2015年3月31日星期二

Community News: Latest PECL Releases for 03.31.2015

Latest PECL Releases:
  • imagick 3.3.0RC1
    - Added ImagickKernel class. These can be used with the Imagick::morphology or
    Imagick::filter functions.
    - Added methods:
    * Imagick::brightnessContrastImage()
    * Imagick::colorMatrixImage()
    * Imagick::deleteImageProperty()
    * Imagick::filter()
    * Imagick::forwardFourierTransformImage()
    * Imagick::getAntiAlias()
    * Imagick::getImageCompression()
    * Imagick::getRegistry()
    * Imagick::getQuantum()
    * Imagick::identifyFormat()
    * Imagick::inverseFourierTransformImage()
    * Imagick::isPixelSimilarQuantum()
    * Imagick::listRegistry()
    * Imagick::morphology()
    * Imagick::rotationalBlurImage()
    * Imagick::selectiveBlurImage()
    * Imagick::setAntiAlias()
    * Imagick::setImageBiasQuantum()
    * Imagick::setProgressMonitor()
    * Imagick::setRegistry() - which allows setting the "temporary-path" used by ImageMagick
    * Imagick::statisticImage()
    * Imagick::subImageMatch()
    * ImagickPixel::getColorQuantum()
    - Added constants:
    * Imagick::RESOURCETYPE_TIME
    * Imagick::RESOURCETYPE_THROTTLE
    * Imagick::CHANNEL_RGBA
    * Imagick::ALPHACHANNEL_BACKGROUND
    * Imagick::FUNCTION_ARCSIN
    * Imagick::FUNCTION_ARCTAN
    - Fixed Imagick::clutImage() parameter parsing
    - Fixed tint image bug
    - Fixed ImageMagick compiled with HDRI having quantum values as floats
    - Fixed memory leaks in:
    * Imagick::getImageBlob()
    * Imagick::getImagesBlob()
    * Imagick::getImageChannelStatistics()
    * Imagick::getImageFormat()
    * Imagick::getImageMimetype()
    * Imagick::getSamplingFactors()
    * Imagick::identifyImage()
    * Imagick::tintImage
    - Fixed segfault when compiling statically
    - ImagickDraw::setFontFamily no longer checks whether the font is available. This allows a
    font family to be set where the family name is not the same as the font name. However it also
    means an invalid family name can be set, leading to the default font being used, instead of an
    exception being thrown. See https://github.com/mkoppanen/imagick/issues/77
    - Removed Zend MM support
    - Excluded deprecated methods:
    * Imagick::getImageMatte()
    * Imagick::colorFloodfillImage()
    * Imagick::matteFloodfillImage()
    * Imagick::paintFloodfillImage()
    * Imagick::paintOpaqueImage()
    * Imagick::paintTransparentImage()
    * Imagick::mapImage()
    * Imagick::recolorImage()
    * Imagick::setImageIndex()
    * Imagick::getImageIndex()
    * Imagick::getImageSize()
    * Imagick::setImageAttribute()
    * Imagick::getImageAttribute()
    * Imagick::mosaicImages()
    * Imagick::averageImages()
    * Imagick::flattenImages()
    This is replaced by $im = $im->mergeImageLayers(Imagick::LAYERMETHOD_FLATTEN)
    * Imagick::getImageChannelExtrema()
    * Imagick::getImageExtrema()
    - Ini file changes
    * Added imagick.skip_version_check. Imagick now checks that it was compiled against the same version of
    ImageMagick that it is being run with, and will give a warning if it was compiled against a different
    version of ImageMagick. The skip_version_check setting allows you to suppress this warning. However
    it is strongly recommended to use the version of ImageMagick that Imagick was compiled against.
    - Misc:
    * CI now compiles with CFLAGS="-Wno-deprecated-declarations -Wdeclaration-after-statement -Werror"


  • xxtea 1.0.10
    Fixed typo in configure output


  • swoole 1.7.14
    - Update websocket server onOpen callback params
    - Update websocket server onMessage callback params
    - Added swoole_server->tick/swoole_timer_tick function
    - Fixed onReceive data merge failure
    - Added http server gzip compression supports
    - Update http server allows sending empty body


  • mongodb 0.3.1
    * PHPC-211: Windows libbson and mongoc config files missing in release archive


  • mongodb 0.3.0
    * PHPC-175: Fix header includes on Windows
    * PHPC-175: Fix build on 32bit
    * PHPC-175: Windows doesn't have these compiler attributes
    * IPHPC-176: Copy build templates, add missing file & set build flags
    * PHPC-200: Don't set stream initiator when creating client fails
    * PHPC-199: Missing file from mongoc in config.m4
    * Update naming after PHPC-174


  • mongo 1.6.6
    ** Bug
    * [PHP-1413] - Driver segfaults with SSL connection and no context options
    * [PHP-1414] - SSL peer verification should reference stream->context options


Voices of the ElePHPant: Interview with David Stockton

The Voices of the ElePHPant podcast has posted their latest interview with a member of the PHP community. In this latest episode host Cal Evans talks with David Stockton, a conference goer and member of the Front Range PHP User Group



Cal and David talk about conferences and how it has had an effect on him as a programmer. Cal also asks him about his preference between going to sessions versus hanging out in the "hallway track".



You can listen to this episode either through the in-page audio player or you can download the mp3 of the show. If you enjoy the episode, you can subscribe to their feed.


Link: https://voicesoftheelephpant.com/2015/03/31/interview-with-david-stockton/

Derick Rethans: Xdebug 2.3: Improvements to Tracing


Derick Rethans has posted a new article in his series highlighting some of the changes in the latest release of Xdebug (v2.3). In this new post he talks about some of the improvements in the trace file functionality.



Trace files are a way to document every function call, and if you enable it, variable assignment and function's return values - including when these functions were called, and how much memory PHP was using at the moment of function entry (and exit). Xdebug 2.3 adds a new type of parameter rendering for stack traces and function traces through the xdebug.collect_params setting.


This new setting allows much more information to be reported back in the trace results, adding on a serialized version of the value of variables. He also shows the output results (human-readable) that shows the memory usage and time index for the execution. He also shows the new handling to include return values in the trace output using the "xdebug.trace_format" handling.


Link: http://derickrethans.nl/xdebug-2.3-tracing-improvements.html

NetTuts.com: Using HHVM With WordPress


On the NetTuts.com site today they've posted a new tutorial showing you how you can use WordPress with HHVM now that they're 100% compatible.




Over the past few months HHVM has taken the PHP community by storm. Since WordPress 3.9 was released, HHVM is now 100% compatible with WordPress.



Unfortunately, HHVM is not quite ready for use in production in self-hosted environments. In my experience, HHVM crashes about once per day, which makes it not viable for a site where high availability is important. Recently, WP Engine has released project Mercury which seamlessly allows HHVM to gracefully fail by falling back to PHP 5.5 when it fails. In this article, we're going to install HHVM on an Ubuntu server running the latest LTS release, 14.04.



They walk you through the full process including:



  • installing MySQL
  • Installing Nginx
  • Installing HHVM
  • Setting up and configuring them all to play nicely with WordPress


It's a pretty short article and doesn't get into the specifics of the WordPress setup steps past ensuring it's working with HHVM but it does give a good starting place.


Link: http://code.tutsplus.com/articles/using-hhvm-with-wordpress--cms-21596

Scotch.io: A Beginner's Guide To Composer


The Scotch.io site has posted a guide that can help you if you're just getting started in the world of PHP packages via Composer. In this new tutorial Daniel Pataki introduces you to the tool and how to use it to install the dependencies you need.



I'm sure there are plenty of coders out there who are wondering about the benefits of using composer and many who are afraid to make the leap into a new system. In this article we'll take a look at what exactly Composer is, what it does and why it is a great tool for PHP projects.


He starts with the basics of dependency management, why it would be used in a project and how it automates the installation and integration of 3rd party libraries. From there he helps you get Composer installed and starts in on a sample "composer.json" configuration file. In his example he installs Monolog, the popular PHP logging class. He talks some about how to specify versions, locking down the dependency versions to install and installing "developer only" requirements.


Link: https://scotch.io/tutorials/a-beginners-guide-to-composer

2015年3月30日星期一

Community News: Latest PEAR Releases for 03.30.2015

Latest PEAR Releases:

That Podcast: Episode 16: The one with HTTP/2


That Podcast has posted their latest episode today, Episode #16 - The One with HTTP/2.



Beau and Dave catch up on their latest happenings and talk about HTTP/2, what makes it different and how we understand it could change the way we do things.

Other topics mentioned in this new episode include:




You can listen to this latest episode either through the in-page audio player or by downloading the mp3. Be sure you subscribe to their feed if you enjoy the show too!


Link: http://thatpodcast.io/episodes/episode-16-the-one-with-http-2/

Rob Allen: Building and testing the upcoming PHP7


Rob Allen has posted a guide to building and testing PHP 7, the next upcoming major build of the PHP language (released sometime later this year).



The GoPHP7-ext project aims to ensure that all the known PHP extensions out there work with the upcoming PHP 7. This is non-trivial as some significant changes have occurred in the core PHP engine (related to performance) that mean that extensions need to be updated. In order to help out (and prepare my own PHP code for PHP 7!), I needed the latest version of PHP7 working in a vagrant VM. Fortunately Rasmus has created a such a VM called php7dev, so let's start there.


He walks you through the process of grabbing the latest version of the virtual machine and set it up as a Vagrant VM instance. He talks about the different PHP versions contained in the VM and how to update PHP 7 to the latest pre-release version. Finally he talks about building an extension on the VM (he uses the apfd extension) and how to configure the VM to be able to test your own code too.


Link: http://akrabat.com/building-and-testing-php7/

SitePoint PHP Blog: Best PHP Framework for 2015 - SitePoint Survey Results


In a new post to the SitePoint PHP blog editor Bruno Skvorc shares the results of the PHP framework survey the site posted a month back. In it they asked developers for their opinions on favorite frameworks (not necessarily the one they use, but their own personal opinion). For anyone that's been keeping up with the current state of PHP frameworks, the results aren't all that surprising though.



One month ago, we started the annual SitePoint framework popularity survey. Now that the month has expired, it's time to look at the results and to distribute the prizes. The response was a whopping ~7800 entries, far more than any other survey we've held so far, and even after filtering out invalid entries we end up with a formidable number of valid participants.


According to the results the most popular framework, by far, was Laravel. Coming in second was Symfony2 and third the Nette framework. They did ask for different opinions for personal versus business choices but the results track the same between the two. He also splits out the data into the top results by country and by the age of the people who responded.



He finishes off the post with some of his own thoughts on why Laravel was the clear winner with only some of it having to do with the framework itself. He points out the related projects, "near perfect documentation" and other things (like Laravel's own subreddit). He suggests that, even though open source and "free" tend to go together, spending money and a good amount of time on a project can help ensure it succeeds. He also offers some practical advice for those wanting to give their project a boost:



Spread the word, analyze solutions from other people, discuss them. Be open, be transparent. Have an official blog, get a StackOverflow tag, justify your decisions, get in touch with popular publications which can help promote your framework if you present it well enough.

Link: http://www.sitepoint.com/best-php-framework-2015-sitepoint-survey-results/

Christopher Pitt: Co-operative PHP Multitasking


Christopher Pitt has posted a new article on Medium.com about when an "array is like an adventure" when in the context of co-operative PHP multitasking. In it he shows how to make code work asynchronously with out the use of extensions, only generators.



Last week I got the opportunity to share recent work with my colleagues, at SilverStripe. I was going to present Async PHP today, but since I covered ReactPHP last week; I decided to talk about something slightly different. So here's a post about cooperative multitasking.


He starts with some basic arrays and other things that act like them and can be iterated through (Traversable). He talks about implementing custom iterators to act the same way and the use of IteratorAggregate to "cheat" a bit when making them. The he gets into generators, showing how they can be used to iterate similarly. He shows how it's possible to send data to a generator, throwing exceptions inside them and the use of "coroutines" to create asynchronous code. He builds up a queue system with this method and shows how they execute with some simple echo output. He also shows the use of RecoilPHP, another coroutine-based library, to replace the main kernel for a ReactPHP script. He also mentions IcicleIO as another option.


Link: https://medium.com/@assertchris/co-operative-php-multitasking-ce4ef52858a0

2015年3月27日星期五

Site News: Popular Posts for the Week of 03.27.2015

Popular posts from PHPDeveloper.org for the past week:

Scotch.io: Build a Time Tracker with Laravel 5 and AngularJS - Part 1


On the Scotch.io site there's a new tutorial showing you how to build a time tracking application with a combination of Laravel and AngularJS. This is the first part of a new series and focuses on the basic principles and getting some of the first parts of the application up and running.




Laravel and AngularJS work great together, but it can be a little tricky to get going at first, especially if you are new to the frameworks. In a previous article, Chris showed you how to make a Single Page Comment App with Laravel and Angular. This tutorial will again bring the two frameworks together as we build out a simple time tracking application.



We'll be going into a lot of detail in this tutorial, so to make things manageable it has been broken into two parts. The first part will focus on getting the front-end setup with AngularJS and the second part on getting the backend setup with Laravel 5.




He starts with an overall look at the application and what functionality it will have. From there he walks you through:



  • Setting up the folder structure
  • Installing dependencies
  • Creating Javascript files
  • Setting up the view
  • Adding extra styling
  • Fetching the time data


He makes use of the Moment.js library to perform some of the time calculations for the difference and total time elapsed. He ends the post by tying up some loose ends with the controller and updating the view with the new calculated time values.


Link: https://scotch.io/tutorials/build-a-time-tracker-with-laravel-5-and-angularjs-part-1

PHPBuilder.com: Working with the PayPal API


PHPBuilder.com has posted a tutorial showing you how to interact with the PayPal API via your PHP application using their own PHP-SDK.



PayPal recently introduced a new RESTful API that is more convenient and more powerful than the previous version. In this article, I will show you how to integrate your PHP application with the new PayPal API.


They start with a summary of the PayPal API and how to get the SDK loaded and ready to use (either through Composer or manually). The tutorial walks you through the authorization process (OAuth) and the code you'll need to make it happen. They also show you how to create transaction (including currency type and description) after the items have been submitted. There's also some code showing you how to get the current status of the payment once it has been submitted.


Link: http://www.phpbuilder.com/articles/application-architecture/shopping-carts/working-with-the-paypal-api.html

Kristopher Wilson: Using Interfaces Effectively in PHP


Kristopher Wilson has a quick post talking about how he thinks you can use interfaces effectively in PHP applications.



Yesterday, a question appeared on Reddit about the purpose of interfaces in PHP. While I was too late to the party to provide an answer to that thread (at least that would get noticed by anybody), I thought it was a great topic of conversation. So let's take a look at interfaces in PHP.


He introduces some of the basics around interfaces and provides some sample code showing how they're created and used (and extended). He talks about some good practices for implementing them in your classes and how this fits into the world of dependency injection. He also includes a bit about type hinting based on the interface implemented and how they can be seen as "contracts" in your code.


Link: http://kristopherwilson.com/2015/03/26/using-interfaces-effectively-in-php/

Zend: 5 Things You Must Know about PHP 7


There's been a lot of talk in the community about PHP 7 and what features will be included but there's been a *lot* of it. To help distill it down a bit Zend has posted this infographic of the Top 5 features that will be coming in this next major version.


Their top five list includes both the main points and a quick summary for:



  • When it comes out (hint: this year)
  • The spaceship operator
  • Return type declarations and scalar type hints
  • Performance improvements


...and #5, even more performance improvements. There's also some links to other information about some of the topics to provide even more detail for those wanting to dive in.


Link: https://pages.zend.com/TY-Infographic.html

ServerGrove Blog: New Symfony installer: the fastest way to start your Symfony project


The ServerGrove blog has a new post today introducing the new Symfony Installer, a tool that can make getting started with a Symfony2 application quick and easy.



Yesterday, the Symfony team introduced the new Symfony installer. Its main goal is to help developers to create Symfony projects faster. Until now, installing Symfony to start a new project required a few steps. [...] The installer tries to do this in one step. It downloads a compressed file with all the code, including the vendors directory, so you don't need anything else to run Symfony for the first time.


The post shows you how to install the installer via a curl call to fetch the executable. They show how to use it to create a new project, making a demo project and the resulting application and web interface for the demo. They also mention some of the future work that's planned for the installer including HTTPS support and caching improvements. The post finishes up with a quick mention of the code "under the hood" using the Symfony console component.


Link: http://blog.servergrove.com/2015/03/27/new-symfony-installer-fastest-way-start-symfony-project/

2015年3月26日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

SitePoint PHP Blog: Top 10 Z-Ray Features to Check Out


The SitePoint PHP blog has a new post today from Daniel Berman (of Zend) with the top 10 features of Z-Ray to be sure to check out. Disclaimer: Z-Ray is a tool provided by Zend, a part of their Zend Server product.



Necessity is the mother of invention goes the famous saying. For PHP developers, there is no greater need than visibility. But developers today have a tough choice to make as they develop and debug their apps. Either use crude methods such as printing, debugging information, or storing it in a log file, or - use multiple debugging/profiling tools that are awkward and require a lot of work from the developer's side. [...] This article introduces the top 10 features of Z-Ray - an innovative new technology from Zend that makes PHP development a whole lot quicker and easier by giving developers unprecedented insight into their code - and the visibility they need to develop top-notch apps.

Among the items on their Top 10 list are things like:



  • Viewing information about page requests
  • Execution time and memory consumption
  • Showing errors and warnings
  • Viewing functions called during execution
  • Debugging features for mobile apps and APIs


Check out the full post for a list of more features and screenshots/detail on each one.


Link: http://www.sitepoint.com/top-10-z-ray-features-check/

Remi Collet: PHP 7.0 as Software Collection


Remi Collet has a new post today talking about the next major release of the PHP language - PHP 7 - and how it, in its current state, can be installed now as an RPM from the "remi" repository as a software collection.



RPM of upcoming major version of PHP 7.0, are available in remi repository for Fedora 20, 21, 22 and Enterprise Linux 6, 7 (RHEL, CentOS, ...) in a fresh new Software Collection (php70) allowing its installation beside the system version. As I strongly believe in SCL potential to provide a simple way to allow installation of various versions simultaneously, and as I think it is useful to offer this feature to allow developers to test their applications, to allow sysadmin to prepare a migration or simply to use this version for some specific application, I decide to create this new SCL.


Instructions for the installation (via yum) are included and a list of some things "to be noticed" about the setup are also included.



Link: http://blog.famillecollet.com/post/2015/03/25/PHP-7.0-as-Software-Collection

ClanCats Station: Writing a webserver in pure PHP - Tutorial


On the Clancats.com blog there's a recent post showing how to create a web server in pure PHP, an interesting experiment but definitely not recommended for any kind of higher load situation.




Well, this is pretty useless, but it is possible. But again its pretty.. uesless. This tutorial will hopefully help you to better understand how a simple webserver could work and that it's no problem writing one in PHP. But again using this in production would be trying to eat a soup with a fork. So just, .... just don't. Let me shortly explain why this is not a that good idea.



PHP is a scripting language that simply is not really designed for such tasks. A webserver is a long running process which PHP is not made for. Also PHP does not natively support threading ( pthreads ), which will make developing a good performing webserver a really hard task.




He walks you through all the code needed to create the web server (also available on GitHub) by making:



  • A "server" that does the listening for incoming and sends outgoing requests
  • A request object that parses the incoming request and makes header and body content available
  • A response object that allows for the setting of response codes, body content and headers
  • Exception handling for problems encountered during the request/response process


The full code is provided during the process along with explanations of what each part does. There's also a basic introduction to what a typical web server is and how the process of request/response usually flows.


Link: http://station.clancats.com/writing-a-webserver-in-pure-php

Julien Pauli: Zoom on PHP objects and classes


Julien Pauli has a recent post to his site that "zooms in" on objects and classes with a look behind the scenes at how they're handled in the PHP source (at the C level) with plenty of code examples and explanations as to how they work.



Everybody uses objects nowadays. Something that was not that easy to bet on when PHP5 got released 10 years ago (2005). I still remember this day, I wasn't involved in internals code yet, so I didn't know much things about how all this big machine could work. But I had to note at this time, when using this new release of the language, that jumps had been made compared to old PHP4. The major point advanced for PHP5 adoption was : "it has a new very powerful object model". That wasn't lies. [...] Here, I will show you as usual how all this stuff works internally. The goal is always the same : you understand and master what happens in the low level, to make a better usage of the language everyday.


The article does a great (if lengthy) job of covering everything that happens with PHP's objects and class system, including stats about memory consumption. He includes both the PHP code and the C code to illustrate what's happening with classes, interfaces, traits and object methods/attributes (including object references). He also talks about what "$this" is and how class destructors are handled.


Link: http://jpauli.github.io/2015/03/24/zoom-on-php-objects.html

2015年3月25日星期三

Community News: Recent posts from PHP Quickfix

Recent posts from the PHP Quickfix site:

Derick Rethans: Xdebug 2.3: Improvements to Debugging


In the latest in his series covering some of the improvements in the latest Xdebug release, Derick Rethans has posted this new article detailing some of the performance enhancements related to remote debugging that come with this new version.



This is the fourth article in a series about new features in Xdebug 2.3, which was first released on February 22nd. In this article we are looking at the improvements towards "remote" debugging.


The updates include showing the values of user-defined constants, being able to set an exception breakpoint on all exceptions and additional features around debugging the exceptions themselves. The output now includes the exception's error code and which exception the flow was broken on (though in his example of PHPStorm, the IDE won't report that information back). The last change he mentions is a change that reverts the output to a log if it can't write to a socket (usually SELinux related).


Link: http://derickrethans.nl/xdebug-2.3-debugging-improvements.html

DZone.com: Get a Handle on PHP Handlers


On DZone.com today there's a post covering the different kinds of handlers that can execute PHP - those pieces of code that work with the web servers we use every day to interpret and execute PHP code.



PHP Handlers? mod_php? FPM? How do we make sense of the inner workings of PHP outside of our lines of code? We know we can run PHP on the server to build web applications swiftly, but how can we optimize our environment and configurations to reach maximum scale? We know that PHP has its drawbacks for not being asynchronous or event-driven, which is all the more reason to ensure maximum optimization. The impact of your server environment on your PHP application performance can be more than you think you can afford. A careful examination of your PHP ecosystem will help you avoid suffering performance loss in areas you can otherwise solve for easily.


They provide a brief summary of what PHP handers, well, handle and where they fit in the overall architecture of execution. They then get into the details on some of them:



  • CGI - mod_cgi
  • suPHP - mod_suphp
  • DSO - mod_php
  • FastCGI - mod_fcgid
  • FPM (FastCGI Process Manager) - php-fpm


Included in each is an overview of how it works and some of the main advantages (and disadvantages) of their use. He also mentions two of the most popular web servers that work with these handlers: Apache and Nginx.


Link: http://php.dzone.com/articles/get-handle-php-handlers

DigitalOcean Community Blog: How To Set Up a Two Node LEPP Stack on CentOS 7


On the DigitalOcean community blog they've posted a guide to setting up a LEPP server (Linux, Nginx, PHP and PostgreSQL) on a CentOS 7 instance (not specific to their own platform either, can be applied anywhere).



In this tutorial, we will create a simple web application in a two-tier architecture. Our base operating system for both nodes will be CentOS 7. The site will be powered by an Nginx web server running PHP code that talks to a PostgreSQL database. Instead of adopting a "top-down" approach seen in other LAMP or LEMP tutorials, we will use a "ground-up" approach: we will create a database tier first, then the web server and then see how the web server can connect to the database. We will call this configuration a LEPP (Linux, Nginx, PHP, PostgreSQL) stack.


They create a two-tier setup that involves the use of two CentOS systems (with examples from their own hosting options) and walk you through:



  • Installing PostgreSQL
  • Configuring PostgreSQL
  • Updating the Database Server Firewall
  • Creating and Populating the Database
  • Installing Nginx
  • Updating the Web Server Firewall
  • Configuring Nginx
  • Installing PHP
  • Configuring PHP
  • Creating the Web Application


It seems like a lot of steps but all of the necessary commands and configuration updates are included in each step so it's basically a copy and paste kind of walk-through.


Link: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-two-node-lepp-stack-on-centos-7

2015年3月24日星期二

Community News: Latest PECL Releases for 03.24.2015

Latest PECL Releases:
  • mongodb 0.2.0
    * PHPC-174: Rename module registration, constants and so on to mongodb
    * PHPC-174: Rename phongo to mongodb
    * PHPC-174: Use consistent extension names for PHP and HHVM drivers
    * PHPC-195: Fix typo and couple of missing incldues
    * PHPC-195: Remove mongoc/bson header file workarounds
    * Test for PHPC-186
    * PHPC-183: Add -Wdeclaration-after-statement to --enable-developers-flags
    * PHPC-183: Fix compiler warnings with -Wdeclaration-after-statement
    * PHPC-189: Implement Manager->getServers()
    * PHPC-188: Populate MongoDBDriverServer
    * PHPC-24 PHPC-77 PHPC-69 Provide a functioning Server object
    * PHPC-106: Comment out var_dump() data for now
    * PHPC-106: Enable mongoc SDAM build
    * PHPC-106: Connect asynchronouslyish
    * PHPC-106: Implement the new poll callback
    * PHPC-181: Discard const qualifiers for PHP API
    * PHPC-181: Use const for pointer args where applicable
    * PHPC-180: Fix limited batch import
    * PHPC-180: No need to sleep anything, we get a fresh connection in next test
    * PHPC-180: We now load 1024 users
    * PHPC-180: We now generate 1024 users, only load the first 100
    * PHPC-180: Cache the fixtures
    * PHPC-180: Rename constant and pass the cleanup uri explicitly
    * PHPC-180: Replace this Orchestration wrapper with significantly simpler code
    * PHPC-168: Implement WriteResult::isAcknowledged()
    * PHPC-170: Don't set write concern on bulk unnecessarily
    * PHPC-177: Include all fields in WriteConcern debug output


  • WinCache 1.3.7.4
    1.3.7.4:
    - Fix uninitialized variable issue that leads to av (null zend_error_cb).
    - Increase the timeout used to wait for other processes to finish initialization.
    - Re-order initialization such that User Cache will still work even if file cache fails to init.
    - Remove noisy ASSERTs.
    - Improve error checking in shared memory heap management functions.
    - Fix alloc bug in wincache_file_get_contents.
    - Enable setting of debuglevel and reroute_enabled from .user.ini.
    - Move shared memory segments out of the Windows System Pagefile. Added new configuration setting wincache.filemapdir to control where the temp files are created.
    - Refine VM base address selection for shared memory maps.
    - Ensure all named objects created with Global prefix when apppoolid is set.


  • xdebug 2.3.2
    Sun, Mar 22, 2015 - xdebug 2.3.2

    = Fixed bugs:

    - Fixed issue #1117: Path/branch coverage sometimes crashes
    - Fixed issue #1121: Segfaults with path/branch coverage


  • xxtea 1.0.5
    Initial release to PECL


  • xxtea 1.0.6
    Initial release to PECL


  • xxtea 1.0.7
    Initial release to PECL


  • xxtea 1.0.8
    Initial release to PECL


  • xxtea 1.0.9
    Added Changelog


  • timezonedb 2015.2
    Updated to version 2015.2 (2015b)


  • SeasLog 1.1.8
    - Fixed init config error with ZTS
    - Fixed SeasLog::analyzerDetail() function compatible with CentOS


  • pecl_http 2.4.1
    * Fixed build with PHP <= 5.4 (Remi)


  • swoole 1.7.13
    - Update server session_list resized to 1M
    - Update connection_info from_fd, from_port rename to server_fd, server_port
    - Http server performance optimization
    - WebSocket server performance optimization
    - Added swoole_client->getpeername
    - Added swoole_client->getsockname
    - Fixed accept dead loop when server have too many connection
    - Fixed sequence of onConnect/onReceive events disorder


  • pecl_http 2.4.0
    * Split off pecl/apfd and pecl/json_post


  • json_post 1.0.0
    * Split off pecl_http


  • apfd 1.0.0
    * Split off pecl_http


Voices of the ElePHPant: Interview with Samantha Qui&ntilde;ones


The Voices of the ElePHPant podcast has posted their latest series in their interviews with members of the PHP community. In this latest episode Cal Evans interviews Samantha Quiñones.



Cal and Samantha talk about some of the work she's been doing since she made the move over to development at AOL working in their media group. She talks about some of the open source projects AOL has released and their GitHub page with more details.



You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly for listening at your leisure. If you enjoy the interview, be sure to subscribe to their feed and get the latest episodes as they're released.


Link: http://voicesoftheelephpant.com/2015/03/24/interview-with-samantha-quinones/

Using Aura.Html with LeaguePlates


Paul Jones has a new post to his site showing how to merge one of the components of the Aura framework with the templating library Plates, a part of the The League of Extraordinary PHP Packages. In this post he shows how to integrate the Plates rendering engine into the Aura.Html component for use as a view layer.



Aura has its own native PHP template package, Aura.View, a direct descendant of Savant and Solar_View, as well as a cousin to Zend_View. The v1 Aura.View package used to include a helper system. Once we realized that there was no reason to tie the helper system directly to the view system, we released the helpers as a standalone Aura.Html package. This means the helpers can be used in any PHP presentation code, framework-based or otherwise.


Plates lets you register functions against its own internal handling, referencing the different elements to be rendered. He includes a code example showing this integration and how they look used in a Plates template.


Link: http://paul-m-jones.com/archives/6111

Slashdot.org: Book Review - Modern PHP: New Features and Good Practices


On Slashdot today Michael Ross as posted a book review of Josh Lockhart's recently released O'Reilly book "Modern PHP".



In recent years, JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool primarily used for special effects and form validation on web pages, to a substantial client-side programming language. Similarly, on the server side, after years as the target of criticism, the PHP computer programming language is seeing a revival, partly due to the addition of new capabilities, such as namespaces, traits, generators, closures, and components, among other improvements. PHP enthusiasts and detractors alike can learn more about these changes from the book Modern PHP: New Features and Good Practices, authored by Josh Lockhart.


In the rest of the review Michael provides an overview of the topics covered in the book and how it's divided up. He then covers each of these three sections, commenting on the contents and making a few recommendations for those not immediately familiar with the topics. He does point out that he felt there was some critical information missing on some topics that "would allow one to begin immediately applying that technique or resource to one's own coding." Overall, though, he found the book a good resource and recommends it to those looking for a source to learn about new trends and tools in PHP.


Link: http://books.slashdot.org/story/15/03/22/1447230/modern-php-new-features-and-good-practices

NetTuts.com: Programming With Yii2: Integrating User Registration


NetTuts.com has posted the next part in their "Programming with Yii2" series today with this tutorial showing you how to integrate user registration into your sample application.



This is part four of a series on Yii2. In Programming With Yii2: Getting Started, we set up Yii2 locally, built a Hello World application, set up a remote server, and used Github to deploy our code. In part two, we learned about Yii's implementation of its Model View Controller architecture and how to build web pages and forms that collect and validate data. In part three, we learned about working with databases and ActiveRecord. In this tutorial, we'll walk you through integrating a popular user registration plugin.


They walk you through the use of the Yii2-User extension to provide the user handling functionality. The tutorial shows you how to get it installed (via Composer), run its database migrations to create the needed tables and where to update the configuration files to pull the plugin into the execution. They also help you set up SwiftMailer (what it uses to send its emails) and then gets into the integration of the registration with the application with a signup page.


Link: http://code.tutsplus.com/tutorials/programming-with-yii2-integrating-user-registration--cms-22974

2015年3月23日星期一

Freek Lijten: Testing PHP extensions - what makes a good test


Freek Lijten has a new post today continuing his look at the world of PHP extensions and focusing in on testing this time. He hopes to answer the question of what makes a good, effective set of tests to help increase the stability and quality of the extensions you write.



In my previous blog I took you through the process of getting PHP and extensions compiled, generating code coverage and running tests. What I did not talk about was what makes a good test. I hope to correct on this by adding this post and going into more detail on the actual writing of tests itself.


Using the same extension as before (enchant) he goes through the addition of a test for the enchant_dict_add_to_session function. He start by showing how much the function is currently tested (hint: none) and code coverage. He points out that 100% coverage is just one metric in a set that should be considered and not the final goal. He shares a simple test for the function that checks to see if a certain word exists in a dictionary. The coverage report shows all lines being executed, but there's a lot not tested, at least conceptually. He shows how to test "the spirit" of the function with additional tests for non-existent words, spell checking and if a word is not in the dictionary at all. PHP example code shows these tests kinds of tests to illustrate the steps he's talking about.


Link: http://www.freeklijten.nl/home/2015/03/22/Testing-PHP-extensions-what-makes-a-good-test

PHP7.com: The PHP Community Is Also About Promoting Lifestyle Changes & Nurturing Healthy Habits


In this new post on PHP7.com they interview Yitzchok Willroth (aka @coderabbi) about a project he helped start a few months ago in the PHP community to help encourage good health and well-being: the BiggestLoserPHP15 (or #ThinTheHerd15) project.



We might not be perfect at handling internal house matters, but we excel at Being A Community with a keen sense of #CommunityMatters, #CommunityWorks AND above all #CommunityIsFamily! YES! We are a Family! This time, one of our elePHPants, another famous PHP Rockstar - Coderabbi - came with an idea which is The #BiggestLoserPHP15 Challenge!


In the interview Yitz talks some about his background in the PHP community and some of his conference speaking. They then get into the "Biggest Loser" project and where the idea for it came from. He talks about his own motivations for starting the project, when the challenge ends and how the competition works.


Link: http://7php.com/biggestloserphp15/

SitePoint PHP Blog: First Look at Platform.sh - a Development and Deployment SaaS


In this latest post to the SitePoint PHP blog Chris Ward takes a "first look" at the Platform.sh development and deployment service.



Not so long ago, many of us were satisfied handling deployment of our projects by uploading files via FTP to a web server. [...] The old methods for deploying became unstable, unreliable and (generally) untrusted. [...] So was born a new wave of tools, services and workflows designed to simplify the process of deploying complex web applications, along with a plethora of accompanying commercial services. Generally, they offer an integrated toolset for version control, hosting, performance and security at a competitive price. Platform.sh is a newer player on the market, built by the team at Commerce Guys, who are better known for their Drupal eCommerce solutions.


He talks about some of the requirements for using the service (including Drush, the Drupal command line tool) and how to get started with a new project. He shows how to get the codebase with their CLI tool, pushing SQL data up to the instance, and starting in on some development work. He shows how to configure the modules you want to use and adding some additional content to the data. He also covers some of the other features of Platform.sh including: performance and profiling tools and integration with Redis, Solr and the EntityCache/AuthCache tools.


Link: http://www.sitepoint.com/first-look-platform-sh-development-deployment-saas/

ServerGrove Blog: Security tools for PHP projects


On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.



Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.


They list four tools that focus on different areas of the security of your application to help provide good basic coverage:




One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.


Link: http://blog.servergrove.com/2015/03/23/security-tools-php-projects/

2015年3月20日星期五

Site News: Popular Posts for the Week of 03.20.2015

Popular posts from PHPDeveloper.org for the past week:

PHP Town Hall Podcast: Episode 39: Hi Josh!


In the latest episode of the PHP Town Hall podcast, episode #39, hosts Phil Sturgeon and Ben Edmunds talk with Josh Lockhart, author of the recently released "Modern PHP" book and most well known as the author of the Slim framework.



Phil and Ben catch up with Josh Lockhart who has been on the show a few times before. Josh is involved in some great projects and interested in some new tools, which all kinda wind in together. PHP, FIG, League, etc.


You can catch this episode in a few different ways, either through the in page audio player, by downloading the mp3 or you can watch the video of the live recording. If you enjoy the episode, consider also subscribing to their feed to get the latest episodes as they're released.


Link: http://phptownhall.com/blog/2015/03/12/episode-39-hi-josh/

PHP.net: Release of PHP 5.6.7, 5.5.23 and 5.4.39


The PHP development group has announced the release of the latest versions in all three major versions of PHP currently supported: PHP 5.6.7, 5.5.23 and 5.4.39. These releases are bugfix only with several security updates included.



The PHP development team announces the immediate availability of [these new versions]. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP [5.6, 5.5 and 5.4] users are encouraged to upgrade to this version.


As always, you can get the latest released for each of these versions from the main downloads page (for Windows users on windows.php.net) and if you'd like to see the other changes besides the security-related fixes check out the full Changelog.


Link: http://php.net/index.php#id2015-03-20-2

Matthew Weier O'Phinney: PSR-7 is in Voting Stage!


As Matthew Weier O'Phinney has posted, the PSR-7 PHP-FIG proposal is in the voting stages. The PSR-7 standard defines a unified interface for working with HTTP requests and responses.




As of a short bit ago, PSR-7 (meta) - HTTP Message Interfaces - is now in the voting phase! If you are a voting member of PHP-FIG, I urge you to read the specification and meta document now, and cast your vote accordingly.



I have written previously on the need for HTTP message abstractions, and also detailed how PSR-7 works. Those posts are still valid (I've kept the latter updated with all changes!). Since the review period, my sponsors and I have been looking over feedback and comments to see if any changes were needed. Fortunately, we've not found any substantive changes were really necessary; we have, however, made a few clarifications.



He clarifies some things around:



  • why base path concerns are not represented in the ServerRequestInterface or UriInterface
  • a note that UriInterface::getPath() MUST return the string "/" if the path is empty
  • that UriInterface implementations MUST percent-encode reserved characters in paths and query strings, per RFC 3986
  • why StreamableInterface is mutable, and provided guidelines to implementors and consumers regarding how and when to use writable streams
  • the addition of several sections to the meta documentation detailing solutions to common stream-based concerns


He also gets into a bit more detail about streams, base paths and some of the overall outcomes if the PSR-7 proposal passes (which it looks like it will so far).



If you adopt PSR-7, will you need to change your code? Almost certainly. The goal of PHP-FIG is to improve interoperability between projects, and PSRs typically attempt this via codification of what member projects are already doing.

Link: https://mwop.net/blog/2015-03-19-psr-7-ready-for-vote.html

PHP Roundtable: 015: SemVer, Licensing & OS Support Expectations


The PHP Roundtable podcast has posted their latest episode, part two in a series looking at semantic versioning, open source support expectations and licensing. This new episode features guests Colin O'Dell and Chris Tankersly.



Part 2 of an on-going series on open source. We discuss a number of open source topics including what the expectations are for support of an open source project. We also discuss how to use SemVer to successfully maintain an open source package and what we can do when SemVer is not an option. And finally we take a look at licensing and discuss why we need to be concerned with it.


You can listen to this latest episode by checking out the video of the live recording, coming in at about 1 hour. If you enjoy the show, be sure to subscribe to their feed to get the latest updates on when new episodes are available.


Link: https://www.phproundtable.com/episode/semver-licensing-os-support-expectations-open-source-series-part-2

2015年3月19日星期四

Site News: Blast from the Past - One Year Ago in PHP

Here's what was popular in the PHP community one year ago today:

SitePoint PHP Blog: User Authentication in Symfony2 with UserApp.io


On the SitePoint PHP blog Daniel Sipose has written up a tutorial showing you how to use the UserApp.io service to authenticate users for your Symfony2 applications.



UserApp.io is a handy user management tool and API. It provides a web interface to deal with user accounts (and the many features this involves) and an API to hook them into your own web application. The purpose of this service is to make it easier and safer to manage user authentication by not having to worry about that on your own server. It has SDKs and various wrappers for many programming languages and frameworks and the price is affordable. Yes, it comes with a price but you can get started freely with quite a lot of things to play around with.


He makes use of this library (his own creation) and the UserApp.io SDK to hook into Symfony2's own Security component authentication handling. He starts by explaining some of the classes he'll be creating including the form authenticator, a user provider, the logout handler and an custom exception. The full code is included for each as well as the changes you'll need to make to the YAML configuration to hook it all together.


Link: http://www.sitepoint.com/user-authentication-symfony2-userapp-io/

Scotch.io: S.O.L.I.D: The First 5 Principles of Object Oriented Design


On Scotch.io today they've posted a tutorial about SOLID, the "first five principles of object oriented design". SOLID is an acronym made from the first letter of several principles that can help make your OOP code well-architected and easier to test.



S.O.L.I.D is an acronym for the first five object-oriented design(OOD) principles by Robert C. Martin, popularly known as Uncle Bob. These principles, when combined together, make it easy for a programmer to develop software that are easy to maintain and extend. They also make it easy for developers to avoid code smells, easily refactor code, and are also a part of the agile or adaptive software development. Note: this is just a simple "welcome to S.O.L.I.D" article, it simply sheds light on what S.O.L.I.D is.


They start with a basic overview of what the letters in SOLID stand for and then work through each, providing basic code examples to help make the point clearer.


Link: https://scotch.io/bar-talk/s-o-l-i-d-the-first-five-principles-of-object-oriented-design

2015年3月18日星期三

Community News: Recent posts from PHP Quickfix

Recent posts from the PHP Quickfix site:

Larvel News: Laravel Podcast (Host and Format Change)


As is mentioned in this new post to the Laravel News site, the Laravel Podcast has a new format and host:



Matt Stauffer has taken the reins and is the host and Shawn has switched to a new podcast outside of just Laravel. The podcast is also moving to a shorter format, 20 minutes and is scheduled for every other week. With the shorter format, it forces the discussion to move quicker and is much easier to consume. For me at least.


The first episode with Matt at the helm talks about the recently released Envyoer deployment tool and the latest version of Laravel (v5). You can listen to this latest episode either through the in-page audio player or by downloading the mp3.


Link: https://laravel-news.com/2015/03/laravel-podcast/

Medium.com: PHP7: More strict! (but only if you want it to be)


In this new article Er Galvao Abbott talks about the struggle (and finally, inclusion) of type hinting in PHP, more specifically coming in PHP7, and how strict they can be.



It wasn't easy (we knew it wouldn't be) and certainly wasn't pretty (we sort of knew that as well), but it's finally official: PHP7 will come with Scalar Type Hints (STH) and an optional "strict mode". [...] This is basically a step towards a more strict way of coding in PHP. Will we see more steps in that direction in the future? We don't know and we're OK with that for now. What's brilliant about the body of work represented by these RFCs is that by implementing their concepts and specially making the "strict mode" optional the choice of being more strict remains with the programmer.


He talks some about the background of the want and need for strict typing in PHP and mentions three RFCs that will influence the type hints and handling in PHP7:




He summarizes each RFC and what it contributes to the language. He ends the post by dispelling one thing about all of this new typing functionality - PHP will remain loosely typed, this new functionality is in a "strict mode" only used when specified.


Link: https://medium.com/@galvao/php7-more-strict-but-only-if-you-want-it-to-be-78d6690f2090

2015年3月17日星期二

Community News: Latest PECL Releases for 03.17.2015

Latest PECL Releases:
  • mongo 1.6.5
    ** Bug
    * [PHP-1406] - Connecting through SSL no longer works in PHP 5.6 with 2.4.13, 2.6.6, and later
    * [PHP-1407] - Hostname matching with Replica Set doesn't work pre PHP 5.6
    * [PHP-1412] - Compile error when OpenSSL is not available

    ** Improvement
    * [PHP-1410] - Add certification expiration matching


  • v8js 0.2.0
    - adapt to latest v8 API (v8 versions from 3.24.6 up to latest 4.3 branch supported now)
    - v8 debugging support
    - apply time & memory limits to V8Function calls
    - support mapping of PHP objects implementing ArrayAccess to native arrays
    - new API to set limits: setTimeLimit & setMemoryLimit methods on V8Js object
    - typesafe JavaScript function wrappers
    - improved back-and-forth object passing (rewrapping, correcty isolate unlocking)
    - fix property and method visibility issues
    - fix memory leaks


  • pecl_http 2.3.2
    * Fixed bug with httpQueryString::offsetSet() resetting the complete query string


  • json_post 1.0.0RC2
    * Split off pecl_http


  • swoole 1.7.12
    - Fixed swoole_server tcp buffer error
    - Fixed wrong error log


  • swoole 1.7.11
    - Fixed udp server called connection_info wrong
    - Fixed temporary files task disk space does not release
    - Fixed WebSocket onOpen event callback core dump
    - Fixed cannot use sendMessage in the task process
    - Fixed Websocket server Sec-WebSocket-Accept handshake failed
    - Fixed HttpServer in turn the KeepAlive continuous POST data coredump
    - Fixed MacOS/FreeBSD error ENOBUFF occurred in a large number of concurrent
    - Added HttpServer chunk transmission support
    - Added PCRE detection


  • apfd 1.0.0RC1
    * Split off pecl_http


  • json_post 1.0.0RC1
    * Split off pecl_http


Voices of the ElePHPant: Interview with Evan Coury and Chris Hartjes


The Voices of the ElePHPant podcast has posted their latest episode in their series of community interviews. In this new episode host Cal Evans interviews two members of the community, Evan Coury and Chris Hartjes.



Cal, Evan and Chris talk about something they (Roave) are building to provide to their customers - the best developers in the industry doing the best work they can. Chris talks about why he joined the Roave team, what kinds of things he works on in his "fifth day" time and his next project (hint: HHVM and Hack).



You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. Be sure to subscribe to their feed too!


Link: http://voicesoftheelephpant.com/2015/03/17/interview-with-evan-coury-and-chris-hartjes/

SitePoint PHP Blog: How to Use GitHub's API with PHP


The SitePoint PHP blog has a new tutorial posted showing you how to interact with the GitHub API via PHP thanks to the KnpLabs library to create a simple automation system to perform some simple tasks.



Github is one of the best ways to share code and collaborate. In this article, we are going to learn how to consume their API and how we can use it to accomplish some of our daily tasks. We are going to explore some of the daily tasks that can be accomplished through the Github API and build a small app using Laravel to illustrate the use cases. You can check the final result on Github.


They walk you through the setup of an application on the GitHub side and how to configure the related settings in your Laravel application. He shows how to bind the GitHub library to the app, set up some sample routes and build out controllers to:



  • List repositories
  • View repository content
  • Editing files
  • Viewing commits


Each item includes the code you'll need to make it happen, an example of the output you'll get from the API and how to use the data on your side in your views.


Link: http://www.sitepoint.com/use-githubs-api-php/

ServerGrove Blog: Symfony2 components overview: Stopwatch


The ServerGrove blog has returned with another of their overviews of a specific Symfony2 component. In this new article they talk about the Stopwatch component, a useful way to help in profiling execution of your application.



It's been a long wait, but we are back again with the Symfony2 components series. In the 12th post of the series, we cover the Stopwatch component. Even though is one of the smallest ones, that does not mean is not important, as plays a crucial role when we want to profile our code.


Since the article series is about working with the component individually, they show you how to get it installed via Composer by itself. They include a simple example of it in use, starting/stopping a "test" timer, getting the duration and getting the overall memory consumption. They also include a slightly more complex example timing the execution of a Fibonacci sequence, reporting back the execution time on each line of output. The article also covers other features like the "lap" method, sections for grouping events and the difficulties you'd have extending it.


Link: http://blog.servergrove.com/2015/03/16/symfony2-components-overview-stopwatch/

NetTuts.com: Design Patterns: The Command Pattern


NetTuts.com continues their series covering the basics of design patterns (in PHP) with a new article about the Command design pattern. This pattern is particularly useful for executing self-contained "commands" without other interaction.



In this article, we will be going through the command design pattern. As the name says, in this pattern we will be dealing with executing various commands. [...] Basically a pattern has numerous elements involved, which are as below. In the next section, we will be exploring each element with a code example. I will be taking the example of radio actions-very basic actions would be turning the radio on or off. So let's dive into each element.


Using the illustration of the radio, they go through the creation of the classes for the controls (on/off) and the two matching commands. The invoker is then told to execute the "turn off" command on the radio control object passed in. This sounds a little confusing but the code included in the article makes it clear how this implementation of the command is structured.


Link: http://code.tutsplus.com/tutorials/design-patterns-the-command-pattern--cms-22942

2015年3月16日星期一

Community News: Latest PEAR Releases for 03.16.2015

Latest PEAR Releases:

Phil Sturgeon: PHP 7 Feature Freeze


Phil Sturgeon has a new post to his site looking at the PHP7 feature freeze for this upcoming major PHP release (implemented as of yesterday, the 15th). In it he provides a list of features, their related RFCs and how likely they are to make it into PHP7.



Today was the feature freeze for PHP 7. That means no new votes can be started for a feature that is aimed at PHP 7.0, and would instead have to go into PHP 7.1. Instead of heading out to St Patric's Day with a bunch of New Yorkers making dubious claims about their tenuous connection to Irish ancestry as an excuse to drink, I thought it would be a good time to review some of the more recent RFCs that made it in, and those that didn't.

His list includes:



  • Remove PHP 4 Constructors
  • Spaceship Operator
  • Replacing current json extension with jsond
  • Skipping Optional Parameters for Functions
  • Constructor behaviour of internal classes
  • Reclassify E_STRICT notices


Each one has a link to the current version of the RFC, the current status and Phil's own opinion of the feature (usually just one word).


Link: https://philsturgeon.uk/php/2015/03/15/php-7-feature-freeze/

Sameer Borate: Create a quick REST API using Slim framework


Sameer Borate has a quick tutorial posted showing how to create a basic REST API with Slim, the popular microframework for PHP.



During a recent client project, I frequently needed to access a remote database table and update the same for certain fields. This was accomplished using phpMyAdmin on the server. However, it was getting tedious and was prone to accidental updates and deletes. [...] This is all a tedious process and prone to errors. One solution was to create a quick REST api wrapper around the remote database, using which developers could update the database table without any risk of corrupting the data and also with the added benefit of updating the table programmatically.


He uses an example of working with student data (SQL for the table included) and helps you get Slim installed and working with an Apache install. He covers the overall structure of the API he's creating and the code to help make it happen. Obviously he doesn't share the entire codebase - that would be too large. He does show examples of GET and POST requests for the student data to give you something to work from. He finishes the post with a few simple cURL calls to make requests to the API and the responses.


Link: http://www.codediesel.com/php/create-a-quick-rest-api-using-slim-framework/

SitePoint PHP Blog: Use Laravel Contracts to Build a Laravel 5 Twig Package


The SitePoint PHP blog has a new tutorial posted showing you how to integrate Twig into a Laravel application with the help of the recently added "contracts" feature of the framework. Twig is a templating library that aims to be fast, secure and flexible for data output in multiple contexts.



Laravel 5 is finally out, and with all the awesome features it brings. One of the new architectural changes is the new Contracts Package. In this article we are going to understand the reasoning behind this change and try to build a practical use case using the new Contracts.


He starts with a brief look at what Contracts are and what it means to use them in a Laravel application. He then shows how to define the package installation (via Composer) to pull Twig in and register it with the application for future use. He creates a simple service provider to register Twig and return a new "TwigFactory" instance. This instance extends the "FactoryConnect" implementing the "ViewFactory" and, along with a custom "TwigView" object can be used just like you would normally output information via Blade.


Link: http://www.sitepoint.com/use-laravel-contracts-build-laravel-5-twig-package/

php[architect]: March 2015 Issue Released - DB Migration


php[architect] magazine has released their March 2015 edition of their magazine - DB Migration:



Because databases store the data our applications, they need proper care and feeding too. In "DB Migrations", David Berube shares what he's learned to properly design your databases, Harrie Verveer looks at "Database Versioning with Liquibase", and Patrick Schwisow shows you how to consolidate Doctrine Migrations that have gotten unwieldly.


Other topics included in this month's edition include a "deep dive" into PHP extensions, object oriented Javascript, bitwise math and much more. You can pick up your own copy - either virtual (PDF) or in print - from the php[architect] website.


Link: http://www.phparch.com/magazine/2015-2/march/

stfalcon.com: Increasing project productivity in Symfony2 from Doctrine2 ORM


In this tutorial to the stfalcon.com site Sasha Lensky talks about some things you can do to help boost the performance of your Symfony2 application with a few tweaks in how Doctrine is used.



I have been trying to write this article for a long time, but just couldn't get around. Finally, I pulled myself together and did it. So, what will we discus ... I will share some techniques about working with Doctrine2 ORM, which will help to improve the site performance on Symfony2 (precisely any site that uses Doctrine2 ORM). I have created a project and put it on GitHub as a visual guide, so anyone can test my words in action now.


He shares five tips and includes code examples and results (based on the Profiler toolbar) for each:



  • Downloading all necessary connections
  • Updating multiple entities by request
  • Hydration waiver
  • Using Reference Proxies
  • Using Symfony Profiler Toolbar


That final tip about the Profiler toolbar is actually one used in the rest of the examples too, showing how to get that other information from the tool.


Link: http://stfalcon.com/en/blog/post/performance-symfony2-doctrine2-orm

2015年3月13日星期五

Site News: Popular Posts for the Week of 03.13.2015

Popular posts from PHPDeveloper.org for the past week:

Anthony Ferrara: Security Issue: Combining Bcrypt With Other Hash Functions


Anthony Ferrara has a new post today looking at a potential security issue in PHP applications when using bcrypt with encryption and other hashing functions. His findings have to do with some research he did on long passwords and denial of service attacks they might lead to.



The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It's a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn't be vulnerable. But I chose to dig in further to be sure. What I found surprised me.


To find out exactly how things are processed he gets down into the C code behind the PHP functionality in the crypt function. He discovers something interesting about the way it determines the length of the input password. It loops over the key, taking one byte at a time but resetting when it comes across a null byte. While this method is safe in itself, he points out the real issue - using pre-hashing before the bcrypt password checking to, possibly, allow for longer passwords.



The problem is that this method could lead to those null bytes and cause issues with the password checking, especially if opting for the use of raw data. He includes a simple script to illustrate this problem, finding a few collisions for his made up key and "random looking" password. Thankfully, he includes a method for checking to ensure the hash doesn't contain a null byte. He points out that not all hashing combinations are at risk and suggests a few alternatives that can keep your application 100% safe.



The underlying problem is that combining cryptographic operators that weren't designed to be combined can be disastrous. Is it possible to do so safely? Yes. Is it a good idea to do it? No. This particular case is just one example where combining operations can be exceedingly dangerous.

Link: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html

Freek Lijten: Testing and improving PHP extensions for PHP 7


In his latest post Freek Lijten talks about PHP extensions, the upcoming PHP version - well, PHP7 - and the things that can be (and are being) done to help improve and prepare the extension ecosystem. In his post he walks you through the process of getting a PHP7 install set up, a sample extension set up and writing some tests to help improve it.



PHP7 is coming. And it is coming to a neighbourhood near you :) A couple of people started an initiative to ensure extensions will be running out of the box once PHP7 hits the shelves. The fun part: You can help too! No C knowledge is necessary (although it is fun to dive into PHP's internals!). This piece is a short intro to help you help PHP! Help triaging extensions, write tests, add documentation and who knows when you'll be diving into C code.


He's encouraging this work as a part of the recently launched GoPHP7 - Extensions initiative launched a while back. He starts by helping you get PHP7 installed (from source, compiled). Once that's installed and working, he helps you get an extension up and running, in this case the enchant extension. He shows you how to run the tests for the extension and how to write some tests to contribute back to the project. He includes instructions for generating code coverage reports, walks you through some sample code and a link to a page with more information if you get stuck.


Link: http://www.freeklijten.nl/home/2015/03/12/Testing-and-improving-PHP-extensions-for-PHP-7

Voices of the ElePHPant: Interview with Eryn O'Neil


The Voices of the ElePHPant podcast has released their latest in their series of interviews with members of the PHP community. In this new episode host Cal Evans talks with Eryn O'Neil.



Cal and Eryn about some of her work and presentations about managing development groups and "what to do when a project goes bad". She talks about making a culture where it's okay to mess up, a "shame free culture". She suggests making a switch in the industry towards an atmosphere like this and
some of their own experiences with other developers in the past (and how the situation was pushed in a more positive way).



You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. If you enjoy the episode, be sure to subscribe to their feed.


Link: http://voicesoftheelephpant.com/2015/03/10/interview-with-eryn-oneil/