Fresh Yii news issue. Yii 2 extensions, Yii 3 progress and some good reading links.

LUYA admin 3.0.0 release

Two-Factor Authentication with OTP (One-Time Password)

You can now set up two-factor authentication for your account, rendering the need to send access tokens by email unnecessary. If secure login is set up, no access tokens will be sent to users with active two-factor authentication and OTP.

Remember Device

With version 3.0 it is now possible to remember devices: If the remember this device checkbox is ticked on login, you will be logged in automatically for a certain amount of days on this device without being asked for a password or access token. How does this work? LUYA will store a device-specific unique token in a cookie that will be retrieved when accessing the admin ui. If you are inactive for too long and the admin logs you out, the cookie with this information will be destroyed and the device will be removed from the list of remembered devices. So better don't fall asleep while typing. ;-)

Updated Account View

The account view received a small overhaul with accordions, an element widely used in the admin ui (it's an AngularJS directive that you can use everywhere in your custom LUYA code: <collapse-container title="Advanced Settings">Content</collapse-container>).

Improved Queue Errors

The integration with Yii Queue gets even deeper: Exceptions thrown while the queue is running are now logged for each retry. Even when a job is finished successfully in the end, all exceptions and errors thrown while processing the job are stored and visible. This makes it much easier to debug queue jobs!

"Forgot Your Password?"

Finally! A new button "Forgot Your Password?" is added to the login screen when enabled in the admin module configuration. By default it is disabled due to a small security risk. In order to enable the new option, set the LUYA admin module property $resetPassword to true.

By the way, if you would like to have a random image as a background of the login screen, simply install the login image extension https://luya.io/packages/nadar--luya-login-image.

Session Based Lockout Is Now IP Based Lockout

In the previous version of the LUYA admin we had integrated a session based lockout: If you failed to login a certain amount of tries, your session profile was locked out. As it is rather easy to clear session data, we have now implemented an IP based lockout. While it would still be possible to switch IPs, this method is preferred to session based lockout. In case of a brute-force attack and a breach of the email address, the email based lockout will take effect.

Please check the full Changelog and the Upgrading Guide where you will find a list of breaking changes.

February 2020, LUYA developer team

Good set of advice about how to write code.

Software engineering principles, from Robert C. Martin's book Clean Code, adapted for PHP. This is not a style guide. It's a guide to producing readable, reusable, and refactorable software in PHP.

Not every principle herein has to be strictly followed, and even fewer will be universally agreed upon. These are guidelines and nothing more, but they are ones codified over many years of collective experience by the authors of Clean Code.

An article by Níckolas Da Silva has some great advice about writing better tests.

First update from Yii team in this year. Yii 1 and Yii 2 releases, extensions and Yii 3 progress.

JetBrains released their own code font and bundled it with their recent IDEs. The font is good:

• Very readable.
• Usually indistinguishable symbols such as "0" and "O" are distinct.
• There are ligatures.

Fresh news from Yii development team. Yii 2 got new release. Yii 3 development goes forward. Yii 1 is surprisingly compatible with PHP 7.4.

PHP 7.4 was released. Yii can benefit from new features:

• Typed properties - would simplify checks overall and will make code stricter. Potentially we can adopt typed DTOs.
• Limited return type covariance and argument type contravariance - would allow to seamlessly add types for PSR interfaces (may not be needed since PHP-FIG is planning to update interfaces).
• Ability to throw __toString() exceptions - would simplify error handler and make widgets more reliable.

There's a poll about upping minimum required version for Yii 3.

This is a modified version of the basic template with some preconfigured features. I've created it to save time upon creating a new project.

You can find more in the readme.

Vitaliy Shulyak from 2amigos about optimizing performance of Yii 2 applications.