Dear Slim PHP community.
I am glad to present you my humble work. I made a demo project, which is based on Slim PHP 4
Your remarks and proposals are welcome.
Thank you.
2 Likes
From what I read it looks very clean and I like it.
Good luck in ukraine pal
Thank you, @LLEGAZ . Of course, nothing is perfect or very good. There is always place to improve something. Good luck.
Of course but as the famous quote says:
“Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.”
―Antoine de Saint-Exupéry
Yes. It is. It’s… perferct quote)
1 Like
What is it: [admin_data.json]( slim4-foto-kit/private/admin_data.json at master · emyca/slim4-foto-kit · GitHub ) ? Why don’t you keep this kind of data in `.env` non commitable?
“Veri” bad, “veri, veri, veri” bad.
Hi, @tj_gumis. Thank you for your remark and proposal.
Please, read attentively slim4-foto-kit/README.md at master · emyca/slim4-foto-kit · GitHub : “This is only demo app. In many cases assigned values are for demonstration purposes only…”.
This file slim4-foto-kit/private/admin_data.json at master · emyca/slim4-foto-kit · GitHub is commited ONLY for demo purposes, like this one slim4-foto-kit/config/env/env.example.php at master · emyca/slim4-foto-kit · GitHub .
Use .gitignore properly and you can make uncommited (and unpushable) anything what is proper for your specific project.
As for .env. I suppose you mean env-file, not a folder. I read some discussions about this matter. Lot of them say, it’s mostly a bad practice to keep sensitive data in env-files. Here are some links:
But, all in all, it stays an arguable matter.
As for, so called, private folder. As I said, it’s only for demo purposes. Again, read README.md, section Admin Auth : “…app is considered to be as application for a single person administration, … the app doesn’t need registration process.”. The private folder is considered as a storage place. It can contain files, which can serve as items of persistence. BUT. For more real and complex web-application, you should use database. Why? Because the web-app can be administrated not only single administartor. So, you need save different credentials for different administartors. Database is more suitable for that than file/files.
That’s why, I can not agree with your “…“Veri” bad, “veri, veri, veri” bad…”. I think, the demo project is good enough to form one’s own opinion and way of web-app development.
Regards.
1 Like
Little addition.
You may also ask: where to keep DB credentials? And of course, it can be, e.g., config/env/env.prod.php file. But do not forget to ignore it and change settings in config/defaults.php before deployment on production server.
All secrets always in root folder, in ./.env file and Dotenv is your best friend. End of story.
Not the best solution, that is for sure, but its like with the democracy - more pros than cons comparing to other approaches.
I admit, I have not read your README.md but some things you do, no matter what. Kind of “muscle memory“.
Speaking about your presentation. Do you mind if I drop in?
“…and Dotenv is your best friend. End of story.”. Yes, you can use, e.g., GitHub - vlucas/phpdotenv: Loads environment variables from `.env` to `getenv()`, `$_ENV` and `$_SERVER` automagically. , if I can understand right what you are meaning as Dotenv in context of our conversation. Also, you can do not use .env variable. You can read @odan’s article about Slim project configuration Configuration | Slim 4 Skeleton . That’s why, it’s not “…End of story.” but is “a set of ways”.
“…Kind of “muscle memory“.”. Hmm. I don’t see to the end what do you mean. But I think you mean not something very bad 
“Speaking about your presentation. Do you mind if I drop in?”. My project is public. That’s why it’s totaly free for constructive remarks and proposals. Also, everybody can use it free of anything.
1 Like
I’will tell you one of the reasons why I hate Symfony so much. Its community is like a cult, and Fabrice Potencier with his closest acolytes are the only source of truth. No, they’re not.
In Slim4’s case, Odan, despite of his unquestionable merits, isn’t either.
I hope he doesn’t even want to be.
You’ve got some tools, and Odan shows you his way to use them. The fact that he is the only one who shows it, does not mean there are not other ways.
1 Like
Yes, @tj_gumis. Development is a set of different ways and compromises. The way that somebody does it’s those somebody’s choice.
The way of one’s own development may be in the following stages:
- Do as skilled master does.
- Add something yours.
- Do complitely yours.
BUT. The base may mostly remains as those skilled person does. It depends of your targets and role. You are just a framework user or you are its developer/maintainer.
I wouldn’t like to discuss somebody’s cult. I rather interested in the somebody’s code examples, who, I think, is more skilled than me. The examples are as core implementation for my own code. I am not a fashion designer, I am just consume the product. This looks like the Android OS case. Vendors use it as basics for their own OS settings.
These are some intresting projects (list is not complete):
Somehow like that
P.S.: By the way, could you share your own Slim app repo. If you don’t mind. Thank you.
2 Likes
By the way, could you share your own Slim app repo. If you don’t mind. Thank you.
I can not show you any code made for my clients, and my private code is kept in my home server (Gitea), but of course I do not have a problem to discuss your code in detail, not so much to judge it, but to show that many things can be done differently than Odan proposes. I repeat I do not say, better, I say differently.
1 Like
I can not show you any code made for my clients, and my private…
You must not. You can simply show, if you wish of course, your demo/pet project, that does not recover your clients’ secrets, but shows your approaches. Again, if you wish and can. I do not insists.
“Talk is cheap, show me the code” (Linus Torvalds).
…I repeat I do not say, better, I say differently.
Yes. Show your public repo (your different way) 
More over, I’m convinced your different way may be better way. Why not?
I think your repo will be interesting all Slim community members. It’s a democracy in some way.
Thanks.
In the meantime, I took a look at your code profoundly.
To make a long story short, your code is week, very week, and believe me, I am very gentle now.
Even if you’re clearly not a professional, considering duration of your membership here, you should do it better, much better.
As a professional who is using Slim4 in everyday work for a “few“ years now, I was willing to discuss your project, to support you with your passion, but …
It appears to be a “cheep talk” for you, and I need to prove my value from your point of view.
There is nothing more to say. Happy coding.
… your code is week, very week…
May be it’s weak in some places, I do not argue too much. But it’s simply small public demo project. It’s not suppose to show all possibilities.
… I was willing to discuss your project…
If you really will to discuss, just do it. But not only discuss, also show your own examples. I’ll took a look at your code profoundly.
It’s a pitty, you gave up so fast.
Happy coding.
Yes llegaz/zelty-php but it is quite old and désuet so I will dive in your documentation to build anew, thank you kindly
Hi, @LLEGAZ. Ok. My public project is free.
1 Like
If you code as well as you argument your boss has to be very happy with you.
From my point of view when you are talking of “week code” (le code de la semaine ?), by weak I think you mean secure and again, from my side, his code appears secured enough for a demo project (JWT implemetation looks OK, but I didn’t test it or in depth analysis, not even using AI to audit it completely = yes I’m that lazy).
Just with a 1 or 2 glimpses of the code I can see :
- good quality
- well documented
- best practices applied.
- web app standard (AJAX, even if it’s old fashioned it works well)
- JWT to manage authentication (not a bad standard at all +
‘httponly’ => true, // prevent XSSwhich is a good point with the short, 15min duration for the token I think..)