|Hello PHP fans, and thanks for subscribing to phpweekly.com.
Some of you may be travelling this weekend, as two PHP conferences get under way in the fantastic locations of Cape Town and Buenos Aires.
For those of you who can't get away, sign up to Nomad PHP at the end of the month, with great presentations from Adam Culp and Chris Cornett. You can participate live, or watch at a time that is convenient for you.
Plus, with the announcement of the first Madison PHP Conference this November, hear first hand from one of the organisers, Beth Tucker Long, exactly what it is all about.
Fixing CSRF Vulnerability in PHP Applications
Cross Site Request Forgery or CSRF is one of top 10 OWASP vulnerabilities. It exploits the website’s trust on the browser. This vulnerability harms users and can modify or delete users’ data by using their action. The advantage of the attack is that action is performed as a valid user, but that user never knows that he has done something. If the target account is of a website administrator, the attacker can perform admin’s action of the web application. Poor coding and wrong assumptions are the main reason why the vulnerability exists on the web application.
Lessons Learned From The Aura Project
As you may know, Aura is essentially the second version of the Solar framework. Whereas Solar was monolithic, Aura is primarily a series of completely independent libraries extracted from Solar. Each library in Aura is completely independent of the others. It also provides a system package that composes the various libraries into a full-stack framework. Paul M.Jones presents this article to give insight into some (but not all) of the lessons learned from the process of creating the Aura project packages.
Oh Great, Another Conference
Beth Tucker Long has a new post today talking about "yet another conference" that's popped up for its first year in the PHP community - the Madison PHP Conference (from her perspective as an organiser).
New PHP Editor
The SitePoint PHP blog has a post today announcing a new editor for the content of their site - Bruno Skvorc (replacing Timothy Boronczyk who helped build up PHPMaster.com from the start). He lists out a few items on his "todo" list including improving the rebranding SitePoint's done away from PHPMaster.com back to the SitePoint site and the improved quality of upcoming articles. He also includes the ways you can get involved in the site - everything from just suggesting topics out to writing actual articles.
Tutorials and Talks
Creating a Subscription-Based Website with Laravel and Recurly, Part 1
Scheduling and processing payments is easy, but don’t think recurring payments are trivial. Things can get complicated very quickly. You need to decide how to handle failures (how many failed payment attempts does someone get?), billing details must be kept up to date, and upgrading and downgrading plans can introduce all sorts of issues. Then there’s perhaps the most significant issue with recurring payments – you need to keep your visitors’ payment details on file. This introduces security, compliance and legal issues.
Creating the Simplest WordPress Plugin Ever
Creating a WordPress plugin is very easy. WordPress looks for its plugins in the wp-content/plugins directory. To create a plugin, you need to create a directory where you will place the files that your plugin requires to operate.
Symfony2 Components Overview: HttpFoundation
This is the first post of a series on Symfony2 standalone components. In the series we’ll review some of the most important components which provide the basic functionality used to implement websites, such as routing, security and forms.
PHP Performance I: Everything You Need to Know About OpCode Caches
Davey Shafik has a new post on his site sharing everything you need to know about opcode caches, the mechanism that works "behind the scenes" to cache the execution of the opcode paths for later reuse.
Collection Classes in PHP
On the SitePoint PHP blog a new tutorial introduces you to collection classes in PHP, replacing the more basic array with something with a bit more power. It mentions some of the common problems with arrays (and the data they contain) and points out that the structure a "Collection" class wraps around it can help keep things sane, including an example of a basic collection class that adds/gets/deletes items from an internal (private) array.
In the latest post to his site, Chris Hartjes offers some advice about unit testing with listeners to help teach PHP developers the right way to test. He uses the built-in test listeners for PHPUnit to write a system that checks to ensure a certain test exists in a "Koan1Listener" class. This class implements the PHPUnit_Framework_TestListener interface and has several methods to catch events and handle issues thrown during execution.
The File System is Slow
As a follow-up to his previous article about the (minimal) overhead from logging, Kevin Schroeder has this new post focusing on the common belief that writing to the file system is the slowest method. His test was to write one million log records to two different sources - the normal physical file system, a RAM drive - one run with a file handle that's left open and the other with a new handle each time. He shows how he made the RAM drive and the PHP he used for the test (running in a VM). He graphs out the results with some interesting results...but you'll have to read the post for that.
Building Amazing Presentations with WImpress
In the first part
last week, we learned how to integrate impress.js into WordPress, for creating dynamic presentations with CSS transitions and transformations. In this tutorial, we are going to look at the possibilities of enhancing the default features of impress.js while building an interactive presentation with WImpress.
Deploying PHP Applications on Engine Yard
Matthew Weier O'Phinney has been experimenting with a variety of cloud Platform as a Service (PaaS) offerings lately, and naturally was interested in seeing what Engine Yard brought to the table for PHP developers with its Engine Yard Cloud offering.
Multiple Phonegap Push Notifications in the Android Status Bar
Gonzalo Ayuso writes - Last month I worked within an Android project using Phonegap, jQuery Mobile and Push Notifications. I also wrote one post explaining how to use PHP to send the server side’s part of the push notifications. Today I want to show one small hack that I’ve done to change the default behaviour of push notifications.
Using Traits for Code Reuse in Zend Framework 2
For those that might have heard of traits (made available in newer versions of PHP, 5.4+) but haven't seen much of a practical application, this new post from Matthew Setter could help. He shares the actual trait code he implemented, making two simple methods - one for formatting date and another for formatting the time - for his views to use. He also includes examples of it in use.
|News and Announcements
SymfonyCon Warsaw 2013: The Entire Schedule Is Online
You’ve been waiting for it over the past few months and it is finally out: the entire schedule of SymfonyCon Warsaw 2013 is online! Here is the recap of the awesome Symfony week you’ll attend on December 10-14 in great Warsaw, Poland.
Madison PHP Conference November 16th 2013, Madison WI
Join us for a one day, two-track conference that focuses on PHP and related web technologies. This event is organised by Madison PHP and is designed to offer something to attendees at all skill levels. It will be a day of networking, learning, sharing, and great fun!
Nomad PHP US Chapter - October 24th 2013
Adam Culp presents Clean Application Development. No matter what level of development we are at in our careers we all face a daily battle to write good code for ourselves and others, deliver finished applications fast to satisfy business, and ensure everything is properly tested to prevent end-user fails. In this talk Adam Culp will discuss what “clean application development” is, and how it can help us win those battles. The talk will provide practical and usable examples to, integrate into your workflow, and continue to grow into good habits.
Nomad PHP European Chapter - October 17th 2013
Chris Cornutt presents Auth*: Dispelling The Myths. There’s a lot of bad practices and myths floating around about authentication and authorisation these days. Using passwords just isn’t good enough anymore. Come with me as I explore and dispel some of these common misconceptions and myths about these two important and often misunderstood topics. I’ll talk about some of the most common techniques and look forward to tools and options that can help make your applications even more secure.
WordPress 3.7 Beta 1
I’m pleased to announce the availability of WordPress 3.7 Beta 1. For WordPress 3.7 we decided to shorten the development cycle and focus on a few key improvements. We plan to release the final product in October, and then follow it in December with a jam-packed WordPress 3.8 release, which is already in development. Some of the best stuff in WordPress 3.7 is subtle — by design! So let’s walk through what we’d love for you to test, just in time for the weekend.
Leveraging 12 Years of PHPUnit
This session, presented by Sebastian Bergmann at DrupalCon, covers how PHPUnit is used in different communities and projects, and what’s been learnt along the way. Learn what’s new and state of the art in unit testing and how PHPUnit is integrating state-of-the-art paradigms, plus how PHPUnit compares to other testing technologies and methodologies.
Future of PHP Women
In this podcast from Engine Yard, Davey Shafik interviews Lineke Kerckhoffs-Willems and Michelle Sanver about women in tech, being Co-Presidents of PHPWomen, and CodeConnexx.
Instant Debian: Build A Webserver (by Jose Miguel Parrella, published 25th September 2013)
Build strong foundations for your future-ready web application using the universal operating system, Debian. Learn something new in an Instant! A short, fast, focused guide delivering immediate results. Deploy essential hardening and backup/restore strategies, and gain knowledge for configuring servers, libraries and frameworks.
PuPHPet and Digital Ocean (Screencast)
Over on YouTube David Adams has posted a video showing you how to use PuPHPet with Digital Ocean. PuPHPet is an easy to use, graphical tool to help make building Vagrantfiles quick and easy. Digital Ocean bills itself as a cloud service "built for developers" that lets you spin up cloud servers quickly. The video's about 30 minutes long, but it walks you through the entire process. It's a screencast you can easily follow along with. Unfortunately some of the text is a bit small (and hard to read full-screen) but he talks you through the commands too, which helps.
If you have a position that needs filling, let us know and we will include it.
PHP Engineers for Runtriz.com in Hollywood, CA
We are looking for an experienced web developer to work on a small, productive team. Team members should be able to work full-time with a high level of focus and dedication. It's important that team members have a problem-solving attitude and can work through issues without needing a lot of help or guidance. We're looking for people who are always striving to learn new technologies and enjoy spending free time experimenting with and learning new development techniques and languages. If you feel like this describes you please click on the link for more info.
PHP (Drupal) developers at Torchbox (Bristol and Oxford, UK)
Passionate about PHP, delirious about Drupal and want to work on a wide variety of challenging yet fun projects for fantastic clients? If yes, then Torchbox would love to hear from you! In return, we can offer an enviable working environment (country park or buzzing Bristol), a competitive salary, all the usual kit and sometimes even a ski trip.
Full Stack Developer
Major television production company seeks an experienced web developer to join its digital division. The ideal candidate possesses a deep expertise and abiding love of web development, an incredible track record of producing stellar web applications (with a long list of URLs & GitHub repositories to prove it), a near-supernatural work ethic and a fantastic sense of humour.
Junior PHP Web Developer to support charity clients at Fat Beehive in London
Are you personable? A problem solver? Passionate about web technology and interested in charity and not for profit clients? Fat Beehive are looking to hire a junior PHP web developer! We are excited to be looking for a proactive developer, a natural problem solver, who will enjoy working with our not-for-profit clients, and be an integral part of our team.
Machine Learning / AI skills (project based)
Inovica are looking for someone to work with them on detecting ecommerce products on sites and extracting relevant information. In the first instance please email firstname.lastname@example.org stating the experience you have in this field. They don't have a job description online but will reply to every email they receive.
Message Digital Design Ltd is Hiring a Web Developer (PHP)
We are looking for an experienced developer to work in our spacious offices in central Brighton, helping to deliver high-quality websites, e-commerce and online systems to a wide range of clients. At Message we give a damn about building the web the right way, and the successful applicant will too.
Ballers Bridge is Hiring a Sr. Yii Developer
We are looking for a motivated and outstanding candidate to lead our product development. The ideal candidate is an experienced problem solver, quick thinker/learner, self-motivated and not afraid of challenges.
PHP Engineers for Bright.Com in San Francisco
We are looking for PHP engineers to join our growing team! The ideal candidate is language agnostic, and can work with both scripting languages (such as Python and PHP) as well as strongly typed languages (such as C++ and Java), and has a passion for taking an idea and exploring, tinkering, debating, and demonstrating the fastest, most efficient, flexible and scalable implementation approaches. Experience working with traditional SQL databases as well as newer technologies, indexes and data stores is key (such as Solr, ElasticSearch, Redis, or Neo4j), and you must be comfortable using Linux and other open source technologies.
Senior PHP Developer in Bucharest, Romania
We are searching for a passionate PHP developer who will be part of a team of senior programmers and experienced testing engineers, directly involved in technical development projects, using Agile Scrum as methodology.
Performance Telecom (UK) seek freelancer (Remote worker) - Python and PHP Developer
This position is primarily Python, but PHP skills are also required.
Interesting Projects, Tools and Libraries
Vagrant and VirtualBox (or some other VM provider) can be used to quickly build or rebuild virtual servers used for Continuous Integration (CI) and static code analysis. This Vagrant profile installs Java, Jenkins, PHP, MySQL and SonarQube to assist with deployments, continuous integration and static code analysis for PHP-based projects, especially those written on top of Drupal.
Gearman library for CodeIgniter PHP Framework
QuickBooks PHP DevKit
This module loads the QuickBooks PHP DevKit library into Drupal via the Libraries API. The QuickBooks PHP DevKit is an open source QuickBooks PHP library provided by ConsoliBYTE.
PHP Debugger in NuSphere PhpED
Debugging is the process of finding bugs so they can be fixed and the PHP Debugger is the best tool for helping you find the bugs fast and eliminate them from your PHP programs. You can setup remote debugging in PhpED with the help of debug PHP Settings Wizardand DBG Wizard.
Webgrind is a Xdebug profiling web frontend in PHP5. It implements a subset of the features of kcachegrind, installs in seconds and works on all platforms. For quick'n'dirty optimisations it does the job.
CakePHP Shells and Tasks for various (helpful) things ...
A PHP value checker
A simple and flexible data mapper library for for PHP and MySql
This is a full-featured client to add integration with Errbit (or Airbrake) to any PHP >= 5.3 application.
A PHPUnit library for convenient testing of Doctrine 2 ORM entity annotations.
PHP wrapper library for RescueTime API. At this point RescueTime API provides single endpoint to fetch detailed and complicated data. The data is read-only through the API.
A simple PHP client for Apache Solr that is built on top of Guzzle and inspired by RSolr.
This is a simple PHP class to ease IRI handling. Currently it just supports parsing of IRIs and relative IRI resolution. In the future I will extend it to support validation and normalisation and perhaps also support for IRI templates.
Propel2 is an open-source Object-Relational Mapping (ORM) for PHP 5.4.
A small suite of Engine Yard simple tools to help diagnose and fix performance issues, or other performance-related tasks.
So, how did you like this issue?