php[architect] — May 2016

We’ve all been there, under pressure to deliver more code sooner with an ever present temptation to cut corners. Once you have a few projects under your belt—and it really doesn’t take that many—you’ll quickly realize that churning out code is not a viable solution. In this issue, we’ll take a look at some things that can save you time and effort in your coding endeavors.

Building Laravel Shift

Laravel is one of the popular PHP frameworks of our time. And much like other projects in the PHP community, it has adopted a more rapid release cycle. This can make it difficult for developers to stay current. Wouldn’t it be great if there was a tool that automatically upgraded your Laravel application for you? I thought so, too. Which is why I built Laravel Shift—the automated way to upgrade Laravel applications. by Jason McCreary

Learn from the Enemy: Securing Your Web Services, Part One

Read this article for FREE

Knowing how to secure your website does not translate into knowing how to secure your web service. Your website is friendly to humans. You can fend off attacks with CAPTCHA and other ways of detecting and rejecting automated traffic. Your web services, by contrast, are to be consumed by non-humans. If you have a flagship mobile app, it’s not a human. It’s an app! You therefore need to take a far different approach to securing your web services. I’ll show you my experiences and the attitude you need to protect your own. by Edward Barnard

Mastering OAuth 2.0

OAuth 2.0 is the de facto standard for authenticating users with third-party websites. If you want access to a user’s data in Google or Facebook, for example, OAuth 2.0 is what you use. But, let’s face it: OAuth 2.0 is not easy, and to make matters worse, it seems everyone has a slightly different implementation, making interoperability a nightmare. Fortunately, the PHP League of Extraordinary Packages has released version 1 of the league/oauth2-client library. Aiming for simplicity and ease-of-use, league/oauth2-client provides a common interface for accessing many OAuth 2.0 providers. by Ben Ramsey

An Introduction to Doctrine ORM Best Practices

Persistence of data is a concern that involves most of our applications. How can we keep our persistence-related code easy to maintain and understand, yet make it fail-safe and future proof? Doctrine ORM is a powerful tool, and we will review a few best practices that should make using it easier, safer, and better. by Marco Pivetta

Education Station: Directing Requests with FastRoute

A fundamental aspect of modern web-based applications is routing, as the routing engine can be critical to the application’s performance. This month we look at a library which is gaining significant traction in the PHP community—one which provides blazingly fast performance to applications both large and small. It’s called FastRoute. by Matthew Setter

Leveling Up: You Had One Job

I don’t think it’s much of a stretch to say that the majority of people reading this column are senior developers (or beyond) or are quickly progressing to be senior engineers. This column is primarily directed toward the senior developers or managers of senior developers. It’s about how you can level up yourself, but more than that, it’s about the responsibility you have in leveling up those around you. As a senior engineer, your job responsibility doesn’t end at producing loads of code or being the subject matter expert on your projects. by David Stockton

Community Corner: Gratitude

Sometimes I think that we as a community–not just the PHP community but also most web developers and possibly society as a whole–have lost the ability to be grateful. People do something nice for us and instead of simply saying thank you, we point out publicly that they did not do it in the right way. Let me give you an example. It’s a fairly specific one but serves to make my point. by Cal Evans

Security Corner: Keeping Credentials Safe

One of the foundations of secure systems are the pieces of information they use to authenticate the user or client on the other end of the line. Along with the huge amount of authentication systems out there comes a wide range of potential credential types. These are the “keys to the kingdom” of your application, and your users trust you to protect them with the highest level of security and prevent them from falling into the wrong hands. by Chris Cornutt

Hindsight & Planning

Hindsight is 20/20, or so they say, but can’t we do better at planning where we are supposed to be in the future? It’s a complicated topic that I can’t possibly manage to do justice to in just a page here, but let me touch on the subject, at least. by Eli White