PHP OAuth Provider: Access Tokens

I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus' OAuth Provider post. This entry follows on from the ones about the initial requirements, how to how to handle request tokens, and authenticating users.
Continue reading

PHP Static Analysis Tool Usage

Last week I tweeted a poll with the question "Which PHP static analysis tools do you regularly use?". These are the results:
Static Analysis Tools Poll Results (phpcs 81%, phpmd 59%, phpcpd 59%, phploc 41%, phpdpd 48%)

My interest was mostly because I'm working on a book chapter which includes some static analysis content, and there are a couple of these tools that I include in my own builds, but I don't do much with the output of them. However I didn't want to drop anything from the chapter if it was actually a valuable tool and I was just missing the point - pretty much all the tools got a good number of votes though, so I'll be covering all of the above. It does look as if phploc has less of a following, however it's one of my favourite tools so it gets a mention anyway!

Thanks to everyone who took the time to vote; I thought I'd share the results in case anyone was interested.

Shortening URLs from PHP with Bit.ly

I've been looking around for a really simple API that would be a nice place to get started using web services from PHP - and I realised that bit.ly actually fits the bill really well. They have straightforward api docs on google code, and it's also a pretty simple function!

Here's a simple example, using PHP's curl extension, of using the bit.ly API to get a short URL, using PHP (you need an API key, but if you're a registered bit.ly user, you can log in and then find yours at http://bitly.com/a/your_api_key).

$ch = curl_init('http://api.bitly.com/v3/shorten?login=username&apiKey=R_secret&longUrl=http%3A%2F%2Flornajane.net');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 
$result = curl_exec($ch);
print_r(json_decode($result));

Continue reading

PHP Returning Numeric Values in JSON

When I wrote about launching a prototype of a new joind.in API, quite a few people started to try it out. My friend David Soria Parra emailed me to point out that many of the numbers in the API were being returned as strings. He said:

It's just a standard problem of PHP REST services. When I try to access it with java I have to convert it over and over again to ints.

I did have a quick look at the PHP manual page for json_encode but I didn't see anything mentioning this. A few weeks later (my inbox is a black hole and it takes a while to process these things) I fell over a throwaway comment to an undocumented constant JSON_NUMERIC_CHECK, and I added the constant name to my todo list. In the time it took for me to actually get around to googling for this, some wonderful person updated the PHP manual page (this is why I love PHP) to include it as a documented option, and someone else had added a user contributed note about using it.

It turns out, this constant does exactly what I need. Here's a simple use case:

echo json_encode(array('event_id' => '603'));
echo json_encode(array('event_id' => '603'), JSON_NUMERIC_CHECK);

and the output:

{"event_id":"603"}
{"event_id":603}

There are probably some situations in which you don't want all your looks-like-a-number data to be returned as a number, but for now it seems to be a good fit for api.joind.in.

PHPMyAdmin Designer View

This week I've been using phpMyAdmin for what feels like the first time in years. I'm happier at the command line, but needed some graphical representation of information and easy ways to export example queries for the book I'm working on. I noticed that phpMyAdmin now has a Designer tab, which shows relationships between tables and allows you to define them.


Continue reading

Gearman Priorities And Persistent Storage

I have been writing a bit about Gearman lately, including installing it for PHP and Ubuntu, actually using it from PHP and also how I use persistent storage with Gearman. I'm moving on to look at adding jobs of different priorities.

I use Gearman entirely as a point to introduce asynchronous-ness in my application. There is a complicated and image-heavy PDF to generate and this happens on an automated schedule. To do this, I use the GearmanClient::doBackground method. This inserts a priority 1 job into my queue.

Using the doHighBackground() and the doLowBackground() methods insert jobs into the queue and checking out my persistent storage I see that the priorities work like this:

priority method
0 doHighBackground()
1 doBackground()
2 doLowBackground()

Gearman works out which task is the next highest priority and will hand it to the next available worker - which means that I can set my automated reporting lower priority than the reports requested by real live people wanting them now, and everyone is happy!

PHP North West 2011

We might still be in the thick of the summer conference season, but there's an event coming up this autumn which has me very excited: PHP North West 2011.

This is a regional PHP conference based in Manchester, UK, and I've been involved with it since it began (I'm surprised to find this is our fourth edition, it still feels like a shiny new adventure!). This year the dates are 8th and 9th of October and with an added tutorial day on the Friday, it is bigger (and of course better) than ever. In case you missed the announcements, here are the main things you need to know:

Continue reading

PHP|Tek and a Hackathon

A couple of weeks ago I had the pleasure of speaking at php|tek in Chicago. As usual there were a few great talks, a good crowd of new folk and a selection of established speakers all at the event and I had a great time. This year, there was one particular highlight that I wanted to share: the hackathon.

Continue reading

PHP OAuth Provider: Authenticate User

I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus' OAuth Provider post. This post is the third in the series, following on from the ones about the initial requirements and how to how to handle request tokens.

This phase is probably the most familiar to us as developers, as it's simply a login form. The consumer will send the user to us at the URL we provided in the request token, and the user will have the request token key as a parameter. The access control on this page will look the same as on the rest of the website; if the user has a session already then the page is displayed, otherwise they must be logged in to see it.

Continue reading

PHP OAuth Provider: Request Tokens

I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. This relates to the stable OAuth 1.0a spec, however OAuth2 has already started to be adopted (and differs greatly). This article uses the pecl_oauth extension and builds on Rasmus' OAuth Provider post.

The consumer requests a request token (see my earlier post about consuming OAuth), and as a provider, we need to handle that request. In my example, I chose to pass the variables as GET parameters, but you could adapt this to handle POST variables or information contained in HTTP headers.

OAuth Provider Code

We have the same block of code called on every request where we're negotiating OAuth, and it looks like this:

$this->provider = new OAuthProvider();
 
// set names of functions to be called by the extension
$this->provider->consumerHandler(array($this,'lookupConsumer'));
$this->provider->timestampNonceHandler(
array($this,'timestampNonceChecker'));
$this->provider->tokenHandler(array($this,'tokenHandler'));
 
// no access token needed for this URL only
$this->provider->setRequestTokenPath('/v2/oauth/request_token');
 
// now check the request validity
$this->provider->checkOAuthRequest();

Continue reading