PHP & Web Development Blogs

Showing 1 to 5 of 49 blog articles.
3681 views · 2 years ago

Halloween is filled with ghouls, ghosts, zombies and lots of other spookiness, but the scariest thing ever is FOMO. It’s conference season and several have their call for papers out (including us at Nomad PHP :D). This is the perfect time for you to share your knowledge with the community. Whether it’s your first time or 100th time - it can be scary to put yourself out there and do a talk, but worse than that is not taking the chance and submitting your talk and doing the presentation. Plus, many of these events host lightning talks (short 5-15 minute talks) - meaning you can test out your talk risk free ;)


So here is your chance - submit for one or submit for all of them. May the odds be ever in your favor!

## Fosdem 2019

First we have Fosdem 2019 which will take place on February 2 & 3 in Brussels,Belgium. Some facts about this call for papers:

* **Deadline:** November 3, 2018

* Presentations are expected to be 50 minutes long (including audience questions) and should cater to a varied technical audience. For examples check out [youtube](

* **Submit** your proposals via Pentabarf: [](

* The conference covers reasonable travel expenses agreed upon in advance as well as arranges accommodations

## Midwest PHP 2019

Next up we have Midwest PHP which will take place on March 8 & 9 in Bloomington, Minnesota.

* **Deadline:** November 15, 2018

* There is a speaker package included (conference pass, 2 hotel nights, airfare/travel - $500 max, lunch, etc.)

* Make sure the talk title and abstract define the exact topic and what you hope people will learn from it.

* Recommended to submit more than one talk because it can increase your chances of one of them being picked.

* **Submit** your talk here: [] (

## Longhorn PHP

Next we have Longhorn PHP which will take place on May 2 (tutorial day) then MAy 3 &4 (conference) in Austin, Texas.

* **Deadline:** December 15, 2018

* For all speakers, you'll get a full conference pass (tutorial day and main conference days), including access to lunch, after-parties, and any other activities included in the conference.

* For speakers remote to the Austin area, we'll provide 3 nights at the speaker hotel (4 nights if presenting a talk and a tutorial) near the conference venue.

* For speakers outside Texas, we'll book you an Economy or equivalent round-trip airfare on a flight into Austin we'd be comfortable taking ourselves (we're conference speakers too!). Plus, we'll arrange transportation between the Austin airport and the speaker hotel.

* Three different session lengths: 3 hour tutorials, 60 minute talks, and 30 minute talks.

* It doesn't have to just be a PHP related talk. For more information on talks click [here](

* **Submit** your talk here: [](

## Laravel Live India 2019

Then we have LaravelLive India 2019 in Mumbai, India.

* **Deadline:** December 31, 2018

* Talk length is 30 minutes - Q&A up to the presenters discretion but would be included in the 30 minute time limit.

* Talks will be recorded and distributed for free as well as the presentation slides.

* Looking for a range of talks from PHP (security, testing and frameworks), web development, HTML5, JavaScript, mobile development, emerging technologies and non-technical proposals that will appeal to developers.

* **Talk guidelines:** Objective with clear expectation for audience, short and to the point description, mention of employer is only allowed at the beginning of the content and background image/wallpaper shouldn’t include company name/logos.

* **Submit** your talk here: [] (

## Nomad PHP

#### (you know you want to)

Last but not least - this is an ongoing call for papers. This is perfect if you want to present from the comfort of your office, home or really wherever you are. It’s via RingCentral meetings and will be live and recorded. This is for none other than Nomad PHP.

* **Deadline:** Anytime :D

* Talk length: 45 - 60 minutes.

* Talks should be unique to Nomad PHP and not available in video format online.

* Talk should not be recorded or made available elsewhere online for at least 3 months following your talk.

* The talk will be featured on our page and promoted via social media.

* Speakers will receive a financial stipend.

* Upon being selected we will reach out with further details.

* **Submit** here: [] (

Now that you have some information - it’s the perfect time to take it all in and get started on your talk proposals :)! Looking forward to seeing all the amazing talks that will be coming out!!!

7403 views · 2 years ago

![Creating a Virus with PHP](

In his talk, “[Writing Viruses for Fun, Not Profit](,” **[Ben Dechrai](** (after making the viewer take a pledge to only use this knowledge for good and not evil) walks through how many viruses operate, and just how easy it is to build your own self-replicating virus in PHP.

The danger of many of these viruses according to Ben is that the most dangerous viruses often escape detection by not looking like a virus. Instead they encrypt their code to hide their true intent, while also constantly adapting and evolving.

Perhaps even more dangerously, they act like they’re benign and don’t actually do anything - often times laying dormant until called upon by the malicious actor.

### Creating the Virus

What’s scary is just how simple it was for Ben to create such a virus, one that mutated ever so slightly as it infected every other file on the server. Opening up unlimited possibilities from scraping customer data, to DDOS attacks, to simply hijacking your domain.


But those attacks are just the start as Ben demonstrated how easy it is to write new files, delete files, `eval()` and execute foreign code - which could even be extended to accessing the underlying server itself if `shell_exec()` is enabled.

To add to the problem, Ben shares how challenging it can be to identify malicious code on your server as many of these attacks are far more sophisticated than the the virus he created in a matter of minutes - hiding themselves and often appearing as if they are part of the original source code.

### Deploying the Virus

To drive his point home, Ben demonstrates how even seemingly secure systems can be vulnerable - as all it takes is one tiny misstep within your application.

He highlights this by building what should be a secure photo gallery - one that checks the extension and mime-type of the image - and even stores it outside of the public directory. He goes even farther by adding additional sanity checks with a PHP script that then renders the image.

After walking through the code and it’s security features, he then downloads a simple image from the internet. Opening his editor he quickly injects the virus (written in PHP) into the image and uploads it, passing all of the server checks.

Surely, since it passed these checks the system is secure, right? Ben loads the gallery to proudly show off the image - which is just that… an image, with nothing special or out of the ordinary.

Except that when he opens the image gallery files, each has been infected with the malicious code.

The culprit that allowed for Ben to hijack an entire system and execute foreign code, create new files, and even hijack the entire site? When displaying the image the file was included using PHP’s `include()` function, instead of pulling in the data using `file_get_contents()` and echoing it out.

Such a simple mistake provided Ben, if he was a malicious hacker, complete access to all of the files on the system.

### Protecting Yourself

Security always exists in layers - and this could have been prevented by including a few more layers, such as using an open source library to rewrite the image, reviewing the image source before pulling it in, or again not giving it executable access by using the PHP `include()` function.

But what’s terrifying is how simple it is to hijack a site, how easy it is to get access to your system and private data, and how easy it is to overlook security vulnerabilities - especially with open source tooling and those that take plugins.

As Ben explains, sometimes the core code itself is really secure, but then you get two different plugins that when used together accidentally create a security vulnerability. That by itself is one of the most challenging as you can audit each plugin individually, and still not know you’re opening up your system to malicious actors.

This is why it's not just important to stay up to date on the latest [security measures and best practices](, but to be constantly thinking like a hacker and testing your code for vulnerabilities.

### Learn More

You can watch the **[full video](** to learn more how viruses operate, how to quickly build your own PHP virus (but you must promise to use it for good), and what to watch for in order to protect yourself, your customers, and your architecture.

2928 views · 2 years ago

![Oprah: You Get Extension! Everyone Get Extension!](

Ever wanted to publish your own extension for PHP but stopped by the lack of C language background? Well, maybe it's time for another take. [Zephir language]( is targeted at people like you.

If you follow this link, you will find these words that say a lot about this project:

> Zephir, an open source, high-level language designed to ease the creation and

maintainability of extensions for PHP with a focus on type and memory safety.

Its syntax highly resembles that of PHP, only there's no dollars scattered around your code. Dollar signs, I mean, the PHP `$variables`. You only can create object oriented extensions, and all the classes written in Zephir must be namespaced. A different and stricter type system exists in Zephir, which allows for transpiling the code you write, into a real C extension.

Why would you need it? This question is largely answered here: [Why Zephir]( I can only add that, from experience, if you expect a crazy performance boost, you probably won't get it. First, most of the time the bottleneck is not PHP but the IO: database interactions, network and filesystem interactions etc. You won't gain anything by switching to different programming language, in that regards. However, some CPU-intensive calculations may run a lot faster, and if you worry about someone stealing you intellectual property - it also might be worth checking out, because then you can ship your software in form of a binary.

Zephir is the language in which the fastest modern PHP framework is written - [Phalcon]( Whether or not to use it - decide for yourself, it obviously has its pros and cons. But it's certainly interesting to know that you have the ability to approach some of your tasks completely differently!

See you around, and feel free to comment!

4509 views · 1 years ago

![When PHP Frameworks Suck](


If you are working as a PHP software developer, there is an extremely high chance that all of your application, you’re currently working on, using frameworks of any kind.

PHP community developers of all levels worship frameworks since there are big historical and practical reasons for that.

### Historical reasons

Since early PHP versions, developers were disreputable because not everybody considered PHP as a programming language, similar to JavaScript a couple of years ago. While strong type language existed decades ago, PHP continues to be soft type since now, only in version 7 basic types were introduced. There is also a matter of the fact that you can script in PHP without using a single object.

But that opened a space for frameworks to step in and introduce themselves as a tool or standard which will shape projects, give them right and order, introduce structure and rules.

And finally, they did. Frameworks are good examples of nice structures, using all available new features PHP offers with every version, enforcing some good practice, etc.

### Practical reasons

The framework offers a lot of common problems already solved. They offer a nice ecosystem for other developers to contribute and plug their components. There is a lot of online resources for learning and stay updated about any particular framework. Also, what every framework community tries very hard, is to make setup and usage easy.


I recently had the opportunity to give a talk on a conference and one meetup about why PHP framework sometimes sucks. Sometimes things we see in framework tutorials does not seem to be very much aligned with some object-oriented standards we are striving to enforce, and with basic clean code guidelines. On the other hand, there is nothing wrong with using a framework, if you use it right.

This article is the first "pilot" article in this series. In every new blog in this series, we will go more in-depth about every specific topic I covered during my presentation.

I'm very excited to share this knowledge, as I saw many developers suffer from bonded-to-framework disease.

I won’t spend much time here on any particular framework discussion. This series will be just a guide on how to unbind yourself from frameworks and use them as a tool, instead of being independent.

**Here is the [link]( to the presentation slides.**

11434 views · 1 years ago


Hey Friends,

I am sharing a very interesting blog on how to create a chat system in php without using ajax. As we all know ajax based chat system in php is not a good solution

because it **increases the server load and redundant xhr calls** on our server.

Instead, I am going to use sockets for incoming messages from and send messages to another user. So lets try them out using the following steps:

### Step 1: Cross check in php.ini that sockets extension is enabled



/ /remove semicolon from very start of the extension like



### Step 2: Create `server.php` file

This file will handle the incoming and outgoing messages on sockets, Add following variables in top of the file:


$host = 'localhost'; / /host

$port = '9000'; / /port

$null = NULL; / /null var


### Step 3: After it add helper methods

The following code for handshake with new incoming connections and encrypt and decrypt messages incoming and outgoing over sockets:


function send_message($msg)


global $clients;

foreach($clients as $changed_socket)




return true;


/ /Unmask incoming framed message

function unmask($text) {

$length = ord($text[1]) & 127;

if($length == 126) {

$masks = substr($text, 4, 4);

$data = substr($text, 8);


elseif($length == 127) {

$masks = substr($text, 10, 4);

$data = substr($text, 14);


else {

$masks = substr($text, 2, 4);

$data = substr($text, 6);


$text = "";

for ($i = 0; $i < strlen($data); ++$i) {

$text .= $data[$i] ^ $masks[$i%4];


return $text;


/ /Encode message for transfer to client.

function mask($text)


$b1 = 0x80 | (0x1 & 0x0f);

$length = strlen($text);

if($length <= 125)

$header = pack('CC', $b1, $length);

elseif($length > 125 && $length < 65536)

$header = pack('CCn', $b1, 126, $length);

elseif($length >= 65536)

$header = pack('CCNN', $b1, 127, $length);

return $header.$text;


/ /handshake new client.

function perform_handshaking($receved_header,$client_conn, $host, $port)


$headers = array();

$lines = preg_split("/

/", $receved_header);

foreach($lines as $line)


$line = chop($line);

if(preg_match('/\A(\S+): (.*)\z/', $line, $matches))


$headers[$matches[1]] = $matches[2];



$secKey = $headers['Sec-WebSocket-Key'];

$secAccept = base64_encode(pack('H*', sha1($secKey . '258EAFA5-E914-47DA-95CA-C5AB0DC85B11')));

/ /hand shaking header

$upgrade = "HTTP/1.1 101 Web Socket Protocol Handshake

" .

"Upgrade: websocket

" .

"Connection: Upgrade

" .

"WebSocket-Origin: $host

" .

"WebSocket-Location: ws:/ /$host:$port/php-ws/chat-daemon.php







### Step 4: Now add following code to create bind and listen tcp/ip sockets:


/ /Create TCP/IP stream socket

$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);

/ /reuseable port

socket_set_option($socket, SOL_SOCKET, SO_REUSEADDR, 1);

/ /bind socket to specified host

socket_bind($socket, 0, $port);

/ /listen to port


/ /create & add listning socket to the list

$clients = array($socket);


Ok now a endless loop that will use for handeling incominga nd send messages:


/ /start endless loop, so that our script doesn't stop

while (true) {

/ /manage multiple connections

$changed = $clients;

/ /returns the socket resources in $changed array

socket_select($changed, $null, $null, 0, 10);

/ /check for new socket

if (in_array($socket, $changed)) {

$socket_new = socket_accept($socket); / /accpet new socket

$clients[] = $socket_new; / /add socket to client array

$header = socket_read($socket_new, 1024); / /read data sent by the socket

perform_handshaking($header, $socket_new, $host, $port); / /perform websocket handshake

socket_getpeername($socket_new, $ip); / /get ip address of connected socket

$response = mask(json_encode(array('type'=>'system', 'message'=>$ip.' connected'))); / /prepare json data

send_message($response); / /notify all users about new connection

/ /make room for new socket

$found_socket = array_search($socket, $changed);



/ /loop through all connected sockets

foreach ($changed as $changed_socket) {

/ /check for any incomming data

while(socket_recv($changed_socket, $buf, 1024, 0) >= 1)


$received_text = unmask($buf); / /unmask data

$tst_msg = json_decode($received_text, true); / /json decode

$user_name = $tst_msg['name']; / /sender name

$user_message = $tst_msg['message']; / /message text

$user_color = $tst_msg['color']; / /color

/ /prepare data to be sent to client

$response_text = mask(json_encode(array('type'=>'usermsg', 'name'=>$user_name, 'message'=>$user_message, 'color'=>$user_color)));

send_message($response_text); / /send data

break 2; / /exist this loop


$buf = @socket_read($changed_socket, 1024, PHP_NORMAL_READ);

if ($buf === false) { / / check disconnected client

/ / remove client for $clients array

$found_socket = array_search($changed_socket, $clients);

socket_getpeername($changed_socket, $ip);


/ /notify all users about disconnected connection

$response = mask(json_encode(array('type'=>'system', 'message'=>$ip.' disconnected')));





/ / close the listening socket



So you are ready with server side socket program, Now its time to move on front side where we will implement w3c provided client side Web Socket Apis,

### Step 5: create a file named index.php for frontend usage with following initial code


$host = 'localhost'; / /host

$port = '9000'; / /port

$subfolder = "php_ws/"; / /project subfolder name, you may change it with project directory or make it blank

/ /#add trail slash if there is any subfolder defined otherrwise make it blank

$colors = array('#007AFF','#FF7000','#FF7000','#15E25F','#CFC700','#CFC700','#CF1100','#CF00BE','#F00');

$color_pick = array_rand($colors);

<!DOCTYPE html>



<meta name="viewport" content="width=device-width, initial-scale=1">



<div class="chat-wrapper">

<div id="message-box"></div>

<div class="user-panel">

<input type="text" name="name" id="name" placeholder="Your Name" maxlength="15" />

<input type="text" name="message" id="message" placeholder="Type your message here..." maxlength="100" />

<button id="send-message">Send</button>






Now add some basic styling in the head section using following code:


<style type="text/css">

.chat-wrapper {

font: bold 11px/normal 'lucida grande', tahoma, verdana, arial, sans-serif;

background: #00a6bb;

padding: 20px;

margin: 20px auto;

box-shadow: 2px 2px 2px 0px #00000017;




#message-box {

width: 97%;

display: inline-block;

height: 300px;

background: #fff;

box-shadow: inset 0px 0px 2px #00000017;

overflow: auto;

padding: 10px;



margin-top: 10px;



border: none;

padding: 5px 5px;

box-shadow: 2px 2px 2px #0000001c;








button#send-message {

border: none;

padding: 5px 15px;

background: #11e0fb;

box-shadow: 2px 2px 2px #0000001c;




Ok Style is all set now need to add a jquery script and create web socket object and handle all events on it as following code need to add before closing of bosy tag:


<script src="https:/ /"></script>

<script language="javascript" type="text/javascript">

/ /create a new WebSocket object.

var msgBox = $('#message-box');

var wsUri = "ws:/ /".$host.":".$port."/php-ws/server.php";

websocket = new WebSocket(wsUri);

websocket.onopen = function(ev) { / / connection is open

msgBox.append('<div class="system_msg" style="color:#bbbbbb">Welcome to my "Chat box"!</div>'); / /notify user


/ / Message received from server

websocket.onmessage = function(ev) {

var response = JSON.parse(; / /PHP sends Json data

var res_type = response.type; / /message type

var user_message = response.message; / /message text

var user_name =; / /user name

var user_color = response.color; / /color


case 'usermsg':

msgBox.append('<div><span class="user_name" style="color:' + user_color + '">' + user_name + '</span> : <span class="user_message">' + user_message + '</span></div>');


case 'system':

msgBox.append('<div style="color:#bbbbbb">' + user_message + '</div>');



msgBox[0].scrollTop = msgBox[0].scrollHeight; / /scroll message


websocket.onerror = function(ev){ msgBox.append('<div class="system_error">Error Occurred - ' + + '</div>'); };

websocket.onclose = function(ev){ msgBox.append('<div class="system_msg">Connection Closed</div>'); };

/ /Message send button




/ /User hits enter key

$( "#message" ).on( "keydown", function( event ) {





/ /Send message

function send_message(){

var message_input = $('#message'); / /user message text

var name_input = $('#name'); / /user name

if(message_input.val() == ""){ / /empty name?

alert("Enter your Name please!");



if(message_input.val() == ""){ / /emtpy message?

alert("Enter Some message Please!");



/ /prepare json data

var msg = {

message: message_input.val(),

name: name_input.val(),

color : '<?php echo $colors[$color_pick]; ?>'


/ /convert and send data to server


message_input.val(''); / /reset message input




Ok All set, Now need to run the server.php file using following php-cli utility,make sure you have php cli utility installed in your system:


php -q c:\xampp\htdocs\php-ws\server.php


Now you may access the front index.php file via the browser url like following and see a chatbox and connection status, you may use the same url or different browser to check the chat system is working or not.