• Adam Wathan

    Picture of Adam Wathan
    Adam is a senior developer who has worked with PHP for over 12 years. He's passionate about software design, test-driven development and building great products. He's the author of Refactoring to Collections, the host of the Full Stack Radio podcast, and the creator of Nitpick CI. When he's not writing code, he's winning gold medals at Canadian powerlifting competitions.


    • Curing the Common Loop (with Collection Pipelines)

      Trying to understand a complex function full of nested loops and conditionals is like trying to read a "choose your own adventure" book from front to back. In this whirlwind tour of programming with collection pipelines, you'll learn how to use functional programming ideas to break down complex code and abstract hidden duplication behind expressive higher order functions. Together we'll refactor ugly, complicated spaghetti into a series of simple, elegant transformations; free of loops, complex conditionals, and temporary variables. Never write another loop again.
    • Test Driven Laravel

      Learning how to test your code can be overwhelming. Sure, building a calculator with TDD is easy, but when you're trying to build a real application, things get complicated fast. What's the difference between a mock and a stub? Are my tests allowed to hit the database? How do I test this billing code that interacts with Stripe? Together we'll TDD a fresh Laravel app from scratch, never writing a line of code without writing a test first. I'll show you how to get the ball rolling with your application's very first test, how to add new features with outside-in TDD, and how to design tests that make it easy to refactor with confidence.
  • Andrew Cassell

    Picture of Andrew Cassell
    Andy Cassell is a full-stack web application developer in Herndon, Virginia who designs and builds user experiences that are delightful on any device. Andy is an employee of the non-profit Marine Spill Response Corporation, the largest dedicated oil spill and emergency response organization. He works on their website and internal web applications.


    • Manage Private Internal Dependencies With Composer and Satis

      In this talk we'll discuss how to set up and use Composer to pull open-source packages from public repositories on packagist.org. Then we'll learn how to create your own private/corporate package management server using Satis. And we'll go through an example of how to integrate your own private code packaging server into your daily development workflow.
    • Domain-driven Design Deconstructed

      Once you try domain-driven design (DDD), you will never design software in the same way again. We will start by discussing what it means to use a ubiquitous language, encapsulate logic in value objects, and use bounded contexts, entities, and aggregate roots to manage state and protect invariants. We will also cover more-advanced topics in the DDD world, such as event sourcing and command query responsibility segregation.
  • Anna Filina

    Picture of Anna Filina
    Anna has been a Web developer for nearly two decades. She likes elegant code, robust frameworks, lightning performance, automated testing and timely project delivery. She has a knack for breathing new life into legacy code and teaching developers of all levels. Anna owns FooLab and organizes the ConFoo conferences.


    • Rewriting 15-Year-Old Code

      Did you ever have to maintain a 15-year-old application? Dead code and tables everywhere, static methods, database queries in between HTML tags and some pages still in PHP 3. This presentation will lead you through a progressive rewrite from very old legacy to the latest shiny version of PHP. Learn how to automate legacy testing, how to seamlessly jump between the old and new parts, and how to overcome other challenges that arise from dealing with legacy.
  • Beau Simensen

    Picture of Beau Simensen
    Beau Simensen (beau.io) has been a professional polyglot programmer since 1998. He is co-host of That Podcast. An active open-sourcer, he created Sculpin and helped create Stack PHP. He is also the Sculpin representative to the PHP Framework Interoperability Group (PHP-FIG). Beau is a proponent of framework agnostic code. Unglue all the things!


    • Introduction to Event Sourcing and CQRS

      Have you heard about event sourcing and wondered what it is all about? Have you looked into it and wondered what sort of sorcery is going on behind the scenes that makes this magical technology work? Are you convinced that you cannot possibly move your existing applications to be event sourced? Take a step back and learn how event sourcing can be applied to a simple database-backed object model with little to no fuss. From there, see how you can start adding read models and begin to see how event sourcing and CQRS (Command Query Responsibility Segregation) go hand in hand!
    • Learn to Stop Wiring and Love Laravel's Container

      You've heard about dependency injection and inversion of control. Everything seems easy at first and you've found a container or two to help make your life easier. Until it isn't anymore. Suddenly you've found yourself managing complicated YAML, XML, or PHP container configurations. Making any change to your classes dependencies seems like a chore and any time you add a new class to the system you dread the inevitable configuration container configuration wiring blues. Life doesn't have to be this way! In fact, life isn't this way for anyone who uses an autowiring container like Laravel's. Far from the most publicly marketed component, Illuminate\Container handles a lot of the magic that makes Laravel so much fun to use. Find out how you can use Laravel's container in almost any project! See how autowiring can free your mind from having to manually configure ever little dependency. Learn how you, too, can learn to stop wiring your dependency injection container and love Laravel's container!
  • Ben Ramsey

    Picture of Ben Ramsey
    Ben Ramsey is a web craftsman, author, and speaker. He is a software architect at ShootProof, where he builds a platform for professional photographers. He enjoys organizing user groups and contributing to open source software. Ben blogs at benramsey.com


    • Identify ALl The Things With UUIDs!

      Universally unique identifiers—a.k.a. UUIDs—are a fun and exciting way to identify things. Use them to identify books, documents, parents, pets, bread, apples, very small rocks—the list goes on! But why stop there? We can keep issuing UUIDs for eternity and never run out. They’re practically unique. Join this whirlwind adventure in search of the perfect identifier to find out why UUIDs might be good for your projects. Along the way, you’ll learn what is a UUID, the various types of UUIDs, pros and cons of using UUIDs, and how to use the ramsey/uuid library to generate all kinds of UUIDs. Advanced and little-known features of ramsey/uuid will be covered.
    • Mastering OAuth 2.0 with league/oauth2-client

      OAuth 2.0 isn't easy, and everyone has a slightly different implementation, making interoperability a nightmare. Fortunately, the PHP League of Extraordinary Packages provides league/oauth2-client. Aiming for simplicity and ease-of-use, league/oauth2-client provides a common way to access providers. This talk introduces OAuth concepts, demonstrates how to perform OAuth flows with league/oauth2-client, and shows how to use league/oauth2-client to build a client library for your own provider.
  • Chris Hartjes

    Picture of Chris Hartjes
    Chris Hartjes has been building web applications of all shapes and sizes since 1998, ranging from catalogs for CD compilations for professional DJ’s to large-scale dating web sites. He works for Mozilla as part of their Firefox Test Enginnering team. A huge consumer of open-source software, Chris tries to give back to the community via his blog, by speaking at conferences, and by co-organizing TrueNorthPHP. He is also a big believer in the power of testing and automation as secret weapons for organizations to deliver high quality applications quickly. He currently lives in Milton, Ontario, Canada with his long-suffering wife and two patient daughters.


    • Last One Out Please Shut Down The Conference

      In the final talk of the final edition of TrueNorthPHP Chris talks about what the event has meant to him and what's next
  • Colin DeCarlo

    Picture of Colin DeCarlo
    Colin is a senior developer for Vehikl, a web application consultancy, based out of Waterloo, Ontario, Canada. While at his $dayJob, he tirelessly refactors, tests and indents with tabs. He has also been a co-organizer of the Guelph PHP Users Group since its inception 4 years ago.
    Picard > Kirk, vim > emacs
    // => true, true


    • Keeping Eloquent Eloquent

      Laravel's Eloquent ORM is an Active Record implementation that makes working with databases almost even fun. It's simple and intuitive API is honestly a breath of fresh air. But not everything is always roses, Eloquent can't protect you from using in ways it wasn't necessarily intended to be used. This presentation pulls examples from my own experiences and highlights some of the mistakes I've made while working with it. Each example is then refactored in a way which keeps Eloquent eloquent.
  • Cory Fowler

    Picture of Cory Fowler
    Cory Fowler is a Program Manager on Azure App Service with a primary focus on the PHP Stack. He has been a part of all aspects of the industry including Startups, SMBs, Agencies, and Large Enterprise. Cory is a proud Ginger and Canadian who enjoys sharing his knowledge.


    • Azure Functions and App Service Linux Support

  • Derick Rethans

    Picture of Derick Rethans
    Derick Rethans is a PHP internals expert, author of Xdebug and an OpenStreetMap and mapping enthusiast. He has contributed in a number of ways to the PHP project, including the Xdebug debugging tool, and various extensions and additions. He's a frequent lecturer at conferences, the author of php|architect's Guide to Date and Time Programming, and the co-author of PHP 5 Power Programming. He is now working at MongoDB to work on the PHP driver for MongoDB.


    • Grown-up MongoDB: Schema Design

      Although MongoDB is a non-relational database, it is still very important that you store your data in an optimal way. This presentation make you grow up from just starting with MongoDB, to a seasoned user, by teaching you how to design your data schema according to your application's needs. This requires a different mind set than designing for a relational database. Besides schema design techniques, I will also cover how to pick indexes, different types of indexes, and way to find out why queries are potentially not as fast as they could be.
    • Locate all the things

      n this talk you will learn how to effectively store, retrieve and display geospatial data, such as roads, points of interests and more. First we will be importing an OpenStreetMap dataset covering Toronto into MongoDB. This is not trivial due to the amount of data. After importing, we will look at which types of queries we can run to find things. Either by predicates, or with geospatial queries. And last we will have a look at how to display the data that we've requested, through a website using the Leaflet mapping library.
  • Edward Finkler

    Picture of Edward Finkler
    Ed Finkler, also known as Funkatron, started making web sites before browsers had frames. He does front-end and server-side work in Python, PHP, and JavaScript. He is the CTO at Graph Story. He served as web lead and security researcher at The Center for Education and Research in Information Assurance (CERIAS) at Purdue University for 9 years. Along with Chris Hartjes, Ed is co-host of the Development Hell podcast. Ed's current passion is raising mental health awareness in the tech community with his Open Sourcing Mental Illness speaking campaign. Ed writes at funkatron.com


    • Grumpy and Funky Change The World

      In June of 2012, Episode 15 of the Development Hell Podcast was released. It started a movement in the tech industry. We tell the story of how it happened, the incredible response we received, and how it grew into a non-profit organization dedicated to changing and saving lives.
  • Elizabeth Smith

    Picture of Elizabeth Smith
    Elizabeth has been using PHP since time immemorial (PHP 4 beta), but has used PHP 5.6 for so long now that she’s forgotten how she ever got by without traits and namespaces. She also plays far too much with C based languages and has the superpower of breaking things, like valgrind and gdb, on the same day. She went to college for dance which quickly became an English major after the first baby. If you see her in person, ask how she wound up with a career in computers.


    • PHP Extensions Tutorial

      Ever had a need for some library in C in your PHP code? Or want to hook into the engine to do evil? Or maybe you just want to make some part of PHP better. And then you say “but I don't know enough C”. PHP extensions are actually quite easy to write, even for those with only the smallest amount of C knowledge, if you know the secret incantations, places to find help, and where to get your tribal knowledge. Write your own extension in this step by step tutorial which assumes you know nothing of PHP internals, the very basics of C syntax and little more, and have the ability to type “./configure && make && make install && make test” We'll also touch on recognizing and fixing non PHP7 compatible extensions.
    • Taming the Resource Tiger

      No matter how many virtual machines you throw at a problem you always have the physical limitations of hardware. Memory, CPU, and even your NIC's throughput have finite limits. Are you trying to load that 5 GB csv into memory to process it? No really, you shouldn't! PHP has many built in features to deal with data in more efficient ways that pumping everything into an array or object. Using PHP stream and stream filtering mechanisms you can work with chunked data in an efficient matter, with sockets and processes you can farm out work efficiently and still keep track of what your application is doing. These features can help with memory, CPU, and other physical system limitations to help you scale without the giant AWS bill.
    • Modern SQL

      Everyone knows that SQL is an outdated tool with a standard written in 1992 that isn't webscale. Who needs consistency or isolation or even atomicity with your data. Just shove it in a document store! And then that transaction is suddenly missing for your user... SQL is not a dirty word, and if you're processing data you should know how to use the right tool for the job. Learn about modern SQL dialect features including CTEs, aggregate filters, with clauses and more. We'll look at database support for these features, and use Postgresql for examples. We'll also look at features that many traditionally relational databases are adding and play with Postgresql's jsonb features.
  • Eric Tousignant

    Picture of Eric Tousignant
    After attending 6 conferences over the last 3 years, I worked up the courage to get up on stage and present my first talk. I've been a professional web developer for the last 7 years and spent the last 3 years specializing as a Front-End Developer on projects for well-known brands with large user bases and high traffic. I recently worked on a project to convert a site from a monolithic application to a Single-Page Application and want to talk about it.


    • Create a disposable Front-End

      This talk is based on my experience of heading a site revamp (redesign) where we created a simple, effective, and logic-less Single-Page Application (SPA) Front-End on top of a big monolithic in-house Back-End. I will be giving an overview of the benefits of a server-rendered SPA with minimal logic (logic-less) templating engine and the steps we took to move from an MVC PHP site to an MVS PHP Back-End with a Mustache-based template Front-End and very simple JavaScript router.
  • Evert Pot

    Picture of Evert Pot
    Evert is a long time PHP developer, CTO of fruux and has a strong interest in building HTTP-based applications. Evert is the original developer for sabre/dav. He's also a member of the CalConnect standards consortium and PHP framework interoperability group. Since 2012 he's the CTO for fruux, a web startup in Germany. He does this from his home in Toronto, Canada.


    • Getting started with sabre/dav

      WebDAV is a network file system, and is supported on every modern operating system. Since WebDAV is based on HTTP, we can use PHP to create applications that directly integrate with a users’ file system. While WebDAV itself is pretty old-school, it actually allows for some interesting applications, and integration is easier than you might think. This talk walks you through the basics of WebDAV, and then we’ll you started with sabre/dav. By the end of this talk you should be able to create a simple virtual filesystem with PHP.
    • Making CSS fun again with Sass

      When looking at the average CSS file, it is hard to imagine that it was ever intended to be written and maintained by people. Nearly every stylesheet I've seen has been started with great intentions. But in the end the ease of quickly adding another class tends to outweigh the discipline required to keep things organized and logical. If you recognize this problem, Sass may be of help. In this talk we'll be discussing the various features of Sass, how you can integrate it into your workflow, and what some of the best practices are.
  • Ilia Alshanetsky

    Picture of Ilia Alshanetsky
    Over the last 10 years Ilia has been heavily involved in development of PHP, as a Core Developer and Release Master, authoring many extensions and language improvements. Ilia is also interested in security and performance, and frequently is writing or speaking on these and other PHP related topics. In his spare time he pretends to be a pro-photographer and engages in various sports.


    • Business Logic Security

      This session will outline security practices and solutions designed to address security issues within application's business and processing logic, which are often overlooked in favour of basic security flaws such as SQL Injection, XSS, etc... The session will focus on how to implement mechanisms for improving data access, avoiding common ACL pitfalls, etc.
    • Deep Dive Into Browser Performance

      In the world of the Internet user's experience is in many cases controlled by the browser, and the browser's ability to render the page is the ultimate measure of how fast or slow a particular page and/or application is in the eyes of the user. This session will outline the tools that can be used to effectively measure the user experience in the browser as well as outline a number of approaches and performance tricks designed to improve and accelerate that experience.
  • Jeff Kolesnikowicz

    Picture of Jeff Kolesnikowicz
    Jeff has been developing websites since 1999 when he launched his first website, made with Perl. Since then he’s used a bunch of other ancient technologies like vanilla ASP, PHP 4 and Java cough. Jeff is a senior developer at Allied Health Media, and built one of their products, Simucase, using websockets. Jeff works from his home near Toronto under the close eye of his manager; his cat Benny.


    • The Websockets Awaken: Using websockets in your PHP application

      Websockets give you real-time access to your PHP application, facilitating data transfer between the browser and the server. With the popularity of Javascript libraries like Node.js and Meteor, websockets are Hot Stuff™. But just because they’re popular with the Javascript crowd doesn’t mean PHP applications are left out in the cold. In this talk, we will discuss three different use cases for websockets as well as strategies for implementing websockets into your PHP application. We will look at the most popular websocket protocols and specifically an overview of the WAMP protocol (the protocol, not the stack - http://wamp-proto.org) and the PHP Ratchet library. At the end of this talk, you’ll have a better sense of what websockets are, how they work, and how to use them in your application.
  • Josh Butts

    Picture of Josh Butts
    Josh Butts is the VP of Engineering at Offers.com, located in Austin, Texas. In addition to over a decade in the trenches of e-commerce at Offers.com, he is also the organizer of Austin PHP, one of the largest PHP user groups in the US. Josh has taught several classes in PHP and enjoys the opportunity to share his experiences with the PHP community.


    • Containerizing PHP Applications

      Lets face it, Docker is hot right now. If you’re itching to get started but aren’t sure how, you’ve come to the right place. In this tutorial, we’ll spend some time going over basic Docker concepts like Dockerfiles, containers, images and registries. Then we’ll look at some sample applications including Wordpress, Drupal and some framework-based examples and talk about strategies for building Docker images for these various different scenarios. We’ll also cover how to handle external dependencies such as file storage, databases, caches in both development and production environments.
    • Just-In-Time Software Manufacturing

      Kanban is a method of managing processes that was originally pioneered in the automobile manufacturing industry in Japan. The Kanban method for managing software projects lowers the barrier to shipping working code and dramatically reduces the project management overhead for engineers participating in the process. In short, Kanban allows engineers and product groups to deliver real value at a very rapid pace, while still maintaining some sanity. Kanban is an excellent complement to the technical aspects of a continuous delivery process. We'll learn what Kanban means to your team, how to get started transitioning to it, and how to avoid common mistakes.
  • Larry Garfield

    Picture of Larry Garfield
    Larry Garfield has been building websites since he was a sophomore in high school,which is longer ago than he'd like to admit. Larry has been an active Drupal contributor and consultant for over a decade, and led the Drupal 8 Web Services initiative that helped transform Drupal into a modern PHP platform. Larry is Director of Runtimes and Integrations at Platform.sh, a leading continuous deployment cloud hosting company. He is responsible for Platform's container-based products and developer advocacy, with an aim to make hosting major OSS projects with Platform.sh 'stupid easy'. He is also still a de facto Drupal developer evangelist within the PHP community, as well as the Drupal representative to the Framework Interoperability Group. Larry holds a Master’s degree in Computer Science from DePaul University. Larry is a co-author of 'Drupal 7 Module Development' from Packt Publishing. He blogs at both http://platform.sh/ and http://www.garfieldtech.com/.


    • Drupal 8: The Crash Course

      One of the most widely-used and mature Content Management Systems on the planet, Drupal runs more than one in fifty websites in the world. However, it has always been something of an odd duck, with an architecture and design very different than anything else in PHP. Enter Drupal 8: Almost a complete rewrite under the hood, Drupal 8 is a modern, PHP 5.5-boasting, REST-capable, object-oriented powerhouse. Now leveraging 3rd party components from no less than 9 different projects, Drupal 8 aims to be the premiere Content Management Platform for PHP. But how do you use all this new-fangled stuff? This session will provide a walkthrough of Drupal's key systems and APIs, intended to give developers a taste of what building with Drupal 8 will be like. Prior familiarity with Drupal 7 is helpful but will not be assumed.
  • Marc-Antoine Aubé

    Picture of Marc-Antoine Aubé
    I am a passionate developer from Quebec, with a deep interest for topics like TDD, DDD and Event Sourcing. Over the years, I've used a wide variety of tools and languages to help businesses solve complex problems and create value for their customers. I have a strong focus on testable and maintainable code, and love talking about software patterns, architecture and best practices. When not coding, you can probably find me on a trail somewhere remote, reading a book in my hammock.


    • Mutation testing with Humbug

      Satisfied with your unit test code coverage? Are you sure that your code is thoroughly tested, and not merely executed by the tests? Learn what mutation testing is, and how Humbug can help you give your test suite a run for its money. Humbug is a tool that injects defects and regressions in your code and then checks if your tests noticed.
  • Marco Tabini

    Picture of Marco Tabini
    After working on everything from computer games to tax software, Marco co-founded PHP Architect—the world’s most popular magazine dedicated to PHP—and helped run it for nearly ten years before selling it to its current owners. After three years as VP of Product for Vancouver-based Telemetry, he moved to The Muse, where he currently serves as the VP of Engineering.


    • Dispelling Five Untruths About Programming

      A look at five myths about software engineering that never seem to go away
  • Markus Latzel

    Picture of Markus Latzel
    Markus has been steering the Palomino team through a recent re-incarnation of WebPal Cloud Server and the ensuing migration of its customer base to a new way of editing content and managing business applications. An engineer and entrepreneur at the same time, Markus believes in building solid software that matters to business and helps it grow, while making end-users happy. When not growing a business or leading product dev, Markus spends time on family nature hikes and jumping into icy waters.


    • Pushing Git Where It Doesn't Belong

      In this talk, I will present our approach to using Git in an environment where it conceptually does not belong: Business Operations. As a custom CMS provider, we asked ourselves: could we somehow force communication officers, marketing gurus, bloggers and content editors to fall in line with our PHP coders and adhere to common version control principles? And if so, what would we gain? Would we find a stream of seamless pull requests, or a never-ending disaster of merge conflicts, blames, and end-user frustration? I will share how we saw a bit of both, describe challenges of managing content like code, and our approaches for translating Git-jargon to business users. But also, I hope to discuss the enormous gains that can be achieved when mapping DevOps processes onto the business world.
  • Michelangelo Van Dam

    Picture of Michelangelo Van Dam
    Michelangelo van Dam works at in2it as a professional PHP consultant assisting businesses to automate their development processes, improve their code quality and train their development teams. Michelangelo is also president of the PHP user group PHPBenelux where he and a team organizes monthly meetups, development events and an annual conference. He's a devoted member of the global PHP community and contributes to open-source projects, mainly PHP related. In his spare time, Michelangelo likes to spend all his time with his wife and 3 sons.


    • Let your tests drive your development

      Test driven development (TDD) is still a subject all developers agree upon it's a great thing, but never get around to actually do it for many reasons. In this workshop I use real world business requirements for which code needs to be produced, but we're doing it in a TDD way. No matter if you're already a testing veteran or a junior developer just started working yesterday, this workshop will give you the basic skills to continue your career as a Test Driven Developer.
    • 200K+ reasons why security is a must

      We all have focussed on best practices and code quality over the past years, but we seemed to forgot the most important aspect of the web: security. Security is a mindset that needs to be present from the earliest phase of any project as the complexity of an application can make it very hard to implement good and layered security features. This talk will cover the basic concepts of security and what you as a developer (or business) should do to prevent bad things from happening and what you need to do when you've been compromised.
    • Azure and OSS< a match made in heaven

      Microsoft has done a tremendous good job in supporting open source software (OSS) on their cloud solution Azure, making it the now the best cloud solution for professional IT requirements. In this talk I will explain how today's IT challenges can be tackled by using OSS solutions within the Microsoft Azure ecosystem. I will also give you an overview of ready-to-use OSS solutions provided by Azure library or how you can set it up yourself and run your own open-source based projects on Azure. From a simple WordPress blog all the way to enterprise applications, Microsoft Azure supports it all. Come and see for yourself how you can use Azure for your PoC to production deployments.
  • Nara Kasbergen

    Picture of Nara Kasbergen
    Nara is a full-stack developer in NPR's Digital Media group, having spent the past two years building and growing NPR One's developer platform and NPR One for the Web, an Angular2 webapp. Previously, she was part of the NPR Music responsive redesign project. In a past life, she was an AngularJS early adopter at an edtech research lab at Columbia University. She has a BFA in Communication Design from Carnegie Mellon University, and a Masters from the Interactive Telecommunications Program (ITP) at NYU. Nara is an avid foodie who knows all the best restaurants, collects board games, and watches too much Netflix.


    • Building A Developer Platform: From (o)Auth to Zen

      You've built an API to support your company's internal technical needs, and now you're thinking about opening it up either to the public or to a set of approved third-party partner developers. What's next? At NPR, we spent most of 2015 building a developer platform for our cloud-based listening app, NPR One, and the six key technical components that we've focused on are: authorization (using OAuth 2.0); documentation; permissioning; rate limiting; self-service console; and a versioning strategy. Come learn how we did it, including lessons learned, things that (often to our own amazement) worked out well, and a myriad of things that we wish we'd done differently, from an NPR developer. (And yes, we did it all in PHP!) While not highly technical (there won't be much, if any, code on the screen), this is intended to be an intermediate-level talk; ideally, you'll have built an API, are totally comfortable talking about your tech stack, and have built or used an OAuth client in the past, so you're familiar with the general principles of the OAuth 2.0 protocol.
  • Stephane Boisvert

    Picture of Stephane Boisvert
    Stéphane Boisvert is a team lead for WordPress.com VIP, working on some of the world’s largest site time consulting clients on architectural decisions as well as helping review code for security and performance.


    • WordPress code Security

      We will go over some of the most common attack vectors in code and how to protect against them while you write or edit a theme or plugin. Escaping in WordPress SQL and Data sanitization Currentusercan() Using Nonces to protect against CSRF WordPress and PHP Security Gotchas