Stefan KoopmanschapWeCamp Day 3 (28.8.2015, 08:30 UTC)

Day 3 brought change. As I mentioned yesterday some of the personal goals that were set during the individual conversations with my team members affected the work we were doing. This meant, for instance, that Jasper took a more leading role within the team, and Kanban was being implemented for a better view on our progress.

There was also some discussion on functionality and focus, as the team members were realizing they were affected by scope creep. So the minimal requirements were defined more strictly and for all the “fluff” extra post-its were added to the Kanban board. The board now also had a split: The top of the board contained all the features that were really needed, and the bottom contained the nice-to-haves. There was even a small corner of the board dedicated to “super-bling”.

The team became more and more of an actual team, with lots of discussions and a lot of pairing and helping eachother. This was great to actually watch and see it happen.

The goal that was set in the morning was to finish the minimum viable product, and the team worked really hard to reach this goal, working until very late in the night. When I left the team at about 11PM they were still at it, and from what I hear they worked until after midnight even. The goal wasn’t fully reached, but we’re close.

Today will be an interesting day, because the MVP needs to be finished, but there’s also the Pragmatist Survival Game and the Enrise BBQ. I’m very much looking forward to seeing what will happen today, and I’ll share with you tomorrow.

Link
SitePoint PHPVoice controlled PHP apps with API.ai (27.8.2015, 16:00 UTC)

In this tutorial we’ll be looking into Api.ai, an API that lets us build apps which understand natural language, much like Siri. It can accept either text or speech as input, which it then parses and returns a JSON string that can be interpreted by the code that we write.

All the files we’ll use in this tutorial are available in this Github repository.

Microphone in front of blurred audience

Concepts

Before we move on to the practical part, it’s important that we first understand the following concepts:

  • agents - agents are applications. We create an agent as a means of grouping individual entities and intents.

  • entities - entities are custom concepts that we want to incorporate into our application. They provide a way of giving meaning to a specific concept by means of adding examples. A sample entity would be ‘currency’. We define it by adding synonyms such as ‘USD’, ‘US Dollar’, or just ‘Dollars’. Each synonym is then assigned to a reference value that can be used in the code. It’s just a list of words which can be used to refer to that concept. Api.ai already provides some basic entities such as @sys.number, which is an entity referring to any number, and @sys.email which is an entity referring to any email address. We can use the built-in entities by specifying @sys as the prefix.

  • intents - intents allow us to define which actions the program will execute depending on what a user says. A sample intent would be ‘convert currency’. We then list out all the possible phrases or sentences the user would say if they want to convert currency. For example, a user could say ‘how much is @sys.number:number @currency:fromCurrency in @currency:toCurrency?’. In this example, we’ve used 2 entities: @sys.number and @currency. Using the colon after the entity allows us to define an alias for that entity. This alias can then be used in our code to get the value of the entity. We need to give the same entity a different alias so that we could treat them separately in our code. In order for humans to understand the above intent, all we have to do is substitute the entities with actual values. So a user might say ‘How much is 900 US Dollars in Japanese Yen?’ and Api.ai would just map ‘900’ as the value for @sys.number, ‘US Dollar’ for the fromCurrency @currency and ‘Japanese Yen’ for the toCurrency @currency.

  • contexts - contexts represent the current context of a user expression. For example, a user might say ‘How much is 55 US Dollars in Japanese Yen?’ and then follow with ‘what about in Philippine Peso?’. Api.ai, in this case, uses what was previously spoken by the user, ‘How much is 55 US Dollars,’ as the context for the second expression.

  • aliases - aliases provide a way of referring to a specific entity in your code, as we saw earlier in the explanation for the intents.

  • domains - domains are pre-defined knowledge packages. We can think of them as a collection of built-in entities and intents in Api.ai. In other words, they are tricks that Api.ai can perform with little to no setup or coding required. For example, a user can say, ‘Find videos of Pikachu on YouTube.’ and Api.ai would already know how to parse that and returns ‘Pikachu’ as the search term and ‘Youtube’ as the service. From there, we can just use the data returned to navigate to Youtube and search for ‘Pikachu’. In JavaScript, it’s only a matter of setting the location.href to point to Youtube’s search results page:

    window.location.href = "https://www.youtube.com/results?search_query=pikachu";
    

Continue reading %Voice controlled PHP apps with API.ai%

Link
Stefan KoopmanschapWeCamp Day 2 (27.8.2015, 08:00 UTC)

Yesterday was day 2 of WeCamp and it was an interesting day. While gathering requirements in day 1 we created two spikes, topics to research to find out if we could actually do what we assumed we could. So in the morning, two people started on the research, while two other team members started on setting up the vagrant box and the Laravel project (we decided to go with Laravel for our project on day 1).

The first bit of research was quickly finished with a successful result, however the second one caused some problems: It turned out we could not do what we had assumed we could do. This meant we had to go back to the drawing board for at least part of the application we’re building.

After a very constructive and successful session we decided that our change in scope wasn’t all that big. We could still build our main scenario in a slightly different way. So we decided on a new list of tasks to focus on and started building those. At the start I noticed that my team members were all working very much as isolated units, but as the day progressed a lot of interaction started happening between team members. This was a nice development.

Another thing I focussed on as a coach was to set personal goals with each team members. So during the afternoon, I had private conversations with each team member to determine what goals they wanted to set. We talked about work, life and ambition and set one or two long-term goals (for “life after WeCamp”) and one short-term goal (“what do I want to have learned/done during WeCamp?”). Some of the short-term goals immediately had an effect on the work we were doing in the team, so we made some changes to the team dynamic to give the people with those goals the opportunity to reach those goals.

We wrapped up the day in a really positive vibe with some excellent progress on our project and went to dinner. After dinner it was time for the Persgroep Gamenight. I pretty much lost track of my team members at that point, each went to play their own choice of games. In my case, this was: Dixit, Exploding Kittens, Masquerade and more Dixit. Being the responsible adults we are here at WeCamp (grin) we turned off the light at 1:30 and went to bed.

As I’m writing this, day 3 has started and the team is already working on the project again. I’ll try to summarize today in another blogpost tomorrow morning.

Link
PHP ClassesPHP and JavaScript Innovation Award Report August 2015 Edition - May 2015 nominees (27.8.2015, 03:30 UTC)
By Manuel Lemos
This is the August edition of the Innovation Award podcast hangout recorded by Manuel Lemos and Arturs Sosins to comment on the outstanding features of all the past month nominees and winners PHP and JavaScript packages, the prizes that the authors earned, starting with the nominees from the month of May 2015.

Listen to the podcast, or watch the hangout video, or read the transcript to learn why the nominated packages were considered to be innovative.
Link
Stefan KoopmanschapWeCamp Day 1 (26.8.2015, 09:00 UTC)

As we just started day 2 of WeCamp I’m reflecting back on the first day of the event. As I am being a coach this year, things are very different from last year for me. I’m hoping to have enough time to publish some notes and obversations every day.

Being a coach

Getting a team of random people to coach is an interesting exercise. First thing to do is to actually try and size up all the team members and see what kind of personalities you have in your team, and how each team member can fulfill a role in the team. Additionally, the skillset of your team members can vary greatly. Although randomly created, my team actually has a pretty nice set of skills, including good frontend skills, good backend skills and even some project management skills. After some initial hesitation, the personalities also seem to be able to work together quite nicely.

Being the coach of this team is an interesting experience. On the one hand, I am here to observe my team members so I can advise them in their further (personal) development as well as help them. On the other hand, especially at the start of the event, I am also looked at to take the lead and guide the team into the project. This is an interesting double role, especially since one requires me to not interfere with things while the other actually requires me to play an active role in the team. Trying to combine those two roles is interesting.

Being coached

Luckily after some feedback from last years coaches we decided to actually have someone coach the coaches this year. Because of that I am being coached by Jeremy Coates, who is doing an excellent job of giving us some theoretical background information and helping us with the actual practical work. His support in this process is really valuable.

The project has started

After our initial introduction round and brainstorming, we decided on a project to work on. Some really interesting discussions where held on which project to work on, and during the voting the votes were even shifted from one idea to another. We’ve then brainstormed for as many features as we could think, then narrowed our scope to a scenario that we could realistically finish within the time constraints of WeCamp. That scenario was cut up into a set of user stories as well as two spikes, points we needed to research before starting our actual work and this morning, work has started on bootstrapping the project and getting as much information as possible out of the spikes.

Let’s see what we can do today. I’ll let you know tomorrow.

Link
PHP ClassesReview: Learning PHP, MySQL & JavaScript: With jQuery, CSS & HTML5 (26.8.2015, 02:33 UTC)
Learning PHP, MySQL & JavaScript: With jQuery, CSS & HTML5
Title
Reviewer
Jose Gomez
Category
PHP books
Publisher
O'Reilly
Author
Robin Nixon
Summary
This book describes the integration process of programming languages and tools in both sides (client and server) to create dynamic web contents. It is very useful for beginners that are familiarized with Web concepts. This book covers the whole process to create dynamic web pages from the scratch using PHP, Javascript, MySQL, HTML5 and CSS.

It is a very good book for beginners as it describes the most important topics of web development and their relationship.

I missed concepts like Object Oriented programming, insertion of HTML elements on the pages and more examples use jQuery framework and its utility.

On the other hand MySQL relational databases theory are very well explained, security importance is also covered the differences between browsers as well and the necessity of using frameworks wrap those differences.

It would have been also useful the introduction to CSS frameworks oriented to responsive web applications.
Link
Rob AllenSlim-Csrf with Slim 3 (25.8.2015, 06:18 UTC)

In addition to the core Slim framework, we also ship a number of add-ons that are useful for specific types of problems. One of these is Slim-Csrf which provides CSRF protection.

This is middleware that sets a token in the session for every request that you can then set as an hidden input field on a form. When the form is submitted, the middleware checks that the value in the form field matches the value stored in the session. If they match, then the all is okay, but if they don't then an error is raised.

For the simplest use case, you need start the session and add the middleware:

session_start();
$app->add(new Slim\Csrf\Guard());

Then, from within a given route callable, you can create your form and add two hidden fields: one for the token's name and one for its value:

$app->get('/', function ($request, $response, $args) {
    // CSRF token name and value
    $name = $request->getAttribute('csrf_name');
    $value = $request->getAttribute('csrf_value');

    // Render a form
    $html = <<<EOT
<!DOCTYPE html>
<html>
<head><title>CSRF test</title></head>
<body>
    <form method="POST" action="/process">
        <input type="hidden" name="csrf_name" value="$name">
        <input type="hidden" name="csrf_value" value="$value">
        <input type="text" name="name" placeholder="Name">
        <input type="submit" value="Go">
    </form>
</body>
</html>
EOT;

    return $response->write($html);
});

If you run this in a browser and view the source, you'll see something like this:

Slim csrf view source

Refresh and you see different values for the csrf_name and csrf_value fields, which means that the user can have multiple tabs open and submit without any issues.

For testing, I created a simple route callable:

$app->post('/process', function ($request, $response, $args) {
    return $response->write("Passed CSRF check.");
});

Pressing form's submit button will result in the display of "Passed CSRF check.". If you then refresh and confirm the post, you'll see "Failed CSRF check!" and the HTTP status code will be 400.

Customising the CSRF failure

It's likely that you'll want to customise the CSRF failure display as a plaint text error message isn't very user friendly! To change this, supply a callable to the Guard class which has the same signature as middleware: `
function($request, $response, $next). The middleware must return a Response.

This allows you to supply a custom error page:

$guard = new Slim\Csrf\Guard();
$guard->setFailureCallable(function ($request, $response, $next) {
    return $response->write(<<<EOT
<!DOCTYPE html>
<html>
<head><title>CSRF test</title></head>
<body>
    <h1>Error</h1>
    <p>An error occurred with your form submission.
       Please start again.</p>
</body>
</html>
EOT);
});
$app->add($guard);

As the failure callable has the middleware signature, you can also set a flag into $request and then deal with the CSRF failure later. The failure callable would look something like this:

$guard->setFailureCallable(function ($request, $response, $next) {
    $request = $request->withAttribute("csrf_result", 'FAILED');
    return $next($request, $response);
});

Now, your route callable can decide what to do:

$app->post('/process', function ($request, $response, $args) {
    if (false === $request->getAttribute('csrf_result')) {
        // Deal with error here and update $response as appropriate
    } else {
        // successfully passed CSRF check
        $response->write("Passed CSRF check.");
    }
    return $response;
});

This is very powerful and remarkably easy to set up.

Summary

The flexibility of the failure callable allows you to handle a CSRF validation failure in the most appropriate way for your application and is a very powerful feature of this middleware.

As it's PSR-7 compliant, you can use the middleware independently of Slim with any PSR-7 middleware dispatch system that uses the middleware signature of function($request, $response, $next) where a Response is returned.

Link
Cal EvansInterview with Josh Butts (25.8.2015, 05:00 UTC) Link
PHP ClassesThe Benefits of Using Git in Your Software Projects Part 2: Collaboration, Web Platforms and Migration (25.8.2015, 04:06 UTC)
By Nicola Pietroluongo
Nowadays working with a version control application like Git is mandatory for all software developers, even those that work alone in private projects that are not going to be published anywhere.

In the first part of this article we covered the basic benefits of working it explaining some of the most commonly used features, some very well known, others not so much.

Read this part the article to learn how use Git in projects the involve collaboration between multiple developers, how to take advantage of existing Web platforms that support Git, and how to migrate from older version control applications like SubVersion.
Link
David SklarFixing Broken UTF-8 (25.8.2015, 04:00 UTC)

When working on the i18n bits of Learning PHP 7, I had a problem. My example showing how plain string functions such as strtolower() and strtoupper() mangle multibyte UTF-8 characters was making the book formatting/rendering pipeline barf. The processing tools are expecing nicely formatted, valid, UTF-8 encoded HTMLBook files. It didn’t like the mangled invalid UTF-8 characters in my example output.

To fix this, I wrote the following function to replace invalid UTF-8 sequences with the Unicode Replacement Character (U+FFFD):

<script src="https://gist.github.com/davidsklar/69300b66f6c3c3ab3d6a.js">

Now I can keep the real invalid byte sequences in my raw book source code (which makes my automatic “does the output of this code example match what it’s supposed to?” checker happy) but end up with a nice (constructed from three valid bytes) in the formatted output.

Link
LinksRSS 0.92   RDF 1.
Atom Feed   100% Popoon
PHP5 powered   PEAR
ButtonsPlanet PHP   Planet PHP
Planet PHP