Freek.dev

In an awesome article at Sitepoint Christopher Pitt explains how he used the yay macro library to build up plugin framework to add new language features to PHP.

Chris made plugins that allows this syntax in PHP.

// short closure syntax
$items = ["one", "two", "three"];
$ignore = "two";

array_filter($items, ($item) => {
    return $item !== $ignore;
});

//class accessors

class Sprocket
{
    private $type {
        get {
            return $this->type;
        }

        set {
            $this->type = $value;
        }

        unset {
            $this->type = "type has been unset";
        }
    }
}

As with all things, this can be abused. Macros are no exception. This code is definitely not production-ready, though it is conceptually cool.

Please don’t be that person who comments about how bad you think the use of this code would be. I’m not actually recommending you use this code, in this form.

Having said that, perhaps you think it’s a cool idea. Can you think of other language features you’d like PHP to get? Maybe you can use the class accessors repository as an example to get you started. Maybe you want to use the plugin repository to automate things, to the point where you can see if your idea has any teeth.

https://www.sitepoint.com/how-to-make-modern-php-more-modern-with-preprocessing/

Check out some more examples on preprocess.io

Very cool stuff.

Read more

Probably because I'm a heavy user of Laravel I read a lot of Laravel focused blogs and follow a lot people on Twitter who also are heavy users of the framework. But more than a Laravel developer, I consider myself a PHP developer first. One of the ways I try to stay in touch with what is happening in the larger PHP community is following this excellent link blog maintained by Chris Cornutt.

http://www.phpdeveloper.org/

Read more

Scott Arciszewski debunks the commonly given advice on securing your PHP installation by setting some php.ini values.

There have been countless examples posted in various places (Reddit, Hacker News, Twitter, Facebook, Slashdot, and even LinkedIn group discussions), and while a handful occasionally contain one or two tips that might be beneficial towards securing your PHP applications, almost all of the advice they contain is either wrong, a huge waste of time, downright silly, or all of above.

As part of a team that specializes in application security (in particular: securing PHP applications), I feel it's high time someone cleared the air about this advice.

https://paragonie.com/blog/2017/01/configuration-driven-php-security-advice-considered-harmful

Read more

In a new post on his blog Adam Wathan explains his thinking on the meaning of having a method on an object.

The fundamental misunderstanding here is thinking that methods are things an object can do.

If you believe that the methods on an object represent the abilities of that object, then of course an Announcement having a broadcast() method sounds silly.

But what if methods weren't the things an object could do? What if they were the things you could do with that object?

If methods were the actions an object afforded us, then it would make perfect sense to be able to broadcast() an Announcement, wouldn't it?

https://adamwathan.me/2017/01/24/methods-are-affordances-not-abilities/

Read more

Most of the Laravel apps we create at Spatie will send mails. This can be a password reset mail, a welcome mail after registration, an order confirmation mail, ... One of the things we do is styling such mails so it has the same look and feel as the site it was sent from. When testing such mails our designers had to request a password reset or go through the entire checkout flow just to receive such an order confirmation mail. To make that testing process a lot easier we've created a package called laravel-mailable-test. This package provides an artisan command that can send a mailable to an mail-address.

To send any mailable issue this artisan command:

php artisan mail:send-test "App\Mail\MyMailable" recipient@mail.com

This will send the given mailable to the given email address. The to-, cc- and bcc-addresses that may be set in the given mailable will be cleared. The mail will only be sent to the email address given in the artisan command.

The package will provide a value for any typehinted argument of the constructor of the mailable. If an argument is a int, string or bool the package will generated a value using Faker. Any argument that typehints an Eloquent model will receive the first record of that model.

Image the constructor of your mailable looks like this:

public function __construct(string $title, Order $order) 
{
   ...
}

That constructor will receive a string generated by the sentence method of Faker and the first Order in your database.

The values that are passed to the constructor of the mailable can be customized using the values option of the command.

php artisan mail:send-test "App\Mail\MyMailable" recipient@mail.com --values="title:My title,order:5"

Using this command My title will be passed to $title and an Order with id 5 will be passed to $order.

To learn more about the package head over to the readme on GitHub. Be sure take also take a look at this list of Laravel packages our team has previously made.

Read more

Michael Dyrynda, one of the two new hosts of the Laravel Podcast, share a nice tip on how to quickly switch PHP versions when using Laravel Valet.

At the time of writing, Laravel Valet ships with PHP 7.1 but if you're like me, you have some legacy projects around the place that haven't quite lifted their dependencies to PHP 7 just yet.

A lot of folks might have previously used a VirtualBox Virtual Machine, or more recently considered Docker but a lot of the time and especially when dealing with simpler situations, Valet may be all that you need.

https://dyrynda.com.au/blog/switching-php-versions-with-laravel-valet

Read more

Matthieu Napoli, author of PHP-DI and externals.io, wrote a post on how you can use anonymous classes to quickly create mocks, spies and fixtures.

Anonymous classes were added to PHP 7. This article intends to show how useful they can be for writing tests.

http://mnapoli.fr/anonymous-classes-in-tests/

Read more

Freek Lijten, a developer at Schiphol, makes the case for just setting a sane default value instead of throwing an exception when invalid input entered the application.

I didn't think much of this, but I've seen a major drawback lately while working on a site that is a bit bigger than I was used to. With over half a million visitors a week and lots of scrapers, bots and other stuff visiting, these exceptions and fatal errors clog up logging quite a bit. Not to the point that we can't handle the volume, but it generates false positives in monitoring channels and it is something we do not want to act upon anyway.

http://www.freeklijten.nl/2017/01/04/Sane-defaults-over-Exceptions

Read more

Mohamed Said explains the not so well known sometimes validation rule in Laravel.

Laravel's validation library is very powerful and easy to use, using a few keystrokes you can build a strong defence around your application, preventing invalid user input from corrupting the application flow and potentially introducing bugs.

...

In this post I'd like to highlight a trick related to conditionally adding validation rules.

http://themsaid.com/laravel-advanced-validation-conditionally-adding-rules-20170110/

To learn more read the relevant section in the Laravel docs.

Read more

On his new blog on Medium, Taylor Otwell, creator of Laravel, published some statistics on the code complexity of various popular PHP frameworks. Draw your own conclusion.

Last week as I was refactoring and cleaning Laravel for the 5.4 release, Graham Campbell showed me some code complexity statistics for the framework. I decided to compare this against some other PHP frameworks to see how Laravel stacks up.

https://medium.com/@taylorotwell/measuring-code-complexity-64356da605f9

Recently Taylor sat down with the folks at Larachat. Watch the recording to learn some other nice interesting tidbits about Laravel and it's ecosystem.

Read more

Sometimes you might allow a function to accept multiple data types. I don't know for certain if it's the correct term but for the remainder of this post I'm going to call such a function overloaded. In this post I'd like to show you a little trick to make overloaded functions more readable.

Let's first take a look at a function in Laravel that accepts multiple data types. To store something in a session you can pass a key and value to the session helper:

session($key, $value);

But you can also give it an array:

session(['key' => 'value']);

Now behind the scenes Laravel is calling a put function. It could have been implemented like this:

public function put($key, $value = null)
{
    if (is_array($key)) {
       foreach ($key as $arrayKey => $arrayValue) {
           $this->set($arrayKey, $arrayValue);
       }
    }
    else {
       $this->set($key, $value);
    }
}

In the function above there's a path for doing the work if an array was passed and another path for when (hopefully) a string was passed.

The actual implementation is a bit different (and much better):

public function put($key, $value = null)
{
    if (! is_array($key)) {
        $key = [$key => $value];
    }

    foreach ($key as $arrayKey => $arrayValue) {
        $this->set($arrayKey, $arrayValue);
    }
}

The cool thing to note is that what the function first converts the passed arguments to a certain format (in this case an array) and then perform the work on the format. The actual work, the call to $this->set is only coded up once. When reading the source code of Laravel you'll often come across this pattern.

Let's take a look at another real life example to make the benefit of this pattern more clear. This next snippet is taken from a recent PR to the laravel-permission package. It aims to a add a query scope to a User model to perform the query only on users that have the given role(s). Roles can be passed through as an array, a string or an instance of Role.

/**
 * Scope the user query to certain roles only.
 *
 * @param string|array|Role|\Illuminate\Support\Collection $roles
 *
 * @return bool
 */
public function scopeRole($query, $roles)
{
    if (is_string($roles)) {
        return $query->whereHas('roles', function ($query) use ($roles) {
            $query->where('name', $roles);
        });
    }

    if ($roles instanceof Role) {
        return $query->whereHas('roles', function ($query) use ($roles) {
            $query->where('id', $roles->id);
        });
    }

    if (is_array($roles)) {
        return $query->whereHas('roles', function ($query) use ($roles) {
            $query->where(function ($query) use ($roles) {
                foreach ($roles as $role) {
                    if (is_string($role)) {
                        $query->orWhere('name', $role);
                    }

                    if ($role instanceof Role) {
                        $query->orWhere('id', $role->id);
                    }
                }
            });
        });
    }

    return $query;
}

The query is being build up in a few different ways depending on the type of the argument being passed through. The readability of this code can vastly be improved by:

• first converting all arguments to a single format to work with
• performing the work on that format

public function scopeRole($query, $roles)
{
    if ($roles instanceof Collection) {
        $roles = $roles->toArray();
    }

    if (! is_array($roles)) {
        $roles = [$roles];
    }

    $roles = array_map(function ($role) {
        if ($role instanceof Role) {
            return $role;
        }

        return app(Role::class)->findByName($role);
    }, $roles);

    return $query->whereHas('roles', function ($query) use ($roles) {
        $query->where(function ($query) use ($roles) {
            foreach ($roles as $role) {
                $query->orWhere('id', $role->id);
            }
        });
    });
}

In the snippet above all input, no matter what type is being passed through, is first converted to an array with Role objects. U sing that array the query is only being build up once. I should mention that the author of the PR did provide a good set of tests so it was very easy to refactor the code.

Let's do one more example. This one's taken from our laravel-fractal package which aims to make working with Fractal more developer friendly.

To return a response with json data you can to this in a Laravel app.

$books = fractal($books, new BookTransformer())->toArray();

return response()->json($books);

In the last version of our package a respond() method was added. Here's the equivalent code using the respond method.

return fractal($books, new BookTransformer())->respond();

You can pass a response code as the first parameter and optionally some headers as the second

return fractal($books, new BookTransformer())->respond(403, [
    'a-header' => 'a value',
    'another-header' => 'another value',
]);

You can also set the status code and the headers using a callback:

use Illuminate\Http\JsonResponse;

return fractal($books, new BookTransformer())->respond(function(JsonResponse $response) {
    $response
        ->setStatusCode(403)
        ->header('a-header', 'a value')
        ->withHeaders([
            'another-header' => 'another value',
            'yet-another-header' => 'yet another value',
        ]);
});

This is original code for the function that was submitted through a PR (slightly redacted):

public function respond($callbackOrStatusCode = 200, $callbackOrHeaders = [])
{
    $response = new JsonResponse();

    $response->setData($this->createData()->toArray());

    if (is_callable($callbackOrStatusCode)) {
        $callbackOrStatusCode($response);
    } else {
        $response->code($callbackOrStatusCode);

        if (is_callable($callbackOrHeaders)) {
            $callbackOrHeaders($response);
        } else {
            $response->withHeaders($callbackOrHeaders);
        }
    }

    return $response;
}

Sure, that code does the job. Unfortunately the real work (in this case: modifying $response) is done all over the place. Let's refactor! In the code below we're going to convert all input to callables first and then use them to modify $response.

public function respond($statusCode = 200, $headers = [])
{
    $response = new JsonResponse();

    $response->setData($this->createData()->toArray());

    if (is_int($statusCode)) {
        $statusCode = function (JsonResponse $response) use ($statusCode) {
            return $response->setStatusCode($statusCode);
        };
    }

    if (is_array($headers)) {
        $headers = function (JsonResponse $response) use ($headers) {
            return $response->withHeaders($headers);
        };
    }

    if (is_callable($statusCode)) {
        $statusCode($response);
    }

    if (is_callable($headers)) {
        $headers($response);
    }

    return $response;
}

Hopefully you can use this neat little trick to improve the readability of your code as well.

Read more

Stefan Koopmanschap argues that, besides writing beautiful code and using kickass frameworks and libraries, we should be able to do some quick and dirty coding as well.

Can you write me a simple script that fetches some information from an RSS feed and displays the titles? Like, just write me that script in a couple of minutes. I don't care about tests, quality, etc. Just get me the information, quickly.

http://leftontheweb.com/blog/2017/01/04/pragmatic_coding/

Read more

On the excellent PHP section of Sitepoint Thomas Punt has written a good high ievel overview of how PHP code is executed.

There’s a lot going on under the hood when we execute a piece of PHP code. Broadly speaking, the PHP interpreter goes through four stages when executing code:

• Lexing
• Parsing
• Compilation
• Interpretation

This article will skim through these stages and show how we can view the output from each stage to really see what is going on. Note that while some of the extensions used should already be a part of your PHP installation (such as tokenizer and OPcache), others will need to be manually installed and enabled (such as php-ast and VLD).

https://www.sitepoint.com/how-php-executes-from-source-code-to-render/

Read more

Starting from tomorrow PHP 5.6. will not be actively supported anymore. Sebastian Bergmann, author of PHPUnit explains how PHP's release process works, and what the ending of active support means for you. Spoiler: you should upgrade asap.

It is high time to think about upgrading your PHP stack to PHP 7, ideally to PHP 7.1. This should be a short-term goal for you.

Upgrading the version of PHP you use must not be a rare event you are afraid of. You must not think of upgrading your PHP stack as a "special project". You need to make upgrading the PHP version you use part of your normal operational procedure and align the upgrade cycle of your PHP stack with the release cycle of the PHP project. This should be a long-term goal for you.

https://thephp.cc/news/2016/12/php-5-active-support-ends-now-what

Read more

Laravel News published a nice overview of what happened in the Laravel ecosystem in 2016.

As 2016 is coming to a close it’s a great time to look back on the year and see just how much progress has been made. Laravel had a busy year with 5.3 being released, Laracon, updates to all the components, and now gearing up for the Laravel 5.4 release.

To look back on the year I’ve put together a list of some of the hits of 2016 and arranged them by month so you can get a quick overview of all the highlights.

https://laravel-news.com/80-laravel-tutorials-packages-and-resources

The Laravel ecosystem sure is moving fast. For me the best new software that emerged from it was Laravel Valet. I use it for most projects now and can't imagine working on a Vagrant box anymore for my normal day to day work. Hopefully Valet will gain more recognition in the greater PHP community in 2017.

I'm also happy to report that the Laravel / PHP packages my company releases have grown in popularity in 2016.

Total # of downloads of @spatie_be packages according to Packagist
In 2014: 0 (we had no packages)
In 2015: ±150 000
In 2016: 1 500 000
? pic.twitter.com/cZJU9NPBsS

— Freek Van der Herten (@freekmurze) 16 december 2016

Read more

On the Blackfire.io blog Julien Pauli peeks behind the curtains of PHP. In the five part series he explains how you should write your code to make the best use of the internal optimizations present in PHP 7.

This blog series will show you what changed inside the Zend engine between PHP 5 and PHP 7 and will detail how you, as a developer, may effectively use the new internal optimizations. We are taking PHP 5.6 as a comparison basis. Often, it is just a matter of how things are written and presented to the engine. Performance must be taken care of when critical code is written. By changing some little things, you can make the engine perform much faster, often without losing other aspects such as readability or debugging control.

https://blog.blackfire.io/php-7-performance-improvements-packed-arrays.html

Read more