Virtually every website displays some sort of menu. Generating html menus might seem simple, but it can become complex very quickly. Not only do you have to render some basic html, but you also have to manage which item is active. If a menu has a submenu you'll also want the parents of an active…
Most databases will contain some records that must be cleaned up. The reasons why a record can become unneeded are diverse: maybe it's a temporary record that was only needed for a little while if you're logging stuff to a table, a record may become too old to be of interest anymore ... To help a…
Join 9,500+ smart developers
Get my monthly newsletter with what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
"Freek publishes a super resourceful and practical newsletter. A must for anyone in the Laravel space"
Mohamed Said created a package that saves all mails sent out by a Laravel application to html files on disk. This can be incredibly useful when designing and debugging mails. It's implemented as a Laravel mail driver. Once installed you'll only have to change your driver to preview.
Take a look at the package on GitHub.
Today our team released a new major version of laravel-backup. It can backup the files and databases of your application to one or more external filesystems. It uses Laravel's native cloud filesystem to do this. The package can also notify you via Slack and/or email when something goes wrong with…
Yesterday our newest package laravel-feed was released. It makes generating RSS feeds in Laravel very easy. It's very opinionated to fit the needs of our projects, but I believe lots of other developers will find it useful too. There's almost no coding involved to create some feeds. Installation…
A few weeks ago I released a package called db-dumper. The package can dump the structure and contents of a database to a file. Here's how it can be used: Spatie\DbDumper\Databases\MySql::create() ->setDbName($databaseName) ->setUserName($userName) ->setPassword($password)…
Using plain PHP it's kinda hard to display emoji characters. In PHP 5 those characters could be generated by using json_encode. echo json_decode('"\uD83D\uDE00"'); //displays ? I bet no one can type this code by heart. In PHP 7 it's a little bit easier. The hot new version of PHP…
For a project I needed to extract some text from a pdf. Although there were already a few packages that could to this, I still created spatie/pdf-to-text because I wanted something that was really easy to use. And also because it's fun creating packages. Under the hood a utility called pdftotext is…
Glide is an easy to use image manipulation library by Jonathan Reinink. It was bumped to version 1.0.0 a few days ago. Glide can created optimized images on the fly by levering url's such as /img/users/1.jpg?w=300&h=400&fit=crop. Take a look at the example in the Glide documentation to know more.
I think Glide provides a very nice API to create image manipulations. Unfortunately it isn't very easy to use the API to generate an image using code. So I created a little package for that called laravel-glide. All new major versions of Spatie packages will require PHP 7, laravel-glide is no exception to this.
Here's an example of how to create a greyscale version image with a maximum width of 50 pixels.
GlideImage::create($pathToImage)
->modify(['filt'=>'greyscale', 'w'=> 50])
->save($pathToWhereToSaveTheManipulatedImage);
Take a look at Glide's image API to see which parameters you can pass to the modify-method.
One of the main questions when doing a major release is which minimum PHP version to support going forward. Last summer I decided I wanted to do a big jump from 5.3 and directly target PHP 7. It provides a lot of nice features as well as performance improvements, and as Monolog is one of the most installed packages on Packagist I wanted to help nudge everyone towards PHP 7.http://seld.be/notes/the-road-to-monolog-2-0
Spatie, the company where I work, recently released a Laravel package called laravel-sluggable. It automatically creates unique slugs when saving a model. To install the package you just need to put the provided Spatie\Sluggable\HasSlug-trait on all models that have slugs. The trait contains an…
A few weeks ago I made a cli tool to check the status code of all links on a site. It made use of a home grown crawler. Today the Laravel integration gets released. The new package called laravel-link-checker can log all broken links. By default, a link is considered broken if the status code of…
Climb checks your composer files to see which packages are outdated, regardless of your version constraints. Without Climb, there's no way of knowing if a package has a new major release unless you use a notification system like Gemnasium. Climb is one of those tools you just need to get on your tool belt.http://jenssegers.com/78/check-outdated-composer-packages-with-climb
At Spatie we're constantly improving our application template called Blender. We love using packages to pull in functionality. Creating and using packages has many benefits. Though we try to create public packages that benefit the community, there are some packages that are very specific to Blender.…
A few days ago Jeffrey Way published an interesting lesson on how to integrate pjax with Laravel. Pjax is jquery plugin that leverages ajax to speed up the loading time of webpages. It works by only fetching specific html fragments from the server, and client-side updating only certain parts of the…
Today I released a new package called laravel-fractal. It provides a Fractal service provider for Laravel. If you don't know what Fractal does, take a peek at their intro. Shortly said, Fractal is very useful to transform data before using it in an API. Using Fractal data can be transformed like…
Laravel's native authorization functionality allows you to define abilities a user can have. There are multiple ways to check if a user has a certain ability: via the facade, via the user model, within blade templates and within form requests. What Laravel doesn't provide out of the box is a…
With the release of Laravel 5.1.1 last week the framework gained some nice Authorization features. It provides an easy way to define abilities (aka permissions). Checking if a user has certain abilities is very simple as well. The code powering authorization is a thing of beauty. If you're a…
Jens Segers explains how to use PHP League's shiny new version of Container. The usage of ContainerInterface seems interesting:
League's container now implements the `ContainerInterface`, which is defined by the Container Interoperability group. This is really great as there are a few projects and frameworks which support this interface. For example, the Slim 3 micro framework already allows you to choose your own container flavour, as long as it implements the interface.Read the full article at Jens' blog.
The League's Container seems like a nice alternative to PHP DI that I have been using.
The project I'm currently working on will have to send out mails to all its users on a regular basis. It's not a newsletter: the contents of each mail will be very specific to each user. The mail also should contain a link to unsubscribe the user from simular future mails.
The link could look like this: https://myapp.com/unsubscribe. Clicking on the link would direct the user to a login page. After the user has logged in the unsubscribe can be automatically performed. In my mind requiring the user to login first in order to unsubscribe from something isn't very user friendly.
This can be improved by adding the id of the user to the link. Here's what that could look like: https://myapp.com/user/1/unsubscribe. With this link you the app can unsubscribe the user with id 1 in one go. That'll work, but it's not very secure. Unsubscribe links for all other users can be easily guessed. Such links can be made more secure by adding a signature and an expiry date on them.
My colleague Sebastian coded up a Laravel package to create signed url's with a limited lifetime. Here's example where the url gets signed and made valid for only one day:
echo UrlSigner::sign('https://myapp.com/user/1/unsubscribe', 1);
This outputs an url that looks like: https://myapp.com/user/1/unsubscribe?expires=1123690544&signature=93e02326d75
The validate-method can be used the determine if a signed url is (still) valid:
$isValidUrl = UrlSigner::validate($theSignedUrlInTheExampleAbove);
The signature is calculated using the original url itself, the expiration date and a secret string that's specific to your project. When a malicious user tries to change any part of the url the signature won't match up.
I'm assuming that the most common use case of signing url's is to protect routes. The package supplies a middleware that protects routes from invalid signed url's. In the following example only requests with a valid signed url will hit the controller:
Route::get('unsubscribe', ['middleware' => 'signedurl', 'uses => 'UserController@unsubscribe']);
If you're interested in using the package, take a look at it on GitHub: https://github.com/spatie/laravel-url-signer
There's also a framework agnostic version: https://github.com/spatie/url-signer
E-mails can be intercepted and are never 100% secure. Bearing that fact in mind you should never use this kind of link for any destructive action.
EDIT: Some fellow developers pointed out that I could also obfuscate the id in the url. Here are two good libraries to do that:
When using obfuscation of the id this url `https://myapp.com/user/1/unsub `would become something like: `https://myapp.com/user/kwxgqu5w/unsub`And sure enough, the unsubscribe links of other users cannot be easily guessed. A small downside however is that the url becomes less readable. The big disadvantage is that the url will remain valid forever. As these links through an unsafe medium I think it's a good idea to give them a limited lifetime. Signing an url will do that.
