Pebble – more injection and less dependencies in PHP

Dependency Injection (DI) is hardly anything new. I see it as a must for Test Driven Development (TDD). The thing I like most about DI in Java is Autowired in Spring or javax.annotation.Resource, they way member variables are set “magically” and the exact details about creation and implementation is located elsewhere.

For PHP there are at least the following implementations related to Dependency Injection:

PHP-Dependency (Pd) works with @ annotation in the constructor comment, but why involve the constructor? And is a whole framework needed? PHP is not Java.

Pimple is very much a Dependency Injection Container, not so much about the injection. Simple, yes.

When it comes to Zend Framework 2 Dependency Injection I just can’t grasp how it simplifies anything. It seems to require a lot of boilerplate.

Unsatisfied with the above and a given a dose of NIH Syndrome, I decided to create my own DI system for PHP. After a bit of coding yesterday evening and night I named it Pebble and it is already on github! 🙂

My current requirements on Pebble are as follows:

  1. It must be possible to inject values of specific properties on class construction
  2. It must work nicely in Zend Framework 1.x
  3. It must not require any configuration files (and especially no XML)
  4. It must be a single .php file for the core implementation
  5. It must provide an open interface for extension and customization
  6. It must work nicely with PHPUnit (especially with the getMock method)
  7. It must work with autoloading of classes in PHP
  8. It is allowed to use PHP 5.3 features
  9. It is allowed to use @-based annotations in docComment, e.g. /** @something */

However, I have not yet used Pebble with PHPUnit, so I don’t know yet if that requirement holds!

Now is a good time for you to examine example1.php! The README is currently plain-text, I’ll format it later!

fmod() in PHP is the worst !”#¤%&/()= function ever!

I hate floating point artithmetic and I really hate fmod() in PHP. It’s useless.

fmodReturns the floating point remainder (modulo) of the division of the arguments

If you calculate 36 modulo 7.2?  What do you get? Zero, yes. 7.2*5=36. No remainder!

What if you use fmod in PHP?

$ php -r 'echo fmod(36,7.2);'

WTF? Excuse me? Is that the result from IEEE 754 hell, a parallel universe, or what?

Now I’m betting on the function below. I hope it won’t let me down.

function modulo($n,$b) {
return $n-$b*floor($n/$b);

Today’s thoughts about programming languages

Maybe some of you have heard me ranting about this already?

  • I’m not productive enough in C++ and I feel too limited by Java
  • A large chunk of Java frameworks seem to serve no other purpose than to workaround limitations in Java
  • I believe (and hope!) that Java will cease to be the default language in the non-Microsoft world, and that other JVM-based languages such as Scala, Groovy and JRuby will become more important
  • How can I convince a client to allow Scala, Groovy or JRuby in a project?
  • I should really get some C# experience!
  • It seems like I almost always resolve to PHP when I need to get something done quickly… which reminds me of an upcoming blog post about a recent fight with SoapServer and SimpleXML to implement WSSE UsernameToken authentication.

Permute an array in PHP

I wrote this function recently when I could not find it in the PHP function list. Please provide any optimizations you discover!

function permute($array)
  $results = array();

  if (count($array) == 1)
    $results[] = $array;
    for ($i = 0; $i < count($array); $i++)
      $first = array_shift($array);
      $subresults = permute($array);
      array_push($array, $first);
      foreach ($subresults as $subresult)
        $results[] = array_merge(array($first), $subresult);
  return $results;

assert(permute(array()) == array());
assert(permute(array(1)) == array(array(1)));
assert(permute(array(1,2)) == array(array(1,2),array(2,1)) ||
       permute(array(1,2)) == array(array(2,1),array(1,2)));
assert(count(permute(array(1,2,3)) == 6));
assert(count(permute(array(1,2,3,4)) == 24));

WordPress crack attempt this morning!

When I got to work and viewed this blog I noticed that Sidebar Widgets was disabled. I thought "That’s weird!"

When I tried to login to the administration interface I was told that my WordPress database needed upgrading. I thought "That’s weird!"

Some further investigation revealed that someone managed to upload a PHP script called ro8kfbsmag.txt (MD5 sum df3b74cd38c717d9d7bbf0cd1910baa1) to my /tmp directory. It starts like this:

/*Magic Include Shell by Mag icq 884888*/
//TODO: ñëèòü ôàéëî íà ñâîé ôòï (!)

This gave me enough information too start googling. A must-read is Detailed Post-Mortem of a Website Hack Through WordPress & How To Protect Your WordPress Blog From Hacking, as it describes a very similar attack. There is also a support thread at Weird and Dangerous : ro8kfbsmag.txt.

The attack vector on my server looked like this, originating from with HTTP/1.0 as protocol version and "Opera" as User-Agent. I wish I logged POST data!

POST /wp-admin/options.php
POST /wp-admin/upload.php
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/inline-uploading.php?post=-1&action=upload
POST /wp-admin/options.php
POST /wp-admin/options.php
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/upload.php?style=inline&tab=upload&post_id=-1
POST /wp-admin/options.php
POST /wp-admin/options.php
GET /wp-admin/upgrade.php?step=1

Needless to say, I have restored a backup and taken certain precautions to prevent this from happening again.

Andi Gutmans: “Java is losing the battle for the modern Web”

Andi Gutmans (of PHP fame) has written a very interesting blog post about Java’s future on the web. The article is called Java is losing the battle for the modern Web. Can the JVM save the vendors? He gives some good arguments for using a LAMP stack for web applications.

One of the interesting quotes is:

Project Zero’s Chief Architect is one of the first IBMers to admit in public that Java today can be considered as a system language and is not desirable for building RESTful Web applications […]

This was apparently a bit out of context, according to the comment by Jason McGee, but fun to read nevertheless.

He makes a prediction that shall be interesting to see if comes true:

It has taken over 10 years for the Java stronghold to admit Java’s poor ROI on the Web and with the current recession it is likely that many Java customers are going to be making more informed investments. As a result there will be considerable rise in uptake of dynamic languages.