Use PHP Composer with an existing project

Robert Andresen Programming Leave a Comment

I have been aware of what PHP Composer has been for a long time, but I never used it before these last days. My goal was to “install” Adldap2 and replace it with the first deprecated version.

This wasn’t as straight forward as I thought, because of bad or not relevant documentation everywhere. Almost every documentation about PHP Composer shows what it is, how to install and how to write a composer file for your own application.

But what if you just found an application on Github that you want to use in your existing project? How does it work and what does it do?

This short little tutorial will only show you how to integrate a “composed” code in to your existing application. I you are not that familiar with Composer, i really recommend to see some YouTube tutorials and read some docs before.

First of all: Install PHP Composer

See her for documentation: https://getcomposer.org/doc/00-intro.md

I installed it globaly on Centos7 server by:

#curl -sS https://getcomposer.org/installer | php<br />
#mv composer.phar /usr/local/bin/composer

First line will download it in you current location. The second line will move it, so you can use “composer” command globally.

Create a composer.json file

The only documentation in Adldap2 for composer is;
Insert Adldap into your composer.json file:
“adldap2/adldap2”: “5.2.*”

I had to read, try and fail, to find out how to set it up… I ended up with a “composer.json”-file like this:

So in my adldap2-folder I have one file:
composer.json

 

Run composer

Navigate to the path of the composer.json and write composer update, like this:

# composer update<br />
<span style="color: #339966;">Loading composer repositories with package information</span><br />
<span style="color: #339966;">Updating dependencies (including require-dev)</span><br />
- Installing <span style="color: #339966;">doctrine/collections</span> (<span style="color: #ff6600;">v1.3.0</span>)<br />
Loading from cache</p>
<p>- Installing <span style="color: #339966;">adldap2/adldap2</span> (<span style="color: #ff6600;">v5.2.8</span>)<br />
Downloading: <span style="color: #ff6600;">100%</span></p>
<p><span style="color: #339966;">Writing lock file</span><br />
<span style="color: #339966;">Generating autoload files</span>

And then….

The adldap2-folder will look like this:

vendor (folder)
composer.json
composer.lock

The packages downloaded will be added under /vendor folder.
E.g. /vendor/adldap2/…

To use adldap2, you have to include the /vendor/autoload.php file.

Example of code for testing:
Remember this is a sample code that need to be edited with your own paths, servers, user, etc…

My thoughts about composer

I understand the benefits of using composer, as it boost the developers performance. You also don’t need to load classes and check for requirements when using the composer.

But keep in mind! By using it, you will auto-download third party packages. By require one package, the composer can also download multiple required packages for that single package you are requesting. This means you have less control of what is actually included in your application.

If you google composer and security, there has been som issues already. Some people mirrors the Git-repositories to get control, so they can update and pull their own code. But is it necessary to use the composer then? Why not download the packages manually and just use an autoloader?

In the end, the Composer can be a great tool! But do an risk assessment before using it 🙂