Author: Sergey Mitroshin

PHP 8.1: `never` Return Type is Dangerous

There are many features already introduced in PHP 8.1, and among them the new never return type:

function doSomething(): never {
    // do something

The idea is pretty straightforward: if the execution flow is never supposed to leave the function, it should be marked as never. If the execution flow somehow reaches the end of the function, PHP will throw an error.

Although it seems to me like a good idea, there’s a hidden catch we need to be cautious about.

Continue reading »

New Features in PHP 8

Two days ago the first “Alpha” of PHP 8 was presented, and PHP 8 is scheduled to release on November 26, 2020, only 5 months from now.

Looking back, I see how previous major releases took PHP to the next levels. I personally only witnessed two of them:

  • PHP 5 essentially revolutionized object-oriented programming in PHP. OOP in PHP 4 was not only insufficient, but also created terrifying number of legacy applications that relied on those deficiencies (I still find those &= in legacy code from time to time). In PHP 5 classes became usable, you could actually design an object-oriented architecture and not think about huge number of limitations (well, at least not as much).
  • PHP 7 took the language a few steps closer to those renowned enterprise-level languages as Java and C#. I’m a huge proponent of static type declarations, and although I appreciate the opportunities dynamic typing provides, it leads to many bugs that are easily preventable by declaring types.

So, What About PHP 8?

This release is going to be huge! There are so many RFC’s already merged and still being discussed, that I can’t wait to begin actually actually using it.

Let’s see what’s out there!

Continue reading »

Thanksgiving release of PHP 7.4

While most regular developers were enjoying time off with their families, the PHP dev team worked their best to bring new minor version of PHP with quite a few nice and useful features.

Everybody who follows the news of PHP world has already been excited about 7.4 for months, here’s a brief list of most important changes for those who missed it:

See the complete PHP 7.4 migration guide for details.

Besides the major improvements, there’s a minor one I feel strongly about: nested ternary operators with parentheses missing are now deprecated. I’m glad to see them thrown out of the door, it’s about time people stop using them.

From now on all eyes are on PHP 8, which has quite a few interesting RFC’s being discussed or developed, and some are already implemented.

Docker Volumes Can Be Tricky

Every technology has a few tricks up its sleeve when it behaves unexpectedly and sometimes illogically, and you need to run into such issues, spend some time figuring them out, and then (hopefully) never stumble upon them again.

Docker is a straightforward and logical container management platform, and reading docs builds a complete understanding of the technology in your mind step by step, page by page. On the other hand, it’s all useless without practice, and building actual containers for the first time often makes people feel confused, as if they just graduated college and got their first job, realizing they don’t really know how to do the actual work.

Docker Volumes might appear as one of the simplest topics of the Docker docs, but don’t let that first impression deceive you: there are quite a few things you need to know. Volumes can be shared between containers, and even exist by themselves, lost and forgotten, taking up space and waiting for their chance to reappear from the abyss.

Continue reading »

User Roles and Access Control (ACL) in Laravel

It’s been over a year since I covered how to protect adminpanel routes in Laravel using Gates. Some people kept reminding me about my promise to cover ACL and user roles, and I kept putting off fulfilling that promise.

Finally I run into that on one of my projects, and that’s the sign I was waiting for to continue giving back to the community I learned so much from.

What is ACL

Although some computer science theorists enjoy using baffling definitions of the term (looking at you, MSDN), in reality it’s pretty simple and straightforward. ACL stands for Access Control List, and specifies what users are allowed to do.

There are three entities in the ACL:

  • User Role: e.g. admin, editor, reader
  • Object: e.g. blog post
  • Operation: create, edit, read, etc.
Continue reading »

Protect admin routes in Laravel

Today we’ll learn how to protect adminpanel and enhance authorization component of a Laravel application by adding user roles. We will assign each user with a role (e.g. superadmin, admin, member), create an Auth Gate, modify the User model, and utilize the Authenticate middleware to help them get along. Furthermore, we’ll build a skeleton of your future ACL system, which you can adjust and improve according to your needs.

Laravel provides us with a chance to save enormous amount of time on one condition – we should know how to use it. I’m pretty sure anybody who learned Laravel was not only impressed by how simple a complex task can be done, but also by complexity of seemingly simple tasks. The perfect example is authentication – you can create it with a single Artisan command and Laravel will take care of the rest. On the other hand, many beginners struggle with authorization and don’t know how to approach protecting the admin area. Obviously, it’s a trivial task if you have some PHP experience, but doing it the Laravel Way may be tricky.

Continue reading »

Namespaces in WordPress Plugins

Namespaces in WordPress

It’s no secret that many WordPress plugins are poorly designed. Some have been started as simple tools and grew larger until they became unmanageable, others were created by inexperienced developers who did their best. The sad truth is that WordPress provides complete freedom in designing plugins while many developers aren’t ready to take the responsibility. I’ll explain how I design plugins, and the cornerstone of this architecture is utilizing namespaces.

So why do we need namespaces in the first place? The most straightforward answer is shortening names of our classes and functions. Anybody who used to work with Zend Framework v1 (or almost every PHP framework created prior to PHP 5.3) has seen names like this: Zend_View_Helper_Placeholder_Container_Abstract. Imagine every single class name being this long and you get the idea. WordPress plugins often have the same problem – every class, every function you create has to have a unique name among all plugins ever created, so they often end up being too long to be convenient.

Continue reading »

Oblivious References and cURL Adventures

PHP references are tricky. They’ve always been. People question their performance, compliance with modern software architecture practices and trends. However, show me a single PHP language construct people do not question and I’ll buy you a beer.

I have to admit, it’s been much better since PHP5 came out. We do not have myriad of unintentionally cloned objects anymore, and the ampersand madness has stopped (however I know somebody who continues using it despite all the years passed since it lost its meaning):

$object =& new MyClass();

Don’t get me wrong, I love PHP, and I’ve been advocating its strength for years. Every time I heard somebody criticizing it I responded with a “You just don’t use it right” kind of answer, and was right every single time (well, you know, you can’t be wrong on the internet, it’s always the other guy who is wrong).
Continue reading »