time around Heathfield House and Bramley Bank. From there we continued onwards towards more woods (can you believe it!) and around a water tower.

By now, we were definitely hungry (and thirsty) so we decided to make a slight detour into Selsdon to have a bite and pint at The Sir Julian Huxley, a Weatherspoons.


After lunch we continued our walk by going through more woods: Selsdon Wood and Puplet Wood. For the first time, we went just outside of Greater London into Surrey. After encountering Elm Farm in Farleigh we fled back into London past some fields to make it to Hamsey Green, the end of the walk. If the previous sections could be called "muddy", this section clearly had a preference for "woods". A bus, train and two tubes later we got home, exhausted.

The weather was mostly good, but colder at 10-12°C and some rain threatened to wet us near the start. We took just over four and a half hours for the 21.1km walk (including detours).

The photos that I took on this section, as well as the photos of the other sections of the LOOP, are available as a Flickr set.

Categories: Open Source, PHP Community

Self-hosted Free Invoicing App – FusionInvoice

Planet-PHP - Mon, 24/03/2014 - 18:00

As a freelancer or a small business your time is better spent creating that next big project or meeting the client’s requirements than keeping track of invoices.

FusionInvoice is an open-source, self-hosted invoicing web application built for freelancers and small businesses. Although there are quite a few free online invoicing applications, none of them give you the privacy or the flexibility which FusionInvoice provides. Client management, dashboard and reports, recurring invoicing and invoice history are just few of its features.

FusionInvoice being an Open-Source project means that you can always change or add to its functionality as you need it or even install it on a private system, thus limiting the number of users who have access to your sensitive data.

Although the application is Open-Source, the developers considered that the community can better help the project by only providing their input and suggestions for features and enhancements they, as a community, would like to see in the project, but development should stay a closed team effort.

This may seem like a strange approach to open source a project, but it looks like it lets the team focus on keeping a constant pace in developing new features and bug fixing.

Continue reading %Self-hosted Free Invoicing App – FusionInvoice%

Categories: Open Source, PHP Community

REST service in 5 minutes (using Java)

Planet-PHP - Mon, 24/03/2014 - 16:04

I remember these days when building something similar in Java required much more body movements, and maybe this was the reason to why some start-ups have chosen other weak typing languages with all their fancy Web frameworks for rapid bootstrapping. This isn't the case anymore, see how easy is creating a REST service that supports all CRUD operations in Java:

1. Define your task model:

* Task model
public class Task {
@GeneratedValue(strategy = GenerationType.AUTO)
private long id;
private String text;
private Date created = new Date();
private Date completed;

public String getText() {
return text;

public void setText(String text) {
this.text = text;

public Date getCreated() {
return created;

public void setCreated(Date created) {
this.created = created;

public Date getCompleted() {
return completed;

public void setCompleted(Date completed) {
this.completed = completed;

2. Tell what operations on tasks you're going to support:

* This class defines DB operations on Task entity
public interface TaskRepository extends PagingAndSortingRepository {
// Magic method name automatically generates needed query
public List findByCompletedIsNull();

3. Configure your application:

* This class is responsible for:
* - Setting up DB connection and ORM
* - Initializing REST service for all found entities
* - Starting Spring application (main entry point)
public class Application extends RepositoryRestMvcConfiguration {

public DataSource dataSource() throws PropertyVetoException {
MySQLDataSource dataSource = new MySQLDataSource();
return dataSource;

public LocalContainerEntityManagerFactoryBean entityManagerFactory(DataSource dataSource) {
HibernateJpaVendorAdapter jpaVendorAdapter = new HibernateJpaVendorAdapter();
// Database tables will be created/updated automatically due to this:

LocalContainerEntityManagerFactoryBean entityManagerFactoryBean = new LocalContainerEntityManagerFactoryBean();
return entityManagerFactoryBean;

public PlatformTransactionManager transactionManager() {
return new JpaTransactionManager();

public static void main(String[] args) {
SpringApplication.run(Application.class, args);

That's all! After invoking this application, you'll get a task complete REST service for free. Let's test it:

Create a new task:

~$ curl -X POST -H "Content-Type: application/json" -d '{"text":"Implement simplest REST Java application"}' http://localhost:8080/tasks

See the task contents:

~$ curl  http://localhost:8080/tasks/1
"text" : "Implement simplest REST Java application",
"created" : 1395665199000,
"completed" : null,
"_links" : {
"self" : {
"href" : "http://localhost:8080/tasks/1"

Create another task:

~$ curl -X POST -H "Content-Type: application/json" -d '{"text":"Go home"}' http://localhost:8080/tasks

Find all tasks:

~$ curl  http://localhost:8080/tasks

"_links" : {
"self" : {
"href" : "http://localhost:8080/tasks{?page,size,sort}",
"templated" : true
"search" : {
"href" : "http://localhost:8080/tasks/search"
"_embedded" : {
"tasks" : [ {
"text" : "Implement simplest REST Java application",
"created" : 1395665199000,
"completed" : null,
"_links" : {
"self" :

Truncated by Planet PHP, read more at the original (another 1496 bytes)

Categories: Open Source, PHP Community

Hack Language is All that PHP Should Have Been

Planet-PHP - Mon, 24/03/2014 - 11:17
By Manuel Lemos
Facebook developers just released Hack, a language based on PHP that introduces several great enhancements.

Read this article to learn more about Hack features, as well learn about some criteria that you may want to evaluate to decide if you want replace your PHP developments with this new programming language.
Categories: Open Source, PHP Community

On HHVM and Hack

Planet-PHP - Mon, 24/03/2014 - 09:00
Categories: Open Source, PHP Community

MySQL March Newsletter - Submit Papers for MySQL Connect @ OpenWorld 2014

MySQL.com - Mon, 24/03/2014 - 02:59
Welcome to the Oracle Information InDepth Newsletter: MySQL Edition for March 2014. The call for papers for MySQL Connect 2014 is open until April 15. Take the opportunity to share your real-world experience with the MySQL community and its ecosystem. Also, we're hosting many seminars and participating in a lot of upcoming conferences around the world, so check out the event list and see if Oracle's MySQL team will be near you.
Categories: PHP Community
Syndicate content