Policy Attributes

Policies are a slightly obscure but critical part of Laravel security. They're the best solution to the common route-model-binding vulnerability where an attacker can just hit /post/123 even through they are only the author of /post/456. We've been working quietly on a proof concept to make CRUD resource controllers "locked by default" and to allow more explicating Model to Policy mapping using php attributes. https://github.com/icehouse-ventures/laravel-policy-attributes Taylor just merged a new Model-Policy mapping attribute called UsePolicy so it seemed a good time to get some feedback on upgrading the Controller side of things. Any feedback?

https://redd.it/1l5g1t1
@r_php

Laravel Observers - The Cleanest Way to Handle Model Events
https://backpackforlaravel.com/articles/tutorials/laravel-observers-the-cleanest-way-to-handle-model-events

https://redd.it/1l5o0lz
@r_php

How do you set your rate limiters?

I had considered blocking ip addresses for more than 60 requests per minute for 24 hours and displaying a 429. But then I thought, no one sends 60+ requests per minute, 30 might be enough ... but then I thought, what about some search engine bots - maybe they need more requests.

It would probably also make sense to block ip addresses for example at more than 1000 requests per hour and 5000 requests per day (or so).

And, for example, try to reduce login attempts to 10 per hour.

Of course, it also depends on the application and the usual traffic.

So, how do you go about this? What does your setup look like and how do you find out if it is optimal?

https://redd.it/1l5th8q
@r_php

Modern full-featured non-blocking driver for AMQP 0.9.1

The driver is written entirely using fibers and offers the following features:
- automatic handling of delivery acknowledgments and returns in publisher confirms mode enabled;
- an alternative, more convenient API for transactions and message processing via a concurrent iterator;
- support for batch message processing;
- built-in RPC support.

For more features, refer to the library's documentation. Feedback is welcome.

https://github.com/thesis-php/amqp

https://redd.it/1l5zv4g
@r_php

GitHub - ddddddO/ps2: Tool to convert from serialized string processed by PHP's serialize function to JSON
https://github.com/ddddddO/ps2

https://redd.it/1l61qw7
@r_php

A Week of Symfony #962 (June 2–8, 2025)
https://symfony.com/blog/a-week-of-symfony-962-june-2-8-2025?utm_source=Symfony%20Blog%20Feed&utm_medium=feed

https://redd.it/1l66v36
@r_php

PHP is 30

PHP has turned 30 years old today. Here's a quick retrospective on PHP's origins:

https://kieranpotts.com/php-is-30

https://redd.it/1l6ewx0
@r_php

Weekly /r/Laravel Help Thread

Ask your Laravel help questions here. To improve your chances of getting an answer from the community, here are some tips:

What steps have you taken so far?
What have you tried from the documentation?
Did you provide any error messages you are getting?
Are you able to provide instructions to replicate the issue?
Did you provide a code example?
Please don't post a screenshot of your code. Use the code block in the Reddit text editor and ensure it's formatted correctly.

For more immediate support, you can ask in the official Laravel Discord.

Thanks and welcome to the r/Laravel community!

https://redd.it/1l6h1ps
@r_php

Getting my Laravel application security audited
https://govigilant.io/articles/getting-my-laravel-application-security-audited

https://redd.it/1l6i2r0
@r_php

Startup Project

Hello, im building a startup. the stacks are symfony and expo for the mobile application. it is a SAAS product. I think it will be a successful idea and would like to ask if someone would like to collaborate with me to build it. To be completely honest i dont have money to pay, but i will provide shares from the profits once we go live. i will handle the marketing and sales. i should need a solid developer to help me build it. if you're serious, please DM with some of your work or CV.

Peace all! <3

https://redd.it/1l6g5lf
@r_php

Getting my PHP (Laravel) application security audited
https://govigilant.io/articles/getting-my-laravel-application-security-audited

https://redd.it/1l6i3d4
@r_php

PHP Records: In Userland

Some of you may remember my RFC on Records (https://wiki.php.net/rfc/records). After months of off-and-on R&D, I now present to you a general-use Records base-class: https://github.com/withinboredom/records

This library allows you to define and use records — albeit, with a bit of boilerplate. Records are value objects, meaning strict equality (===) is defined by value, not by reference. This is useful for unit types or custom scalar types (like "names", "users", or "ids").

Unfortunately, it is probably quite slow if you have a lot of records of a single type in memory (it uses an O(n) algorithm for interning due to being unable to access lower-level PHP internals). For most cases, it is probably still orders of magnitude faster than a database access. So, it should be fine.

https://redd.it/1l6p85a
@r_php

Just launched: Laravel AI Chat Starter Kit

I’ve just open-sourced a Laravel based AI chat starter kit built using:

* **Prism** (for AI/LLM integration)
* **Laravel Streams** (for native response streaming)
* **VILT stack** (Vue, Inertia, Laravel, Tailwind)

It comes with:

* Persistable chat history
* Model configuration
* Chat sharing
* Markdown & code rendering

[GitHub Repo](https://github.com/pushpak1300/ai-chat)

https://redd.it/1l6sdrz
@r_php

The most simple way to generate pdf for invoice n report

Hi guys,

I remember using phpjasperxml ver 0.9 in symfony 2.7 and php 5 to generate pdf.

What s current option to generate pdf for symfony 7 and php 8?

I read that phpjasper and phpjasperxml r possible. I also read gutenbergbundle. Which will be recommended for simplicity and ease of use? The invoice and the report r simple pdf without any fancy stuff.

https://redd.it/1l6uup7
@r_php

Weekly Ask Anything Thread

Feel free to ask any questions you think may not warrant a post. Asking for help here is also fine.

https://redd.it/1l6uj36
@r_php

Weekly help thread

Hey there!

This subreddit isn't meant for help threads, though there's one exception to the rule: in this thread you can ask anything you want PHP related, someone will probably be able to help you out!

https://redd.it/1l6xa3z
@r_php

Upgrading from php5.6.40 to php7.0

I am a JS developer who doesn't have any experience developing in php. I recently got tasked to upgrade a php application that runs php v5.6.40 with CodeIgniter(v3) to php v7 and eventually to v8.


I see this as an opportunity to learn php and may be asked for a good raise in the next appraisal cycle(in 6 months). Now, there is no timeline for this and I am the only person who has been working on this app for 1 year or so. I've only done a few changes like commenting out a few html components and reducing the DB calls and figuring out things when we get some error(mostly data related).

I don't understand how most parts work but I can google and it and get working.

I have setup the code in phpStorm and ran code inspection. The code has way too many errors and warnings but I am not concerned with all of them.

I ran the inspection for both v5.6 and v7.0. Only errors I am concerned with are the DEPRECATED ones such as "'mssql_pconnect' was removed in 7.0 PHP version". I have like 43 errors related to mssql and mysql.

Also, I am aware of the migration guide but it hard to follow that as things do no make a lot of sense to me.

Can someone point me to the right direction? It would be a huge help.

https://redd.it/1l6ywcr
@r_php

Symfony Messenger standalone, getting retry to work

I've managed to get Symfony Messenger to work with my legacy system using RabbitMQ. It works like a charm for the most part, what I'm trying to get working now is the retry mechanism.

ChatGPT is some help but mostly it just leads me astray into the wrong alley.

This is the code I've got so far, what glue is missing to get the RetryStrategy into this setup?

class MessagesFactory {
public static function createMessageBus(): MessageBus {
$handlers = new HandlersLocator(
AbstractCommand::class => [new class {
public function __invoke(AbstractCommand $command) {
$command->execute();
}
},
]);

$transportLocator = new TransportLocator(
'async' => self::getTransport()
);

$sendersLocator = new SendersLocator(
AbstractCommand::class => ['async',
], $transportLocator);


// Build the bus with both middlewares
return new MessageBus(
new SendMessageMiddleware($sendersLocator),
new HandleMessageMiddleware($handlers),
);
}

public static function createWorker(): Worker {
return new Worker(

'async' => self::getTransport()
,
MessagesFactory::createMessageBus()
);
}

private static function getTransport($queue = 'messages') {
$connection = Connection::fromDsn(
RABBITMQDNS . $queue
);


// TODO: Where does this go??
$retryStrategy = new MultiplierRetryStrategy(
maxRetries: 3,
delayMilliseconds: 1000,
multiplier: 2.0,
maxDelayMilliseconds: 10000
);

$transport = new AmqpTransport($connection);

return $transport;
}
}

https://redd.it/1l70qjk
@r_php

I made a template for the FHA stack what do you guys think of this stack?, any suggestions are welcome
https://github.com/JianZcar/FHA-Stack

https://redd.it/1l71xiw
@r_php

Why You Really Need a Pre-Commit Script for Your PHP Projects
https://phpdeveloperstv.substack.com/p/why-you-really-need-a-pre-commit?r=pxz1i

https://redd.it/1l79kb3
@r_php

Should Laravel adopt OpenTelemetry?

OpenTelemetry (OTel) is quickly becoming the standard for observability — helping apps generate consistent data across Metrics, Events, Logs, and Traces (MELT). It allows you to track what’s happening across your system, end-to-end, and send that data to any platform (Grafana, Datadog, Honeycomb, etc.).

Laravel already gives us Telescope, which is a great tool for introspecting the application — logging requests, jobs, queries, exceptions, and more. Now, with Laravel Nightwatch on the way.

Isn’t this the perfect moment to adopt OpenTelemetry in the Laravel ecosystem?

Imagine if the framework could generate MELT data natively — and send it to Telescope, Nightwatch, or any OpenTelemetry-compatible backend without choosing one over the other.

I know Spatie is working on this direction too, which is exciting.

But should this become a first-class concern at the framework level?

What do you think? Are you using OpenTelemetry already?

Would love to hear your thoughts.

https://redd.it/1l7sde6
@r_php