Archive for PHP

php|tek 2011 Wrap Up – A Different Animal

// May 27th, 2011 // 5 Comments » // PHP

For the second year in a row, I got to attend and speak at php|tek in Chicago.  I typically blog the heck out of all the conferences I go to, going into detail about every session and event, but that just didn’t seem appropriate this time around.  That’s because, for me, php|tek 2011 was more about the people and less about the sessions.

Don’t get me wrong…there were some great sessions, but I feel like my overall takeaways from this years conference came outside of those sessions rather than in them.  The “hall track” was where I ended up spending most of my time.  Chatting it up about everything from PHP to beer to open source to hiring to BBQ.  To some, that will look like I was just hanging out with friends, but to me those moments and relationships are invaluable.

In the keynote on the second day, Elizabeth Naramore (who I had met once before, but she likely doesn’t remember that) made a statement that hit home to me.  I forget the exact quote, but the basic concept was that all this technology crap will eventually change and go away, but the friendships you make because of it will last for a lifetime.  It’s the people that matter, not the technology.

Coming in as a more experienced speaker (although for whatever reason, I was rattled in my first session) gave me a different perspective too.  All these speakers that get up and speak at conferences do it because they love what they do and they want to share it.  They don’t get paid.  They usually don’t get anything additional from their daily jobs to do it.  They just love what they do and want to share it.  Their passion for their work is contagious and that is a great thing for PHP.

I guess my point is, php|tek is just a different animal.  It’s become more of a family reunion (the good kind…) than a conference to me.  The first day I got here, I made the comment that I didn’t feel like I was in “conference mode” and wasn’t really feeling it.  But when I started seeing old friends and talking to new people, I remembered why I spent days preparing my slides.  I remembered why I desperately try to convince anyone who will listen to me about the value of attending conferences.  I remembered why I fight for budget money to send myself and the other developers on my team to php|tek.  I remembered that this was supposed to be fun.

And dammit, it was the best time I’ve had at a conference.  See you next year, tek!

Presentation: The Last Authentication System You Will Ever Write

// May 26th, 2011 // No Comments » // PHP

This is a presentation on third party authentication that I did at php|tek 2011 and at a TriPUG meetup. The presentation goes into detail about how to setup your application to use third party sources, like Twitter, to provide authentication for your application. The presentation was described as…

Your users need to sign up, authenticate, retrieve their password, change their password, etc. Building your own system takes time and resources, so why not do what developers do best…abstract it away! Places like Twitter, Facebook, and Google have given developers the sweet gift of third-party authentication, allowing your users to use their existing credentials to access your application. Learn about the pros and cons of offloading authentication to these services and see how they work while exploring options using both OpenID and OAuth.

You can download the slides from SlideShare and get the sample code I used in the presentation on GitHub.

Presentation: Securing Your API

// May 26th, 2011 // No Comments » // PHP

These are the slides from my presentation, given at php|tek 2011 and a recent TriPUG meetup. Here is the description of my talk…

Providing an Application Programming Interface (or API) has become a crucial piece of the modern web application. API’s provide opportunities to build the ecosystem around your application, opening doors for collaboration and innovative mashups. However, the API opens up another entry point into your application, requiring that you somehow secure the access to it.

This talk will outline some of the options you have when securing your API. I’ll give overviews and implementation tips on some of the more popular schemes such as OAuth, HTTP authentication, and generating API keys. We’ll also look at some general API best practices such as rate limiting, error handling, and secure data communication.

You can download the slides from SlideShare if you are interested.

Come hear me at php|tek 2011 in Chicago!

// May 18th, 2011 // 1 Comment » // PHP

I have had the great privilege once again to be invited to speak at the annual php|tek conference in Chicago from May 24th – 27th.  php|tek is an amazing conference.  Definitely my favorite, so being asked to speak is very flattering.  I had the pleasure to speak last year, and I guess I didn’t screw it up too bad :)  This year I will be giving TWO talks, which is awesome!  Here is what I will be speaking about…

Securing Your API

Providing an Application Programming Interface (or API) has become a crucial piece of the modern web application. API’s provide opportunities to build the ecosystem around your application, opening doors for collaboration and innovative mashups. However, the API opens up another entry point into your application, requiring that you somehow secure the access to it.

This talk will outline some of the options you have when securing your API. I’ll give overviews and implementation tips on some of the more popular schemes such as OAuth, HTTP authentication, and generating API keys. We’ll also look at some general API best practices such as rate limiting, error handling, and secure data communication.

And then….

The Last Authentication System You Will Ever Write

Your users need to sign up, authenticate, retrieve their password, change their password, etc. Building your own system takes time and resources, so why not do what developers do best…abstract it away! Places like Twitter, Facebook, and Google have given developers the sweet gift of third-party authentication, allowing your users to use their existing credentials to access your application. Learn about the pros and cons of offloading authentication to these services and see how they work while exploring options using both OpenID and OAuth.

The conference is a must-go for any PHP developer looking to take their skills to the next level.  Some of the greatest minds in PHP will be there, so sign up today and you could be too.

Book Review: “PHP Development in the Cloud”

// May 3rd, 2011 // No Comments » // Geek, PHP

Whenever I hear someone mention the buzzphrase “in the cloud” my attention perks up and I think to myself, “self, does this person know what they are talking about or are they just rehashing the latest IT buzzwords?”  My apprehension to the cloud comes honestly; after all it has been billed as the latest magic bullet that will solve every IT problem ever created….right?  RIGHT?

My pessimism of the cloud was met head on in the latest book from Ivo Jansch and Vito Chin entitled “PHP Development in the Cloud.”  I appreciated the authors immediate recognition that the “cloud” term was overused and often misused, so let’s just say I was a fan by about the third page.

First and foremost, the book provides an excellent overview of what the cloud is and isn’t, and then how PHP developers can leverage it in our applications.  The book details the cloud offerings from Amazon (EC2, S3, CloudFront, MapReduce), Rackspace (Servers and Files) and Microsoft (Azure), all while giving actual code examples of dealing with their APIs and offerings.

Perhaps the most beneficial part to me was the section on Gearman.  Perhaps I am late to the game, but I wasn’t familiar with the technology.  I immediately saw ways I could implement it in my projects, even sending my friend Garrison an email mid-chapter saying “we need to look at this for {redacted}.”

There was also a section on Google Gears, although I could have done without that.  It’s a Java and Python system, so I wasn’t sure what it was doing in a book about PHP development, but it’s also a book about the cloud in general so I guess that counts.  It just didn’t deliver much for me.

Overall, I found the book to be an incredibly inclusive introduction to the cloud.  The book provides PHP developers the basic knowledge needed to develop in and around the cloud without overwhelming them with system administration.  I found the book very easy to read cover to cover, although it could also be used as a reference manual in certain use cases.  I’d definitely recommend it to any PHP developer exploring cloud-based services.

To order the book, or to read more about it, you can visit the php|architect site.

 

php|architect Article: Good (PHP) Help is Hard To Find

// April 1st, 2011 // 1 Comment » // PHP, Professional

In this month’s php|architect there is an article written by yours truly entitled “Good (PHP) Help is Hard To Find.”  Here is the synopsis:

There is a huge difference in a PHP developer and someone who “knows PHP.”  If you are looking for a job, how do you set yourself apart from the crowd to get noticed as a qualified professional PHP developer?  The answer is simple.  You have to build your geek cred.

It is the first time I have ever been “published” in a real way.  I was extremely nervous about writing the article, and am now even more nervous about how my PHP community brethren will receive it, but I thought I did a pretty good job on my first REAL writing piece.  I hope that the article is helpful to PHP developers looking to land a job and those of us just looking to improve our own skills.

It is kinda awesome though…knowing that the “who’s who” of the PHP community will be reading something I wrote.  Let’s just hope I didn’t screw it up too much.  Check it out at http://phparch.com.  My article is in the March edition, but if you are a professional PHP developer, you would be well served to purchase a yearly subscription.  Well worth the money.

January TriPUG – Object Oriented PHP

// January 19th, 2011 // No Comments » // Geek, PHP

I had the pleasure of giving a talk at the January meetup of the Triangle PHP User Group on Object Oriented PHP.  Here are my slides for those that attended:

>

Authenticating to Twitter with Zend_Auth

// November 24th, 2010 // 3 Comments » // PHP

UPDATE: I’ve refactored this project to be a generic OAuth adapter as opposed to an exclusively twitter adapter. The new github repo is available and code samples have been updated below.

I recently had the need to use Twitter as an authentication source for a Zend Framework application I was working on.  The idea would be to allow my users to authenticate with their Twitter credentials as opposed to having them create a new account and password on my web app.

I already had a Zend_Auth implementation in place for my authentication needs, so I decided to create a Zend_Auth_Adapter that uses Twitter’s OAuth service as an authentication source.  I’m not going to go into details about how Twitter’s OAuth service works as Twitter can do a much better job.  I can show you how to use the adapter though, so here goes.

Step 1:  Download the Adapter

The code for the adapter is available on GitHub at http://github.com/jfaustin/Zend_Auth_Adapter_Oauth.  You can download that code and place the “Ja” folder (in /library/Ja) somewhere in your include path.

Step 2:  Register your application with Twitter

To use Twitter’s OAuth service, you have to register your application with them so they can create the required keys needed for authentication.  You can do this by signing into Twitter and going to http://twitter.com/apps/new.  Once you register your application, you will be presented with a consumer key and consumer secret.  You will need to configure your adapter with these to actually do the authentication.

Step 3:  Configure your adapter

You will need to configure your adapter to use the consumer key, consumer secret, and callback URL that are specific to your application.  The callback URL will be the same URL which your users are directed to authenticate at, so if your authentication directs to http://yoururl.com/login, that will also be your callback URL.

<?php

require_once 'Zend/Auth.php';
require_once 'Ja/Auth/Adapter/Oauth/Twitter.php';

$consumerKey    = 'replace with your consumer key';
$consumerSecret = 'replace with your consumer secret';
$callbackUrl    = 'replace with your callback URL';

$adapter = new Ja_Auth_Adapter_Oauth_Twitter();

$adapter->setConsumerKey($consumerKey)
        ->setConsumerSecret($consumerSecret)
        ->setCallbackUrl($callbackUrl);

$auth = Zend_Auth::getInstance();

$result = $auth->authenticate($adapter);

?>

Replace the values for $consumerKey, $consumerSecret, and $callbackUrl with your application’s specific values and you should be good to go. All you need to do now is direct your users to this page and the adapter will handle the rest. For a complete working example, see the code you downloaded from GitHub in the /example folder.

Developer Notes

To maintain state in the web application between acquiring the request token, sending the user to Twitter to authenticate, then getting them back and acquiring the access token, I am using Zend_Session to store the request token in the “Ja_Auth_Adapter_Oauth” session namespace.  You can change this namespace if you want to by setting the “sessionNamespace” option in an option array.


$adapter = new Ja_Auth_Adapter_Oauth_Twitter();

$options = array(
    'sessionNamespace' => 'myCustomNamespace'
);

$adapter->setOptions($options);

This adapter also expects to have the “oauth_token” parameter set in the URL query string when it is redirected back from Twitter. I’m still considering the ramifications of this, as it may be better to allow this to be configured when the adapter is instantiated, but I haven’t decided yet. Some feedback on that would be good.

UPDATE:  I’ve changed the way this functions, as now you can call the setQueryData($_GET) method on the adapter to populate the oauth_token parameter.

On another note, I have submitted a proposal for this code to be included with Zend Framework. If you are interested, the proposal is at http://framework.zend.com/wiki/display/ZFPROP/Zend_Auth_Adapter_Twitter+-+Jason+Austin.  I’d love to hear your feedback, either on the ZF contributors wiki or here.

TriPUG Slides and Code on Zend Framework

// September 21st, 2010 // No Comments » // Geek, PHP

Here are the slides from my talk at TriPUG on Zend Framework components.

If you are interested in the code, it is hosted on GitHub for download and distribution.  Special thanks for everyone coming out tonight to hear my talk.  If you guys have questions, please let me know.

Presenting at September’s TriPUG meetup

// September 18th, 2010 // No Comments » // Geek, PHP

On Tuesday September 21st I will be presenting at TriPUG, the Triangle’s PHP User Group.  I’ll be giving a quick overview of Zend Framework, then doing several “mini-presentations” about ways to use different aspects of Zend Framework.  My mini presentations will be about:

  • Validators
  • Filtering Input
  • Zend_Form
  • RSS Feeds
  • Delpoying an API with ZF
  • Zend_Date
  • Zend_Config
  • Zend_Log
  • Zend_Mail
  • Zend_Registry

This is also the first (of hopefully many) PHP meetups at NC State.  The group typically meets in Carrboro which is a good ways from where I live, so this is part of an effort to get more meetups in Raleigh.  If you are a PHP person in the Triangle, I’d like to encourage you to get involved in the community and come to the meetup.  You can RSVP from meetup.com.

I’m looking forward to being able to present, especially about something that I really love.  Let’s hope we have a big crowd that continues to come back and contribute to the group.

Switch to our mobile site