Pragmatism in the real world

Slim-Csrf with Slim 3

In addition to the core Slim framework, we also ship a number of add-ons that are useful for specific types of problems. One of these is Slim-Csrf which provides CSRF protection. This is middleware that sets a token in the session for every request that you can then set as an hidden input field on a form. When the form is submitted, the middleware checks that the value in the form field matches the value… continue reading.

Using abstract factories with Slim 3

In my Slim 3 skeleton, I chose to put each action into its own class so that its dependencies are injected into the constructor. We then register each action with the DI Container like this: $container['App\Action\HomeAction'] = function ($c) { return new App\Action\HomeAction($c['view'], $c['logger']); }; In this case, HomeAction requires a view and a logger in order to operate. This is quite clear and easy. However, it requires you manually register each action class with… continue reading.

Checking your code for PSR-2

Most of the projects that I work on follow the PSR-2 coding style guidelines. I prefer to ensure that my PRs pass before Travis or Jenkins tells me, so let's look at how to run PSR-2 checks locally. PHP_CodeSniffer My preferred tool for checking coding styles in PHP is PHP_CodeSniffer. This is command line tool, phpcs, that you can run against any file. PHP_CodeSniffer can test against a number of standards. The default is PEAR,… continue reading.

Custom OAuth2 authentication in Apiiglity

I have a client that's writing an Apigility API that needs to talk to a database that's already in place. This also includes the users table that is to be used with Apigility's OAuth2 authentication. Getting Apigility's OAuth2 integration to talk to a specific table name is quite easy. Simply add this config: 'storage_settings' => array( 'user_table' => 'user', ), To the relevant adapter within zf-mvc-auth => authentication config. However, if you want to use… continue reading.

Debugging PHP SOAP over SSL using Charles

I'm currently integrating against a SOAP server using PHP which wasn't working as I expected, so I wanted to find out what was happening over the wire. I have Charles installed and use it regularly with OS X's system-wide proxy settings. However, PHP's SoapClient doesn't use these, so I had to work out how to do it manually. Enabling SoapClient to send via a proxy is really easy and is documented by Lorna Mitchell in… continue reading.

Selecting the service port with PHP's SoapClient

I'm currently integrating with a SOAP service which has two different services defined. The relevant part of the WSDL is: <wsdl:service name="Config"> <wsdl:port name="BasicHttpBinding_IConfiguration" binding="tns:BasicHttpBinding_IConfiguration"> <soap:address location="http://nonsecure.example.com/Configuration.svc"/> </wsdl:port> <wsdl:port name="BasicHttpsBinding_IConfiguration" binding="tns:BasicHttpsBinding_IConfiguration"> <soap:address location="https://secure.example.com/Configuration.svc"/> </wsdl:port> </wsdl:service> I discovered that PHP's SoapClient will select the first port it encounters and doesn't provide a way to select another one. This was a nuisance as I wanted to use the SSL one. Through research, I discovered that I can… continue reading.

Testing my ZF1 app on PHP 7

Zend Framework 1 is still actively maintained and we fully intend to ensure that ZF1 works with no problems on PHP 7 when its released. Now that PHP 7.0.0 Alpha 1 has been released, it's time to find out if your Zend Framework 1 app works with it. The easiest way to do this is to use a virtual machine. My preference is Vagrant with Rasmus' PHP7dev box. A simple VM I wanted to test… continue reading.

20 years of PHP

Today marks 20 years since PHP was released by Rasmus Lerdorf and Ben has been asking for how we started our PHP journey. My first use of PHP was to write a website for an online computer gaming guild for EverQuest, back in 1999. A friend recommended it when I asked him how people programmed webpages in something other the C! That first website is still going and I'm not proud of the code. I'm… continue reading.

My Xdebug configuration

With the release of Xdebug 2.3, I have updated my xdebug php.ini settings, so it seems sensible to write them down where I won't lose them! The new-for-2.3 features which prompted this are xdebug.overload_var_dump, which Derick has written about and xdebug.halt_level which I have previously written about. I find both of these very useful. This is my current php.ini configuration: ; Xdebug settings ; var_dump() displays everything, including filename and line number xdebug.overload_var_dump = 2… continue reading.

Turn warnings into exceptions

As I keep looking this up in other projects that I've written, I'm putting it here so I can find it more easily. There are a number of built-in PHP functions that generate a notice or warning that you can't turn off when something goes wrong, such as parse_ini_file and file_get_contents. One common solution to this is to suppress using the @ operator: $result = @file_get_contents($url); if (false === $result) { // inspect error_get_last() to… continue reading.