Syndicate content
People blogging about PHP
Updated: 36 min 7 sec ago

HTTPS Basics

Sun, 30/03/2014 - 18:00

Hypertext Transfer Protocol Secure or Hypertext Transfer Protocol over SSL is used for secure communication over a network, or perhaps more importantly - over the Internet. You would see https:// in the URI and a lock icon in the browser when you access a page that uses HTTPS.

If you ever wondered whether and how to go HTTPS with your website, we’ll attempt to clear this up in this article by briefly describing what HTTPS is about, and why and how to implement it.

Why to go HTTPS

Consider developing an e-commerce website that requires your users to enter sensitive information, such as credit card details, in order to proceed with an online transaction. If the information travels over the Internet as is and is intercepted by someone, it could be easily understood and misused. This is where HTTPS comes in - if you need to prevent these types of threats, you need to go HTTPS.

HTTPS promises you two things; first, the sensitive data is encrypted into gibberish by applying a cryptography mechanism which can be decrypted only by your server, the certificate owner. Now, if this information is intercepted with a man-in-the-middle attack, it will be meaningless. Secondly, HTTPS authenticates that the website is the website it claims to be. In your case, it will validate your website before sending your user’s encrypted credit card details so no one else can imitate you.

Thus, going HTTPS authenticates your website and protects sensitive information being communicated over the Internet. This is made possible with the help of Certificates and Encryption.

Continue reading %HTTPS Basics%

Categories: Open Source, PHP Community

TYPO3: Sane extbase controller names

Fri, 28/03/2014 - 23:13

Extbase, TYPO3's new standard framework for writing extensions, has a bunch of characteristics a sane man can not get accustomed to. Today's example is the class names of controllers.

A controller's name is determined by the following scheme:


That's Controller\FooController. ControllerController. controllercontrollercontrollercontroller.

Fix it

Since extbase is a mature framework, there is probably a way to fix this. And there is! Easy as eating a pie.

5. Request

The controller name schema is defined in \TYPO3\CMS\Extbase\Mvc\Web\Request, property $namespacedControllerObjectNamePattern. Since there is no way to inject that property, extend the Request class and overwrite the pattern:

namespace my\extension;
class ExtBase_Request
    extends \TYPO3\CMS\Extbase\Mvc\Web\Request
     * Pattern after which the namespaced controller object name is built
     * @var string
    protected $namespacedControllerObjectNamePattern
        = '@extension\Controller_@controller';
4. ObjectManager

Request objects are created in \TYPO3\CMS\Extbase\Object\ObjectManager::get(), so we need to overwrite this method as well:

namespace my\extension;
class ExtBase_ObjectManager
    extends \TYPO3\CMS\Extbase\Object\ObjectManager
    public function get($objectName)
        $arguments = func_get_args();
        if ($objectName == 'TYPO3\\CMS\\Extbase\\Mvc\\Web\\Request') {
            $arguments[0] = '\\my\\extension\\ExtBase_Request';
        return call_user_func_array(array('parent', 'get'), $arguments);
3. Web\RequestBuilder

The object manager is instantiated in \TYPO3\CMS\Extbase\Mvc\Web\RequestBuilder, again without an official way to override it. Let's extend the class just to change a line in the docblock:

namespace my\extension;
class ExtBase_WebRequestBuilder
    extends \TYPO3\CMS\Extbase\Mvc\Web\RequestBuilder
     * @var \my\extension\ExtBase_ObjectManager
     * @inject
    protected $objectManager;
2. FrontendRequestHandler

Our web request builder comes from an @var annotation in \TYPO3\CMS\Extbase\Mvc\Web\FrontendRequestHandler. Another extended class:

namespace my\extension;
class ExtBase_FrontendRequestHandler
    extends \TYPO3\CMS\Extbase\Mvc\Web\FrontendRequestHandler
     * @var \my\extension\ExtBase_WebRequestBuilder
     * @inject
    protected $requestBuilder;
    public function getPriority()
        //more than the parent >
1. TypoScript

The frontend request handler class can finally be configured via TypoScript, without extending another class:

plugin.tx_myextension {
    mvc.requestHandlers {
        my\extension\ExtBase_FrontendRequestHandler = my\extension\ExtBase_FrontendRequestHandler

We're done! In 5 easy steps we got proper controller class names that don't drive us mad when thinking of them.

Categories: Open Source, PHP Community

Why your current developer is terrible

Fri, 28/03/2014 - 18:30

Earlier today I got pointed on Facebook to this article by Shamoon Siddiqui on I would very much recommend this article to both developers and managers. This is an excellent read. It also made me think about my role.

First of all: I’ve been on both sides of the above story. I’ve been the new developer hating on the previous developer, and I’ve been the guy who left hearing stories about the new developer. And to be honest: When you’re a new developer looking at an existing codebase, you’ll spot a lot of bad things. You’ll probably also spot a lot of things that you think are bad things, but are simply different than how you would’ve solved it. There is a difference!

My current role is different. As a consultant, I come into companies with existing teams (or sometimes just a single developer). I’m still in the same role though: I am the “new guy” coming in and spotting weaknesses, errors, problems etc. The difference, however, is that I’m there for this specific reason: I’m usually called in to help improve a codebase, fix a project, etc.

Over the past years of doing this work, I’ve also found out that there are many reasons why the codebase is, let’s say, suboptimal. This has to do with many things, but interestingly, very often it has very little to do with actual technical causes. Just to list a few:

  • The developer presented himself or herself as a senior, while they were actually not that senior
  • The management was not able to make decisions, causing developers to have to switch between tasks and solutions constantly
  • The developer(s) and management don’t communicate well
  • Sales and delivery are two seperate isolated parts of the company

There are more reasons, but the above are the most common reasons I’ve encountered so far. Let me dive into all of those a bit more.


I’ve seen it happen many times: A new developer is hired by a company. Their CV looks impressive: 8 years of experience with PHP. Definitely a senior developer! And since we need to focus on good quality, we need a senior! Then once the developer starts, it turns out the developer isn’t all that senior. Tasks take longer than expected, the software contains more bugs than expected, what happened?

Now, the first problem is: What is the definition of a senior developer? To me, a senior developer is not necessarily someone with lots of years experience. You could have 8 years of experience building websites and CMS’es for customers, but when you join a company building enterprise-level e-commerce solutions, you’re not a senior. Sure, you know PHP and you’ve solved the CMS-problem over and over, but what’s your experience with payment systems? Invoicing? E-commerce has a completely different set of problems to solve. Some solutions that work for a CMS might not work for E-commerce. Seniors know this. They don’t know the solution to all the problems, but they know the solution is not always the same. They communicate well, can explain a problem, and know where to look for a solution. A senior knows (s)he doesn’t know everything.

When hiring a developer, don’t blindly look at how many years of experience the candidate has with PHP (or whatever language you work with). Also have a look at the variation of the projects the developer has worked on. Unless, of course, your company operates in the same business as this developer with 8 years of experience in a specific field. Then you do want to hire the developer. Well, if everything else checks out.

Decisions, focus and quality

Talk to any developer and ask them what is one of the biggest causes of bad code, and they’ll tell you it is a lack of focus. Not being able to focus on a single task from start to finish ensures the code that is being delivered is of less quality than it could be.

One important reason for a lack of focus is not the fact that your developer checks their Facebook or Twitter regularly, or that they go out for some football or play on the gaming console three times a day. No, it’s usually that your developer(s) are not protected from distraction caused by the business.

When I worked at a product-focussed company years ago, we had this issue. On a regular basis, while working on a feature, someone would stand at the desk of a random developer and ask them to “quickly do this” or “fix this bug, it’s highly critical!”. Because of this, we never made our planning and the amount of bugs in our code was sometimes unacceptable.

Our team lead then made the best decision ever: He told us to redirect everyone to him. He would then decide on the

Truncated by Planet PHP, read more at the original (another 4412 bytes)

Categories: Open Source, PHP Community

Image Scraping with Symfony’s DomCrawler

Fri, 28/03/2014 - 18:00

A photographer friend of mine implored me to find and download images of picture frames from the internet. I eventually landed on a web page that had a number of them available for free but there was a problem: a link to download all the images together wasn’t present.

I didn’t want to go through the stress of downloading the images individually, so I wrote this PHP class to find, download and zip all images found on the website.

How the Class works

It searches a URL for images, downloads and saves the images into a folder, creates a ZIP archive of the folder and finally deletes the folder.

The class uses Symfony’s DomCrawler component to search for all image links found on the webpage and a custom zip function that creates the zip file. Credit to David Walsh for the zip function.

Coding the Class

The class consists of five private properties and eight public methods including the __construct magic method.

Continue reading %Image Scraping with Symfony’s DomCrawler%

Categories: Open Source, PHP Community

TYPO3: Well-formed fluid templates

Fri, 28/03/2014 - 07:50

The Fluid template engine - developed for the Flow3 project - is used more and more in TYPO3's core and extensions.

Fluid templates look like XML. Every functionality is implemented as a custom XML tag or tag attribute - very unlike e.g. Smarty or Twig which invented a terse template markup language that's easy to write.

Basic fluid functionality is wrapped in tags that are prefixed with f:, like or

Unfortunately, fluid's inventors did not follow the way of XML to the end: Most fluid templates are not even well-formed.


This is a typical "partial" template:

{namespace f=TYPO3\CMS\Fluid\ViewHelpers}


Several problems make the file non-wellformed:

  1. XML declaration missing
  2. XML requires a single root tag, but the template contains multiple
  3. Namespace prefix f is not defined

Let's fix the issues:

<?xml version="1.0" encoding="utf-8"?>


The XML is well-formed now. Unfortunately, the rendered template is broken:

<?xml version="1.0" encoding="utf-8"?>
Headline 1

Text 1

<?xml version="1.0" encoding="utf-8"?>
Headline 2

Text 2


The fluid template engine renders both XML declaration and the additional root tag, although we neither want nor need it. Depending on the context of our partial, we might even get invalid html.

Attempt to fix

To get rid of the root tag in our output, we could try to use a tag with an always-true condition:

<?xml version="1.0" encoding="utf-8"?>



Let's render it and ... congratulations, you just ran into bug #56481:

#1237823695: Argument "xmlns:f" was not registered

But even if my patch gets merged some day, the XML declaration will still get rendered.

Fixing broken output

Fluid's tag supports a section attribute. It simply says that a certain section within the given template shall be rendered instead of the whole file:


Now we just have to wrap our partial's html code with a section tag:

<?xml version="1.0"?>



That's it. You can use that solution for templates and partials - but not for layouts.

Why? Why do I want well-formed fluid templates?

Well-formed XML can be validated automatically through git pre-commit hooks. Utilizing them lets developers spot errors earlier.

Categories: Open Source, PHP Community

Azure Web Sites – Continuous Deployment with Staged Publishing

Thu, 27/03/2014 - 23:04

In the beginning of the year Windows Azure Web Sites team has released a preview of the Staged Publishing functionality. The Staged Publishing allows you to create a staging site slot where you can publish a new version of the website and then test it before swapping to the production environment. This feature together with Continuous Deployment via GitHub, BitBucket or DropBox enables some very powerful deployment scenarios.

However the preview release did not provide the optimal experience for enabling Continuous Deployment (CD) for staging site. User had to configure a non-trivial workaround as described in blog post by Rick Rainey. Recently the Azure Web Sites team has released an update that fixes that problem and makes the setup of the CD with staged publishing very simple. This blog post describes how to enable CD from git repository located on BitBucket.

First, in order to use staged publishing you need to scale your web site to Standard mode:

After that you will be able to enable staged publishing:

When staged publishing is enabled you will see the staging site slot in portal.

Select it and then click on “Set up deployment from source control”:

In my case I created a repository on BitBucket where I have one simple php page just for demo purposes:

The repository gets synchronized with the staging site slot and then when I browse to it I get the result of executing the PHP script that was checked in to my repository.

The script detects whether it runs in production or staging slot by checking the Host header of the request:

<title>My first PHP page</title>
echo "<h1>Hello World! This is a new version!</h1>";

$host = $_SERVER['HTTP_HOST'];
$is_production = TRUE;
if (strpos($host, 'staging') !== FALSE)
$is_production = FALSE;

if ($is_production === TRUE)
echo "<h2>This code is running in production.</h2>";
echo "<h2>This code is running in staging.</h2>";

Now that I have tested the script in staging environment I can swap it to production environment.

After that when I browse to the production site I get the expected result:

Now let’s assume that I want to deploy a new version of my script. I make a change in the script, check it in and push it to the BitBucket repository. After that I go back

Truncated by Planet PHP, read more at the original (another 1243 bytes)

Categories: Open Source, PHP Community

HHVM and New Relic

Thu, 27/03/2014 - 16:04

As discussed in one of my last blog posts, we really like New Relic for performance metrics and use it a lot. Unfortunately there isn't an extension for HHVM (yet) and HHVM is becoming an important part in our setup. But - a big great coincidence - New Relic released an Agent SDK and with that, an example extension for HHVM and WordPress. That was a great start for me to get behind the whole thing.

I had mainly two goals for this. Have an API compatible extension to the official New Relic PHP extension, so that we can use the same code for the Zend PHP Engine and HHVM. In our Symfony2 projects, we use the Ekino New Relic Bundle and we didn't want to have to change that. And as a bonus, make profiling as informative as possible so that we can see which part of the call takes how long.

Writing hhvm extension is surprisingly easy (at least if you have a template ;)), you can even write the easy stuff in PHP (or Hack) and only for the more advanced stuff switch to C++, see newrelic.php as an example of that.

New Relic is continuously adding new features to their Agent SDK and today, we're almost API complete (the only important thing missing is being able to change the license key or the appname from within HHVM).

If you want to use New Relic on your HHVM server, just compile and install the extension from and you're good to go. You can send attributes, errors and it will also send the time your requests needed.

Profiling data

Of course, one of the main features of New Relic is to see, where your requests spend their time. That needed a little bit more work. And I came up with two solutions.

Solution 1 needs a patched and recompiled HHVM and hooks into the HOTPROFILING of HHVM. This is disabled by default, so you have to enable this with cmake -D HOTPROFILER:BOOL=ON . before compiling HHVM (you also have to do that, if you want to use xhprof). And of course my patched HHVM, which adds the possibility to send profiling data to New Relic. You can then enable it with newrelic_profiling_enable($level) in your code, where level is the amount of levels (depth) you want to collect. If you set that too high, you won't see everything.

If you enable profiling with newrelic_profiling_enable(), it will make your requests approx. 20-50% slower (but still much faster than with Zend PHP), so it's advised not to use that all the time. If you don't use that call, I couldn't see any performance difference to an HHVM without HOTPROFILER compiled in (I'm sure there is, but it must be really low).

Solution 2 doesn't need a patched HHVM (just the HHVM New Relic extension), but will make it much slower (2-3 times as slow, depending on how many function calls you have). It uses the HHVM function fb_setprofile, which will get called on every function request and collects data this way. It's also enabled with newrelic_profiling_enable($level), the extension automatically chooses the better option.


With this new relic extension and the patched HHVM, we can now collect almost the same data into New Relic as with the official PHP extension, which helps a lot in finding performance problems and bottlenecks. It's not perfect yet, but we will get there (unless New Relic publishes an official HHVM extension before that, which would be great of course as well).

I also want to thank New Relic for their quick support and fixing when I had questions or found something dubious. Really appreciated (but of course it would sometimes have been easier, if the source code to the Agent SDK was available ;))

Feel free to use and extend the extension and patches of course are always welcome.

Categories: Open Source, PHP Community

Travis and Composer and virtPHP, oh my!

Thu, 27/03/2014 - 02:26

I recently ran into an issue with one of my repos on GitHub when integrating it with Travis. When I installed dependencies with Composer and ran the PHPUnit tests on my local system running Ubuntu 13.10 and its stock PHP 5.5.3 apt package, they passed. However, I’d configured Travis to also do this under current 5.3 and 5.4 versions as well.

In the first build, everything worked fine under 5.4 and 5.5, but upon getting to the composer install instruction to install project dependencies and PHPUnit, the job for 5.3 failed with some rather unintuitive output from Composer that implied it didn’t recognize the platform package requirement that I’d provided for the minimum PHP version.

Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package php could not be found in any version, there may be a typo in the package name.

Side note: While Travis does support Composer, the version of it available by default when running a job is frequently behind the current build. I’ve brought this up with them, but it doesn’t seem they’ve addressed it as of this writing. In any case, it’s easy enough to work around by including a composer self-update instruction as part of the build like so. This ensures that you won’t be affected by any recently fixed bugs in Composer.

Since the cause of my issue wasn’t immediately obvious from Composer’s output, my first thought was that I needed to begin my attempt at troubleshooting the issue by replicating it on my local machine. My second thought was that seemed like an abysmally miserable prospect, as it would require that I have several different versions of PHP installed other than the current one on my system.

I’d heard recently about a new project recently via Twitter called virtPHP that purported to be PHP’s answer to virtualenv for Python or rvm for Ruby. Thinking that my situation seemed a great use case for it, I proceeded to install it.

First, you have to read a bit past the cursor installation instructions on the landing page of virtPHP’s web site, particularly the “Using phpenv and php-build” section of virtPHP’s README file including the portion on package requirements. virtPHP doesn’t accomplish this great feat all on its own. It actually builds on two other existing projects by Christoph Hochstrasser, phpenv and php-build, and functions (in a rather PHP-like vein) more like glue to make working with these projects and managing what they produce easier. More specifically, it provides support for things like differing per-project PHP, PECL, and PEAR configurations.

In reality, all I ended up

Truncated by Planet PHP, read more at the original (another 1754 bytes)

Categories: Open Source, PHP Community

Authentication & Authorization in Apigility

Thu, 27/03/2014 - 00:07

Apigility takes a lightweight, layered, yet extensible approach to solving both problems of authentication and authorization. The infrastructure is already in place and ready to be configured to use, or for more advanced use cases: to be extended. Many of these feature can be easily explored through the Apigility user interface.

While much of the terminology might be similar, Authentication and Authorization IS NOT the same as HTTP allowed methods. These methods are labeled as _allowed_ in the sense that a particular REST or RPC service can respond to that method regardless of what Authentication/Authorization is configured, or which identity is present on any given request to that particular service. HTTP allowed methods have more to do with the semantic operation of the service in question, and little to do with Authentication and Authorization.


Authentication is the process by which when an identity is presented to the application, the application can validate the identity is in fact who they say they are. In terms of API’s and Apigility, identities are delivered to the application from the client through the use of the ‘Authorization’ header. This header, if present, is parsed and utilized in one of the configured authentication schemes. If no header is present Apigility assigns a default identity known as a *Guest* identity. The important thing to note here is that Authentication is not something that needs to be turned on, it is always on, it just needs to be configured to handle when an identity is presented to Apigility. If no authentication scheme is configured, and an identity is presented in a way that Apigility cannot handle, or is not configured to handle, the Guest identity will be assigned.

Apigility delivers 3 methods to authenticate identities: HTTP basic authentication, HTTP digest authentication and OAuth2 by way of Brent Shaffer’s PHP OAuth2 package. For HTTP basic and HTTP digest authentication, these can be configured to be used with minimal tools.

Authentication is something that happens “pre-route”, meaning it is something that is configured per-application instead of per module/API that is configured. So if you need per-api groups of users for your API’s, it might make sense to either break your API’s out into their own Apigility powered applications or use a more advanced code driven extension to the authentication module.

To get started with any of the configurable authentication schemes, click “Settings”, then “Authentication”:


Once here, you will be presented with the aforementioned authentication schemes to be configured.

HTTP Basic Configuration

HTTP basic authentication is the easiest to setup and requires only one outside tool that you are likely already familiar with: the `htpasswd` utility. This command line utility is generally delivered as part of an Apache web server installation. If this tool is not present on your system, there are a number of web based tools that will also produce a valid htpasswd file, simply google for “htpasswd generator”.

The first thing to do, before anything else, is to create an htpasswd file that contains at least one username and password. _(NOTE: It is important that this file exists before configuration as having a path to a non-existent file in the configuration could break the Apigility installation.)_
A good place to store this file would be in `data/users.htpasswd`.


Once the file has been created, it’s path can be used to configure the required htpasswd file input of the HTTP basic authentication configuration screen:


Of the configuration entered into this screen, the generated configuration is split between two files in your local

Truncated by Planet PHP, read more at the original (another 12337 bytes)

Categories: Open Source, PHP Community

Getting Started with PHP Extension Development via PHP-CPP

Wed, 26/03/2014 - 19:00

This tutorial will get the reader up and running with PHP extension development in C++ via the PHP-CPP library. Taylor Ren covers some very basic introductory aspects, preparing the grounds for the followup articles about real world use cases.

Continue reading %Getting Started with PHP Extension Development via PHP-CPP%

Categories: Open Source, PHP Community

Self-hosted Free Invoicing App – FusionInvoice

Mon, 24/03/2014 - 18:00

As a freelancer or a small business your time is better spent creating that next big project or meeting the client’s requirements than keeping track of invoices.

FusionInvoice is an open-source, self-hosted invoicing web application built for freelancers and small businesses. Although there are quite a few free online invoicing applications, none of them give you the privacy or the flexibility which FusionInvoice provides. Client management, dashboard and reports, recurring invoicing and invoice history are just few of its features.

FusionInvoice being an Open-Source project means that you can always change or add to its functionality as you need it or even install it on a private system, thus limiting the number of users who have access to your sensitive data.

Although the application is Open-Source, the developers considered that the community can better help the project by only providing their input and suggestions for features and enhancements they, as a community, would like to see in the project, but development should stay a closed team effort.

This may seem like a strange approach to open source a project, but it looks like it lets the team focus on keeping a constant pace in developing new features and bug fixing.

Continue reading %Self-hosted Free Invoicing App – FusionInvoice%

Categories: Open Source, PHP Community

REST service in 5 minutes (using Java)

Mon, 24/03/2014 - 16:04

I remember these days when building something similar in Java required much more body movements, and maybe this was the reason to why some start-ups have chosen other weak typing languages with all their fancy Web frameworks for rapid bootstrapping. This isn't the case anymore, see how easy is creating a REST service that supports all CRUD operations in Java:

1. Define your task model:

* Task model
public class Task {
@GeneratedValue(strategy = GenerationType.AUTO)
private long id;
private String text;
private Date created = new Date();
private Date completed;

public String getText() {
return text;

public void setText(String text) {
this.text = text;

public Date getCreated() {
return created;

public void setCreated(Date created) {
this.created = created;

public Date getCompleted() {
return completed;

public void setCompleted(Date completed) {
this.completed = completed;

2. Tell what operations on tasks you're going to support:

* This class defines DB operations on Task entity
public interface TaskRepository extends PagingAndSortingRepository {
// Magic method name automatically generates needed query
public List findByCompletedIsNull();

3. Configure your application:

* This class is responsible for:
* - Setting up DB connection and ORM
* - Initializing REST service for all found entities
* - Starting Spring application (main entry point)
public class Application extends RepositoryRestMvcConfiguration {

public DataSource dataSource() throws PropertyVetoException {
MySQLDataSource dataSource = new MySQLDataSource();
return dataSource;

public LocalContainerEntityManagerFactoryBean entityManagerFactory(DataSource dataSource) {
HibernateJpaVendorAdapter jpaVendorAdapter = new HibernateJpaVendorAdapter();
// Database tables will be created/updated automatically due to this:

LocalContainerEntityManagerFactoryBean entityManagerFactoryBean = new LocalContainerEntityManagerFactoryBean();
return entityManagerFactoryBean;

public PlatformTransactionManager transactionManager() {
return new JpaTransactionManager();

public static void main(String[] args) {, args);

That's all! After invoking this application, you'll get a task complete REST service for free. Let's test it:

Create a new task:

~$ curl -X POST -H "Content-Type: application/json" -d '{"text":"Implement simplest REST Java application"}' http://localhost:8080/tasks

See the task contents:

~$ curl  http://localhost:8080/tasks/1
"text" : "Implement simplest REST Java application",
"created" : 1395665199000,
"completed" : null,
"_links" : {
"self" : {
"href" : "http://localhost:8080/tasks/1"

Create another task:

~$ curl -X POST -H "Content-Type: application/json" -d '{"text":"Go home"}' http://localhost:8080/tasks

Find all tasks:

~$ curl  http://localhost:8080/tasks

"_links" : {
"self" : {
"href" : "http://localhost:8080/tasks{?page,size,sort}",
"templated" : true
"search" : {
"href" : "http://localhost:8080/tasks/search"
"_embedded" : {
"tasks" : [ {
"text" : "Implement simplest REST Java application",
"created" : 1395665199000,
"completed" : null,
"_links" : {
"self" :

Truncated by Planet PHP, read more at the original (another 1496 bytes)

Categories: Open Source, PHP Community

Hack Language is All that PHP Should Have Been

Mon, 24/03/2014 - 11:17
By Manuel Lemos
Facebook developers just released Hack, a language based on PHP that introduces several great enhancements.

Read this article to learn more about Hack features, as well learn about some criteria that you may want to evaluate to decide if you want replace your PHP developments with this new programming language.
Categories: Open Source, PHP Community

On HHVM and Hack

Mon, 24/03/2014 - 09:00
Categories: Open Source, PHP Community

Best PHP IDE in 2014 – Survey Results

Sat, 22/03/2014 - 21:11

Exactly one month ago, we opened the Best IDE of 2014 survey. 4000 entries later, it’s time to share the results with you.

Continue reading %Best PHP IDE in 2014 – Survey Results%

Categories: Open Source, PHP Community

Birthday reminder by mail

Sat, 22/03/2014 - 14:50

End of november 2000 I published my first freeware program, RealDreams birthday reminder. I wrote it in C++ on Windows using Visual Studio. It was postcard-ware; I asked people to send me a postcard if they liked it. All in all I got about 400 postcards from all parts of the world :)

It had a loyal user base, got translations for half a dozen languages and I made beta tests by sending new versions by e-mail to interested users..

In 2003 I switched to Linux and had to use Wine to keep birthday reminder running. I wrote birthday reminder 3, this time in Java - it ran on my computers, my parent's Mac and other people's windows boxes. Unfortunately, it never reached the full functionality of its predecessor and thus stayed at version 2.95.

birthday reminder was made to run whenever you startup your computer; an event that I rarely do since 2006. Close the lid - the computer sleeps. Open it, it's awake. With rare startups, birthday reminder was invoked very seldomly, losing its usefulness.


The only thing I regularly do is - apart from using the terminal - to check my mails. birthday reminder by e-mail was born.

Since I use an LDAP address book, a LDAP source driver was added. At work we use a proprietary CRM, so I added a generic SQL driver to be able to get reminders about our customer's birthdays.

bdrem is able to send emails. For text-only mail clients an ASCII table with upcoming events is included, generated with Console_Table. Mails also contain a colorful html table. The MIME mail is composed with Mail_mime.

bdrem html output


bdrem is distributed as a .phar file, containing all dependencies. No need to install anything; just run

$ php bdrem.phar

In 2011 I wrote about working with .phar files, and now I did actually use ideas from that blog post:

$ php bdrem.phar --help
Show help
$ php bdrem.phar config
Extract default configuration file
$ php bdrem.phar readme

I use phing to automatically build the .phar file. Since I wanted to include all dependencies, I had to make some patches to copy pear package contents (#271, #272, #273, #274) and to make .phar generation work properly (#268). While being at it, I improved phing's documentation and made it more usable (#266, #269, #270).

With all the patches in place, I can collect my dependencies with that code:


Truncated by Planet PHP, read more at the original (another 3063 bytes)

Categories: Open Source, PHP Community

A helpful Twig extension – Fetch

Sat, 22/03/2014 - 13:45
Inspired by Symfony’s twig extension to fetch output from external controllers and URL’s in their Twig subsystem, I wrote this small Twig function which you can use in your general twig templates. The main purpose of this extension is to fetch external URL (via GET or POST). You can also pass an arbitrary number of... Read More in A helpful Twig extension – Fetch
Categories: Open Source, PHP Community

Will Encryption Catch on With Keybase?

Sat, 22/03/2014 - 08:14

Email is not secure. Let’s stop fooling ourselves. Just because I use Gmail, and I’m using it over HTTPS does not mean that the email I send or receive is encrypted while being transmitted outside of Google’s network. Inside Google’s network, even, the contents are not encrypted.1 So, why do we keep sending sensitive information through email, and why do our banks and mortgage brokers and HR departments keep asking for us to send our Social Security number, bank accounts, and other private details through email?

Is it because we are oblivious, naïve, or do we just not care? I suspect it’s a little of all three, but mainly it’s because encryption is hard, and the difficulty barrier keeps us from adopting it.

The alpha launch of Keybase has got me excited. It uses the public-key cryptography (a.k.a. PGP/GnuPG) model to identify yourself, prove your identity, and allow others to vouch for your identity. I hope it paves the way to making encryption easier for us all, from the technologically-skilled to the technologically-challenged.

How Public-key Encryption Works

I want people to send me sensitive information, but I don’t want anyone else to read it while the information is traveling across the Internet. So, I create a pair of keys. One is public; I can send it to others. One is private; I should keep it secret and safe, like the most secret password I’ve ever had.

I give my public key to someone who wants to send me sensitive information, like a Social Security number. They encrypt a file using my public key and send the encrypted file to me. I can decrypt it, since I have the private key that’s paired with the public key used to encrypt the file. I’m the only one in the world who can read the file, and that’s great because I was the intended recipient.

Here’s what’s important: even if someone intercepts the file, they cannot read it because they do not have the private key to decrypt the message. Even if they have my public key, they cannot decrypt it. The information is safe!

A second benefit of encryption is that I can sign my messages to other people, using my private key. If the recipient has my public key, they can verify the signature. If the signature is bogus, they know I didn’t send the message, but if it checks out, they can be certain I sent the message. No one can forge my signature. Using the signature ensures the message hasn’t been tampered with and the recipient hasn’t been fooled into thinking they’ve received a message from me that is really spam (or worse).

A third benefit is the web of trust. Others may validate my public key by signing it with their own key. These signatures are then added to public key servers as additional proofs that the keys in question do, in fact, belong to their real owners. This helps others know whether a signed message from me is actually coming from the real me and not just someone claiming to be me with a false key. The web of trust is decentralized, with key servers around the world.

Encryption Is Hard

While encryption provides massive benefits, it is difficult even for seasoned technologists to perform, much less everyone else. This is because the tools we use for encryption often require basic knowledge of how encryption works. Command line tools and mail and browser plugins may be used to encrypt and decrypt messages using your public/private key pair, but these tools are all afterthoughts, things that must be installed and maintained by a user who knows what they are doing.

In order to gain mass adoption of encryption, it needs to be made central to the applications and platforms we use, and we need the ability to use it easily without fully understanding it. It needs to just work.

How Keybase Fits In

I think Keybase is taking steps toward making encryption work for everyone. Keybase is like a key server with much more. I’m excited about what it could become and what it means for the technology community.

With the alpha launch, here are a few of the things Keybase prov

Truncated by Planet PHP, read more at the original (another 4364 bytes)

Categories: Open Source, PHP Community

Building a Twitter Hashtag Contest – Creating and Counting Tweets

Fri, 21/03/2014 - 18:00

In the first part of the series, we looked at the various types of contests on Twitter and chose to develop a hashtag contest, as it was one of the most popular types of contest and did not rely on luck. So far we have authenticated our users using the Twitter application. Today we are going to continue by implementing the tweet capabilities for our users.

Continue reading %Building a Twitter Hashtag Contest – Creating and Counting Tweets%

Categories: Open Source, PHP Community

June 2014

Fri, 21/03/2014 - 02:01
Functional PHP
Presented By
Larry Garfield

June 19, 2014 TIME

The post June 2014 appeared first on Nomad PHP.

Categories: Open Source, PHP Community