libssh2 vs phpseclib

As tempting as it can be to make use of the simple include library which is phpseclib, it is better (if possible) to install the libssh2 module. Libssh2 it grants PHP access to your system’s OpenSSL implementation rather than relying on phpseclib’s own version which is reason alone to use libssh2 despite phpseclib being undeniably more portable, faster and offering enhanced debug facilities (there’s nothing to stop you switching to phpseclib purely to debug pesky issues or writing code first in phpseclib then porting to libssh2).

Whilst OpenSSL has come under attack recently with exploits such as Heartbleed, it remains one of the best tested and trusted security suites around. Major exploit discoveries like Heartbleed and Shellshock (with its openSSH attack vector) demonstrate the need for systems to be patched as soon as possible.

By using libssh2, any patch to the system’s OpenSSL implementation will be automatically applied to your PHP applications. On a related note, unattended-upgrades / yum-cron should always be enabled to ensure you are patched against exploits as they are released with a seemingly increasing regularity.

On a Ubuntu / Debian libssh2 can be installed via the command:

sudo apt-get install libssh2-php

On Red Hat based systems, use:

yum install libssh2

You then need to add the module to your php.ini file with the following line (place it after all the other extension loading calls):

Then finally restart apache.


In Javascript, the “equal and of the same type” definition only applies to values

The colloquial definition of === is “equal and of the same type” however this is only true for values. For objects, both x == y and x === y comparison will return false even if the x & y objects are identical in every way, it will only return true if x & y are both references to the same object. In the case of == this can be overridden with the use of a toString() / valueOf() functions, but not ===.

The actual definition of equality operators is that == tests for “loose equality” and === tests for “strict equality”. This rather ambiguous definition gives opening to the strange and somewhat inconsistent results which can arise during intricate equality comparisons.

The Mozilla Developer Network has a good rundown on how this loose comparison works out.

Doctrine not autoloading classes even when they exist

Using doctrine with silex is a great way to combine the power of a good ORM with the efficiency of a micro-framework, however doctrine – well-known for its step learning curve – can be even more frustrating for new users when used outside of the big well-integrated frameworks (e.g. Symfony & Zend.

One problem in particular can be with autoloading. First namespaces need to be taken care of, with a matching directory structure. The doctrine documentation helps with this.

An error which can be particularly troublesome is:

{"statusCode":500,"message":"Class 'SomeClass' does not exist"}

Even after creating the class and placing it in the correct place.

If you using composer, you may simply need to run “composer update” from the command line (wherever the project’s composer.json file is located) to reload the autoloading classes. Until this is done doctrine just won’t be able to see the file and will keep on complaining that it does not exist, even though it does.

Also, remember autoloading is case-sensitive so make sure you have this correct and that there aren’t old copies of wrongly cased files in the same directory.