SitePoint PHPMastering Composer – Tips and Tricks (25.5.2015, 16:00 UTC)

Composer has revolutionized package management in PHP. It upped the reusability game and helped PHP developers all over the world generate framework agnostic, fully shareable code. But few people ever go beyond the basics, so this post will cover some useful tips and tricks.

Global

Although it’s clearly defined in the documentation, Composer can (and in most cases should) be installed globally. Global installation means that instead of typing out

php composer.phar somecommand

you can just type out

composer somecommand

Continue reading %Mastering Composer – Tips and Tricks%

Link
Davey Shafik[SLIDES] Writing Faster PHP with HHVM and Hack (25.5.2015, 11:17 UTC)
Link
PHP ClassesPHP Multi-Factor Authentication for Web Development (25.5.2015, 07:35 UTC)
By Dave Smith
When we need to provide our users access only to certain information, or limit access to features for authorized users only, we need to use user authentication.

We can never be 100% certain users are who they claim to be. However we can get close using multiple authentication factors.

Read this article to learn more about multi-factor authentication and when we should use them or not.
Link
Davey Shafik[Slides] What to Expect When You’re Expecting: PHP 7 (phpDay 2015) (23.5.2015, 21:07 UTC)
Link
Ben RamseyMy Failed Attempts at Soft Skills Talks (23.5.2015, 20:30 UTC)

During the Development Hell podcast recording at php[tek] (not yet released at the time of this writing), Chris and Ed discussed soft skills talks with Yitzchok Willroth (@coderabbi). Soft skills are those skills that aren’t necessarily technical in nature—things like interpersonal communication, time management, managing teams, leadership, etc. They’re critical to our jobs, but we often see them as secondary to our technical skills. In fact, they are not soft at all—they’re rather difficult to master, which is why it’s important that we talk about them at conferences and write about them on our blogs and in our trade journals.

At the podcast, I tried to elucidate a sentiment that’s been on my mind for some time, but it came out as rambling nonsense. I’m sorry. Here’s what I was trying to get at.

I’ve been a conference speaker for many years. For a few recent years, I ramped down my speaking and took some time off from conferences to focus on my work, and as I started to ramp things back up, I tried to assess my options and how I wanted to position myself. I assumed the next step for a seasoned speaker should be to start positioning myself for keynote opportunities.

I’ve always given very technical talks, and I’ve observed that keynotes are usually non-technical and focused on ideas, concepts, and soft skills, usually filled with personal anecdotes and inspirational stories. So, I set out to craft some talks that would help take me on a new direction in my speaking career.

In 2013, I made my comeback appearance at CoderFaire Atlanta, where I was invited to give the conference keynote. This was supposed to be my shining moment as a keynote speaker to elaborate on the “Debugging Zen” article I had written for Web Advent. The keynote was entitled “Developing Intuition: How to Think Like a Software Architect.” I shifted the focus away from debugging and told my story of how I came to be a software developer and the heavy role intuition has played in my career. I think the talk resonated for about half of the audience. The other half probably thought it was a bunch of hokey gibberish.

I spoke at php[tek] a little later that year, after having taken three years off from speaking there. I gave a presentation entitled “API First.” This was another soft talk (with a little bit of technical detail thrown in), building on my experiences developing and deploying APIs. In it, I talked about how to approach your managers and company leadership to convince them of taking an API-first approach to web application development. It was well-received and I saw a lot of great feedback, but it was not easy to prepare. I gave it again at ZendCon later that year. Again, I received high marks and good feedback, but it felt lacking in a certain kind of energy and levity. After the intuition talk at CoderFaire, I realized that I’m not good at telling stories or relating anecdotes, and that was evident here, as well.

That same year, Eli asked me to put together the closing talk for php[architect]’s PHP 5.5 Web Summit. He wanted me to talk about modern PHP development, so I decided to turn it into an observation of how best practices have arisen in the community over the years. I gave the talk many times over the following year, but it always had mixed reviews. On one side were the community old-timers with whom the historical look-back resonated. On the other hand were folks newer to the community who criticized the talk as a bunch of nostalgic navel-gazing and were expecting a different kind of talk.

I made one more attempt at a soft talk. Again, I refined my “Debugging Zen” article into its own talk, discussing the role intuition plays for me in the art of debugging and how others can tap into their own intuition to be better software developers. At the Madison PHP Conference, where I first presented it, I gave it to a crowded room and received many encouraging

Truncated by Planet PHP, read more at the original (another 2875 bytes)

Link
SitePoint PHPCRUD (Create Read Update Delete) in a Laravel App (22.5.2015, 16:00 UTC)

In the previous part, we’ve bootstrapped our Laravel CRUD application by creating the database, some controllers, basic routes and simple views. In this part, we’ll wrap things up and implement proper CRUD.

Laravel Logo

If you’d like to follow along through this interactive walk through Laravel’s docs, please catch up by reading the first part now.

Creating A Record

Continuing right where we left off, let’s create the page where we’ll actually perform this action. In our TasksController, let’s return a view like this:

public function create()
{
    return view('tasks.create');
}

And now, in our views directory, let’s create tasks/create.blade.php, and enter some starter content:

@extends('layouts.master')

@section('content')


Add a New Task</</span>h1><</span>p class="lead">Add to your task list below.</</span>p>


Continue reading %CRUD (Create Read Update Delete) in a Laravel App%

@stop

Link
blog.phpdevPHP, Security & PSR-9/PSR-10 (22.5.2015, 12:36 UTC)

Late yesterday afternoon the PSR-9 and PSR-10 drafts were moved into master on the php-fig/standards repository, moving them along to the next step and to get the wider perspective of the main PHP-FIG group’s opinions on it.

What are PSR-9 and PSR-10, you ask? Here’s a brief summary so far:

At the end of last year (2014) Lukas Smith made a proposal to the PHP-FIG group for a standard that would make reporting security issues with PHP projects and libraries a much more structured thing. The general idea is that a standardized document (or documents?) in a project’s repository would provide information about current and past security issues in a well-defined structure that could have some automated tooling around it. Much discussion was had around what the proposal actually entailed and how it would integrate with the goals of the PHP-FIG process. As work progressed on it, a few others besides Lukas came on-board to help flesh out the standard and work out the kinks, including myself.

It wasn’t long before we realized that, while having a standardized method for reporting vulnerabilities was good there also needed to be a way to discover this documentation for a given project (more than just a “look for this file” kind of thing). So, the original PSR-9 was split, giving us the security advisory reporting standard (PSR-9) and the security disclosure workflow (PSR-10) to make discovery of the reports easier. Both PSRs have received the votes needed for entrance and consideration and, as I mentioned, work is moving forward on them in the wider PHP-FIG group.

So, what are the standards? Well, I’m not going to just copy and paste from the documents (you can find those here if you’re interested) but I will give a quick overview of what they contain and their goals.

Note: these standards are by no means complete so this information is a bit subject to change. I just wanted to share their current state though.

PSR-9

The main goal of the PSR-9 standard is to provide structure around the documentation a project provides to the wider community around security vulnerabilities that have been found (and fixed) and those that are still pending. The idea is that any given user could look at the document and have a security-centric view into where the project currently stands. Right now, with the exception of those participating in the security-advisories database, most projects make it a bit of a run around to try to figure out what issues have come up and what problems have been fixed. Sometimes it’s reported in the Changelog, other times it’s in the mailing lists and other times you just have to know what to search for in the project’s issue tracker to get the list. This PSR-9 aims to eliminate a lot of this hassle and give a single source for the information.

The security-advisories database has provided a great start around this same kind of information but with PSR-9 the burden of reporting this information falls on the project, not a single source. We’re not aiming to replace that database by any means, though. We just want to empower the projects to share the information in a vetted, well-defined way. The PSR-9 proposal provides a lot more context around the security issues too.

This information includes:

  • An entry for each vulnerability that includes a short summary, published date, link to more information and a unique reference ID
  • CWE and/or CVE information, if possible (not all vulnerabilities are reported as CVEs)
  • What versions the issue affects
  • Current status of the issue
  • A description of the remediation if resolved
  • A low/medium/high severity rating based on the impact to the project’s users

We discussed the versioning of this resource (multiple files) so new vulnerabilities could be added and a “history” of sorts could be tracked over time but nixed that idea in favor of a single file that would just evolve over time. A lot of this vulnerability metadata is similar to information currently reported by other projects, so it’s not too far of a stretch to see this dropped into a structured, easy to find document. Speaking of which, this brings me to the next proposal

Truncated by Planet PHP, read more at the original (another 2877 bytes)

Link
PHP ClassesReview: WordPress 4.x Complete (21.5.2015, 08:48 UTC)
WordPress 4.x Complete
Title
Reviewer
Lopo Lencastre de Almeida
Category
PHP books
Publisher
Packt
Author
Karol Król
Summary
If you are willing to know more about what is WordPress then you think you know, you should read this book: "WordPress 4.x Complete". It will definitly help you to understand the complete process of building a fully functional WordPress site from scratch.

As WordPress is such a massive winner among the known commercial and free software CMS platforms, with a huge share of 60%, you should really consider to have it as a potential tool in your belt. And this book is, for sure, a must have and a very good start point for all WordPress newcomers.
Link
Web Development Blog » PHP ScriptsHow to use the Flickr Photo Search API (21.5.2015, 06:22 UTC)
I have found one of the best places to find pictures to use on my websites is Flickr. They make it fairly easy to automatically embed Flickr photos onto your website using the Flickr photo search. This Flickr API tutorial will show you how to use the Flickr API to retrieve and display Flickr photos […]
Link
Ilia Alshanetskyphp[tek[: Business Logic Security Slides (20.5.2015, 22:01 UTC)
My slides from the php[tek] in Chicago on the topic of " Business Logic Security" are now available for download here:
http://ilia.ws/files/phptek_business_logic_security.pdf
Link
LinksRSS 0.92   RDF 1.
Atom Feed   100% Popoon
PHP5 powered   PEAR
ButtonsPlanet PHP   Planet PHP
Planet PHP