Simple Access Control for CakePHP3

The newest version of CakePHP doesn't ship with built in ACL, which means you need to write your own. Personally I think this is a smart move, having looked at the one-size-fits-all solutions for previous versions of the framework and knowing that every system has different requirements, this version has good hooks and documentation on how to add something that works for your application. I thought I'd share what worked for mine. Continue reading

Change Form Input Type in CakePHP3

I've been having my first experiences with generated code, generating a new admin backend using CakePHP3 (yes CakePHP is still around, it's alive and doing rather well in fact!). So far it's going great and producing a much more complete solution than I'd have managed for myself on this timescale.

One thing is bothering me though: it guesses form input types from the database column types, which mostly works well but sometimes it picks something that doesn't reflect the way that the user will store information in this field. It's actually pretty easy to change the forms that get generated though, so here's an example. Continue reading

Documentation First: A Recipe for API Success

I've shipped a handful of greenfield APIs in recent months for different clients, and in each case I've been building the documentation before the API. I hadn't really recognised it as a pattern until someone else commented on it, but I do find this approach has worked well for my projects, so I thought I'd share my thoughts on this in a bit more detail. Continue reading

PHP 7.0 (and 5.6) on Ubuntu

PHP 7 is released but for those of us who don't usually compile our own PHP, it can be a long wait for our preferred distro to release the packages we want. For Ubuntu, I'm using a PPA which allows both PHP 5.6 and PHP 7.0 to be installed, including things like extensions, at the same time. It was very easy to set up (I'm running Ubuntu 15.10 but this process should also work on older versions back to at least 14.04 which is the previous LTS) so here's a quick walkthrough of what I did. Continue reading

Simple One-to-one Meetings

Recently I was giving some advice (that I was asked for, which is novel) regarding one-to-one meetings between developers and either team leads or management can be structured. My thoughts really boiled down to some very short points (this is why sometimes, those meetings take 15 minutes and other times they take 3 times that for a monthly update!). In case they're useful to anyone else, here's my meeting outline:

  • What's going well/what are you excited about?
  • What's tedious/annoying or actually a problem?
  • What could I be doing that I'm not?

Continue reading

Use Ngrok for Testing APIs on Dev

Recently I was hastily building an API for a client and I wanted to run some tests against it. I've written before about using Runscope for API testing, but this was against a local dev platform (inside a VM, not directly on my laptop) rather than a public API. The same problem arises if you want to access a local site or API from elsewhere or from a mobile device. In all these scenarios, ngrok is your friend. Continue reading

Handling Composer "lock file out of date" Warning

Composer is dependency management for PHP, and it consists of two main files:

  • composer.json where you specify your dependencies
  • composer.lock where composer itself records exactly which precise version of every library and every dependency of every library it picked, so all installs will be identical

Crucially, the composer.lock also includes a hash of the current composer.json when it updates, so you can always tell if you've added a requirement to the composer.json file and forgotten to install it. Continue reading

PHP Web Services: 2nd Edition


I'm delighted to announce that the second edition of PHP Web Services is published! This isn't an entirely new book but in my own biased opinion it is a much better job of this topic than I did the first time around :) Following from the feedback we got on the first book, this edition contains quite a lot more working examples (with code on github) as well as updates for new tools and expansion on newer technologies and practices.

Writing a second edition was nothing like writing a first edition, it's more like editing with snippets of writing and rewriting thrown in. My heartiest thanks to my tech reviewers who sorted out all kinds of nonsense contradictions and generally asked hard questions during the process - you are all humans of the highest calibre :)

Upgrade To Better Passwords in PHP

The password features in PHP aren't exactly new, but I see lots of applications from "before" which aren't being migrated to better practices. I have some strategies for doing these migrations so I thought I'd share my main approach, plus a similar-but-different one I saw in the wild (OK it was in CakePHP, so not too wild!). Continue reading

OAuth2 with PHP's built in Streams Functions

Most of the time when I work with APIs from PHP, I use Guzzle - it's awesome and modern and elegant. However some of my work is with legacy platforms and I recently had a situation where we needed to integrate with a API using OAuth2, and launch that integration before the planned platform upgrade from an older version of PHP was expected to complete.

(this drives me nuts, I love upgrading systems but the downside is you have to work with the old ones first and none of the tools you want have been invented yet!)

For OAuth2, all I had to be able to do was to send an Authorization header with my web request from PHP. My second-favourite way of making API calls from PHP is to use PHP's stream handling, so I did that. It's not code you see very often but it's super-simple and it works on every PHP platform I've tried so far, so here's an example:

// assemble the options
$opts = array(
  'http'=>array(
    'header'=> "Authorization: Bearer " . $access_token
  )
);
// create the context
$context = stream_context_create($opts);

// now make the request! Use the context and simply output the result
echo file_get_contents('http://api.example.com/endpoint1', false, $context);

If you're trying to make an API call from PHP and installing better tools is hard for any reason, this example may help!