Code quality tool PHP_CodeSniffer has a new maintainer but needs corporate support

Introduction

In a recent and significant development for the PHP_CodeSniffer project, a change in maintainership has taken place, with Juliette Reinders Folmer now at the helm. This transition has not only brought fresh energy and vision to the project but also signals a call to action for companies and organizations to actively support its ongoing development. As PHP_CodeSniffer plays a crucial role in maintaining code quality and standards within the PHP community, corporate sponsorship is now more crucial than ever.

New Leadership and Repository Migration

The PHP_CodeSniffer project, originally developed by Greg Sherwood of Squiz Labs, has undergone a notable shift in leadership. Juliette Reinders Folmer was the main contributor for the last year and, with Greg having insufficient time to continue leading the project, it was decided to migrate the project to a new repository, signaling a new chapter in its development. The move is aimed at fostering a more collaborative and community-driven approach to ensure the tool’s continued evolution and adaptability to the ever-changing landscape of PHP development.

Juliette Reinders Folmer, a well-respected figure in the PHP community, brings a wealth of experience and a fresh perspective to the project. Her commitment to maintaining and enhancing PHP_CodeSniffer aligns with the community’s expectations and highlights a dedication to its continued success. Juliette is also the lead developer for other quality assurance tools like PHPCompatibility and PHPCSUtils.

The Importance of Corporate Sponsorship

With the PHP_CodeSniffer project been transitioned in the coming days, the need for financial support from the community, especially corporate entities, is paramount. Open source projects like PHP_CodeSniffer rely on contributions, both in terms of code and financial backing, to thrive and remain sustainable over the long term.
Corporate sponsorship ensures that the project can dedicate resources, including developer time, to addressing issues, implementing new features, and maintaining compatibility with the latest PHP releases. It also allows for the organization of events, workshops, and community outreach initiatives, fostering a stronger and more engaged user base.

How Companies Can Contribute

To support the ongoing development and maintenance of PHP_CodeSniffer, companies are encouraged to sign up for sponsorship through the project’s Open Collective page (https://opencollective.com/php_codesniffer). Open Collective provides a transparent and accountable platform for managing funds, and it allows sponsors to track how their contributions are utilized.

By sponsoring PHP_CodeSniffer, companies not only demonstrate their commitment to the PHP community but also ensure that the tools they rely on for code quality continue to evolve and meet the demands of modern PHP development.

A call to action for developers

If you’re a developer reading this and your project relies on PHP_CodeSniffer or any of the dependant projects (such as PHPCompatiblity or PHPCSUtils) in its quality assurance process, consider what contributions mean :

  • Receiving updates to PHP_CodeSniffer to handle new syntax that is added to PHP
  • Receiving updates to individuals sniffs in all standards to be able to handle new PHP syntax
  • Improving contributor friendliness of projects
  • Reviewing contributions and coaching contributors
  • Coaching potential candidates for joining the maintainer pool, ensuring the project survives long-term

If you value the quality of your code, push your project manager, product owner, CTO or CEO to contribute to the project, given they’re saving not just on valuable development time, but on bug-fixing, just by using the project.

Detecting if an IP address is in a certain range in PHP

First published on the Cu.be blog : link

If you ever need to detect whether an IP address (let’s say 192.168.0.2) is inside a certain IP range/subnet (let’s say 192.168.0.0/24), you can use the following code in PHP :

/**
 * Check IPv4 address is within a range
 *
 * @param string $ip A valid IPv4 address (xxx.xxx.xxx.xxx)
 * @param string $subnet A valid IPv4 subnet (xxx.xxx.xxx.xxx)
 * @param string $mask A valid IPv4 subnet mask (a number from 0-32)
 * @return boolean True if the address is within the range, false if it isn't
 */
function ip4_in_network($ip, $subnet, $mask)
{
    if ($mask <= 0) {
        return false;
    }
    $ip_bin_string = sprintf("%032b", ip2long($ip));
    $net_bin_string = sprintf("%032b", ip2long($subnet));
    return (substr_compare($ip_bin_string, $net_bin_string, 0, $mask) === 0);
}


For IPv6, the code is slightly more complicated:

/**
 * Check IPv6 address is within a range
 *
 * @param string $ip A valid IPv6 address
 * @param string $subnet A valid IPv6 subnet
 * @param string $mask A valid IPv6 subnet mask (a number from 0-128)
 * @return boolean True if the address is within the range, false if it isn't
 */
function ip6_in_network($ip, $subnet, $mask)
{
    $subnet = inet_pton($subnet);
    $ip = inet_pton($ip);

    // thanks to MW on http://stackoverflow.com/questions/7951061/matching-ipv6-address-to-a-cidr-subnet
    $binMask = str_repeat("f", $mask / 4);
    switch ($mask % 4) {
        case 0:
            break;
        case 1:
            $binMask .= "8";
            break;
        case 2:
            $binMask .= "c";
            break;
        case 3:
            $binMask .= "e";
            break;
    }
    $binMask = str_pad($binMask, 32, '0');
    $binMask = pack("H*", $binMask);

    return ($ip & $binMask) == $subnet;
}

PHPCompatibility is ready for PHP 7.0

It took a while to get it finished, but I finally managed to finish writing the changes for PHPCompatibility to include PHP 7.0 support.

Thanks to financial support from the cool people at WPEngine, the complete set of sniffs for PHP 7.0 is now available on Github through the usual link.

As always, tests include both forward and backward compatibility. It is advisable to run PHPCompatibility on PHP 7.0, as some sniffs can not be run on older versions. You can use the ‘–runtime-set testVersion 5.x’ parameter (replacing the x with the number of your chosing) to test your code for older versions.

The sniff includes support for all of these changes :

  • Deprecated functionality :
    • PHP4 style constructors
    • password_hash salt option
  • Older version check (using –runtime-set testVersion)
    • scalar type declaration
    • return type declaration
    • null coalescing operator
    • spaceship operator
    • constant arrays in define
    • anonymous classes
    • unserialize filter variable
    • IntlChar class
    • Group use declaration
    • intdiv function
    • session_start options
    • preg_replace_callback_array function
    • random_bytes and random_int functions
  • Backward incompatibilities
    • Empty list assignments
    • global keyword with variable variables no longer allowed
    • Function parenthesis warning
    • Negative bitshifts
    • Removed functions call_user_method, call_user_method_array, mcrypt_generic_end, mcrypt_ecb(), mcrypt_cbc, mcrypt_cfb, mcrypt_ofb, datefmt_set_timezone_id, IntlDateFormatter::setTimeZoneID, set_magic_quotes_runtime, magic_quotes_runtime, set_socket_blocking, imagepsbbox, imagepsencodefont, imagepsextendfont, imagepsfreefont, imagepsloadfont, imagepsslantfont, imagepstext
    • Removed INI directives always_populate_raw_post_data, asp_tags and xsl.security_prefs
    • New objects assigned by reference removed
    • New reserved keywords bool, int, float, string, NULL, TRUE, FALSE, resource, object, mixed and numeric
    • Functions with multiple parameters with same name not allowed
    • Switch statements with multiple defaults not allowed
    • $HTTP_RAW_POST_DATA removed
    • mktime and gmmktime no longer support is_dst parameter
    • preg_replace no longer supports \e
  • Several new built-in functions, classes, interfaces and exceptions
  • Many new global constants
  • Many removed extensions
  • Loosening reserved word restrictions (in some places)

A happy 20 years !

In honor of the 20th anniversary of PHP, I thought I’d write a short story about my years in PHP.

I discovered PHP in 1997 after I started experimenting with Linux and we started a university team of the Distributed.net RC5 challenge. We had a so-called personal key proxy running and wanted to generate some personal statistics. I decided to learn this relatively new language called PHP, which was at version 2.0FI at the time, which served to create some basic stats. Afterwards we used the Perl-based PPStats, but I soon found it too slow and too messy to deal with, so I rewrote it in PHP.

GNet
My first major PHP adventure was a personal project called GNet, a search engine submission system (back in the days when most search engines didn’t crawl the web and if they did, they did so slowly and inefficiently). The system I built was both web-based as well as Windows-based. The web-based version was built in PHP 3.0, the Windows version was not a standalone system, but rather plugged into the web-based version to fetch the latest engine list, parameter lists, etc using some custom API (well there were no ‘standard’ APIs at the time anyway). This was an actual client-server based application with PHP running on the server side, back in 1999 🙂

phpAds(New) / OpenX
The end of the 90s was also the boom of the online advertising industry. And having a system like GNet meant I could actually show some ads and try to make a little money. There was a system called phpAds, written by Tobias Ratschiller. After version 1.4 arrived, Tobias seemed to have vanished and although I had created a number of bug fixes, nobody was able to put them into the official phpAds project, which was being run from Tobias’ website.
So I merged all the existing patches with mine, added some functionality, and released phpAdsNew 1.4.9, the new part indicating that this was the new release. The new would remain part of its name until 2007, when the project was renamed to OpenAds (it has since been renamed to OpenX and recently to Revive Adserver). Over the course of 2 years, I rewrote the core of the system and added features, until in 2002 I gladly handed it over to someone else to maintain.
Although I never made much money with the ads, the project was fun, I got to see the fruits of my labour being used by thousands of companies and I learned a lot running it.

Consultancy
The next few years I spent building mostly control panels and online ordering systems (for our own domain name, hosting and colocation business) and small websites and webapps.
In 2006 I started working for a number of Belgian companies as a freelance PHP developer. I worked for Internet Architects, Telenet, NMBS (Belgian railways) and a few more, before finally starting a dedicated PHP development company called Cu.be Solutions.

Open Source
Although phpAdsNew/OpenX was an open source project from the start, I had been out of touch with actual open source work for a while when I started working on PHPCompatibility a few years ago. I’m happy to see a lot of people using it.
But my contribution is so small compared to the massive amounts of code so many have contributed to the PHP core, frameworks, CMS systems, testing tools, and so much more.

The community
Open Source makes PHP great, absolutely. But it’s the PHP community that makes it all worth it ten-fold. In the past 8 years I’ve met the most amazing people from all around the world, each with their own distinct tastes, opinions, abilities, mindset, and so on… with one single thing binding them together : they’re all using this tool Rasmus Lerdorf built 20 years ago, this tool that has taken the web by storm and has been the undisputed number 1 web language for a long time, a language I will gladly use for another 20 😉

Happy happy birthday PHP ! Onwards to the next 20 !

PHPConsistent : a new tool to verify your calls and documentation quality

Back in 2009 and 2010 I wrote about a PHPUnit patch I wrote to automatically verify parameter types in function calls. The feature never made it into PHPUnit and honestly it didn’t really fit into the feature set either. Although I still plan on releasing it as a PHPUnit extension that you can easily load, I’ve since been using it outside of PHPUnit, not just on tests, but on any PHP code.

Introducing PHPConsistent

PHPConsistent will verify your code using both dynamic and static analysis.

The goal is to improve code quality of your code and the libraries you use by :

  • Verifying your code is making calls using the right parameters and parameter types
  • Verifying if the in-line documentation (docblock) of the called functions/methods is accurate

It will compare :

  • Parameter types specified in the docblock <-> types of parameters passed upon calling the function/method
  • Number of parameters specified in the docblock <-> number of parameters actually present in the function/method definition
  • Names of parameters specified in the docblock <-> names of parameters actually present in the function/method definition

Sample output

Invalid type calling SomeClass->GiveMeAnArray : parameter 3 ($somearray) should be of type array but got boolean instead : library/App.php (line 5)
Parameter names in function definition and docblock don't match when calling JustAnotherFunction : parameter 2 ($inputFilename) should be called $inputFile according to docblock : application/Bootstrap.php (line 214)
Parameter count in function definition and docblock don't match when calling OneMoreFunction : function has 6 but should be 5 according to docblock : application/Bootstrap.php (line 215)

Performance

Keep in mind that PHPConsistent relies on Xdebug’s trace functionality, making it quite slow. It also needs to analyze the output of that trace, making it even slower. So it’s definitely not something you want to run on a production environment !

Want to know more ?

Check out the PHPConsistent Github page

Technical and business stuff for the open-minded