Get PhpDoc @params of a method

A well-written PhpDoc is a goldmine of information. It may feel redundant, however, to document values that you use in your code too. Why not parse the PhpDoc itself and use that value? Reflection is the way to go.

Consider an Api class that requests users by ID from the Api’s user endpoint. We like to document the name of this endpoint in the PhpDoc for documentation purposes.

class Api {
@param int $id
@return User
@endpoint users
public function user(int $id) : User {
$this->request('users', $id);
Continue reading Get PhpDoc @params of a method

Form submission CSRF issues in Magento

Magento now includes CSRF (Cross-Site Request Forgery) protection on publicly available forms such as the new user registration form. The goal of this is to make it impossible for anyone to POST to an URL without first visiting the corresponding form page. A token is supplied on this page that is sent along with the rest of the form to the server. The server validates the correctness of the token and responds in a sensible way if the token is correct. If the token is not however, the server ignores the POST request.

Continue reading Form submission CSRF issues in Magento

RADIUS Authentication driver for Kohana 3.3

Lately I was in need for an authentication driver that supports RADIUS servers. Happily the Kohana Auth module supports easy development of custom authentication drivers by extending the Auth class holding abstract specifications of the required methods. I implemented these methods making use of the PHP Radius extension (which therefore is required). The driver is publicly available at GitHub.

I am planning on implementing a pure PHP Radius client to get rid of the requirement of the PHP Radius extension.