Start

PHP Community

Community News: Packagist Latest Releases for 05.18.2013

PHPDeveloper.org - za, 18/05/2013 - 15:00
Recent releases from the Packagist:
Categorieën: Open Source, PHP Community, PHP.net

DZone.com: Cloning in PHP

PHPDeveloper.org - vr, 17/05/2013 - 18:09

In this recent post over on DZone.com Giorgio Sironi takes a look at the "clone" feature of PHP - what it is, how it can be used and things to watch out for in its use.

Cloning is an operation consisting in the duplication of a data structure, usually to avoid the aliasing problem of having different code modify the same instance in inconsistent ways. In PHP, cloning can be accomplished in multiple ways - and in some cases it can be avoided altogether.

He talks some about how objects are passed around internally during the PHP execution and how you can tell if a function works with data by reference (from the manual). He then looks at the "clone" keyword and what kinds of things are duplicated from an object when it is used. He briefly touches on the "__clone" magic method for solving the "shallow clone" problem and how, possibly, serializing the object might be a better alternative for reproducing the entire object.

Link: http://css.dzone.com/articles/cloning-php
Categorieën: Open Source, PHP Community, PHP.net

PHPMaster.com: Openbiz Cubi: A Robust PHP Application Framework, Part 1

PHPDeveloper.org - vr, 17/05/2013 - 17:36

On PHPMaster.com today they've posted the first part of a series spotlighting Openbiz Cubi, a PHP "framework" with a business focus.

Openbiz Cubi is a robust PHP application framework giving developers the ability to create business applications with minimal effort. In this two-part series I'll explain the concepts and steps necessary to create your own business web applications with Cubi. We'll look first at the challenges web developers face and how Openbiz Cubi can help, and then how to install Cubi. In part 2 we'll see how to create our own modules.

They start off by describing the tool and some of the features that come with it (including user management and the XML data object structure). Complete installation instructions are included and a screenshot is included of the end result. They include a "quick tour" of Cubi's features and some of the modules that come with it like the System, Menu and User modules. In part two of the series, they'll show you how to create a custom module.

Link: http://phpmaster.com/openbiz-cubi-a-robust-php-application-framework-1
Categorieën: Open Source, PHP Community, PHP.net

Chris Jones: Offline Processing in PHP with Advanced Queuing

PHPDeveloper.org - vr, 17/05/2013 - 16:49

Chris Jones has a new post today showing you how to use Oracle and PHP together to process data offline via the Oracle Streams Advanced Queuing feature.

Offloading slow batch tasks to an external process is a common method of improving website responsiveness. One great way to initiate such background tasks in PHP is to use Oracle Streams Advanced Queuing in a producer-consumer message passing fashion. [...] The following example simulates an application user registration system where the PHP application queues each new user's street address. An external system monitoring the queue can then fetch and process that address. In real life the external system might initiate a snail-mail welcome letter, or do further, slower automated validation on the address.

He includes the SQL needed to create the database and configure the queue system as well as start it up and get it ready for requests. He shows how to push an address into the queue for processing and how to get the results once it has completed in both the SQL and from the oci_* functions in PHP.

Link: https://blogs.oracle.com/opal/entry/offline_processing_in_php_with
Categorieën: Open Source, PHP Community, PHP.net

Community News: Packagist Latest Releases for 05.17.2013

PHPDeveloper.org - vr, 17/05/2013 - 15:08
Recent releases from the Packagist:
Categorieën: Open Source, PHP Community, PHP.net

Site News: Popular Posts for the Week of 05.17.2013

PHPDeveloper.org - vr, 17/05/2013 - 14:07
Popular posts from PHPDeveloper.org for the past week:
Categorieën: Open Source, PHP Community, PHP.net

Offline Processing in PHP with Advanced Queuing

Planet-PHP - do, 16/05/2013 - 22:14

Offloading slow batch tasks to an external process is a common method of improving website responsiveness. One great way to initiate such background tasks in PHP is to use Oracle Streams Advanced Queuing in a producer-consumer message passing fashion. Oracle AQ is highly configurable. Messages can queued by multiple producers. Different consumers can filter messages. From PHP, the PL/SQL interface to AQ is used. There are also Java, C and HTTPS interfaces, allowing wide architectural freedom.

The following example simulates an application user registration system where the PHP application queues each new user's street address. An external system monitoring the queue can then fetch and process that address. In real life the external system might initiate a snail-mail welcome letter, or do further, slower automated validation on the address.

The following SQL*Plus script qcreate.sql creates a new Oracle user demoqueue with permission to create and use queues. A payload type for the address is created and a queue is set up for this payload. 

-- qcreate.sql

connect / as sysdba
drop user demoqueue cascade;

create user demoqueue identified by welcome;
grant connect, resource to demoqueue;
grant aq_administrator_role, aq_user_role to demoqueue;
grant execute on dbms_aq to demoqueue;
grant create type to demoqueue;

connect demoqueue/welcome@localhost/orcl

-- The data we want to queue
create or replace type user_address_type as object (
  name        varchar2(10),
  address     varchar2(50)
);
/

-- Create and start the queue
begin
 dbms_aqadm.create_queue_table(
   queue_table        =>  'demoqueue.addr_queue_tab',
   queue_payload_type =>  'demoqueue.user_address_type');
end;
/

begin
 dbms_aqadm.create_queue(
   queue_name         =>  'demoqueue.addr_queue',
   queue_table        =>  'demoqueue.addr_queue_tab');
end;
/

begin
 dbms_aqadm.start_queue(
   queue_name         => 'demoqueue.addr_queue',
   enqueue            => true);
end;
/

The script qhelper.sql creates two useful helper functions to enqueue and dequeue messages:

-- qhelper.sql
-- Helpful address enqueue/dequeue procedures

connect demoqueue/welcome@localhost/orcl

-- Put an address in the queue
create or replace procedure my_enq(name_p in varchar2, address_p in varchar2) as
  user_address       user_address_type;
  enqueue_options    dbms_aq.enqueue_options_t;
  message_properties dbms_aq.message_properties_t;
  enq_id             raw(16);
begin
  user_address := user_address_type(name_p, address_p);
  dbms_aq.enqueue(queue_name         => 'demoqueue.addr_queue',
                  enqueue_options    => enqueue_options,
                  message_properties => message_properties,
                  payload            => user_address,
                  msgid              => enq_id);
  commit;
end;
/
show errors

-- Get an address from the queue
create or replace procedure my_deq(name_p out varchar2, address_p out varchar2) as
  dequeue_options    dbms_aq.dequeue_options_t;
  message_properties dbms_aq.message_properties_t;
  user_address       user_address_type;
  enq_id             raw(16);
begin
  dbms_aq.dequeue(queue_name         => 'demoqueue.addr_queue',
                  dequeue_options    => dequeue_options,
                  message_properties => message_properties,
                  payload            => user_address,
                  msgid              => enq_id);
  name_p    := user_address.name;
  address_p := user_address.address;
  commit;
end;
/
show errors

The script newuser.php is the part of the PHP application that handles site registration for a new user. It queues a message containing their address and continues executing:

<?php
// newuser.php

$c = oci_connect("demoqueue", "welcome", "localhost/orcl");

// The new user details
$username = 'Fred';
$address  = '500 Oracle Parkway';

// Enqueue the address for later offline handling
$s = oci_parse($c, "begin my_enq(:username, :address); end;");
oci_bind_by_name($s, ":username", $username, 10);
oci_bind_by_name($s, ":address",  $address,  50);
$r = oci_execute($s);

// Continue executing
echo "Welcome $username\n";

?>

It executes an anonymous PL/SQL block to create and enqueue the address message. The immediate script output is simply the echoed welcome message: 

Welcome Fred

Once this PHP script is executed, any application can dequeue the new message at its leisure. For example, the following SQL*Plus commands call the helper my_deq() dequeue function and displays the user details: 

-- getuser.sql

connect demoqueue/welcome@localhost/orcl

set serveroutput on
declare
  name varchar2(10);
  address varchar2(50);
begin
  my_deq(name, address);
  dbms_output.put_line('Name     : ' || name);
  dbms_output.put_line('Address  : ' || address);
end;
/

The

Truncated by Planet PHP, read more at the original (another 1511 bytes)

Categorieën: Open Source, PHP Community

NetTuts.com: How to Write Testable and Maintainable Code in PHP

PHPDeveloper.org - do, 16/05/2013 - 18:53

NetTuts.com has a new tutorial posted suggesting a few ways you can make testable and maintainable code in PHP applications.

Frameworks provide a tool for rapid application development, but often accrue technical debt as rapidly as they allow you to create functionality. Technical debt is created when maintainability isn't a purposeful focus of the developer. Future changes and debugging become costly, due to a lack of unit testing and structure. Here's how to begin structuring your code to achieve testability and maintainability - and save you time.

There's a few concepts they cover in the tutorial including DRY (don't repeat yourself), working with dependency injection and actually writing the tests with PHPUnit. They start with a bit of code that needs some work and use the tests to help refactor it into something that can be easily mocked (using Mockery).

Link: http://net.tutsplus.com/tutorials/php/how-to-write-testable-and-maintainable-code-in-php
Categorieën: Open Source, PHP Community, PHP.net

Bob Majdak: On SQL in PHP

PHPDeveloper.org - do, 16/05/2013 - 17:11

In a new post to his site Bob Majdak looks at using SQL in PHP and some of the challenges he's come across (some of them with his own tools). He talks about things line inline SQL, loading SQL by unique key or creating a "build object".

There is no right or wrong way, but no matter what there is no *pretty* way to do SQL inside of a PHP application. I have been having a personal debate with myself all week about how to make SQL statements nicer in an application without going to a huge DBAL package like Doctrine.

He looks at each idea and provides some of the pros and cons about each of them, noting that he hasn't quite decided on which is the best method. Some sample code is included to help clarify the points, showing the "find by unique key" version and how a more complex query might be created with the "builder object."

Link: http://catch404.net/2013/05/on-sql-in-php
Categorieën: Open Source, PHP Community, PHP.net

Community News: Google App Engine now Supports PHP runtime

PHPDeveloper.org - do, 16/05/2013 - 17:05

On the Google Developers Blog (and lots of places across the web) there's a major update that Google has done for their AppEngine service - the introduction of a PHP runtime to their offerings.

App Engine 1.8.0 is now available and includes a Limited Preview of the PHP runtime - your top requested feature. We're bringing one of the most popular web programming languages to App Engine so that you can run open source apps like Wordpress. It also offers deep integration with other parts of Cloud Platform including Google Cloud SQL and Cloud Storage.

You can get more information about how to use this new feature on Google App Engine site.

Link: https://gaeforphp.appspot.com
Categorieën: Open Source, PHP Community, PHP.net

P&aacute;draic Brady: Publishing Security Disclosures In Consumable Formats

PHPDeveloper.org - do, 16/05/2013 - 16:03

Pádraic Brady has a new post today proposing that what the PHP ecosystem needs is a way to better publish security disclosures in a format that's easy to parse and deal with.

This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member projects (and by extension, the whole PHP community). I'll start by noting two interesting developments in recent months and one long standing best practice.

The two "interesting developments" he mentions are the relatively recently released SensioLabs Security Checker that uses you Composer file to find security issues and the new entry in the latest version of the OWASP Top 10 list for "Using Components with Known Vulnerabilities". The best practice he talks about is more around the timely/responsible disclosure of vulnerabilities and how some kind of decentralized tracking of these issues that puts the responsibility back on the developers of the tool and not on one tracking resource.

Link: http://blog.astrumfutura.com/2013/05/publishing-security-disclosures-in-consumable-formats-for-simpler-aggregation-and-security-checking
Categorieën: Open Source, PHP Community, PHP.net

Community News: Packagist Latest Releases for 05.16.2013

PHPDeveloper.org - do, 16/05/2013 - 15:04
Recent releases from the Packagist:
Categorieën: Open Source, PHP Community, PHP.net

Site News: Blast from the Past - One Year Ago in PHP

PHPDeveloper.org - do, 16/05/2013 - 14:02
Here's what was popular in the PHP community one year ago today:
Categorieën: Open Source, PHP Community, PHP.net

Slides: Behat & Beautiful APIs

Planet-PHP - do, 16/05/2013 - 08:14
Last Wednesday I did a little talk marathon by first presenting a Webinar on Behavior Driven Development with Behat and afterwards going straight to Cologne for the Symfony Usergroup, where I spoke about Designing Beautiful APIs. Find the slides of my talks here.
Categorieën: Open Source, PHP Community

MaltBlue.com: Zend Framework 2 - Hydrators, Models and the TableGateway Pattern

PHPDeveloper.org - wo, 15/05/2013 - 18:13

Matthew Setter has written up a post to his site that continues his look at the features of Zend Framework 2. This time he's looking specifically at hydrators, models and the table gateways and their use in connecting your application with a database.

One set of features has really been helping me of late ones that really have me smiling; these are: Hydrators, Models and Table Gateways. If you're new to ZF2 or database interaction with frameworks, then you're in a perfect position as today's post will be giving you a good introduction to the basics of using both together.

He starts with a look back at how it all was done in ZF1 and shows how using these three components makes for an even better system, allowing the model to be completely data-source agnostic. His examples start with the table gateway class, showing how to connect it with a "users" table. From there he adds in the model (with an "exchangeArray" method) and a hydrator that maps the table columns to the properties on the entity. He shows how to add this setup to the service configuration and its use in a controller, returning a full list of the records in the "user" table.

Link: http://www.maltblue.com/tutorial/zendframework2-hydrators-models-tablegateway-pattern
Categorieën: Open Source, PHP Community, PHP.net

Chris Jones: Getting Started with PHP Zend Framework 2 for Oracle DB

PHPDeveloper.org - wo, 15/05/2013 - 17:55

In his latest post to his site Chris Jones shows you how to update the Zend Framework 2 tutorial app (quickstart) to make it work with an Oracle database instead.

This post shows the changes to the ZF2 tutorial application to allow it to run with Oracle Database 11gR2. [...] The instructions for creating the sample ZF2 application are here. Follow those steps as written, making the substitutions shown [in the rest of the post].

The full schema definition is included in the post, complete with the same sample data as the tutorial. He includes the updates you'll need to make to the database configuration for the OCI8 connection and changes to the code to accommodate the Oracle data format (mostly uppercasing everything).

Link: https://blogs.oracle.com/opal/entry/getting_started_with_php_zend
Categorieën: Open Source, PHP Community, PHP.net

Brandon Savage: Compiling PHP 5.5 From Scratch

PHPDeveloper.org - wo, 15/05/2013 - 16:48

Brandon Savage has a new post to his site today showing you how to compile and install PHP 5.5, the next major upcoming release for the language (in RC status as of the time of this post though).

There's always a lag behind new releases of PHP and releases of packages for operating systems such as Ubuntu. This lag time means that you could be kept from upgrading to the latest and greatest PHP for a year or more, unless you use an outside repository like Dotdeb. [...] Instead, I roll my own version of PHP. It's simple and easy to do, and something that any developer can do. Here's my instructions for doing so on a fresh Ubuntu installation.

He gives a reason or two why you might want to "roll your own" installation and helps you get the environment prepared via some "aptitude" install commands for supporting software. Commands are included for installing needed dependencies, configuring/building PHP and updating Apache to use this new install. He finishes it up with a few smaller things to do like making the php.ini and enabling the Zend opcode caching extension.

Link: http://www.brandonsavage.net/compiling-php-5-5-from-scratch
Categorieën: Open Source, PHP Community, PHP.net

Publishing Security Disclosures In Consumable Formats For Simpler Aggregation and Security Checking

Planet-PHP - wo, 15/05/2013 - 16:43


Decentralised cooperation, many-to-ma...

This is a branch off from a separate discussion on the PHP-FIG mailing list about other ways the Framework Interoperability Group can encourage and foster wider interoperability among its member projects (and by extension, the whole PHP community). I’ll start by noting two interesting developments in recent months and one long standing best practice.

1. Launch of the SensioLabs Security Advisory Checker

The SensioLabs Security Advisor Checker is described on its website as follows.

You manage your PHP project dependencies with Composer, right? But are you sure that your project does not depend on a package with known security issues? The SensioLabs security advisories checker is a simple tool, available as a web service or as an online application, that uses the information from your composer.lock file to check for known security vulnerabilities. This checker is a frontend for the security advisories database.

The service operates by having people submit vulnerability data, as YAML files, to a centralised Github repository through pull requests. The upside is that the vulnerability data can be peer reviewed and centrally dispersed either online or via a service API. The downside is that you need to find vulnerability disclosures and people to submit them. The service currently covers Symfony, Zend Framework, Doctrine, Twig and FriendsOfSymfony bundles. It’s a tiny sample of packages available through Composer. I’m also not entirely sure if it’s sufficiently fine grained to report vulnerabilities on a project’s sub-packages where you have no direct dependency on the aggregate package (e.g. using zendframework/zend-db instead of zendframework/zendframework). That said, this is a working model of a service for checking your dependencies.

That said, the service exhibits an ambitious idea – projects sharing their vulnerability disclosures or advisories in a way that allows for automatically checking if any of your projects need to have their dependencies updated for security reasons.

2. OWASP‘s Top 10 security risks for 2013 includes “A9 – Using Components with Known Vulnerabilities”

This is a new entry onto OWASP’s Top 10 (which is currently at release candidate status for 2013). In summary, it recognises that applications are becoming ever more dependent on code not developed internally. We’ve had web application frameworks for years. Composer and Github have unleashed a storm of accessible libraries, bundles, modules, and other units of reuse that have revealed Not Invented Here (NIH Syndrome) as a psychological problem in ways not previously possible.

As reliance on externally controlled dependencies increases, so too does the risk of your applications using insecure dependencies. This is a risk that requires a lot of work to mitigate. For each dependency, you need to do a security review (no, I’m not kidding), check for security disclosures (whether voluntary or involuntary) and ensure that you end up rolling out to production with safe versions.

Quoting from the OWASP advice on preventing the use of components with known vulnerabilities…

One option is not to use compone

Truncated by Planet PHP, read more at the original (another 4681 bytes)

Categorieën: Open Source, PHP Community

How we organize our websites

Planet-PHP - wo, 15/05/2013 - 15:19

We recently migrated Where’s it Up to our fancy new hardware, it took a bit more effort than planned (some pains surrounding our use of MongoDB) but I’m incredibly happy with how things have ended up. As mentioned earlier we’ve purchased our own hardware, and have racked it with Peer 1 here in Toronto. We’ve installed a hypervisor, and are running different VMs for critical services: MySQL, Mongo, Web Production, Web Development, etc.

Our websites sit under /var/www, so Where’s it Up resides at /var/www/wheresitup.com/. Under that directory we have /noweb/apache/ which contains both wheresitup.com and dev.wheresitup.com, configuration files for apache. The entire /var/www/wheresitup.com directory tree resides nicely in our version control system. We hand off key configuration options to our websites through the use of Apache’s SetEnv, things like SetEnv mysql_host dev.mysql, these apache configuration options represent the only difference between the two code bases.

I’ve written or maintained code that implied the state (Dev/Production/Stage) based on the Host, directory, or other factors in the past. I much prefer grabbing an explicit constant. It feels cleaner, I don’t have to read up on which variables could have been manipulated by an attacker, and I can ask the exact question I want answered: Is this dev, rather than “is the url the one that means this is dev”.

This allows us to match our Development and Production virtual machines very closely, the only difference between the two is which apache configuration file is sym-linked under /etc/apache2/conf/sites-enabled. Clearly WebDev links to the dev.wheresitup.com file, and WebProd links to wheresitup.com. We actually cloned one machine to produce the other.

Keeping the configuration files so close also makes a lot of sense to me. If I’m adding a new constant on Dev, the immediate presence of Prod reminds me that I’ll need to add it there as well. Storing the entire site: PHP code, supporting apache configuration, etc, all in once place makes it easy to avoid forgetting anything (which is easy when it's a different file on a different server). The only exception is SSL certificates. We currently host a number of our projects with GitHub, and trust them as we might, we’re not willing to hand those to anyone else.

Categorieën: Open Source, PHP Community

Community News: Packagist Latest Releases for 05.15.2013

PHPDeveloper.org - wo, 15/05/2013 - 15:07
Recent releases from the Packagist:
Categorieën: Open Source, PHP Community, PHP.net
Inhoud syndiceren