PHP Directory

Blogs

  • PHP Files: An Introduction

    Speaker: Jacques Woodcock @jacqueswoodcock Working with files in PHP can be a fun and a frustrating task; one you never know when you’ll be asked to do. In this talk, we’ll go over how to work with files and some of the most common built in functions to help accomplish your tasks.

    The post PHP Files: An Introduction appeared first on Nomad PHP.

  • Getting rid of Redux Framework annoyances

    Redux Framework is a nice option framework for WordPress theme and plugin developers, and probably it is one of the most used frameworks out there. However, it comes with a few annoyances that many peoples are complaining of. First one is their dashboard widget. There should be a hook to remove that from my theme. … Continue reading Getting rid of Redux Framework annoyances
  • Sending Emails in PHP with PHPMailer

    PHPMailer is the most popular open source PHP library to send emails with. It was first released way back in 2001 and since then it has become a PHP developer’s favorite way of sending emails programatically, beside a few other fan favorites like Swiftmailer.

    Emails flying stock picture

    In this article we’ll talk about why you should use PHPMailer instead of PHP’s mail() function and we’ll show some code samples on how to use this library.

    Is it an alternative to PHP’s mail() function?

    In most cases, it’s an alternative to PHP’s mail() function, but there are many other cases where the mail() function is simply not flexible enough to achieve what you need.

    First of all, PHPMailer provides an object oriented interface, whereas mail() is not object oriented. PHP developers generally hate to create $headers strings while sending emails using the mail() function because they require a lot of escaping - PHPMailer makes this a breeze. Developers also need to write dirty code (escaping characters, encoding and formatting) to send attachments and html based emails when using the mail() function whereas PHPMailer makes this painless.

    Continue reading %Sending Emails in PHP with PHPMailer%

  • Invoke and Gatekeeper for Route Authentication & Authorization

    As a part of a new project I’m working on (personal, not work) I came across a common need to enforce authentication and authorization handling in a bit more automated way based on the URL requested. I looked around for options and didn’t really find many that could be implemented somewhat simply but I did […]
  • Fear Not the Machine of State!

    Fear Not the Machine of State!

    Presented By
    Yitzchok Willroth
    July 23, 2015 20:00 CEST

    The post Fear Not the Machine of State! appeared first on Nomad PHP.

  • The Frills

    I don't like ORMs. I really don't. It's not just because all of the ORM frameworks I've seen make mockery out of performance needs, but they also tend to be extremely over-engineered, which makes me want to cry. I'd wager that most people using ORMs are actually solving the wrong problem with the wrong solution, simply because there wasn't a better alternative for their data-modeling needs and the benefits of adopting an ORM outweighed its inherent problems.

    It's like driving a gasoline-hungry car. You say that you care about its MPG rating, but you are still wasting a lot of gas without ever looking back. It is just a cost of living. Or insurance: You know you can save 15% or more... but you don't. You've accepted that bi-annual rip-off as cost of living.

    Just like using an ORM, you have accepted the pain as cost of living. Well, I don't :)

    ODS - Object<->Document Serializer

    The new MongoDB PHP driver includes an experimental ODS interface (BSON\Persistable) that allows you to automatically store your object as documents in MongoDB the way you see fit. And the best part? When you retrieve the document from MongoDB, the driver will know which class it represented and can reconstruct the object (again, the way you see fit).

    All you have to do is implement the two methods of the BSON\Persistable interface:
    That's it! There is no special way of querying by type, parent object, or any of those weird things that ORMs have introduced to work around storing objects or documents in databases. Your document is your object. Your relations are your relations.

    If you would like to build on top of this functionality, it's trivial to implement a trait that implements both methods and provides basic change tracking. At that point, we are entering ORM and ODM territory and are going beyond what we should ask from an extension. All we want from an extension is performance, and simplicity.

  • TLS/SSL Security In PHP: Avoiding The Lowest Common Insecure Denominator Trap



    A few weeks back I wrote a piece about updating PHARs in-situ, what we’ve taken to calling “self-updating”. In that article, I touched on making Transport Layer Security (TLS, formerly SSL) enforcement one of the central objectives of a self-updating process. In several other discussions, I started using the phrase “Lowest Common Insecure Denominator” as a label for when a process, which should be subject to TLS verification, has that verification omitted or disabled to serve a category of user with poorly configured PHP installations.

    This is not a novel or even TLS-only concept. All that the phrase means is that, to maximise users and minimise friction, programmers will be forever motivated to do away with security features that a significant minority cannot support by default. In the case of PHP users on Windows, this may include not having openssl or curl installed. Without either of these options, TLS verification in PHP becomes impossible without looking outside PHP (e.g. locally available system commands).

    The problem is that while programming to the Lowest Common Denominator is fine for many things, doing so to the point of maintaining active security vulnerabilities is not. Let’s take the simple example of Composer. It’s an incredible tool, used by most PHP programmers I know, but it can’t perform TLS verification worth a damn despite operating primarily over HTTPS URLs. On Reddit, there is a another tool just announced which relies on Composer to update application modules. That inherits the same vulnerability by depending on Composer in a live server setting. So too will other Composer dependent tools merely by inheriting from or reusing its download classes. In time, you finally have people seeking refuge in authority because Composer does this, and look, everyone and their pet hamster still uses it!

    There’s A Topic In Here Somewhere

    Much as I did around writing phar-updater and, more importantly, documenting the reasoning behind a tool that enforces TLS and supports openssl signing as a first citizen, I’d like to drill down into the specifics of how to approach this problem. It’s not an insurmountable one assuming you accept some basic ideas:

    1. You should never knowingly distribute insecure code.
    2. You should accept responsibility for reported vulnerabilities.
    3. You should make every effort to fix vulnerabilities within a reasonable time.
    4. You should responsibly disclose vulnerabilities and fixes to the public.

    These four ideas are self-explanatory as the guiding principles that any good security policy is founded upon. When you violate them, you earn general mistrust and reputational damage when your users either figure out that violations occurred, or that those violations contributed towards the worst case scenario: getting hacked and all the ugly outcomes that follow. You only need to go on Reddit and other news sites to find that Magento’s reputation is currently being ripped to shreds over failing to uphold these principles recently.

    So, given something like an application where the expectation is that everyone will install it, whether it be on Ubuntu, Windows, or Terminator-X45, how does one go about implementing TLS verification as securely as possible without being overly burdensome on programmers? Is it even possible?

    Step 1: Implement TLS Verification

    In keeping with those four ideas from earlier, the first course of action is to just implement TLS verification and get a handle on the consequences. Foisting a security vulnerability onto all members without their consent is irresponsible programming and should never be tolerated by the community.

    It’s essential to reiterate that Insufficient Transport Layer Protection is a security vulnerability, making it possible for attackers to perform Man-In-Th

    Truncated by Planet PHP, read more at the original (another 5648 bytes)

  • PHP IPC with Daemon Service using Message Queues, Shared Memory and Semaphores

    By Dmitry Mamontov
    In a previous article, we learned how to create a simple daemon service in PHP to monitor and process an important activity on a machine in the background.

    Now we move with a more advanced topic which is how daemon processes can communicate with other programs, or with other instances of the same daemon process.

    Read this article to learn how to perform IPC, Inter-Process communication in PHP to send and receive data using message queues, as well as to transmit large volumes of data using shared memory, an using semaphores to prevent problems caused by simultaneous accesses.
  • StackPHP Explained

    Today we are going to look at StackPHP and try to understand what this thing is all about. Although this post will have some code, this article will be rather theoretical as we are interested in learning what StackPHP actually is, where it comes from and why it is useful.

    StackPHP Logo

    As the front page of the StackPHP project says, Stack is a convention for composing HttpKernelInterface middlewares. But, in order to actually understand this definition, we will have to cover a few concepts first. At the end, we will also illustrate the concepts we learned in the context of StackPHP with some example code. This usually makes things much easier to understand.

    Continue reading %StackPHP Explained%

  • Readying PHP 7 for its Release - Lately in PHP podcast episode 58

    By Manuel Lemos
    According to the proposed PHP 7.0 timeline, on March 16 started a period on which there will be only finalization and testing of the implementation of proposed features.

    This was one the main topics commented by Manuel Lemos and Arturs Sosins in the episode 58 of the Lately in PHP podcast.

    They also commented on important approved features like the scalar type hinting, exceptions in the engine, anonymous classes, and the proposal to have consistent function names.

    They also talked about interesting articles like one about urgent maintenance tasks site owners need to perform, improving MongoDB applications with Symfony listeners and creating PHP daemon services.

    Listen to the podcast, or watch the hangout video, or read the transcript to learn more about these interesting PHP topics.

:: Our Favorites

Featured Sites Using PHP

>Atlanta Real Estate