Symfony2 Presentation

Last weekend at the PHP Unconference in Hamburg I gave a talk showing an overview of the Symfony2 framework. The allowed 45min were way too short to say everything I wanted to say and I didn't really have time to prepare slides so it was a bit messy, apologies for that.

Yesterday I did an internal training at Liip for a team that will start a Symfony2 project soon, and spent some time building slides. This time I had two hours for the presentation so it went way better I think. And then in the afternoon everyone built a small ultra-basic blog application to get their hands dirty a bit.

So for those that attended the talk in Hamburg and want to see a bit more, or just anyone interested in the current state of Symfony2, I put the slides online (use the arrows to move). Note that they will most likely not be up to date anymore in a few weeks/months given that the framework is still ongoing heavy development.

September 29, 2010 // PHP // Post a comment

PHP Console in Your Browser

So-called interactive modes for scripting languages are commonly used in the command line, and they are great for quick tests, but most of the time when I try something it tends to grow and quickly becomes painful to handle in a CLI one-liner.

Since I spend most of my days programming PHP I tend to need that a lot and a few years back I wrote a small script that would let me type php code in my browser and execute it. Nothing fancy, but quite useful.

Over the years a few people got interest seeing me use it and asked for the sources, so instead of repackaging it every time, I thought I'd clean it up, polish a bit, add some features, and put it on github.

I can't really let you try it on my website for the obvious security implications, but you can look at the screenshot below or to get your hands on it more directly head to github (seldaek/php-console) or grab the zip archive.

Setup is easy, just put it somewhere, and run it in a browser. It only works from localhost, so it's as secure as your machine is, and I can't be held responsible for anything.

It fetches the execution result with javascript so you can even die() in the script with no problem, and expands tabs to spaces. Press ctrl-enter to submit from the textarea.

What do you think?

September 23, 2010 // PHP // Post a comment

Switching on my WLAN with my phone

It all started when my router began to crash every few days. All my connections would drop, and misery ensued. I disabled WLAN/Wi-Fi and it stopped crashing, so I was happy. But then my laptop's range became limited, and my phone sucked up my precious data plan, which wasn't ideal either.

Now the router I got is quite specific, it's remote controlled by the ISP and some settings are accessible only via their web interface, which means that enabling/disabling WLAN takes 3 minutes of waiting and is very annoying. I recently got fed up and decided to try and script the whole process.

I wrote a php script that does the job with curl, and now I can call it from my phone's browser to enable or disable the WLAN at any time, from anywhere.

So if you are interested, although it will only work as-is for Swisscom routers in Switzerland, I attached the full script I used below. You can read on for hints though since I guess it could be applicable to any other router configured via a web interface, and if it's only accessible from the local network you could have the script run on a home server that is accessible from the outside and would basically be a proxy.

A few parts are noteworthy though, the whole CURL configuration was a bit tricky, especially since I failed to RTFM correctly on the whole COOKIE stuff, until Elazar (you can buy his book on web scraping for more details on this whole topic) pointed me to the right setting, CURLOPT_COOKIEJAR.

An interesting thing is that you can pass 'php://memory' to the COOKIEJAR option, which is a php stream creating a virtual file somewhere in memory. It's good for throw-away stuff if you don't want to mess with the filesystem. Also CURLOPT_SSL_VERIFYPEER is a very good thing to have if you want to be lazy about SSL setup, it basically skips the entire certificate verification process.

And for people trying to implementing this kind of stuff with other routers, most of them use HTTP Authentication, so you most likely will need the CURLOPT_USERPWD option, providing it your user/pass couple as: "username:password".

<?php

$user = 'foo';
$pass = 'bar';
$state = isset($_GET['state']) ? $_GET['state'] : false;

if ($state !== 'on' && $state !== 'off') {
    die('Unknown or missing state '.$state);
}

function execRequest($ch)
{
    $res = curl_exec($ch);
    if (!$res) {
        var_dump(curl_error($ch));
        die('ABORTED');
    }
    return $res;
}

$ch = curl_init();
curl_setopt_array($ch, array(
    // base curl config
    CURLOPT_AUTOREFERER => true,
    CURLOPT_FOLLOWLOCATION => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_UNRESTRICTED_AUTH => true,
    CURLOPT_COOKIEJAR => 'php://memory',
    // login request
    CURLOPT_URL => 'https://sam.sso.bluewin.ch/my/data/MyData?lang=en',
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => http_build_query(array('username' => $user, 'password' => $pass)),
));

execRequest($ch);

curl_setopt_array($ch, array(
    CURLOPT_URL => 'https://sam.sso.bluewin.ch/my/data/ModemMgmtService?lang=en&mode=overview',
    CURLOPT_POSTFIELDS => null,
    CURLOPT_HTTPGET => true,
));

execRequest($ch);
sleep(3);

curl_setopt($ch, CURLOPT_URL, 'https://sam.sso.bluewin.ch/my/data/ModemMgmtService?lang=en&mode=changewlanstatus&WLAN_STATE='.$state);

$res = execRequest($ch);

echo strstr($res, 'Confirmation: WLAN data have been changed.') ? 'Done ('.$state.')' : 'FAILED';

September 22, 2010 // PHP // Post a comment

Introducing Slippy - HTML Presentations

Slippy is a HTML Presentation library written with jQuery, it takes a html file in and plays it in any browser.

It is optimal for programming-related talks since it includes a syntax highlighter and is very easy to use since it's just standard html markup with a few classes to enable specific functions.

If you are making a talk about Javascript, it can even execute your code samples live and displays alert() boxes nicely instead of using the ugly browser dialog, which -I tried it today- works quite well to prove your point interactively.

You can find the sources on github, view the example slide deck which includes some documentation or view the slides for the small talk I gave today about Javascript Events on my Slippy slide repository.

Obviously feedback is very much welcome and even though it's not perfect yet, I hope it'll be useful to others. More docs and styling fixes (the dark grey background wasn't too visible on a projector, my bad) should come soon as I have more talks planned, and the slide repository page will receive some love as well when I have time.

June 03, 2010 // News, PHP, JavaScript // Post a comment

Unpredictable hashes for humans

It is not uncommon for web developers to have to generate random ids or hashes, for instance large scale project or frameworks may want to implement their own PHP session handlers either completely abstracted in their API, or overloading PHP's internal API using session_set_save_handler(). If you do so, unless you want to entrust PHP's core to do it, one thing you will have to take care of is generating unique session ids to send as a cookie to your users, allowing the session to persist. Other common use cases for such unique hashes is to generate CSRF tokens to insert in forms or URLs, and finally authentication tokens for email validation or such.

Proceed to the article to learn more about it in a -hopefully- easy to grasp way, this wasn't written for security experts but rather any PHP coder out there that is remotely interested in security, and you really should.

Continue reading...

May 10, 2010 // PHP // Post a comment

Project management in PHP with Arbit

I would like to attract everyone's attention on the 0.3-alpha release of Arbit.

For those that do not know Arbit yet, it is a project management and issue tracker build in PHP. It uses CouchDB as a storage backend by default but work to support RDBMS via PDO is in progress.

Interestingly, it also provides experimental support for continuous integration, also fully PHP-based, unlike other popular solutions. This is not enabled by default in this release since it isn't fully ready but feel free to stop by the irc channel (#arbit on freenode) to know more.

The full announcement contains details about what we fixed and implemented in the 0.3.

Get involved!

As all open source projects, Arbit needs your help, I joined the project early this year and we have had a few contributions from other people since then, but we can always use more help. Therefore if you are interested and wish to take part by developing new features, fixing bugs or at least reporting them, please don't hesitate and get in touch! And as Elizabeth Naramore's article recently pointed out most people are afraid to contribute, I would like to say that no matter how skilled you are, contributions are welcomed. We will provide assistance if needed.

April 05, 2010 // News, PHP // Post a comment

Including open source in the hiring process

We were discussing the difficulty of the hiring process from a company point of view last week at the github meetup in Paris, and more specifically how hard it is to get quality people without relying on test assignments, which most agree are total bullshit, or on a couple of interviews, which can also be very misleading since it depends a lot on the person's social skills, or lack thereof.

One big thing that is overlooked in my opinion is participation in open source projects, be it a single patch or long term commitment. As an employer you can see that the guy has enough interest in programming in general that he has taken the extra step to contribute something, and also that his work was accepted by a peer as valid. It is obviously not the full story and we all know some open source projects' code is utter crap (disclaimer, this also applies to closed source software, you just don't get to see it), but I still believe it gives you a better metric than just some code the guy did (or didn't) code and is presenting to you during an interview.

You can use ohloh to track your open-source-CV of sorts, and I would very much like it if more companies would push the open source involvement forward in their job ads, probably not as a requirement but at least as a big plus. It would benefit both companies that are trying to hire good people, and good people to be recognized. Of course it would also benefit the open source community at large if the work you do there gets you more recognition, pushing more people to take the leap to contribute. It is definitely helping already, if only for the contacts you get, which are always good when looking for a job, but increasing the perceived benefit of contributing to the open source world would be great, so I would very much like if all you HR people would give it a thought, and other readers please mention it to HR in your company, or your friends looking for work, your little brother starting to study, anyone can contribute.

Any other ideas on how to find great developers? Is your company using open source as a criteria? Did it help?

February 22, 2010 // PHP // Post a comment

Symfony Live 2010 - Symfony2, speaking and stuff

Overall the conference was pretty interesting since I don't have a lot of experience with symfony I learned quite a bunch of things about it's usage. I also met a lot of nice people, and ended the trip yesterday evening at the github meetup, after going for food with a couple phpBB guys who are really much nicer than the forum software they stand for. They were also very open to us bashing phpBB and seem to be headed towards a brighter future for the next version, which I'm sure nobody will complain about.

I also had my first session at a conference, accompanying Lukas though so I wasn't really flying by myself yet but it was still a nice and interesting (and stressful) experience that I will try to renew. We didn't get all that much feedback by the way so feel free to do so (also here if you are too lazy to register on joind.in), the organizers need it and obviously I wonder how the talk was received as well.

As for Symfony 2 (which now comes with a capital S please), I kind of saw the flexibility coming since we already implemented the dependency injection container in our Okapi framework at Liip, but I was still impressed by the jump away from symfony (1) Fabien conceded, many people would have tried to keep more BC at the cost of going forward, and I'm really glad he didn't, I think it will pay in the long run. The new version of the framework will basically be able to be totally ripped apart to fit your needs better if you have high performance requirements, which was the major pain point of symfony 1 as far as I'm concerned, and one of our reasons to keep working on Okapi which is pretty much a baseline micro-framework you can build upon. We will have to see if adopting Symfony in its place will make sense, but it sounds promising and it would offload some maintenance away from us which is always good.

Obviously Symfony 2 isn't going to be stable for a while, and there are some rough edges that still need to be discussed and improved, mostly in the way bundles are handled imo, but it looks very good already and I'll definitely give it a try asap. I would also encourage everyone to do so, especially framework developers, because the dependency injection is a pretty awesome thing to have, both for the testability of code and flexibility of the development process. Although if it's your only interest in it, checking out the Okapi 2 core (or the liip.to app ported to use it) is probably easier as there is less code to read, and we didn't add any of the abstraction to the dependency injection layer that Symfony 2 has.

February 18, 2010 // PHP // Post a comment

Dwoo is better than Twig

It's lame catchy title day, a more appropriate one would be "Think for yourself", but I want to get my point across.

This is a general purpose idea of course, I don't think there is any case in your life where you shouldn't think for yourself, but this particular post is about programming.

I just read someone (and I won't name names, it's not relevant) that was pondering using Dwoo or Twig in his CMS, who ended up picking Twig because, and I quote: "but twig says they're better than dwoo so ...". Now I sincerely couldn't care less if someone decides to use something else over Dwoo - which I'm working on in case you wouldn't know. It's your own choice, and even I wouldn't say Dwoo is the best choice for every damned purpose out there.

What bothers me though, is that obviously the guy read Fabien Potencier's article about php template engines, which was obviously not so much of an objective post, but that has already been discussed so let's not go to deep into it. Anyway, the guy most likely read it, and all it says about Dwoo to dismiss it is "Unfortunately, Dwoo has no sandbox feature and its core is not flexible enough". So.. out of this most enlightening comment, you decide to trust Fabien and just assume Twig is better? I just don't get it.

So again, please, just think for yourself.

December 08, 2009 // PHP // Post a comment

Major glob() fail

I just had the pleasure of discovering another of PHP's little quirks and since it's been almost a year since my last post, I thought it would be a good occasion.

Working on some personal project that lists a bunch of stuff on my hard drive, I found out that directories that contain square brackets (those []) don't return any results for the simple reason that glob reads [stuff] as a character class, just like in regular expressions. When you know it it makes perfect sense, but when you don't, the documentation is really not so helpful. Of course it mentions libc's glob() and unix shells, but not everyone knows what that implies at first glance.

My first reaction when I noticed that those directories were missing was to try and escape them with backslashes, which works on unix systems, but not on windows since the backslash is the directory separator. The cross platform solution is to enclose them in brackets (i.e. [[]), which effectively creates a character class with only the opening bracket in it, so it matches correctly.

I then wrote this glob_quote function which, just like preg_quote, escapes the meta characters that glob uses.

function glob_quote($str) { 
    $from = array( '[', '*', '?'); 
    $to = array('[[]', '[*]', '[?]'); 
    return str_replace($from, $to, $str); 
}

Another detail worth noting while I'm at it is that this problem also occurs when you do glob('*.txt') if your cwd contains brackets, since in this case the cwd is pre-pended to the pattern, the solution being to escape it as well as such:
glob(glob_quote(getcwd()).DIRECTORY_SEPARATOR.'*.txt');

That's it for today, so until next year..

December 02, 2009 // PHP // Post a comment

First page< Newer entries 1 2 3 [4] 5 Older entries > Last page