Web Development Blog » PHP ScriptsAdd a MailChimp subscribe feature to your contact form (3.5.2015, 07:30 UTC)
MailChimp is a great email marketing service provider with an easy to use control panel and features like: campaign management (RSS-driven, A/B Split, Plain-text and regular), statistics, auto-responder and a complete set of list management tools. They offer different ways to place a subscriber form on your website or blog. If you to like add the MailChimp […]
Symfony CMFJackalope 1.2 (2.5.2015, 00:00 UTC)

One of the result of the May hackday was that we finally released Jackalope 1.2 including new releases of the Jackrabbit and Doctrine DBAL transports.

All users should see performance and reliability improvements. This is especially true for users of the Doctrine DBAL transport where performance should have made a significant jump forward. Note that in order to use Doctrine DBAL transport in the new version you will need to update your database schema. Aside from this we also improved the maintainability and code-reuse between the transports. Of course we also always expand the test suite when we do any work on the code base. As we did fix several edge cases, it is recommend to review the CHANGELOG.md and UPGRADE.md when encountering issues after the update.

At the hackday we also discussed about a more radical refactoring of Jackalope to create a version 2 of Jackalope that will be more modular and have a cleaner architecture, allowing better code reuse and performance. Adding new storage or search solutions should become really simple.

We started drafting the concept in the Jackalope2 wiki. If you want to get involved, please get in contact with us on the mailinglist or in the Jackalope2 issue tracker on github.

SitePoint PHPAutomated Testing of Drupal 8 Modules (1.5.2015, 16:00 UTC)

In this article we are going to look at automated testing in Drupal 8. More specifically, we are going to write a few integration tests for some of the business logic we wrote in the previous Sitepoint articles on Drupal 8 module development. You can find the latest version of that code in this repository along with the tests we write today.

Drupal 8 logo

But before doing that, we will talk a bit about what kinds of tests we can write in Drupal 8 and how they actually work.

Simpletest (Testing)

Simpletest is the Drupal specific testing framework. For Drupal 6 it was a contributed module but since Drupal 7 it has been part of the core package. Simpletest is now an integral part of Drupal core development, allowing for safe API modifications due to an extensive codebase test coverage.

Right off the bat I will mention the authoritative documentation page for Drupal testing with Simpletest. There you can find a hub of information related to how Simpletest works, how you can write tests for it, what API methods you can use, etc.

By default, the Simpletest module that comes with Drupal core is not enabled so we will have to do that ourselves if we want to run tests. It can be found on the Extend page named as Testing.

Once that is done, we can head to admin/config/development/testing and see all the tests currently available for the site. These include both core and contrib module tests. At the very bottom, there is also the Clean environment button that we can use if any of our tests quit unexpectedly and there are some remaining test tables in your database.

Continue reading %Automated Testing of Drupal 8 Modules%

blog.phpdevSocial Security (30.4.2015, 15:07 UTC)

Let me preface this by saying I think that sharing knowledge and experiences is a great thing. I love that there’s so many tutorials out there from people showing good practices in security and things they’ve learned along the way. Unfortunately, this is the same place where I see a major downfall. This kind of “social security” is a problem and it needs fixing so secure application development can really thrive.

Technology is great, especially PHP. Sure, there’ll be haters out there and they’ll throw stones at the glass house that is PHP hoping to break down the walls and push it off away from the public eye and into the “Not A Real Language” world. Fortunately, this will never happen especially with more recent improvements to the language and its consistent popularity among web developers. PHP is both easy to pick up but difficult to master, especially when it comes to the security of the applications written with it. Along with this low barrier for entry comes people sharing things either in tutorials or just articles that they’ve found to be useful or think is a good practice. The web is littered with articles like these, some being a bit more factual than others. *This is where the real problem is.*

Well-meaning developers post tutorials about things like preventing XSS with just htmlspecialchars or only fixing SQL injection with prepared statements and bound parameters. While these are good practices in themselves, they’re not the only thing that needs to be done to prevent these issues. Security is a complicated subject and there’s no one answer to any problem. Usually a robust solution involves multiple layers (defense in depth anyone?) to ensure the problem doesn’t pop up again or in another location. Even worse are the numerous older articles posted around the internet that have bad or old information. Sadly I see some of these that are *years* old being recommended as good resources to learn from.

I see two kinds of resources out there:

  • Those that are posts from individuals or groups and are wholly maintained by them
  • community resources such as the OWASP wiki

I’ve done some picking on OWASP in the past about the quality of their PHP materials and what seems to be their general feel around PHP and PHP-centric security. This time, though, I don’t want to talk as much about their content itself but about the process they follow for generating that content.

I appreciate what OWASP is going for application security, I really do, but I think the “everyone can edit” mentality of their content is very flawed. I know it’s just not feasible for a single organization largely made up of volunteers to manage and audit all of the content on their site. I get that, I really do, but when I see people referring to PHP resources that haven’t been updated since 2006 or 2007 it makes me cringe. And, because of the visibility of the group, those are the resources people find and recommend not knowing any different.

I think this is the crux of my opinion – having resources where anyone can contribute and not auditing those resources is a “Bad Thing” in my book. Unfortunately, in the case of the masses of tutorials posted out on the web, there’s not much that can be done about that. Those are there to stay and search engines will continue to ensure they show in results regardless of their quality or relevance to the current state of things.

I’m not saying I want people to stop contributing here, I just think there needs to be a balance. There’s a lot of regurgitation of the same kinds of advice out there (“let’s rehash the Top 10 again…”) but there’s also a lot of more innovative content that gets deeper into PHP security matters beyond just the prevention of the most common issues. In my experience, PHP developers are becoming more and more savvy about the security of their applications (even if it is a “negative deliverable” so to speak) and require tips and techniques beyond these simple ten point checklists.

Unfortunately, there’s just not a good answer here. As long as the web continues to be a free for all in terms of posting content developers will keep posting the same things or they’ll post bad suggestions (or ones that just don’t make any sense). The only thing I can think to do is to offer advice to those doing research or reading through PHP security content to ensure they’re getting the best

Truncated by Planet PHP, read more at the original (another 1621 bytes)

Brandon SavageManaging client work when you don’t offer estimates (30.4.2015, 12:00 UTC)

My recent post on the reasons estimates suck generated some interesting questions about the management of client work, specifically related to client expectations and the “need” to offer an estimate of completion or cost to the client. Some of us are lucky enough to have internal clients to whom we can refuse to estimate; others […]

The post Managing client work when you don’t offer estimates appeared first on BrandonSavage.net.

SitePoint PHPPHP7 Resource Recap (29.4.2015, 16:00 UTC)

PHP 7 is well on its way. RFCs are being implemented and polished, projects are being tested, libraries upgraded. Extensions are being modified, and the word is spreading. All that remains is getting the shared hosts on the upgrade bandwagon - the arguably most difficult part of improving the global state of PHP. In this article, we’ll take a look at some of the most important PHP 7 related resources and tips you should go through in preparation for the new version.

Php7 logo by Vincent Pontier

Image via Vincent Pontier

Continue reading %PHP7 Resource Recap%

Stefan KoopmanschapTake The Scenic Route (29.4.2015, 11:00 UTC)

Yesterday was a really hard day at work. Lots of meetings, tough topics, lots of stress, lots of frustration. So when I went home, I didn’t take my usual route, but decided to exit the highway a bit earlier than usual and drive through the forest.

Relax And Clear Your Mind

Driving through nature, whether it is a forest, a moor or meadows, has a calming effect on me. It allows me to clear my mind and just enjoy the moment. It also takes you away from the daily routines you have, take a distance from what you see every day and have some variation.

This Also Works For Programming

And while the above is a real thing, it can work just as well as an analogy for being stuck in a programming problem. Sometimes, you just need to step back and take the scenic route. Try a different solution than the one you’re stuck on, find another way. Modern version control lets us easily stash one solution to work on a different solution. You could even stash your second solution and work on a third. Eventually, you will find the right one. It could even be your first solution, but you might not realize it until you’ve tried the other solution(s).

Get Off Your Route

So when you’re stuck, try the scenic route. This means not trying to solve the problem using the same approach you’ve used before, but try a different approach. Completely break with your current path of choice and think of other ways you could solve this problem.

Also: Get Off Your Route

Programming doesn’t stop the minute you step into your car, onto your bike, into your bus or train. So analogies aside, take a different route home every once in a while. This might just force your brain to also take a different route, see a different approach, consider a different way of handling the same issue. And if that doesn’t work, at least you’ve enjoyed the scenic route home.

Cal EvansInterview with Chris Tankersley (28.4.2015, 05:00 UTC) Link
Michelangelo van DamBack from LoneStarPHP 2015 (27.4.2015, 18:39 UTC)
LoneStarPHP 2015
Listening to Phil Sturgeon (courtesy of Ben Marks) at LoneStarPHP 2015
I returned earlier this week from LoneStarPHP 2015, a community PHP conference held in Addison, a suburb of Dallas, Texas.
This conference was a three-day event, with a full day reserved for tutorial sessions where experts from all over the world gave full training and hands-on workshops on subjects like PHP foundations, unit testing, systems administration, API's, security and performance. A great decision made by the conference organizers to run a full day for training. 
Standing in line for a true Texas BBQ at Hard Eight BBQ
LoneStarPHP has a reputation to offer a true Texas BBQ to all speakers, and this year it was again a big success. We ended up at the "Hard Eight BBQ", one of the best BBQ restaurants in the US. A quarter pound of very tasty brisket, some Jalapeño Chicken Poppers, Spicy Sausage and a few Spare Ribs were on my plate. Just the amount of meat I could handle without getting a meat overdose.
The second and third day were all about PHP. Speakers were giving 50 minute sessions starting at 9am all the way until 5pm. LoneStarPHP attendees were given the best of the best and the audience loved it.

Jeff Carrouth goes over the SOA architecture
I learned interesting things about Dependency Injection, Composer , API's, SOA's, Security, Testing, Guzzle to consume HTTP, Speaking at Conferences, Teaching Kids to Code and What it takes to run a tech company.
Between sessions there was of course the "hallway track", discussions between attendees about all kind of subjects which many consider the most important part of any conference.

Truncated by Planet PHP, read more at the original (another 2337 bytes)

SitePoint PHPGenerating PHP Documentation with Sami (27.4.2015, 16:00 UTC)

Documenting your methods, classes, and functions is becoming second nature for everyone, so it makes sense to have a way to generate a separate documentation instead of navigating through the source code. In this article, I’m going to introduce you to Sami, the new API documentation generator.

Image of a large tome

What Is a DocBlock?

A DocBlock is a multi-line comment inserted at the top of an implementation (Class, Interface, Method, Attribute…etc). To clarify this, let’s use some code snippets from Laravel.

abstract class Manager
   * The application instance.
   * @var \Illuminate\Foundation\Application
  protected $app;

   * Create a new manager instance.
   * @param \Illuminate\Foundation\Application $app
   * @return void
  public function __construct($app)
    $this->app = $app;

The DocBlock must start with a /**, end with a */, and every line in between should start with a *.
When defining a class attribute or a method, we write a description, and one or more annotations to define more information about the implementation. In these examples, the @param and @var annotation tags were used. You can visit the documentation for each of these annotations to view a list of annotations phpDocumentor supports.

Continue reading %Generating PHP Documentation with Sami%

LinksRSS 0.92   RDF 1.
Atom Feed   100% Popoon
PHP5 powered   PEAR
ButtonsPlanet PHP   Planet PHP
Planet PHP