โ˜… 3 years of Securing Laravel! ๐ŸŽ‚

https://securinglaravel.com/content/images/size/w1200/2024/08/X-years-of-Securing-Laravel.png

Greetings, my friends!

I’m writing this on 31st August 2024, and it is exactly 3 years since I sent out my first email to Laravel Security in Depth! There have been a few changes over the years, such as renaming to Securing Laravel back in May 2023, and moving from Substack to Ghost in April/May this year, but throughout all of that, I’ve been sending out emails each week about Laravel Security.

As of right now, I have written and published 90 security tips, and 28 in depth articles, alongside a bunch of other special articles, including the OWASP Top 10 series at the end of 2022. I still find those numbers incredible, especially since I’m pretty sure never actually missed a week! (I’ve been late a few times, but never missed one.) As someone who only blogged infrequently prior to starting this, and (still) is taking forever to build a course, I am incredibly proud of what I’ve been able to achieve with Securing Laravel.

All of that comes from you, my wonderful subscribers. I owe all of this to you, and your support and encouragement. Thank you so much for supporting Securing Laravel, and reading my emails every week. It means so much knowing folks value my work, and are interested in learning what I have to teach. ๐Ÿ™

Now, let’s look at what happened this past year…

Subscribers

As of right now, I have 3,858 subscribers (both free and paid), which is incredibly awesome! I was hoping to hit 4,000 by today, but that’s still pretty close! Last year I had 2,521 subscribers, which is an increase of 1,337. ๐Ÿคฃ (A good consolation prize for not hitting 4,000.)

Of that number, there are currently 162 premium subscribers, which I am absolutely humbled by. I started this as a labour of love, and it now financially supports me by directly paying for the time I spend writing these emails each week. As a self-employed consultant who loves doing developer education in the security space, this support means the world. Thank you. ๐Ÿฅฐ

I would love to grow both these numbers within the next 12 months, so I’m setting myself a goal of 6,000 total subscribers and 200 premium subscribers. ๐Ÿคž If I can get more premium subscribers, it will let me do some really cool things, but I’ll talk about that below.

Published Articles

In the last 12 months, I have published:

Note, the numbers don’t add up because my release schedule is every 8 days not 7, and last week was supposed to have an In Depth not a Tip.

The Security Tips covered a very wide range of topics this year, from protecting against timing attacks, increasing bcrypt rounds, avoiding XSS in various different scenarios, configuring security headers, validation, testing, and lots more…

We also had a departure from our normal schedule with a Laravel Security Notice, where I touched on the โ€œAndroxgh0stโ€ malware, which was "targeting" Laravel in the wild. Given it was going around the media without useful details, I felt the need to set the record straight on why it was most likely not going to affect you, and how to check you’re safe.

We recently started a new series called Pentesting Laravel, where I am walking you through my entire Security Audit and Penetration Testing process with an intentionally vulnerable app. This is my favourite series to date, and contains a lot of really cool tips. I’m not holding anything back, and you can take these articles and work through your own apps. The series will continue next week with part 3.

In addition, the following In Depth articles were published:

  1. Adding Rehashing to Laravel
    I walk you through the process of adding password rehashing back into Laravel (since it was inexplicitly missing), and explain how the authentication system works. This is a fascinating one for anyone interested in the auth system.
  2. Securing Apps on Forge
    An overview of my process for deploying apps on Laravel Forge and how I ensure they are deployed securely. A must for anyone who uses Forge, as some of Forge’s defaults aren’t security best practice.
  3. Introducing Random
    Release announcement and documentation for my PHP package called Random. It provides cryptographically secure randomness in various forms for all PHP apps, regardless of version and framework.
  4. Protecting Staging Sites!
    A bunch of tips and recommendations for deploying staging sites securely, to avoid them being compromised and used to attack production.
  5. Registration Without Enumeration!
    Answering a common question: how can you build a registration form that doesn’t leak user existence? The default Laravel scaffolding is very leaky, so this fills a gap if you deal with PII or PHI and can’t have enumeration vectors.
  6. Graceful Encryption Key Rotation
    Laravel 11 introduced encryption key rotation, so we dive into exactly how it works, and when you should (and shouldn’t) use it.
  7. Using CSS Clickjacking to Steal Passwords
    An exploration into a fun vulnerability I found on a client app, which involves abusing inline CSS to conduct a clickjacking attack to steal sensitive information like passwords. I am very proud of this one, as it shows just how sneaky some attacks can be, and how you have to be so careful with what you allow in your apps.
  8. Pentesting Laral part 1 – Passive Scans
  9. Pentesting Laravel part 2 – Configs, Dependencies, and Routes

In addition to writing a new email & article each week, I’ve also been working through my older articles, updating content and fixing styling, and posting them on social media. This has been a great way to get more eyes on the site, and more subscribers signing up. Most of my past articles are still very relevant, so keeping them circulating like this has the added benefit of reminding folks about important security issues.

Move to Ghost

I originally launched on Substack because they offered a really simple way to start a paid newsletter, and had solid technology and good marketing options. I was a happy author for the first couple of years.

When Twitter was bought by Musk and there was a kerfuffle regarding .substack.com links being blocked, I switched to a custom domain name (securinglaravel.com) and renamed to Securing Laravel. At the time it was motivated by the need to promote my links on Twitter and get rid of the .substack.com domain, but from that point I started to notice some warning signs around Substack (summary: Substack support racist content and attacked their users who tried to speak out about it).

Around the start of this year, I started to seriously look for an alternative and get off Substack. One option was to build a platform myself on Laravel, but I honestly just didn’t have the time to stuff around integrating billing, emails, member management, etc. That’s my eventual goal, but unless a lot of you suddenly sign up for a premium subscription soon, it won’t be happening this year. ๐Ÿ˜”

Instead, I looked at alternatives. I checked out three main options: Buttondown, beehiiv, and Ghost. I liked Buttondown, but it didn’t have a nice web presence, which is important for sharing on socials, and beehiiv was very noisy with a huge amount of features. Ghost felt simple but powerful, and most importantly, they had a Concierge Team who managed to migration for me!

After a bunch of questions to ease my paranoia, the migration actually happened! I sent out my first Ghost-powered Security Tip on the 6th May 2024!

The Concierge team made it fairly easy, but it wasn’t completely straightforward. There were some small things that went wrong, such as:

  • My Stripe account was locked by Substack, and require a game of three-player email tennis to get it locked at the right time.
  • None of the URLs persisting after the migration so the entire site 404’ed, but luckily this was easily fixed with a custom redirect route. (This had me stressed for a few hours though!)
  • Some of the content formatting had broken, with missing elements from Substack that Ghost doesn’t have.
  • No footnotes! ๐Ÿ˜ญ Long time readers will know I used to use footnotes excessively, so it was quite frustrating to discover they were missing. I’ve since changed my writing style so I don’t rely on them any more.
  • Ongoing billing issue! ๐Ÿ˜ก Annoyingly, Ghost doesn’t support importing to showing discounts applied to subscriptions prior to the import, which means anyone with a discount from Substack (or a legacy priced subscription), will see the wrong price in Ghost. I’ve had a number of folks cancel due to this, which is frustrating and disappointing that Ghost won’t fix it.

One final annoyance with Ghost is the inability to generate a discount offer that applies to multiple products – or even a discount code. Instead, to offer a 25% discount for Securing Laravel’s 3rd Birthday, I need to give you two different links and you need to decide between them which one to use… ๐Ÿ˜’

For example, this one will get you 25% off a monthly premium subscription:

While this one will give you 25% off a yearly premium subscription:

Yes, those links are real discounts. Do you like my sneaky sales segue? ๐Ÿ˜‰

The point of this email isn’t to sell you a premium subscription, so all I will say is that premium subscriptions allow me to dedicate time each month to write these emails and use my skills to improve security within the Laravel Framework and educate the community. Please consider upgrading to support my work if that is something you are able to do.

Analytics

One of the nice things about moving to Ghost is the ability to use my own analytics, so I now have Fathom Analytics set up and tracking views.

So let’s take a look at how it’s going:

Analytics from the start of May until 31st August.

It’s nice to see the number of people & views is increasing, especially the past 2 months when I’ve been trying to promote articles a bit more. I need to keep growing the site and getting more eyes on it, and now that I have decent analytics, I can track it better.

I find it fascinating that LinkedIn gives me such a high amount of traffic, and I really need to focus more of my energy over there!

Note, the high number of hits to the /?action=unsubscribe link in the above screenshot appear to be email clients that auto-click links. It does not correlate to the actual number of unsubscribes (which is incredibly tiny, for which I am very grateful).

The other interesting metric is the top countries. USA is understandably at the top, but it’s cool to see India and Netherlands so high! Australia is quite low in comparison, which means I need to do more promotion at home!

Top 15 countries in Analytics

Delayed Birthday Challenge

You will no doubt have seen me talking about the birthday challenge, which I was planning to run this week. Unfortunately I had to delay it, so I’m currently aiming for the end of September. I’ll keep you posted on that as I get the ball rolling. ๐Ÿคž

By way of explination (and this applies to why my course is taking so long too), this year has been an incredibly hard one, for a bunch of personal and health reasons. I’ve been living with Psoriatic Arthritis for 12 years, but it started to get really bad this year, most likely induced by a lot of extra stresses, and July and August were very tough months and it was hard to get much extra work done around the essentials. I’m starting to get it back under control now, but it’s an ongoing process.

I decided to delay the challenge, rather than try to push through, because I didn’t want to cut corners or reduce the scope. I want it to be a lot of fun, and challenging, and I will need to dedicate time to do it properly. Thanks for your patience while I get it organised, and I hope you enjoy it when it’s ready!

Looking Ahead

So what’s going to happen in the next 12 months for Securing Laravel?

The most important thing is, I will continue publishing my weekly Security Tips and monthly In Depth articles on my usual schedule. ๐Ÿ™‚

As part of that, I will continue the Pentesting Laravel series, and then probably write accompanying articles for my Laracon AU talk for November. This is a brand new talk, so there may be a few things I want to cover! Alongside these, I need to set up and run the 3rd birthday competition. Ideally in September, but worst case I’ll hold it alongside Laracon AU in some fashion.

In terms of new things, I’m considering adding a Community Links section into each Security Tip email. This would be similar to the what Laravel News does in their weekly newsletter, but focused specifically on Laravel and PHP security-related articles, and packages. Folks in the community would be able to submit their links, and I’ll include them in my emails – sharing the love and hopefully exposing cool new resources. (Let me know if this is something you’re interested in?)

I mentioned my desire to grow the number of premium subscribers above, and my reasons for that are relatively simple: I want to spend more time working directly with the framework, and popular community packages, diving into the security-related components, looking for improvements and potential vulnerabilities/edge cases.

This is something I don’t get to spend enough time doing – most of my time is spent working with security audit clients and writing these emails. With more premium subscribers, I can shift more of my time onto Securing Laravel, and in addition to writing emails, I can dive into more framework and community code.

๐Ÿค“

I actually started working on an audit of a well known package a few months ago, but it proved infeasible, so I shifted to doing my Pentesting Laravel series on a custom app I built. I’ve a few ideas to make this possible in the future.

One final thing I want to do is publish my Dropbear toolkit, as a free open-source tool for the community to use to help secure and test their apps. It’s still a "works on my machine" state at the moment, so I need to work on that and get it ready for everyone.

Alright, that’s a whole lot of words, so I think it’s time to finish up!

Thank you once again for being a subscriber to Securing Laravel. Your support means so much to me, and I love knowing there is a community around writing secure apps and learning more about security.

Please tell all of your Laravel and PHP friends, co-workers, and enemies to subscribe, so we can grow this community to 4,000, and well beyond! (Remember, my goal is 6,000 in 12 months!)

Also, if you’d like to follow me on social media, you can find all of my accounts linked in Pinkary: https://pinkary.com/@valorin.

If I can ask one favour, since you’ve made it this far, can you please hit Reply in your email client and let me know two things:

  1. What you love about Securing Laravel.
  2. What you think can be improved about Securing Laravel.

Thank you,
Stephen

Laravel News Links

Unique + Interesting Lock Designs

https://theawesomer.com/photos/2024/09/unconventional_lock_mechanisms_t.jpg

Unique + Interesting Lock Designs

Most locks on doors and cabinets are pretty ordinary. 3D animator fkt likes to dream up designs for unique lock mechanisms, which make the process of locking things much more interesting to observe. Hereโ€™s a playlist of some of fktโ€™s amazing concept locks, each of which looks like it could be turned into a real-world lock with enough maker skills.

The Awesomer

Build Your Multi-Tenant SaaS App in Days with SaaSykit Tenancy

https://picperf.io/https://laravelnews.s3.amazonaws.com/featured-images/laravel-news-sp3.png

Build Your Multi-Tenant SaaS App in Days with SaaSykit Tenancy

SaaSykit Tenancy is a multi-tenant, feature-rich Laravel-based SaaS starter kit packed with essential features to power modern SaaS applications. It offers a significant head start by providing all the foundational components you need, enabling you to focus on building your unique SaaS features rather than starting from scratch.

SaaSykit Tenancy builds on the foundation of the original SaaSykit, adding multi-tenancy support to the mix. This means you can easily create a SaaS application that can serve multiple tenants (organizations), each with its own users, subscriptions, and settings.

Building a successful multi-tenant SaaS application is no small feat. In addition to developing your core idea, you must also manage a host of other tasks, such as payment integration, product management, subscription upgrades and downgrades, landing pages, email notifications, customer education through a blog, and much more.

This is where SaaSykit Tenancy saves the day.

SaaSykit Tenancy features at a glance:

  • ๐Ÿ‘ฏ Multi-tenant dashboards
  • ๐Ÿค‘ Seat-based subscriptions (charge per user) where billing is automatically synced with payment providers as users are added or removed from the tenant
  • ๐Ÿ’ด Flat-rate subscriptions per tenant
  • ๐Ÿ“ฉ User invitations to tenants
  • ๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘ Team Management, adding & removing users from tenants
  • ๐Ÿ‘ฎโ€ Tenant Roles & Permissions to control what users can do within a tenant
  • ๐Ÿ”Œ Events for tenant actions (user added, removed, invited, etc.)

plus all the beauties from the original SaaSykit:

  • ๐Ÿ’ฐ Payment provider integration (Stripe, Paddle & Lemon Squeezy)
  • ๐Ÿ’ป Easy product, plan, discount and pricing management
  • ๐Ÿ‘ฉ Stunning admin panel and user dashboard (powered by FilamentPHP)
  • ๐Ÿšช Beautiful checkout process
  • ๐Ÿงพ Invoice generation
  • ๐Ÿ—“๏ธ Ready-to-use components (hero sections, features, testimonials, and more)
  • ๐Ÿฅ‘ Built-in user authentication and social login (Google, Facebook, X, and more) & reCAPTCHA
  • ๐Ÿ“ˆ SaaS metric tracking in a beautiful dashboard
  • ๐ŸŽจ Customizable landing page styling for your branding
  • ๐Ÿ’Œ Email templates and transactional emails
  • ๐Ÿ“ Built-in Blog with automatic open graph image generation with many themes to choose from
  • ๐Ÿšง Integrated Roadmap for your SaaS
  • ๐Ÿง’ User / role management for admin panel
  • ๐ŸŒ Fully translatable and SEO-optimized
  • ๐Ÿš€ One-press deployment
  • ๐Ÿงช Clean code & automated test coverage included
  • ๐Ÿง‘โ€๐Ÿ’ป Extensive documentation
  • and much more

Whether you’re building a multi-tenant SaaS application or a user-based platform, for yourself or a client, SaaSykit has you covered. Both SaaSykit Tenancy and SaaSykit offer robust starting points for your project, saving you significant time and effort.

Get SaaSykit now and start building your SaaS app today!


The post Build Your Multi-Tenant SaaS App in Days with SaaSykit Tenancy appeared first on Laravel News.

Join the Laravel Newsletter to get all the latest
Laravel articles like this directly in your inbox.

Laravel News

If You’re Not Using This Type of Keyboard, It’s Time to Switch

https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2024/09/keychron-alice-keyboard-with-keyboard-in-background.jpg

Key Takeaways

  • Alice keyboards offer an ergonomic layout to reduce wrist movement.
  • Customizable options are available, like switches and keycaps, for comfort.
  • Switch to an Alice keyboard for increased comfort during long typing sessions.

If you’re looking for a new keyboard, there are many options. Apart from different sizes and switches, different layouts provide a more ergonomic user experience. Depending on how much you type, the comfort an Alice keyboard provides might just be reason enough to switch.

What Is an Alice Keyboard?

Alice keyboards split the traditional keyboard layout into two parts and angle the keys, so minimal wrist movement is required when typing. They’re also fairly new, with the first Alice-style keyboards designed by keyboard enthusiast Yuk Tsi in 2018. The split format in a single frame results in a much more ergonomic and comfortable typing experience than the standard "slab" keyboards we’re all used to.

Additionally, since your wrists aren’t moving as much, your shoulders and forearms feel more at ease during longer typing sessions. Note that Alice keyboards aren’t the same as split keyboards, which are divided from the middle into two separate units, each covering one side of the QWERTY layout.

Just like every other keyboard on the market, there’s a fair amount of customization, layout, and design options you can choose from when looking for an Alice keyboard. Since most, if not all, Alice keyboards you’ll find will be mechanical, you can change things like the switches and keycaps and even install mods to enhance the sound or feel of your keyboard.

The mods aren’t very different from regular keyboards either, so you can easily adapt them to the Alice format. Since they’re mostly mechanical, you’ll also be able to fix your keyboard when it doesn’t work as relatively easily.

More interestingly, Alice keyboards come in a few different options. These options vary between keyboards that change the number of keys, their alignment or orientation, and sometimes add extra features like additional buttons or dials.

How Are They Different From Regular Keyboards?

Alice keyboards, even in the QWERTY layout, differ from regular ones. It’ll take a while to get used to an Alice keyboard when first starting out, as the keys are in different places and angled differently. You’ll also try to subconsciously move your wrists, which throws you off at first.

However, once you get used to the layout, the real benefits of the Alice keyboard start kicking in. Since your wrists aren’t moving as much, you won’t feel as exhausted after long typing sessions. Additionally, if you have wrist pain or issues like carpal tunnel syndrome, an Alice keyboard can go a long way in providing comfort.

Why You Should Switch to an Alice Keyboard

The main reason you should switch to an Alice keyboard, especially if you type a lot, is comfort. They aren’t necessarily as ergonomic as the keyboard manufacturer would want you to think, but they’re easier on your wrists, forearms, and shoulders compared to a regular keyboard.

Just like gaming keyboards can be a great fit for even non-gamers, Alice keyboards are the next step. That is if you’re okay paying for them. Alice keyboards are not a popular product, so expect some markup from manufacturers. You can find some pretty good budget options, such as the Keychron V8 Max or Epomaker Cidoo, coming in at $100 and $45, respectively, at the time of writing.

There is a catch, though. Regular and fully split keyboards offer much more freedom of movement when typing, allowing you to type in different positions. Alice keyboards will work best when you’re in a certain position, meaning you won’t get to move around that much. If you often find yourself typing in different positions, an Alice keyboard might not be the best decision.

Overall, an Alice keyboard will provide better comfort during long typing sessions, with the same advantages as any regular mechanical keyboard. So, if you’re a programmer, writer, or anyone who spends a significant amount of time typing, you should definitely consider an Alice keyboard.

MakeUseOf

Different strategies for storing currency (MySQL)

https://accreditly.io/storage/blogs/110/different-strategies-for-storing-currency-values-in-mysql-1000.webp

2 min read

Published on 11th August 2023

Storing currency values in a database might seem like a trivial task, but it can become complicated due to issues like precision and rounding errors. This article will discuss several strategies for storing currency or money in a MySQL database, along with their pros and cons.

DECIMAL Data Type

The most recommended way to store currency is by using the DECIMAL data type. DECIMAL can store exact numeric data values, unlike FLOAT or DOUBLE, which are approximate numeric data types.

Here is an example of how to define a DECIMAL field for storing currency:

CREATE TABLE products (
    id INT AUTO_INCREMENT,
    price DECIMAL(19,4),
    PRIMARY KEY(id)
);

In this example, DECIMAL(19,4) means that the price field will store numbers that have up to 19 digits, including 4 digits after the decimal point.

Advantages:

Accurate to the last penny (or even beyond, depending on your specified decimal places), making it perfect for financial calculations. It is sometimes the guidelines of government financial bodies to store to 4 decimal places, even for currencies with only 2 decimal places. This is to increase precision when calculating tax.

Disadvantages:

  • DECIMAL columns take more storage space compared to FLOAT or DOUBLE.
  • Math operations with DECIMAL columns are slower compared to FLOAT or DOUBLE.

FLOAT or DOUBLE Data Types

Another way to store currency is by using FLOAT or DOUBLE data types, which can store approximate numeric data values.

CREATE TABLE products (
    id INT AUTO_INCREMENT,
    price FLOAT,
    PRIMARY KEY(id)
);

Advantages:

  • FLOAT and DOUBLE columns take less space compared to DECIMAL.
  • Math operations with FLOAT or DOUBLE are faster compared to DECIMAL.

Disadvantages:

  • FLOAT and DOUBLE cannot store exact values, which can lead to rounding errors. This makes them a poor choice for financial calculations where precision is essential.

Storing Cents Instead of Dollars

Another strategy is to store the money value in cents (or the smallest unit of your currency) as an INTEGER.

CREATE TABLE products (
    id INT AUTO_INCREMENT,
    price INT,
    PRIMARY KEY(id)
);

In this case, if the price of a product is $19.99, you would store 1999 in the price column.

Advantages:

  • Since you are storing an integer, the calculations will be exact, and you will not have to worry about rounding errors.

Disadvantages:

  • This approach requires you to manually convert between dollars (or your main currency unit) and cents in your application logic.

Choosing the right method to store currency values in your MySQL database depends on your specific use case. If exactness is critical, as it usually is in financial applications, DECIMAL is often the best choice despite its higher storage costs and slower calculations. FLOAT and DOUBLE could be used for applications where the speed of calculations is more important and a minor loss of precision can be tolerated. Storing money as cents in an INTEGER field is another approach that ensures exact calculations and could be convenient for certain applications.

Laravel News Links

Count Cells With Specific Text in Excel Using the COUNTIF Formula

https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2024/09/smartphone-with-logo-of-spreadsheet-editor-microsoft-excel-on-screen-in-front-of-company-website.jpg

Key Takeaways

  • Excel’s COUNT function produces a number of cells containing any value, but only COUNTIF and COUNTIFS can use conditions to narrow your results.
  • The COUNTIF function is used for one condition, while COUNTIFS allows multiple conditions to be specified in Excel.

When you’re staring at a massive spreadsheet, counting cells manually isn’t just tediousโ€”it’s a recipe for mistakes. Thankfully, Microsoft Excel’s COUNTIF formula swoops in to save the day. It lets you count cells based on specific text or conditions, turning your spreadsheet chaos into organized data magic.

How to Count Excel Cells Based on a Condition

Not to be confused with the SUM function, which adds up numerical values within a group of cells, the COUNT function on Excel establishes the number of cells that contain a value.

In the image above, the COUNT function produces the number of paychecks released in a single week. But in its basic form, this function will only take you so far. Its sister functions, COUNTIF and COUNTIFS, can narrow those results into only the cells that meet a condition or have a specific string.

For example, you might need to calculate only the number of checks over a certain dollar amount or paychecks related to particular people. In these cases, you’ll need to use COUNTIF and COUNTIFS.

Excel’s COUNTIF and COUNTIFS functions are exactly how they sound: they will count cells for you IF those cells meet criteria that you specify.

How to Count Cells With COUNTIF

You should use COUNTIF when you have just one condition to factor in. This function is handy when you need to count cells that exceed (or fall under) a specified number.

In the above image, an Excel sheet breaks down the payroll for two separate pay weeks. An Earned column contains a formula that calculates the amount of money a performer earned depending on a session fee and number of sessions. On a week during which a performer had no sessions, their total earned was 0, meaning they did not receive a paycheck.

Whereas the basic COUNT function would consider a 0 to be a numerical value and hence count it as a paycheck, I can instead use COUNTIF to clarify that I only want to count cells with numerical values over 0.

To use COUNTIF:

  1. Select the cell in which you’d like to display your COUNTIF output.
  2. Type in the =COUNTIF function.
  3. Within a set of parentheses, you should first include a cell range of where you want the function to look, a comma, and then what (a value, for instance) you want the function to look for.
  4. Hit Enter.

If I want to know how many paychecks were released during that week, I use the following formula:

=COUNTIF(E3:E8, >"0") 

The COUNTIF function is also useful when you have a dataset that contains repetitive values. Say I was looking at a statement of paychecks over a wide date range, and I needed to quickly count checks per person.

I could establish a column with each performer’s name, and use that cell number as the condition to count their paychecks:

=COUNTIF(A3:A9, F3) 

If I didn’t want to include a name column, I could alternatively use the exact text of their names in the COUNTIF function instead:

=COUNTIF(A3:A9, "P. King") 

Both of these functions will output the same result.

How to Count Cells With COUNTIFS

Maybe you’re set at this stage, or perhaps you need to implement additional conditions. Luckily for you, COUNTIF walked so COUNTIFS could run. Regarding the differences between COUNTIF and COUNTIFS, the gist is that COUNTIFS allows you to use multiple conditions instead of just one.

To use COUNTIFS:

  1. Select the cell in which you’d like to display your COUNTIFS output.
  2. Type in the =COUNTIFS function.
  3. A set of parentheses includes a cell range, a comma, the first value or condition you’d like the program to look for, a comma, a second cell range, a comma, and another condition.
  4. Hit Enter.

Here’s one example of what the formula might look like:

=COUNTIFS(B3:B18, G3, E3:E18, ">0") 

In this example, the spreadsheet calculates the number of paychecks per performer over multiple weeks by first specifying the person and secondarily establishing that we’re looking for any value over 0.

You might also want to not only separate paychecks per performer but also separate lower paycheck values from higher paycheck values.

In this example, which is based on a list of payroll checks released over a range of dates, the following function will establish the amount of high-value paychecks that were over $1,000 for a specific performer:

=COUNTIFS(A3:A9, "P. King", B3:B9, ">1000") 

Of course, the possibilities of the COUNTIF and COUNTIFS functions are virtually endless. You can take these functions to the next level by combining them with Excel’s wildcard symbols and nested IF statements in Excel. Ultimately, the right function for you depends on your dataset and what information you need to analyze.

MakeUseOf

Streamlining Data Processing with Laravel’s Pipeline Pattern

https://www.harrisrafto.eu/content/images/2024/08/20-08-2024-pipelines.png

The Pipeline pattern in Laravel provides an elegant way to pass data through a series of operations. This pattern is particularly useful for complex workflows or when you need to apply a sequence of transformations to your data. Let’s explore how to implement and leverage the Pipeline pattern in your Laravel applications.

Basic Pipeline Usage

Here’s a basic example of using Laravel’s pipeline:

use Illuminate\Support\Facades\Pipeline;

$result = Pipeline::send($order)
    ->through([
        ValidateOrder::class,
        ApplyDiscount::class,
        CalculateTax::class,
        ProcessPayment::class,
    ])
    ->then(fn ($order) => $order->complete());

In this example, an $order object is passed through a series of operations before being completed.

Creating Pipeline Steps

Each step in the pipeline should be a class with an __invoke method:

class ValidateOrder
{
    public function __invoke($order, $next)
    {
        // Perform validation logic
        if (!$order->isValid()) {
            throw new InvalidOrderException();
        }

        return $next($order);
    }
}

Passing Additional Parameters

You can pass additional parameters to your pipeline steps:

$result = Pipeline::send($order)
    ->through([
        ValidateOrder::class,
        [ApplyDiscount::class, $discountCode],
        [CalculateTax::class, $taxRate],
        ProcessPayment::class,
    ])
    ->then(fn ($order) => $order->complete());

In your pipeline step:

class ApplyDiscount
{
    public function __invoke($order, $next, $discountCode)
    {
        // Apply discount logic using $discountCode
        return $next($order);
    }
}

Using the Pipeline in Controllers

Implement the pipeline in your controller for clean, modular code:

class OrderController extends Controller
{
    public function store(Request $request)
    {
        $order = new Order($request->all());

        return Pipeline::send($order)
            ->through([
                ValidateOrder::class,
                SaveOrder::class,
                NotifyCustomer::class,
            ])
            ->then(fn ($order) => response()->json($order, 201));
    }
}

Error Handling in Pipelines

Handle exceptions within your pipeline steps:

class ProcessPayment
{
    public function __invoke($order, $next)
    {
        try {
            // Process payment logic
            PaymentGateway::charge($order->total);
        } catch (PaymentFailedException $e) {
            return response()->json(['error' => 'Payment failed'], 400);
        }

        return $next($order);
    }
}

Creating Reusable Pipelines

For frequently used pipelines, create a dedicated class:

class OrderProcessingPipeline
{
    public function __invoke($order)
    {
        return Pipeline::send($order)
            ->through([
                ValidateOrder::class,
                ApplyDiscount::class,
                CalculateTax::class,
                ProcessPayment::class,
            ])
            ->then(fn ($order) => $order->complete());
    }
}

Use it in your controller:

public function store(Request $request, OrderProcessingPipeline $pipeline)
{
    $order = new Order($request->all());
    return $pipeline($order);
}

Conditional Pipeline Steps

Add or remove steps based on conditions:

$steps = [ValidateOrder::class, SaveOrder::class];

if ($request->has('discount_code')) {
    $steps[] = ApplyDiscount::class;
}

$steps[] = ProcessPayment::class;

return Pipeline::send($order)
    ->through($steps)
    ->then(fn ($order) => response()->json($order, 201));

The Pipeline pattern in Laravel offers a clean, modular approach to handling complex workflows. By breaking down your logic into small, focused steps, you can create more maintainable and testable code. This pattern is particularly useful for processes like order processing, user registration, or any scenario where you need to apply a series of operations to your data in a specific order.

If this guide was helpful to you, subscribe to my daily newsletter and give me a follow on X/Twitter. It helps a lot!

Laravel News Links

Laravel package for using Microsoft mail, OneDrive, Teams, Excel, Calendars and Contacts

https://opengraph.githubassets.com/64df237792f136c48c459cc2b4214519830c794a15e07213670c1933719513b1/LLoadout/microsoftgraph

Latest Version on Packagist
Total Downloads

Laravel package for using Microsoft mail, OneDrive, Teams, Excel, Calendars and Contacts

This package makes a wrapper around the Microsoft Graph API.

  1. It provides a Mail driver for Microsoft mail.
  2. It provides a storage driver for OneDrive.
  3. It provides functionality to interact with Microsoft Teams.
  4. It provides the possibility to work with Excel, making it possible to write and read Excel files.
  5. It allows you to manage calendar events.
  6. It allows you to manage contacts.
  7. It allows you to read and handle mail.

You need to register an app in the Microsoft Azure Portal to use this package. Follow the steps in the Microsoft docs:
https://docs.microsoft.com/en-us/graph/auth-register-app-v2

You can install the package via composer:

composer require lloadout/microsoftgraph

Add this to your .env file and fill it with the values you specified in Microsoft Azure Portal app registration.
If you created a multi-tenant app in Azure AD than you don’t put your tentant id into the MS_TENANT_ID variable but you set it to common.

MS_TENANT_ID=
MS_CLIENT_ID=
MS_CLIENT_SECRET=
MS_GRAPH_API_VERSION=v1.0
MS_REDIRECT_URL=https://your-url.com/microsoft/callback

The package uses OAuth and provides two routes

The first redirects you to the consent screen of Microsoft

https://your-url.com/microsoft/connect

The second is the callback url you need to specify in Microsoft Azure Portal app registration as redirect uri

https://your-url.com/microsoft/callback

The callback will fire an MicrosoftGraphCallbackReceived event, you have to listen for this event in your EventServiceProvider and store the accessData to a session variable microsoftgraph-access-data.
You can add your token store logic in a listener for this event.

public function boot()
{
    Event::listen(function (MicrosoftGraphCallbackReceived $event) {
        session()->put('microsoftgraph-access-data', $event->accessData); 
    });
}

The package will search for a session variable name microsoftgraph-access-data for establishing the connection. So
please provide this variable with your accessData as value when logging in.
For example: On login, you get your accesData from the database and store it into the session
variable microsoftgraph-access-data.

You have to provide this API permissions: Mail.send

Set the environment variable MAIL_MAILER in your .env file

MAIL_MAILER=microsoftgraph

note: make sure your from address is the address you gave the consent to

Mail::send(new YourMailable());

Mail::raw('The body of my first test message', function($message) {
    $message->to('john@doe.com', 'John Doe')->subject('A mail send via lloadout/microsoftgraph');
});

Reading and handling mail

You have to provide this API permissions: Mail.Read, Mail.ReadWrite, Mail.ReadBasic

    getMailFolders(): array|GraphResponse|mixed
    getSubFolders(id): array|GraphResponse|mixed
    getMailMessagesFromFolder([folder: string = 'inbox'], [isRead: true = true], [skip: int = 0], [limit: int = 20]): array
    updateMessage(id, data): array|GraphResponse|mixed
    moveMessage(id, destinationId): array|GraphResponse|mixed
    getMessage(id): array|GraphResponse|mixed
    getMessageAttachements(id): array|GraphResponse|mixed
    $mail = app(Mail::class);

    collect($mail->getMailFolders())->each(function($folder){
        echo $folder['displayName']."<br />";
    });

    //get all unread messages from inbox
    collect($mail->getMailMessagesFromFolder('inbox', isRead: false))->each(function($message) use ($mail){
        echo $message['subject']."<br />";
    });
        

You have to provide this API permissions: Files.ReadWrite.all

add the onedrive root to your .env file:

MS_ONEDRIVE_ROOT="me/drive/root"

All methods from the Laravel Storage facade are available. https://laravel.com/docs/8.x/filesystem#configuration

The package created a disk called onedrive. This means that you can use all the methods as described in the Laravel docs: https://laravel.com/docs/8.x/filesystem#configuration

$disk = Storage::disk('onedrive');
#create a dir
$disk->makeDirectory('Test folder');
#storing files
$disk->put('Test folder/file1.txt','Content of file 1');
$disk->put('Test folder/file2.txt','Content of file 2');
#getting files
Storage::disk('onedrive')->get('Test folder/file1.txt');

You have to provide this API permissions: Chat.ReadWrite

    getJoinedTeams(): array|GraphResponse|mixed
    getChannels(team): array|GraphResponse|mixed
    getChats(): array|GraphResponse|mixed
    getChat(id): array|GraphResponse|mixed
    getMembersInChat(chat): array|GraphResponse|mixed
    send(teamOrChat, message): array|GraphResponse|mixed

First instantiate the Teams class

$teamsClass = new Teams();

Get all the teams you are a member of ( additional permissions needed: Group.Read.All )

$joinedTeams = $teamsClass->getJoinedTeams();

Get alle the channels for a team ( additional permissions needed: Group.Read.All )

$channels = $teamsClass->getChannels($team);

Get all the chats for a user ( additional permissions needed: Chat.Read.All )

$chats = $teamsClass->getChats(); 

Get a chat by a given id ( additional permissions needed: Chat.Read.All )

$chats = $teamsClass->getChat('your-chat-id'); 

Get all the members in a channel ( additional permissions needed: ChannelMessage.Read.All )

$members = $teamsClass->getMembersInChat($chat));

Send a message to a channel ( additional permissions needed: ChannelMessage.Send )

$teamsClass->send($teamOrChat,'Hello world!');

You have to provide this API permissions: Files.ReadWrite.all

    loadFile(file): void
    loadFileById(fileId): void
    setCellValues(cellRange, values: array): void
    getCellValues(cellRange): array
    recalculate(): void
    createSession(fileId): string

First instantiate the Excel class

$excelClass = new Excel();

Load a file from OneDrive

$excelClass->loadFile('Test folder/file1.xlsx');

Load a file by its id

$excelClass->loadFileById($fileId);

Set cell values of a range

$values = ['B1' => null, 'B2' => '01.01.23', 'B3' => 3, 'B4' => '250', 'B5' => '120', 'B6' => '30 cm', 'B7' => null, 'B8' => null, 'B9' => null, 'B10' => null, 'B11' => null, 'B12' => 2];
$excelClass->setCellValues('B1:B12', $values);
$excelClass->getCellValues('H1:H20');

You have to provide this API permissions: Calendars.ReadWrite

    getCalendars(): array
    getCalendarEvents(calendar: Calendar): array
    saveEventToCalendar(calendar: Calendar, event: Event): GraphResponse|mixed
    makeEvent(starttime: string, endtime: string, timezone: string, subject: string, body: string, [attendees: array = [...]], [isOnlineMeeting: bool = false]): Event

First instantiate the Calendar class

$calendarClass = new Calendar();

Get all the calendars

$calendars = $calendarClass->getCalendars();

Get all the events for a calendar

$events = $calendarClass->getCalendarEvents($calendar);

Save an event to a calendar, the event object is a MicrosoftGraphEvent object
We made a helper function to create an event
object Calendar::makeEvent(string $starttime, string $endtime, string $timezone, string $subject, string $body, array $attendees = [], bool $isOnlineMeeting = false)

$calendarClass->saveEvent($calendar, $event);

You have to provide this API permissions: Contacts.ReadWrite

First instantiate the Contacts class

$contactsClass = new Contacts();

Get all the contacts

$contacts = $contactsClass->getContacts();

Please see CHANGELOG for more information on what has changed recently.

Please see CONTRIBUTING for details.

Please review our security policy on how to report security vulnerabilities.

The MIT License (MIT). Please see License File for more information.

Laravel News Links

๐Ÿ”ด Watch: Trump Town Hall LIVE!

https://www.louderwithcrowder.com/media-library/image.png?id=53590081&width=980

President Donald Trump speaks to Americans through Pennsylvania voters in the capitol city of the cradle of liberty at the New Holland Arena in Harrisburg. Fox Newsโ€™ Sean Hannity moderates. The President will address voter issues including but not limited to the state of inflation in our economy thanks to Bidenomics & Kamalanomics, gun crime, abortion rights, illegal immigration at our southern border, and the overall state of democracy in America. We have special drinking game rules for you, Josh Firestine is here, and so much more! Strap in, people! We have two months to go till Election 2024 in America!

Subscribe to Louder with Crowder on Rumble! Download the app on Apple and Google Play.

RUSSIA

ABORTION

SAVE Act (Safeguard American Voter Eligibility Act)

ECONOMY/INFLATION

ENERGY

GUNS

LEGAL TROUBLES

MIDDLE EAST

TAXES

KAMALA FLIP FLOPS THUS FAR

Louder With Crowder