Speaker: Jacques Woodcock @jacqueswoodcock Working with files in PHP can be a fun and a frustrating task; one you never know when you’ll be asked to do. In this talk, we’ll go over how to work with files and some of the most common built in functions to help accomplish your tasks.
- Continue reading Getting rid of Redux Framework annoyances
PHPMailer is the most popular open source PHP library to send emails with. It was first released way back in 2001 and since then it has become a PHP developer’s favorite way of sending emails programatically, beside a few other fan favorites like Swiftmailer.
In this article we’ll talk about why you should use PHPMailer instead of PHP’s
mail()function and we’ll show some code samples on how to use this library.
Is it an alternative to PHP’s
In most cases, it’s an alternative to PHP’s
mail()function, but there are many other cases where the
mail()function is simply not flexible enough to achieve what you need.
First of all, PHPMailer provides an object oriented interface, whereas
mail()is not object oriented. PHP developers generally hate to create
$headersstrings while sending emails using the
mail()function because they require a lot of escaping - PHPMailer makes this a breeze. Developers also need to write dirty code (escaping characters, encoding and formatting) to send attachments and html based emails when using the
mail()function whereas PHPMailer makes this painless.
Continue reading %Sending Emails in PHP with PHPMailer%
Fear Not the Machine of State!
July 23, 2015 20:00 CEST
- ORMs. I really don't. It's not just because all of the ORM frameworks I've seen make mockery out of performance needs, but they also tend to be extremely over-engineered, which makes me want to cry. I'd wager that most people using ORMs are actually solving the wrong problem with the wrong solution, simply because there wasn't a better alternative for their data-modeling needs and the benefits of adopting an ORM outweighed its inherent problems.
It's like driving a gasoline-hungry car. You say that you care about its MPG rating, but you are still wasting a lot of gas without ever looking back. It is just a cost of living. Or insurance: You know you can save 15% or more... but you don't. You've accepted that bi-annual rip-off as cost of living.
Just like using an ORM, you have accepted the pain as cost of living. Well, I don't :)
ODS - Object<->Document SerializerThe new MongoDB PHP driver includes an experimental ODS interface (BSON\Persistable) that allows you to automatically store your object as documents in MongoDB the way you see fit. And the best part? When you retrieve the document from MongoDB, the driver will know which class it represented and can reconstruct the object (again, the way you see fit).
All you have to do is implement the two methods of the BSON\Persistable interface:
- bsonSerialize() which returns an array to store as a BSON document
- bsonUnserialize($array) which receives a BSON document just like the one returned by the serialize method
That's it! There is no special way of querying by type, parent object, or any of those weird things that ORMs have introduced to work around storing objects or documents in databases. Your document is your object. Your relations are your relations.
If you would like to build on top of this functionality, it's trivial to implement a trait that implements both methods and provides basic change tracking. At that point, we are entering ORM and ODM territory and are going beyond what we should ask from an extension. All we want from an extension is performance, and simplicity.
A few weeks back I wrote a piece about updating PHARs in-situ, what we’ve taken to calling “self-updating”. In that article, I touched on making Transport Layer Security (TLS, formerly SSL) enforcement one of the central objectives of a self-updating process. In several other discussions, I started using the phrase “Lowest Common Insecure Denominator” as a label for when a process, which should be subject to TLS verification, has that verification omitted or disabled to serve a category of user with poorly configured PHP installations.
This is not a novel or even TLS-only concept. All that the phrase means is that, to maximise users and minimise friction, programmers will be forever motivated to do away with security features that a significant minority cannot support by default. In the case of PHP users on Windows, this may include not having openssl or curl installed. Without either of these options, TLS verification in PHP becomes impossible without looking outside PHP (e.g. locally available system commands).
The problem is that while programming to the Lowest Common Denominator is fine for many things, doing so to the point of maintaining active security vulnerabilities is not. Let’s take the simple example of Composer. It’s an incredible tool, used by most PHP programmers I know, but it can’t perform TLS verification worth a damn despite operating primarily over HTTPS URLs. On Reddit, there is a another tool just announced which relies on Composer to update application modules. That inherits the same vulnerability by depending on Composer in a live server setting. So too will other Composer dependent tools merely by inheriting from or reusing its download classes. In time, you finally have people seeking refuge in authority because Composer does this, and look, everyone and their pet hamster still uses it!
There’s A Topic In Here Somewhere
Much as I did around writing phar-updater and, more importantly, documenting the reasoning behind a tool that enforces TLS and supports openssl signing as a first citizen, I’d like to drill down into the specifics of how to approach this problem. It’s not an insurmountable one assuming you accept some basic ideas:
- You should never knowingly distribute insecure code.
- You should accept responsibility for reported vulnerabilities.
- You should make every effort to fix vulnerabilities within a reasonable time.
- You should responsibly disclose vulnerabilities and fixes to the public.
These four ideas are self-explanatory as the guiding principles that any good security policy is founded upon. When you violate them, you earn general mistrust and reputational damage when your users either figure out that violations occurred, or that those violations contributed towards the worst case scenario: getting hacked and all the ugly outcomes that follow. You only need to go on Reddit and other news sites to find that Magento’s reputation is currently being ripped to shreds over failing to uphold these principles recently.
So, given something like an application where the expectation is that everyone will install it, whether it be on Ubuntu, Windows, or Terminator-X45, how does one go about implementing TLS verification as securely as possible without being overly burdensome on programmers? Is it even possible?
Step 1: Implement TLS Verification
In keeping with those four ideas from earlier, the first course of action is to just implement TLS verification and get a handle on the consequences. Foisting a security vulnerability onto all members without their consent is irresponsible programming and should never be tolerated by the community.
It’s essential to reiterate that Insufficient Transport Layer Protection is a security vulnerability, making it possible for attackers to perform Man-In-Th
Truncated by Planet PHP, read more at the original (another 5648 bytes)
- By Dmitry MamontovIn a previous article, we learned how to create a simple daemon service in PHP to monitor and process an important activity on a machine in the background.
Now we move with a more advanced topic which is how daemon processes can communicate with other programs, or with other instances of the same daemon process.
Read this article to learn how to perform IPC, Inter-Process communication in PHP to send and receive data using message queues, as well as to transmit large volumes of data using shared memory, an using semaphores to prevent problems caused by simultaneous accesses.
Today we are going to look at StackPHP and try to understand what this thing is all about. Although this post will have some code, this article will be rather theoretical as we are interested in learning what StackPHP actually is, where it comes from and why it is useful.
As the front page of the StackPHP project says, Stack is a convention for composing HttpKernelInterface middlewares. But, in order to actually understand this definition, we will have to cover a few concepts first. At the end, we will also illustrate the concepts we learned in the context of StackPHP with some example code. This usually makes things much easier to understand.
Continue reading %StackPHP Explained%
- By Manuel LemosAccording to the proposed PHP 7.0 timeline, on March 16 started a period on which there will be only finalization and testing of the implementation of proposed features.
This was one the main topics commented by Manuel Lemos and Arturs Sosins in the episode 58 of the Lately in PHP podcast.
They also commented on important approved features like the scalar type hinting, exceptions in the engine, anonymous classes, and the proposal to have consistent function names.
They also talked about interesting articles like one about urgent maintenance tasks site owners need to perform, improving MongoDB applications with Symfony listeners and creating PHP daemon services.
Listen to the podcast, or watch the hangout video, or read the transcript to learn more about these interesting PHP topics.