Laracon EU 2015 recap day one original

by Freek Van der Herten – 3 minute read

I'm having the pleasure to attend Laracon EU. The event is located at a truly beautiful venue: the Royal Tropical Institute in Amsterdam. Today was the first day of the conference. Matt Stauffer kicked off Laracon EU with a great talk about empathy. He explained why it is a key trait that every…

Read more

Join 9,500+ smart developers

Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.

No spam. Unsubscribe anytime. You can also follow me on X.

Comparing Blade and Twig templates in Laravel

In my company, we use Twig instead of Blade for our Laravel projects. I know there are a lot of developers that also prefer Twig over Blade. So the question ‘Why choose Twig over Blade?’ often pops up. The reason is usually just a matter of preference, but in this post we’re going to compare the Blade and Twig templating engines side-by-side.

http://barryvdh.nl/laravel/twig/2015/08/22/comparing-blade-and-twig-templates-in-laravel/

If you want to try out Twig in a Laravel project, you can use this bridge package.

Read more

The taxonomy of terrible programmers

I present you with the taxonomy of terrible software developers, the ecosystem of software critters and creatures who add a whole new meaning to the concept of “defensive programming.”

At one point or another, every programmer exists as at least one of these archetypes – the good ones see these bad habits in themselves and work to fix them over time. The bad ones… simply are.

http://www.aaronstannard.com/the-taxonomy-of-terrible-programmers/

Read more

Building a basic router

There is always value in learning about the internals of the frameworks and libraries we use. It allows for a deeper understanding of the problem being solved and appreciation of the work that has gone into these projects.

So today I will be building a basic router to explore this fundamental part of even the smallest framework. The idea is not to create something complete or production-ready but rather the minimum set of features needed to be considered a router.

https://medium.com/@dylanbr/building-a-basic-router-b43c17361f8b

Read more

Let the magic die

The venerable Uncle Bob wrote some thoughts on picking a framework:

Before you commit to a framework, make sure you could write it. Do this by actually writing something simple that does the basics that you need. Make sure the magic all goes away. And then look at the framework again. Is it worth it? Can you live without it?
http://blog.8thlight.com/uncle-bob/2015/08/06/let-the-magic-die.html

I've quoted the end of the post, but you should read it in full, it's worth it. I agree with most things in the article. You should constantly learn stuff and try making the basic functionality yourself to get a better understanding of how things work.

Though there is certainly truth to it I don't fully agree with: "Before you commit to a framework, make sure you could write it." It's good advice when you're very experienced or if you have time enough to investigate lots of stuff. For most people this isn't that case.

When starting out writing PHP almost 10 years ago I made my own little framework because I didn't know any better. I thought I was doing fine. Looking back at the projects I made with it, I'd say they're all horrible.

Zend Framework 1 came out. It sped up my development because I didn't have to do every little thing myself. Did I understand everything ZF was doing behind the screens? Certainly not. Did ZF create value for me right from the start? Hell yes. While using the framework on various projects I read about how it worked and learned a lot about PHP. I thought I was doing fine. Looking back at the projects I made with it, I'd say they're all horrible.

A few years ago I read some positive articles about Laravel. I really liked the syntax and the feel of things. Sure, it was a gamble to choose a framework I didn't know but it worked out really well. While using Laravel I learned, thanks to some excellent learning resources, lots of things on design patterns and best practices.

It's certainly possible that, in the coming years, Laravel will be replaced by a new shiny framework. Maybe I'll then write a post on Laravel saying "I thought I was doing fine. Looking back at the projects I made with it, I'd say they're all horrible." .

Generally speaking I think the following applies to most frameworks and most programming languages:

  1. When you see a framework / language that feels good to you, read a bit a about it.
  2. If you still feel good about it, use it on a small project
  3. If after that project you still feel good about it, use it again, maybe on a bigger project. Learn a bit more how framework and language works.
  4. Repeat steps 2 and 3 until you find yourself at step 1 again.
The most important part is the learning in step 3. If you don't do this you'll be a programming cowboy forever.

Of course all of this depends on context. I would never pick a technology unknown to me when starting to work on a large and expensive task. Learn and experiment when working on small projects. Use what you have learned on the big ones.

Read more

URL signing in Laravel

The project I'm currently working on will have to send out mails to all its users on a regular basis. It's not a newsletter: the contents of each mail will be very specific to each user. The mail also should contain a link to unsubscribe the user from simular future mails.

The link could look like this: https://myapp.com/unsubscribe. Clicking on the link would direct the user to a login page. After the user has logged in the unsubscribe can be automatically performed. In my mind requiring the user to login first in order to unsubscribe from something isn't very user friendly.

This can be improved by adding the id of the user to the link. Here's what that could look like: https://myapp.com/user/1/unsubscribe. With this link you the app can unsubscribe the user with id 1 in one go. That'll work, but it's not very secure. Unsubscribe links for all other users can be easily guessed. Such links can be made more secure by adding a signature and an expiry date on them.

My colleague Sebastian coded up a Laravel package to create signed url's with a limited lifetime. Here's example where the url gets signed and made valid for only one day:


echo UrlSigner::sign('https://myapp.com/user/1/unsubscribe', 1);

This outputs an url that looks like: https://myapp.com/user/1/unsubscribe?expires=1123690544&signature=93e02326d75

The validate-method can be used the determine if a signed url is (still) valid:


$isValidUrl = UrlSigner::validate($theSignedUrlInTheExampleAbove);

The signature is calculated using the original url itself, the expiration date and a secret string that's specific to your project. When a malicious user tries to change any part of the url the signature won't match up.

I'm assuming that the most common use case of signing url's is to protect routes. The package supplies a middleware that protects routes from invalid signed url's. In the following example only requests with a valid signed url will hit the controller:


Route::get('unsubscribe', ['middleware' => 'signedurl', 'uses => 'UserController@unsubscribe']);

If you're interested in using the package, take a look at it on GitHub: https://github.com/spatie/laravel-url-signer

There's also a framework agnostic version: https://github.com/spatie/url-signer

E-mails can be intercepted and are never 100% secure. Bearing that fact in mind you should never use this kind of link for any destructive action.

EDIT: Some fellow developers pointed out that I could also obfuscate the id in the url. Here are two good libraries to do that:

When using obfuscation of the id this url `https://myapp.com/user/1/unsub `would become something like: `https://myapp.com/user/kwxgqu5w/unsub`

And sure enough, the unsubscribe links of other users cannot be easily guessed. A small downside however is that the url becomes less readable. The big disadvantage is that the url will remain valid forever. As these links through an unsafe medium I think it's a good idea to give them a limited lifetime. Signing an url will do that.

Read more

Making string concatenation readable in PHP original

by Freek Van der Herten – 2 minute read

Probably all PHP developers know how to concatenate strings. The most popular method is using the .-operator. For small concatenations using this operator works fine. When lots of strings or variables need to be combined it can become cumbersome. Here's an example: $logMessage = 'A…

Read more

View disk space usage on Ubuntu original

by Freek Van der Herten – 1 minute read

A while ago, a disk of one of our DigitalOcean droplets had almost no free space. Ncdu (NCurses Disk Usage) is a command line tool to view and analyse disk space usage on Ubuntu. It can be installed with this command: sudo apt-get install ncdu Once it has been installed it can be launched by simply…

Read more

Further refactoring code for readability original

by Freek Van der Herten – 2 minute read

A few days ago Dylan Bridgman published a post on writing highly readable code. He cleaned up a truly horrible piece of code. The code was further improved the very same day by Ryan Winchester. I believe the code can be improved still. Read the mentioned blog posts to see which code we are going to…

Read more

DRY is about knowledge

“Don’t Repeat Yourself” was never about code. It’s about knowledge. It’s about cohesion. If two pieces of code represent the exact same knowledge, they will always change together. Having to change them both is risky: you might forget one of them. On the other hand, if two identical pieces of code represent different knowledge, they will change independently. De-duplicating them introduces risk, because changing the knowledge for one object, might accidentally change it for the other object.
The full article contains a nice code example to help you understand the theory:

http://verraes.net/2014/08/dry-is-about-knowledge/

Read more

Using Algolia in Laravel original

by Freek Van der Herten – 2 minute read

Algolia is a hosted service that makes advanced searching very easy. It's well documented and lightning quick. You can see some impressive examples on their site. Artisans probably know that Jeffrey Way recently published a series on Algolia. Earlier this year I made a package to easily work with a…

Read more

Laravel-medialibrary hits version 3 original

by Freek Van der Herten – 3 minute read

Not a month has gone by since v2 of the laravel-medialibrary package got released. If you're not familiar with it: the package provides an easy way to associate files with Eloquent models. Though I was quite happy with the improvements made over v1 there were some things that bothered me. Take a…

Read more

What would make Laravel Forge even better original

by Freek Van der Herten – 2 minute read

A little over a year ago Laravel Forge was launched. At Spatie we currently have 60 servers that are provisioned by and administered using it. I'm assuming we still hold the biggest Forge-account. By this time next year the number of servers will probably be higher. So yeah, I'm a very happy…

Read more

Upload large files to S3 using Laravel 5 original

by Freek Van der Herten – 1 minute read

Chris Blackwell yesterday published a tutorial on how to upload files to S3 using Laravel. This is the code he used (slightly redacted): $disk= Storage::disk('s3'); $disk->put($targetFile, file_get_contents($sourceFile)); This is a good way to go about it for small files. You should note…

Read more