31 May
2011

PHP OAuth Provider: Authenticate User

I’ve been working with OAuth, as a provider and consumer, and there isn’t a lot of documentation around it for PHP at the moment so I thought I’d share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus’ OAuth Provider post. This post is the third in the series, following on from the ones about the initial requirements and how to how to handle request tokens.

This phase is probably the most familiar to us as developers, as it’s simply a login form. The consumer will send the user to us at the URL we provided in the request token, and the user will have the request token key as a parameter. The access control on this page will look the same as on the rest of the website; if the user has a session already then the page is displayed, otherwise they must be logged in to see it.

Continue reading

24 May
2011

Combining PDF Files With Pdftk

I’m currently delivering all my talks with PDF format slides, using Jakob’s PDF Presenter Console, which is awesome but lacks a “goto slide” button and is a little slow to click forward. It doesn’t matter for a short talk but I had 200+ slides for my ZCE preparation tutorial at the Dutch PHP Conference and I was concerned about losing my place! Therefore I split my slides up into several decks, but still need to publish them as a whole.

For years I’ve used PDF Shuffler for this sort of thing but I wondered if there was an easy way of doing this from the command line this time, since I literally wanted to glue together a bunch of files one after another. Predictably, there is and it’s called pdftk – the PDF Toolkit. Continue reading

20 May
2011

PHP OAuth Provider: Request Tokens

I’ve been working with OAuth, as a provider and consumer, and there isn’t a lot of documentation around it for PHP at the moment so I thought I’d share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus’ OAuth Provider post.

The consumer requests a request token (see my earlier post about consuming OAuth), and as a provider, we need to handle that request. In my example, I chose to pass the variables as GET parameters, but you could adapt this to handle POST variables or information contained in HTTP headers.

OAuth Provider Code

We have the same block of code called on every request where we’re negotiating OAuth, and it looks like this:

$this->provider = new OAuthProvider();

// set names of functions to be called by the extension
$this->provider->consumerHandler(array($this,'lookupConsumer'));
$this->provider->timestampNonceHandler(
array($this,'timestampNonceChecker'));
$this->provider->tokenHandler(array($this,'tokenHandler'));

// no access token needed for this URL only
$this->provider->setRequestTokenPath('/v2/oauth/request_token');

// now check the request validity
$this->provider->checkOAuthRequest();

Continue reading

17 May
2011

A Prototype API for Joind.In

Following the principle of “release early, release often”, I put live a very early version of the v2 API for joind.in today (so that I can use it in another project!). I haven’t updated the documentation yet but in case anyone was thinking of consuming data from joind.in, this at least gives you an idea of the direction of the project so I thought I’d share.

Things you need to know:

  • The service is an HTTP Web Service. Meaning it’s RESTful apart from when it isn’t
  • The endpoint is here: http://api.joind.in
  • You can fetch data about events and talks (read-only) at this point
  • Formats available are HTML or JSON. The service will guess from your accept header but you can override it with ?format=json or ?format=html
  • If you need more columns than you get by default, you can add ?verbose=yes to your request
  • Pagination is available, with parameters resultsperpage (default 20, set to zero for no limits) and start (default zero)
  • The service supports OAuth1.0a, which isn’t useful at this point as we’re read-only but it will come into play as we add functionality

Examples

Events list: http://api.joind.in/v2/events

Information about DPC11: http://api.joind.in/v2/events/603

Talks at DPC11: http://api.joind.in/v2/events/603/talks

Your Thoughts

Comments are welcome on this post. Bugs and feature requests should go to http://joindin.jira.com, read more about Joind.in and its community at http://joind.in/about

12 May
2011

Idiot-Proof Deployment with Phing

disclaimer: I am not underestimating the universe’s ability to produce idiots, the point I’m trying to make is that I haven’t managed to make any deploy mistakes using this approach. Yet.

Once upon a time, a long time ago, I went onto a conference stage for the very first time and said that I thought I might be the world’s ditsiest PHP developer. I actually still think that is pretty true, and if you work with me then you will know that I mostly break and fix things in approximately equal measure. With this in mind, when I launched my own product recently (BiteStats, a thing to automatically email you a summary of your analytics stats every month), I knew that I would need a really robust way of deploying code. I’ve been doing a few different things for a few years, and I’ve often implemented these tools with or for other organisations, but I don’t have much code in production in my own right, weirdly. I decided Phing was the way to go, got it installed, and worked out what to do next.

Continue reading

10 May
2011

PHP OAuth Provider: Initial Requirements

I’ve been working with OAuth, as a provider and consumer, and there isn’t a lot of documentation around it for PHP at the moment so I’m sharing my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus’ OAuth Provider post.

OAuth Pages and Endpoints

OAuth has a little more baggage with it than just passing a username and password to an API. As well as your standard service endpoint you will need:
Continue reading

06 May
2011

Book Review: Confessions of a Public Speaker

I received “Confessions of a Public Speaker” as a gift this winter (you know who you are, thankyou!), and it’s been on my bookshelf waiting for me to have a reason to sit still long enough to read it. A series of long flights presented exactly that opportunity so I brought the book along to read, which was perfect as I was travelling to give a tutorial at the PHP Community Conference in Nashville.

My first observation was that although I thought this would be a pretty serious book, I was laughing! Not just smiling, but actually giggling on a fairly small plane of people doing the short hop over to Amsterdam. I saw a few people trying to read the cover to figure out what this great comedic tome would be :)

Continue reading

05 May
2011

Git Tip: What Did I Just Merge?

As a lead on an open source project, I spend a lot of time merging awesome contributions from our community into our main repo on github. Sadly, some of them are slightly less awesome (rarely but it does happen) and I sometimes need to unpick what happened to understand the problem and give good feedback. Since the project is hosted on Github, this means having some git tricks up my sleeve, and I thought I’d share.

I have the main repo cloned onto my local machine. Before I do anything, I fetch and merge from the origin and then push back to it, so I know my repo is in sync with the github one. Then I fetch the branch I want to merge – usually one that we’ve got a pull request for. To see what’s in the branch:

git log [branch] --not master

This is nice because it doesn’t show what’s in the master branch of this repo but missing from the incoming branch, it just shows me what’s new on this branch.

I can diff and merge at this point, but more than once I’ve merged and then wondered what changes I have in my repo that aren’t in the github one (this is where it is helpful to have fetched from the remote one first). I have the github repo mapped as “origin” as per the excellent documentation so I can just do:

git diff origin/master..HEAD

This shows me the differences that are in my current repo as compared to origin/master, which is the tip of the main repo shown at the version it was when I last fetched it. I particularly use this when I’ve merged someone’s changes in for testing and am wondering quite what was supposed to happen – sometimes just reading the diff beforehand isn’t enough, it’s only when I get the code merged I realise something unexpected is happening!

03 May
2011

New Netbook Feet

I have a small netbook that I use for events, which I’ve had for a few years and keep upgrading with various bits and pieces. This year, all the little rubber feet had dropped off so if you put it on a surface, it kind of slid around, which was annoying. It occurred to me that I’d bought some sugru at Maker Faire this year, so I broke it out and made new feet for my netbook (and a little keyboard where the same thing had happened)

Sugru Feet for Netbook

Sugru is like slightly toxic plasticene when you first get it out of the box, but it sets like strong rubber. In fact it was perfect for this, the finished feet feel securely attached and they’re slightly squishy so they absorb the shock of me typing or the issues of a slightly uneven surface. Perfect!