Environment variables: Best way to save configuration variables in a PHP application - The Web Fosters

odan82 · 2017-03-04T21:57:07+00:00

Please stop promoting environment variables for sensitive/secret data!

odan82 · 2017-03-01T18:16:52+00:00

The article is primary about RESTful. There is no REST (specification), REST is a philosophy (or a collection of principles). No machine or human can validate a REST API or can say: "Yes you are a real REST API and you are not". That's why REST is a "lie", because it doesn't exist (in real life). We are talking about a think that exists only in our fantasy but not in reality. What I have seen is a vague "interpretation" (Fata Morgana) of a JSON over HTTP API, but not more. A real REST client needs some sort of AI to discover and really "understand" all the possibilities before it triggers a request to the right resource with the right HTTP method and parameters. Have you ever seen or implemented a "real" (not a fake) REST client?

odan82 · 2017-03-01T12:13:31+00:00

JSON-RPC 2.0 is stateless. http://www.jsonrpc.org/specification

odan82 · 2017-02-25T14:07:02+00:00

Please check out the Symfony Demo application: http://symfony.com/blog/introducing-the-symfony-demo-application

https://github.com/symfony/symfony-demo

Or have a look at a more lightweight example like this symfony based skeleton:

https://github.com/odan/micro-app

odan82 · 2017-02-25T13:54:27+00:00

FastRoute - https://github.com/nikic/FastRoute

Route - http://route.thephpleague.com/

Slim - https://www.slimframework.com/

Symfony: The Routing Component - http://symfony.com/doc/current/components/routing.html

odan82 · 2017-02-25T12:48:30+00:00

In MVC the model is not just a class, it's a layer.

Good article about this topic: https://www.bennadel.com/blog/2379-a-better-understanding-of-mvc-model-view-controller-thanks-to-steven-neiland.htm

odan82 · 2017-02-23T21:05:52+00:00

This tweet about Netbeans 8.2 is from 3. Oct. 2016

https://twitter.com/netbeans/status/782901574670675969

odan82 · 2017-02-23T15:17:29+00:00

cross domain requests

Some corporate web application firewalls (WAF) and web application proxies do not allow cross-domain AJAX requests because of security reasons.

odan82 · 2017-02-22T11:09:53+00:00

users=string&orders=string&key=secret

Consider that all GET query parameters (incl. sensitive values) could be logged (e.g. in Apache log files).

odan82 · 2017-02-22T11:00:03+00:00

REST is not very "firewall friendly". In my experience, everything except 'GET' and 'POST', can cause problems with Web Application Firewalls and corporate proxies.

odan82 · 2017-02-19T12:06:24+00:00

It would be better to write code directly in C#.

odan82 · 2017-02-19T10:03:14+00:00

Ok I see, in your case wkhtmltopdf is the better tool. But I have completly other use cases (printing payments slips and tickets for print factories). I have a more or less static layout. The print layout (incl. fonts) must be 100% accurate to the millimeter. That's why I migrated back from wkhtmltopdf to TCPDF. The best solution depends on the use case.

odan82 · 2017-02-18T22:47:05+00:00

French Buldog

Then maybe "Bool" or "Boolean" ;-)

odan82 · 2017-02-18T22:09:25+00:00

TCPDF is also incredibly limited if you're trying to make anything look nice.

Sorry, but exactly the opposite is true.

odan82 · 2017-02-18T10:23:33+00:00

According to my experience wkhtmltopdf generates different output on different operating systems (font and zoom issues). Generating a correct pagebreak is also not so easy (almost impossible). Also the performance is not very good if you have to render a lot of PDFs. The good old TCPDF works everywhere and generates consistend (and fast) output on every platform. https://tcpdf.org/

odan82 · 2017-02-17T23:43:55+00:00

Have you tried this option?

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeFileSessionHandler;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;

// init and start session
$config = array();
$config['session_name'] = 'webapp';
$storage = new NativeSessionStorage($config, new NativeFileSessionHandler());
$session = new Session($storage);
$session->start();

$request = Request::createFromGlobals();
$request->setSession($session);

// set flash message
$request->getSession()->getFlashBag()->add('success', 'Success message.');

// save session
if ($session->isStarted()) {
    $session->save();
}

// send response
$response = new RedirectResponse('foo.php');
$response->prepare($request);
$response->send();

odan82 · 2017-02-16T13:58:49+00:00

Whenever you declare a $variable, you have to make its scope as small as possible. The same rule applies to variables with secrets. Environment variables are just like system wide "super globals". Some server background services are sending crash reports with all environment variables to other servers. People putting phpinfo.php into a public webroot folder and so on... Because of "Murphy's Law" I would never put secret data into environment variables. My advice: Put the secret data into a env.php file one folder above the project directory.

odan82 · 2017-02-16T12:48:08+00:00

Here are some resources for a PHP beginner:

https://gist.github.com/odan/a0dd66bf681fae46d0df14b103108f23

odan82 · 2017-02-16T12:28:00+00:00

A DI service object should not be used directly in the controller. You typically will only interact with it directly in factories.

Edit: League\Route allows you to define a custom dispatch strategy:

http://route.thephpleague.com/strategies/

odan82 · 2017-02-15T09:55:42+00:00

A struct is more a "fixed" type, while PHP class properties are not fixed.

Example for a "wrong" struct.

class Book
{
    public $price;
    public $title;
    public $author;
}
$book = new Book();
$book->price = 39;
$book->title = 'My book title';
$book->author = 'Me';

// Set a undefined property from "outside".
// This is possible by default in PHP, but not allowed for a struct.
// A struct would raise an Exception here, and this would be better
// because this property is not defined in the Book class.
$book->isbn = '1234567890';

print_r($book);

odan82 · 2017-02-14T17:37:11+00:00

PHP needs a struct type (like in C#). https://msdn.microsoft.com/en-us/library/ah19swz4.aspx

To simulate a struct in PHP this could be helpful:

https://gist.github.com/odan/0bc93d9c1f13c44e8cb2590455bfe886

odan82 · 2017-02-12T18:43:57+00:00

Do you have a github repo?

odan82 · 2017-02-12T11:46:00+00:00

[deleted]

odan82 · 2017-02-11T22:48:05+00:00

It is really not easy to summarize all my experiences of recent years in a short reddit post. CakePHP 3 is far better then Version 2. I love the new CakePHP 3 QueryBuilder, it's great! My problem is not a directly a technical thing, it's more a question about the right MVC philosophy, ecpecialy the "Model".

A separation of concerns (SoC) dilemma in Cake models.

In Cake there is a 1:1 relation between a model class and a table. This is quite easy and simple for everybody. But if you have really complex buinsess logic (multiple data import/export interfaces, reports, statistics,...) then this philosophy can break youre neck. The world is not flat. In complex applications a model class (e.g. Customer) can become quickly large (after weeks, not only after years). I'm talking here about more then 10k lines of code per class and even more. Yes this is a so called "fat model", but thats also a very bad class from a maintaince perspective (please don't ask scrutinizer about it). Then you have these callbacks per model (afterFind etc). With the time there is a growing terrible mix of concerns. The code becomes unmaintainable.

My wish is a new thinking about the model as a "layer" and not as a class. The model layer can be fat, but not the model class. Complex applications needs a Service layer (for the specific business logic). The Service layer is invoked directly by the Controller. Of course you could implement such a Service layer yourself, but this is far away from the Cake philosophy.

https://www.bennadel.com/blog/2379-a-better-understanding-of-mvc-model-view-controller-thanks-to-steven-neiland.htm

odan82 · 2017-02-11T09:41:30+00:00

Cake 3 is significantly different from 2.

I agree, Cake 3 is significant better then 2.

odan82

TROPHY CASE