Weekly /r/Laravel Help Thread

Ask your Laravel help questions here. To improve your chances of getting an answer from the community, here are some tips:

What steps have you taken so far?
What have you tried from the documentation?
Did you provide any error messages you are getting?
Are you able to provide instructions to replicate the issue?
Did you provide a code example?
Please don't post a screenshot of your code. Use the code block in the Reddit text editor and ensure it's formatted correctly.

For more immediate support, you can ask in the official Laravel Discord.

Thanks and welcome to the r/Laravel community!

https://redd.it/1lt66go
@r_php

Weekly Ask Anything Thread

Feel free to ask any questions you think may not warrant a post. Asking for help here is also fine.

https://redd.it/1ltjpdo
@r_php

Weekly help thread

Hey there!

This subreddit isn't meant for help threads, though there's one exception to the rule: in this thread you can ask anything you want PHP related, someone will probably be able to help you out!

https://redd.it/1ltmkiz
@r_php

PHP CS Fixer now has PHP 8.4 support
https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/releases/tag/v3.80.0

https://redd.it/1ltnxb0
@r_php

Built a simple noise library in pure PHP - looking for feedback

Hello,

I've created a small library for generating noise in PHP.
The library is based on "PHP-GLFW" and its C++ implementation, but it's written entirely in pure PHP.

Initially, I updated the "https://github.com/A1essandro/perlin-noise-generator" library, which seems abandoned.

I later decided to build my own version to avoid relying on "PHP-GLFW", since it requires installation just to access a few functions.

The library: https://github.com/Cryde/noise-functions
It's still a work in progress - feel free to share your feedback or suggestions!

https://redd.it/1ltnz75
@r_php

How I can check whether a unique index exisrts and avoid recreating it?

In an entity I have:

declare(strict_types=1);

namespace App\Entity\Activity;

use App\Domain\Helper\UuidHelper;
use App\Entity\Business;
use App\Entity\BusinessTypes\ActivityOperator;
use App\Entity\Image\ImageEntity;
use App\Entity\Tags\Pivot\ActivityTag;
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
use Gedmo\Mapping\Annotation as Gedmo;
use Gedmo\Translatable\Translatable;


#[ORM\Entity]
#[ORM\Index(name: "external_id_origin_unique", columns: ["external_id", "origin"], options: ["where" => "external_id IS NOT NULL", "unique" => true])]
class ItemFromApi 
{

    public const ORIGIN_API='api';
    public const ORIGIN_INTERNAL='internal';

    #[ORM\Id]
    #[ORM\Column(type: 'integer')]
    #[ORM\GeneratedValue(strategy: 'AUTO')]
    private int $id;

    #[ORM\Column(type: 'string', length: 255)]
    private string $noscript;

    #[ORM\Column(type: 'integer', nullable: true)]
    public ?int $externalId = null;

    #[ORM\Column(type: 'string', length: 255)]
    public string $origin = self::ORIGIN_INTERNAL;

    // Setter and getter are ommited for siplicity

}

Then I run php bin/console doctrine:schema:update --dump-sql and generates the following sql:

CREATE UNIQUE INDEX external_id_origin_unique_itinerary ON item_from_api (external_id, origin);

And run upon my db, then once I run again index is re-created:

CREATE UNIQUE INDEX external_id_origin_unique_itinerary ON item_from_api (external_id, origin);

How I can avoid the re-creation of this index?


https://redd.it/1ltq6ln
@r_php

A Cognitive Code Analysis Tool

Cognitive Code Analysis helps you understand and improve your code by focusing on how developers actually read and process it. Understandability is a huge cost factor because \~80% time is spent on reading and understanding code.

[https://github.com/Phauthentic/cognitive-code-analysis](https://github.com/Phauthentic/cognitive-code-analysis)

Features:

* Scans source code and reports detailed cognitive complexity metrics.
* Churn analysis (requires Git) to highlight risky, frequently changed code.
* Export results as CSV, XML, or HTML.

Unlike traditional metrics like cyclomatic complexity, this tool emphasizes cognitive complexity - how hard your code is to understand. It analyzes line count, argument count, variable usage, property access, and nesting to identify the hardest parts to maintain.

You can adjust the score calculation through configuration by setting weights for each metric, allowing you to tailor the cognitive complexity scoring to your own acceptable thresholds.

I’ve used it myself to spot risky areas early in projects. Measuring cognitive complexity is tough, but there’s academic backing for this approach. Check out this paper if you're curious:
[https://dl.acm.org/doi/10.1145/3382494.3410636](https://dl.acm.org/doi/10.1145/3382494.3410636)

I'd love your constructive feedback - try it out and let me know what you think!

https://redd.it/1ltpv2a
@r_php

Any recommendations to learn easyadminbundle?

I need help I have been doing research to learn this bundle but haven’t found anything yet, I am new to symfony.

https://redd.it/1lu4n1i
@r_php

AI Assistant for website

I have a website coded in PHP, and I would like to add an assistant that visitors can use to get answers and assistance. For example, to ask questions about how to use our ERP. Instead of searching all of our help files, it would just respond with several answers. Has anyone seen or heard of something like this? Open Source? Thanks.

https://redd.it/1lu5k54
@r_php

Named parameters vs passing an array for function with many optional arguments

In the public API of a library: given a function which has many optional named parameters, how would you feel if the stability of argument order wasn't guaranteed. Meaning that you are informally forced to use named parameters.

The alternative being to pass an array of arguments.

I feel like the benefits of the named arguments approach includes editor support, clear per-property documentation.

How would this tradeoff feel to you as a user?

https://redd.it/1lu4o0i
@r_php

What is the chain of type juggling that makes settype($obj, 'string') return 1 for a Stringable class?
https://3v4l.org/8gDuV

https://redd.it/1luju87
@r_php

Devs working in both PHP and Golang: how are your experiences?

I tried looking a bit at older posts, but most of them seem to fall into the "which is better" or "how do I migrate from X to Y" type of discussion, which is not what I am looking for.

Background: I'm a developer with almost 2 decades of experience in between dev and product management. Have been working with PHP since 2023, first using Symfony and currently with Laravel (new job, new framework).

I'm keeping an eye open for new positions (early stage startup, you never know), and each time I see more and more positions asking for both PHP and Go, which got me curious about how they are used together in a professional environment.


So, asking the devs who in fact work with both: how is the structure of your work? Do you work migrating legacy services from PHP to Go? Do you use them in tandem? What's your experience in this setting?

https://redd.it/1luotad
@r_php

PhpStorm doesn't have to look like a big, heavy IDE 👀

Transform it into a sleek, modern editor that's a joy to code in 🤩

https://youtu.be/khWprU8Xvmg

https://redd.it/1lupc2w
@r_php

Make PhpStorm Look Beautiful & Clean in 10 Minutes ✨
https://youtu.be/khWprU8Xvmg

https://redd.it/1lup0dv
@r_php

Laravel Serializable Closure: serialize the unserializable
https://youtu.be/SvSxH-iPpOc

https://redd.it/1lutns7
@r_php

Action Pattern in Laravel: Concept, Benefits, Best Practices
https://nabilhassen.com/action-pattern-in-laravel-concept-benefits-best-practices

https://redd.it/1luvbnw
@r_php

🎉 Just published my first open source Laravel package
https://packagist.org/packages/selli/laravel-gdpr-consent-database

https://redd.it/1luw48i
@r_php

Learn filamentphp v4 in 25 minutes!
https://youtu.be/q1Wy8tZc7aw

https://redd.it/1luzv66
@r_php

Laravel Livewire + FrankenPHP + Mercure Demo

I built a quick demo using Laravel Livewire, FrankenPHP, and Mercure
Repo: https://github.com/besrabasant/frakenphp-demo

https://redd.it/1lv9d75
@r_php

Laravel Livewire + FrankenPHP + Mercure Demo

I built a quick demo using Laravel Livewire, FrankenPHP, and Mercure
Repo: https://github.com/besrabasant/frakenphp-demo

https://redd.it/1lv9e8h
@r_php

Another recount on breaking into a retired PHP app (RainLoop) using textbook vulnerabilities (unserialize, not checking file paths, etc.).

Unlike the other time, it seems there is no English text available, so just a short recount by yours truly.

Although RainLoop web-mail client looks extremely dated, and its Github repo is in the archived state, it was listed as an obscure web-mail option by a Beget cloud platform, and hence was eligible for their bug bounty program. So a bug hunter nicknamed hunter decided to dig in.

And so how it went:

`+` unserializse, fed by cookie input in RainLoop\Utils::DecodeKeyValuesQ()
- that input is encrypted with a long key stored in SALT.php
`+` curl is fed by invalidated user-supplied data allowing file:// scheme in RainLoop\Actions\DoComposeUploadExternals()
- there is no direct way to get the output
`+` attached files are not checked for validity, hence
create a new mail with an arbitrary attach file
save it as a Draft and check the HTTP request
modify it so the attachment becomes file:///var/www/html/data/SALT.php (it's unclear how the path was discovered but it's doable, like via guesswork or relative path)
check whatever attachment hash returned by the system
use that hash to forge a request for attachment
bingo, we have SALT.php attached.
+ now we can create a payload for unserialize and encrypt it using the actual key

Now the story goes on creating the executable payload. The list of used libraries were examined and Predis was targeted, starting from destructor method in \Predis\Response\Iterator\MultiBulkTuple(), resulting in POC code. And then, once MultiBulkTuple's desctuctor is called, Predis/Command/Processor/KeyPrefixProcessor.php would execute calluserfunc() with a command stored in DispatcherLoop::$callbacks and payload DispatcherLoop::$pubsub and the simplest command would be system with whatever shell command you can imagine.

Also there was a note that all this long way was really unnecessary as it turned out that gopher:// based SSRF could have directly manipulated php-fpm service. Though I am not sure how exactly it could be done, but would like to learn.

From this story I learned about file:// and gother:// protocols supported by curl, the latter being effectively a telnet client which can be used to connect any TCP service by asking curl to open a gother:://service:port/payload URL.

https://redd.it/1lvftxe
@r_php