ServerGrove Blog: New Symfony installer: the fastest way to start your Symfony project

The ServerGrove blog has a new post today introducing the new Symfony Installer, a tool that can make getting started with a Symfony2 application quick and easy.

Yesterday, the Symfony team introduced the new Symfony installer. Its main goal is to help developers to create Symfony projects faster. Until now, installing Symfony to start a new project required a few steps. […] The installer tries to do this in one step. It downloads a compressed file with all the code, including the vendors directory, so you don’t need anything else to run Symfony for the first time.

The post shows you how to install the installer via a curl call to fetch the executable. They show how to use it to create a new project, making a demo project and the resulting application and web interface for the demo. They also mention some of the future work that’s planned for the installer including HTTPS support and caching improvements. The post finishes up with a quick mention of the code „under the hood“ using the Symfony console component.

Link: Programming With Yii2: Integrating User Registration has posted the next part in their „Programming with Yii2“ series today with this tutorial showing you how to integrate user registration into your sample application.

This is part four of a series on Yii2. In Programming With Yii2: Getting Started, we set up Yii2 locally, built a Hello World application, set up a remote server, and used Github to deploy our code. In part two, we learned about Yii’s implementation of its Model View Controller architecture and how to build web pages and forms that collect and validate data. In part three, we learned about working with databases and ActiveRecord. In this tutorial, we’ll walk you through integrating a popular user registration plugin.

They walk you through the use of the Yii2-User extension to provide the user handling functionality. The tutorial shows you how to get it installed (via Composer), run its database migrations to create the needed tables and where to update the configuration files to pull the plugin into the execution. They also help you set up SwiftMailer (what it uses to send its emails) and then gets into the integration of the registration with the application with a signup page.


PHP Roundtable: 015: SemVer, Licensing & OS Support Expectations

The PHP Roundtable podcast has posted their latest episode, part two in a series looking at semantic versioning, open source support expectations and licensing. This new episode features guests Colin O’Dell and Chris Tankersly.

Part 2 of an on-going series on open source. We discuss a number of open source topics including what the expectations are for support of an open source project. We also discuss how to use SemVer to successfully maintain an open source package and what we can do when SemVer is not an option. And finally we take a look at licensing and discuss why we need to be concerned with it.

You can listen to this latest episode by checking out the video of the live recording, coming in at about 1 hour. If you enjoy the show, be sure to subscribe to their feed to get the latest updates on when new episodes are available.

Link: Increasing project productivity in Symfony2 from Doctrine2 ORM

In this tutorial to the site Sasha Lensky talks about some things you can do to help boost the performance of your Symfony2 application with a few tweaks in how Doctrine is used.

I have been trying to write this article for a long time, but just couldn’t get around. Finally, I pulled myself together and did it. So, what will we discus … I will share some techniques about working with Doctrine2 ORM, which will help to improve the site performance on Symfony2 (precisely any site that uses Doctrine2 ORM). I have created a project and put it on GitHub as a visual guide, so anyone can test my words in action now.

He shares five tips and includes code examples and results (based on the Profiler toolbar) for each:

  • Downloading all necessary connections
  • Updating multiple entities by request
  • Hydration waiver
  • Using Reference Proxies
  • Using Symfony Profiler Toolbar

That final tip about the Profiler toolbar is actually one used in the rest of the examples too, showing how to get that other information from the tool.


SitePoint PHP Blog: Creating Custom Field Formatters in Drupal 8

The SitePoint PHP blog has a new tutorial posted today showing how to create custom field formatters in a Drupal 8 application. Custom formatters allow you to enhance the current functionality of objects in the application and extend them with additional functionality.

With the introduction of annotated plugins, a lot has changed in Drupal 8. We have a more streamlined approach to describing and discovering pieces of functionality that extend the core. Along with many other components, the former Field API (part of the larger and consolidated Entity API) is now based on plugins. In this tutorial we will go through defining a custom field formatter for an existing field (image). What we want to achieve is to make it possible to display an image with a small caption below it. This caption will be the title value assigned to the image if one exists.

They start with a new custom module, starting with just the YAML configuration. Then they help you create the field formatter as a plugin in the „Plugin/Field/FieldFormatter“ namespace (code included). They explain how this code works and show how to add it as a hook to make it available to the template layer. Finally they show it in use and how it places the title value into the image caption in the result.

Link: Creating Custom Field Formatters in Drupal 8

Pádraic Brady: Securely Distributing PHARs: Pitfalls and Solutions

Pádraic Brady has a new article on his site talking about the secure distribution of phars (PHP archive files) including some of the common pitfalls and potential solutions.

The PHAR ecosystem has become a separate distribution mechanism for PHP code, distinct from what we usually consider PHP packages via PEAR and Composer. However, they still suffer from all of the same problems, namely the persisting whiff of security weaknesses in how their distribution is designed. […] [Several security-related issues introduce an element of risk that the code you receive is not actually the code the author intended to distribute, i.e. it may decide to go do some crazy things that spell bad news when executed.

He shares some of the steps he’s taken to secure his own phar for a CLI application with things like:

  • Distribute the PHAR over HTTPS
  • Enforce TLS verification
  • Sign your PHAR with a private key
  • Avoid PHAR Installer scripts
  • Manage Self-Updates securely

He finishes the post with one of the most important parts of the article – a reminder to do all of the things on the list above consistently.

This is not an outrageous outcome to introducing proper security on PHAR downloads. Go forth and do it for all PHARs. Help create an environment where distributing and installing code in secure ways is the normal expected thing to do.