Using Model-View-Controller as a pattern to describe stateless HTTP interactions has always been a bit of a kludge. There simply hasn't been a better pattern to describe web applications -- until now. ADR (Action-Domain-Responder) represents a refinement of generic MVC as an application architecture specifically tuned to the web. In this talk, we will discuss various patterns of overall application architecture, including MVC, MVP, PAC, DCI, RMR, and others. We will find out how the ADR pattern arises from generic MVC, and how it provides a better description of how web applications actually work. Finally, we will go over examples of how to architect an ADR application, as well as how to convert from an MVC architecture to an ADR one.
PHP has powerful date/time handling functionality. It allows you to deal with many issues that arise when you are developing applications. This talk will cover advanced functionality and is not an introduction except for where this is necessary. I will cover dealing with timezones, calculations with DateTime objects and tips and tricks for dealing with storing date/time information.
APIs are all the rage. But the more you learn, the more you realize how insanely difficult they are. "Develop an image stream API? Weeks of work!" you think. Incorrectly, as it turns out. In this session, we'll use Apigility, an API builder and engine, to create an API for uploading images and creating streams of image URLs to consume within a mobile application... all within the duration of the session. And not just any API, but one that uses OAuth2 to authenticate users, one that rejects invalid images, and one that uses a fully RESTful, hypermedia format. Seem impossible? Challenge accepted!
OAuth has become the de-facto standard to authenticate web API. In this talk we will present the OAuth2 framework, showing the different use cases and how to implement it in PHP, using Apigility. We will cover the following scenarios: web-server applications, browser-based applications, mobile apps, username and password access, application access. Moreover we will show an example on how to integrate external OAuth authentication system in your web API to create the "Login with Social" feature, e.g. Facebook or Twitter.
The session will focus on a sample application lifecycle in a Continuous Delivery perspective. The delivery pipeline will managed using Vagrant and Docker containers, with automations covering all major aspects related to the paradigm, like coding standards, functional testing, behavioural tests, load tests, packing and deployment. Zend Server will be used as the glue for the pipeline, adding valuable insight for the overall code quality assessments and being the packaging/deployment mechanism of choice.
Event-driven programming is a familiar and useful tool for crafting client/server apps and asynchronous libraries. Akin to Node.js or Python's Twisted, React brings PHP up to speed with all of the necessary pieces in a well-packaged framework. This session will introduce the concept of event loops, non-blocking IO, and async programming in PHP, and explore ways it can serve in your technology stack.
This session will demonstrate how to create and deliver your next big idea at the speed of light, by performing rapid prototyping, development, and continuous delivery at the PaaS layer on IBM's Bluemix. With the rapidly increasing number of internet-connected devices such as smart watches, personal fitness devices, connected automobiles, and automated homes, the market is ripe for innovative applications that can find new value in this Internet of Things. Now, with the affordability, scalability, and ease-of-use provided by a Platform as a Service, any developer can unleash their creativity and quickly turn their ideas into the next big thing.
Everyone knows that Silex is a great microframework for APIs and small sites, but what do you do when you want to build a large site, or your little tiny site has grown up? Silex has many different ways to let you build larger, complex websites that might still be too small for Symfony, but have outgrown the single page app it once was. We'll look at what Silex offers us, and different ways we can structure our site.
How are you supposed to organize your models in an MVC application? What goes where? What is a service class, a mapper or an entity? This talk will look at the components of the model layer and the options you have when creating your models. We’ll look at the different schools of thought in this area and compare and contrast their strengths and weaknesses with an eye to flexibility and testability. We'll discuss the terminology and also take a look at what a service layer is and see how you use service classes to provide the business logic for your application and hide your persistence code from your controllers. By the end of this session you will be equipped to create excellent, maintainable models in your projects.
DB2 is the heart of IBM i. For PHP applications, the DB2 database provides performance, data integrity, remote connectivity, and security. This session will show the right way to use DB2 with PHP. Topics include: NEW features of DB2 and ibm_db2 that can make life easier for developers, performance tips, prevention of SQL injection, library list options, and how to connect IBM i's DB2 from Windows and Linux.
In this world where we have moved beyond web pages and build ever-more asynchronous applications, often things that go wrong result in errors we can't see. This session will give a very technical overview of HTTP and how to inspect your application's communications, whether on the web or on a mobile device. Using Curl, Wireshark and Charles, we can quickly and painlessly identify where the problem exists, without spending a lot of time making changes to our application to identify a problem. Whether you're debugging a backend API, an ajax request or an unexpected timeout, these are the tools you will want to have at hand.
In this talk I will go over all the past, present and future debugging techniques. The talk start by giving an overview on PHP's (ancient) standard features for debugging, additional (userland) libraries and functionality in frameworks. After the introductions we move on to the meatier stuff and I will talk about live-action debuggers, such as Xdebug and Zend's debugger. They both provide information while a script is being executed, in combination with IDEs. In the future, there is PHP 5.6's phpdbg which allows for some debugging and other analysis. I am also unveiling a project that allows you to "step back" while debugging as well; introspect what your script's or application's exact execution paths was; and trace variable modifications.
In the world of the Internet user's experience is in many cases controlled by the browser, and the browser's ability to render the page is the ultimate measure of how fast or slow a particular page and/or application is in the eyes of the user. This session will outline the tools that can be used to effectively measure the user experience in the browser as well as outline a number of approaches and performance tricks designed to improve and accelerate that experience.
As developers we're told to limit the coupling of our code for testability, reusability, and a whole host of other reasons. Taking the time to understand exactly what Dependency Injection is and how we can accomplish it in PHP projects is important. Then we hear about the Dependency Inversion Principle and think we are okay because we are injecting dependencies. In this talk we will take a look at both dependency injection and dependency inversion from a theoretical and practical standpoint. Walking out of the room you should understand the motivation for practicing dependency injection as well as how the Dependency Inversion Principle can make your code more SOLID.
The Dependency Injection pattern separates the creation of objects and their dependencies. This session will look at what Dependency Injection is, how it is integral to Zend Framework 2 and the benefits that it brings. We'll then look at how Zend\ServiceManager works and how to make best use of it within your application.
Service-Oriented Architecture is not a new concept but modern cloud computing platforms have given it new life. The flexibility of these platforms allows us to break out of the usual scaling patterns and precisely target resources where and when we need them. By examining a case study, we will explore some of the technologies and techniques needed to create scalable, reliable, responsive applications at any scale.
Some of the most common vulnerabilities in web applications are caused by applications not properly inspecting the data that users send in. PHP has an entire suite of tools to help inspected, filter, and sanitize data that comes from the user and other outside parties. Using built-in methods and extra tools you can protect your app from harmful data and users.
Over the past few years, the mantra in OOP PHP projects has been "Dependency Injection": get rid of those registries, service locators, and God objects. Simply put, Dependency Injection (DI) is the act of injecting objects on which a class depends via the constructor or setter methods, instead of instantiating them directly or pulling them from a known location (usually a registry). The real question, however, is: where do you create those dependency instances? This is where a concept called "Inversion of Control" (IoC) comes into play. During this session, we'll review Dependency Injection, define Inversion of Control, and look at methods of implementing IoC. Examples will draw from the Zend Framework 2 ServiceManager, Pimple, and aura.di, and show how IoC can make it possible to automate DI, as well as provide the ability to substitute alternate implementations for dependencies when desired - thus adding flexibility to application design.
Every team starts somewhere. There is no one-size-fits-all approach when it comes to deciding when and how code gets shipped. The important thing is that code gets shipped. However, process matters and not all processes are created equally. In this session we will look at the story of how one team went from a very intensive, hours-long deployment process to delivering and deploying an application continuously. This is not your typical story of rainbows and unicorns, this is the in-the-trenches look at the evolution of expectations, processes, and tooling necessary to take the leap into continuous delivery.
What is an etag, exactly? What's all that stuff in the Accept header? And what the heck does a Vary header do anyways?! Web developers use HTTP everyday but most of us don't know how to get the most out of it. This talk goes past memorizing status codes (although we'll see those too) and teaches how to get the most out of every request and response.
Put on your trench coat and grab your magnifying glass as we walk through investigating a real-life hacked WordPress website. You'll experience first-hand what tools can help you find the vulnerability and the point of entrance. Learn what the hacker might have left behind, how to seal up the most common problem areas, and how to set up notifications to help you spot a hack more quickly in the future. Even though we will be going through a WordPress website, most of the tools discussed are applicable to any website.
The CIA triad (confidentiality, integrity and availability) is one of the core principles of information security. After a brief introduction to the basic of CIA, we will show how to apply this principle in PHP, to create secure and robust web applications. We will present some pratical examples using Zend Framework 2, showing how this framework can simplify the life of developers instead of manage everything from scratch in PHP.
The codebase at work is absolutely terrible. It's a mess of spaghetti that has been around for years and is and completely untestable. Any time you fix a bug right here, a new bug appears over there. In this talk, Paul explains why the code is so bad, and gives practical steps on how you can start paying off legacy technical debt while keeping the system running the whole time.
Programmers, especially PHP programmers, spend a lot of time dealing with data: reading it in, transforming it, and writing out the results. PHP is excellent at text transformation, with all sorts of string manipulation tools. But sometimes the tools you're using just aren't enough, and even regular expressions will only work to a certain point. For example, there is the repeated advice that you cannot parse HTML or XML with regular expressions themselves. At that point you need to turn to something more powerful. That something is lexing and parsing. Learn about these terms, ways to implement them in PHP, and even how PHP and other compiled programs perform lexing and parsing "under the hood". Finally write your own lexer and parser in PHP (and find out why this is one place where the use of goto does not lead to velociraptor attack).
Today's application demands are growing and the Mobile Enterprise is a large part of that growth. the green screen simply does not play here so we need new tools and techniques. In this session, Mike will illustrate exactly how quickly and easily a mobile solution can come to life using nothing more than the base tools included with the Zend and IBM Partnership. This sessin leverages the key features of Zend Server, Zend Studio and APIgility.
Models, sure. That’s all part of MVC. Those are the objects that hold your business logic. Except…do they really? In PHP, the norm is to have an anemic domain model. Even if you want to move away from that (whatever it is), how do you do it? In this talk, we’ll look at different schools of thought for managing your code’s truly important parts and the impact on related areas like testing or form libraries. From plain models to service layers, DDD to CQRS, we’ll try to apply them to an average application using PHP libraries and see where they stand up or fall down. There’s no magic elixir for designing good models but sometimes all you need is a little iron in your diet.
Put together every Zend tool you know and you get the best workflow to develop mobile applications, both from the server and the client side.
A contest will be open for developers to add more functionality!
How slow does a query need to be to be considered slow? Is 100% CPU time a problem - what about 50%? These are some of the questions I will be covering, as well as where the best place is to collect database performance metrics. This session is aimed at Developers turned DevOps who are wanting to answer the inevitable question: is my database under load, and for how much longer can I expect it to survive?
Want to make sure that your class names don't overwrite the class names for any other projects on the server? Hate having long class names like [insert ridiculously long classname here]? Namespaces were introduced in PHP 5.3 to help address these common issues. Learn how to namespace classes and see how namespaces and class autoloading can make your coding experience much nicer!
The best way to get better performance, is to learn how to optimize queries. This session will tour the EXPLAIN command in MySQL and show you how to optimize queries using IMDB as an example database.
Time to gather our frameworks around a warm camp fire and see just how much we have in common In this presentation, we take a flat PHP4-style application and gently migrate it into our own "framework", that uses components from Symfony2, Zend Framework 2, Aura and a library called Pimple. By the end, you'll see how any ugly application can take advantage of the many wonderful tools available to PHP developers. You'll also learn exactly how *any* framework actually works under the hood by hooking up routing, controllers, services and events.
PHP is a powerful tool. It is estimated that it is running on more than 80% of the servers on the web today. Many know that PHP can also be run from the command line, but don’t truly appreciate the power that it gives them. You can use PHP for everything from simple command line pipes to back-end maintenance for complex web apps. In this session we will start with some simple examples of using PHP from the command line and then build up to using it as part of a larger application.
The security of many business applications running natively on IBM i has been thought out several years ago in many cases. Introducing PHP into the IBM i environment can cause folks to start asking questions about access, security and authentication. In this session we will discuss application security, PHP IFS and Root file system access and several options to authenticate to a PHP application running natively on IBM i. This is a must see session for anyone who is looking to go live with PHP and/or a web technology on IBM i.
PHP developers can leverage IBM i resources such as RPG and COBOL programs, system commands, data areas, and more, using a free, flexible, open source toolkit. Backed by IBM's XMLSERVICE toolkit, it's all open source, enabling a high level of quality and functionality delivered by Zend, IBM, and community members who take the initiative. Learn how to call any command or CL, RPG or COBOL program with parameters from simple to complex; optimize performance; develop PHP on your laptop (Windows, Linux) or in the "cloud" and deploy to the IBM i; and how to migrate from the old "i5 Toolkit" to the new open-source toolkit. Contains new examples and ideas never presented before. The speaker, Alan Seiden, is project leader of the toolkit.
Measuring and improving the performance of your PHP application is critical to giving your customers a great experience. To get the deep understanding where the performance flaws lay you need a profiler. XHProf is an open source, minimal overhead profiling tool for PHP that can be easily deployed on any machine and readily provide the answers to your performance questions. This session will overview the ins an outs of how to configure XHProf using several storage backends as well as how to analyze it's results via the XHProf UI.
Programmers have a bad reputation when it comes to UX, but it's time to set the record straight: It isn't because we don't care! It's because we fall in the trap of thinking we can design a user interface and write it at the same time when, the truth is, these processes require different kinds of thinking. But learning how to unlock that part of your brain is worth it -- and you'll be surprised at what you already know. From one developer to another, this talk will discuss why you should think critically about the interfaces you write and give you some strategies you can start applying right away, whether you're implementing on your own or working with a UX professional. This talk is aimed at developers, both front-end and server-side, who implement user interfaces but may not have training in UX. Because really, ALL programmers implement user interfaces. Sometimes the user is another developer (in the case of an API) or a more advanced user (for a command-line tool), but all software has its users.
"Hope for the best and plan for the worst." We spend a lot of time talking about best practices: The ways we should run our projects and write our software so that everything turns out as well as possible. But when you add human beings to the mix -- whether they're coworkers, clients, or just, well, you and I -- something will eventually go wrong. As a technical lead in an interactive agency, I have worked on many projects of all shapes and sizes, with many different clients. I've launched online promotions giving away prizes worth tens of thousands of dollars (and, yes, messed some up), and high-stakes eCommerce solutions tied directly to point of sale systems (and, thankfully, did not mess them up -- though not for any lack of unexpected surprises during planning and development!). Crisis is inevitable, but it doesn't have to take down your project. The only thing that matters when everything hits the fan is what you do next. Using case studies from the interactive agency world (where no two clients are ever the same), we'll talk about methods for triage, what to do when you feel a project start to get on shaky ground, and ways to ensure everyone comes through to the other side in one piece.
Beyond your standard CRUD operations, MongoDB offers a potpourri of special features. Looking for a quick search API? Full text indexes have you covered. Churning through large amounts of data? Consider map/reduce or the aggregation framework. Querying geospatial data? Create a 2dsphere index and go to town. Digging a bit deeper, we'll look at a few techniques for creating backend services, such as event long-polling and job queue processing.
You must have heard from unit testing… if not, then this really is talk for you! If you do know unit testing, then you might also have had that hurdle… where to start? And in the end, ending up having little unit tests for your application despite your efforts. And then that change request comes in… right on that complex piece of code. How are you going to refactor while maintaining all those ‘undocumented’ business rules? In this talk I’ll show how Codeception can leverage the developer to refactor visuals aspects of an application, maintaining backwards compatibility on API changes and even can assist in moving to a whole different server infrastructure.
Make no mistake, creating a "RESTful" API is hard work. It's packed full of theory and is's notorious for being difficult to find the fine line between getting it done and doing it "correctly". In this talk, we'll start through the must-know basics, like HTTP methods, status codes, resources and representations. But then, we'll turn to the harder stuff: hypermedia, links, hypermedia formats: what to worry about and what to leave behind. We'll also talk about error representations, serialization, custom methods (e.g. "buy" a book) and documentation for all of this (machine docs and human docs). In short, I'll show you what I wish I had always known: what pieces of REST to leave behind and some strategies on how to tackle the tough stuff that you *do* need.
Silex is a lightweight micro-framework built on Symfony components. Don't let its small footprint fool you, though. Silex is powerful enough to form the backbone of even the most complex service-oriented application. In this talk, I will cover the basics of creating a Silex application, building service providers, and constructing RESTful controllers. From there, we'll more on to more advanced topics such as composing and delivering hypermedia content, monitoring and profiling, logging, and service integration.
Adobe, Target, New York Times, OpenSSL - what do they have in common? Massive security breaches. In the age of fast and cheap choices when programming how do you avoid becoming one of the hacked? Security isn't a checkbox on a list, it's a way of programming that makes you do things the right way, the first time. And every project will have it's own needs for paranoia. Integrating a mental checklist and instilling some healthy "users are evil" paranoia can go a long way to keeping your site from becoming a victim. Learn about how to make the right decisions for the project that will keep your data safe without breaking the bank or the calendar, and how to add habits to your brain that will security consciousness part of your everyday programming habits.
Already have scaling and caching tools in place, but still concerned about your site's speed? Ever wish you could go back to the days of static sites where page loads were blazing fast but still have the benefits of a dynamic site? Sculpin, a static site generator written in PHP, is a powerful alternative to deploying a PHP website. It dynamically renders your site's content into static files that can be served directly by your webserver saving you execution time on every single page load! Learn more about static site generators in general, discover which types of websites they benefit the most, and learn how to start generating static sites with Sculpin today!
You've got your tests, your metrics, your database migrations and your system provisioning automated, but how can you deploy everything with a push of a button and not be scared something goes wrong? Welcome to the continuous PHP Pipeline. In this talk I take the code, the tests, the metrics and the provisioners and show you how you can have a continuous delivery pipeline setup based on certain criteria you define upfront, your code gets automatically deployed to staging or to production with all the arbitrary tasks along with it. Never get stressed again about deployments. Make deployments as easy as committing to your repository and get home on time to enjoy your well deserved weekend.
More and more large companies and websites are switching over to Nginx + PHP-FPM for increased performance and more efficient resource utilization. When properly tuned, this duo can be a perfect match for high traffic situations. However, it only takes one small oversight in the configuration to bring your site to a grinding halt under high load. Join Evan Coury, owner of Roave, as he shares all of his tips and tricks learned throughout years of high scalability consulting and running several extremely high traffic websites. We’ll cover how to optimally tune PHP-FPM worker pools, sysctl, and Nginx to get the most out of your servers. Additionally, we’ll cover adding additional capacity to handle traffic spikes, load balancing, and more.
Not everyone has access to a user interface designer, but that doesn't mean that usability is out of your reach. Come learn the basics of usability through examples and discussion. Find out what kinds of simple changes can make a big difference to your users. We will also cover how to do usability testing for your site and will practice analyzing sites from a user's perspective.
The rise of virtualization has transformed the server business, but other than that it seems like the developer world has largely been left behind. Regardless of if you are working on one project, or have 20 clients, every developer should know how to use virtualization to create seamless and easy to manage development environments. In this talk we will take a practical approach to using a combination of Puppet, Vagrant, and VirtualBox to create entire development environments in a matter of moments based on the power of Zend Server - and even better re-use that template for any project you have in the future in a version-controlled and easily managed manner. Bringing on a new developer for your project? We'll show you how they can get a full-fledged development environment from zero to working in under 10 minutes.
You've embraced automated testing for your PHP code, and you've got acceptable levels of code coverage and confidence that nothing will break when you deploy later today. But what about all the awesome HTML and JS that you wrote that allows your users to get stuff done? What's that? You don't have any tests for it? Luckily there are some tools that can give you the same warm-and-fuzzy feelings about your front-end code's correctness like you get with a well-written test suite for your back-end code. In this talk Chris Hartjes switches from talking about unit tests to showing how to assemble a set of tools to make UI testing easier. Learn how Behat, Mink, and headless browsers will become your new best friends!
Ever wondered what a service-oriented website would actually look like in PHP? This session will show you! We'll start with the API, building a simple one with familiar tools. Next, we'll build a website that doesn't use a database - instead it talks to our API to fetch data. Then the tricky part: securing access between the two, allowing API access for both the website itself and for logged-in users on that site using OAuth. Whatever your aspirations as a developer, if they include building API backends for apps or sites to consume, building lightweight web frontends, or building secure and scalable systems in PHP, then this session is for you.
You know that you should be testing your code and working towards the Holy Grail of Continuous Deployment, but that amount of stuff you need to know is bearing down on you like a gigantic iceberg. The tools are difficult. Developers are not taught testing practices from the beginning. You don't have control over the environment. These are the real issues facing developers looking to commit to testing as a development practice. Somewhere along the way we made the whole concept of "testing" difficult and intimidating. In this talk Chris Hartjes discusses his own experiences in dealing with creating an environment in which testing is easy and provides real benefits.
Zend Framework 2 provides a lot of great tools and resources to help developers build quality applications. However, a lot of important architectural decisions are still left to the developer. What belongs in the controllers? What’s a service layer and why should you have one? What the %*$# is a model, really? In this session, Evan Coury, author of the new ZF2 module system, will lift the fog on all of these concepts, showing you how to use them to create a more maintainable and well architectured ZF2 application, while keeping the technical debt to a minimum.
There are a lot of tools available that can make developers life easier. Zend Server is one of them. The Zend products have come from a long way, but since the introduction of Zend Server the focus is more on a developers perspective than ever. The integrated tools make debugging, performance tuning, process offloading and deployment really accessible. Even extending it with your own needs is possible nowadays. In this talk I will show you the features compared to other similar tools that there are around. This talk is not about selling Zend Server, but helping developers understand why reconsidering your development stack is always an option. Because in the end every developer likes to be a lazy developer.
One of the coolest new architectural enhancements to ZF2 (when compared to ZF1) is an extremely robust module architecture. If you use them properly you can create modules that both produce and consume events, have solid module dependency structures, are installable easily through composer, and provide various services for your application as a whole to use. This sort of approach leads to awesome code reuse and less bugs, and in this talk we'll discuss both the architecture and implementation of such modules using real code examples.