Feed aggregator

On NETTUTS.com today there's a new detailed tutorial on how to use the access control list functionality that comes with the CakePHP framework.

If you're building a CMS, you'll probably need different user roles'"superusers, admins, users - with different permission levels. Too complicated to code? Enter CakePHP's ACL (Access Control Lists). With the right setup, you'll be checking user permissions with just one line.

They talk about what "access control lists" are but shows you an example of one including the database tables and the full scripts for the Users controller, a model to hook into the database and the view for output to the user. They include methods for denying access, checking permissions, and modifying a user's permissions.

On Developer.com today there's a new post listing ten experimental projects that are "pushing the envelope" in the PHP languages:

As the saying goes, "Just because you can do something doesn't mean you should." But in the world of programming, stretching boundaries is just part of the fun. The PHP community has never been one to shy away from bending their favorite language more ways than a shopping mall pretzel, and as the ten wild projects introduced in this article indicate, the fervor for experimentation is as strong as ever!

Here's their list of the ten projects they see as trying to stretch the language to its limits:

• LisPHP
• Phalanger
• PHPLinq
• PHP-GTK
• Quercus
• PHP.js
• Qwench
• Phergie

On the Ask About PHP blog today there's a new tutorial about integrating the OpenFlashCharts tool into a CodeIgniter application to display data.

I recently upgraded some of my Codeigniter applications that used OpenFlashCharts to using FusionCharts Free, and at the same time incorporated some javascript to allow me to change the graphs dynamically at the client-side. This has greatly improved the usability of my charts and graphs that I pump out. As such, I thought I would share how I did this and hopefully someone will find it useful as well.

He walks you through the steps needed to install - putting all of the files in the right places, creating a controller to use the scripts and a view to output the finished chart. A demo of the end result is also included.

The Zend Framework team announces the immediate availability of Zend Framework 1.10.7, our seventh maintenance release in the 1.10 series. This release includes around 60 bug fixes. For those uses of Zend_Service_Twitter , please ensure you upgrade to 1.10.6 or 1.10.7 ASAP. These releases introduce a change in the Zend_Service_TWitter API that enforces the use of OAuth by default when using methods that require authentication. The change was introduced to help prepare Zend Framework users for the Twitter OAuthcalypse in mid-August. (If you cannot upgrade, there are other ways to integrate Zend_Oauth with Zend_Service_Twitter .)

In the latest post to his blog Chris Hartjes talks about how he got python and PHP working together as a part of his testing with Hudson.

These days, it's becoming increasingly harder to find web applications that are homogenous in terms of the tools they use to Get Things Done. [...] Loosely coupled components, passing messages to each other, is great architecture to try and build if you have both the skills and patience to make it work.

His technique combines the testing of PHPUnit for PHP with the Py.test functionality for Python with the continuous integration tool Hudson to run them both as a part of the same build process.

Have a flair for translation and want to help out an open source project in need? Consider helping the Symfony Project with their translation efforts for their manual.

The Symfony2 documentation is written in English and many people are involved in the translation process. First, become familiar with the markup language used by the documentation. Then, subscribe to the Symfony docs mailing-list, as collaboration happens there. Finally, find the master repository for the language you want to contribute for.

Full details on what they need help on and where/how to get involved are on the documentation page of the new Symfony 2 website.

On PHPBuilder.com there's a recent article detailing some of the updates in the latest version of the ExpressionEngine product (CMS) from EllisLab.

This popular Web development solution recently took another major step forward with the July 12 release of ExpressionEngine 2.1, the product's first major upgrade in several years. Version 2 sports a number of new features and significant improvements over its predecessor, many of which I'll highlight in this article.

He touches on a few of the updates in this latest revision:

• CodeIgniter Integration
• Redesigned Control Panel
• Improved Template Management
• Integrated File Manager and Image Editor
• Accessories (a sort of add-on feature)

You can find out more about ExpressionEngine on its site.

Popular posts from PHPDeveloper.org for the past week:

• I Am Learning PHP Blog: Do Web-Scripting Languages Really Need OOP?
• PHPClasses.org Blog: Lately in PHP podcast - PHP for Android, PHP 6 canceled, APC in PHP 5.4
• JoomlaBlogger.net: How to understand Joomla templates in five easy steps
• WordPress Blog: PHP 4 and MySQL 4 End of Life Announcement
• Zend Developer Zone: Twice the Amount of Bugs and Twice the Amount of Winners!
• John Hamelink's Blog: Top codeigniter libraries I can't live without.
• Sebastian Bergmann's Blog: Using HipHop for Static Analysis
• NETTUTS.com: 20 Steps to a Flexible and Secure WordPress Installation
• Site News: Job Postings for the week of 07.18.2010
• Nick Belhomme's Blog: PHP 5.3.3 Namespaces

Description

I finally sat down and started work on a sandboxed DOM API. Originally I was just going to develop a new framework because the DOM is messy but instead I decided it would be cool to have a safe simulated DOM instead and build a framework on top of that.

It isn’t complete yet and there’s still a lot of work to do but it’s working pretty good. I still need to run some tests on it and try to break it but I don’t have time at the moment as I need to do other stuff.

One of the problems making a DOM API is that IE doesn’t have setter support even in IE8 it doesn’t allow you to define setters on normal objects. Because I spend most of my time hacking stuff it was a fun challenge to make IE support setters on DOM objects and keep my sandboxed whitelists.

It’s quite complicated and quite ugly in parts but it works and I think it’s the only way to support legacy browsers like IE7.

How it works

I have to test for the various setter support including defineSetter, Object.defineProperty and revert to the legacy onpropertychange. Object.defineProperty works fine in IE8 when using a DOM object but I encountered problems when I needed to assign to a sandboxed normal object. Here it gets ugly, I had to create a DOM object for any styles used by a node, this way both Object.defineProperty and onpropertychange allow me to monitor any assignments to the fake style object.

var styles = document.createElement('span');
node.$style$ = styles;
Object.defineProperty(node.$style$, '$'+cssProp+'$', {});
document.getElementById('styleObjs').appendChild(styles);
node.$style$ = styles;
node.$style$.onpropertychange = function(){}

As you can see with the code sample above I have to append the fake style DOM object for onpropertychange otherwise it won’t be called on assignments.

You can see this working by using the following test code:-

document.getElementById('x').style.color='#ccc';

So I proxy off all these functions and make the root node any html object, I use CSSReg and htmlReg to sandbox each modification to a property. Finally where it got complicated was supporting events, currently I only support “onclick” as I’m still testing but what happens is because the code is already sandboxed I don’t need to perform a rewrite so I pass this to JSReg as it’s already been converted, I supply the “this” object as the html element this allows the triggered event to call “this” as the current element.

That’s it! I’ve donated the code to OWASP and it will be free to use in your projects, any help testing or suggestions are most welcome, enjoy the demo!

Sandboxed DOM API

We are currently working on an app that uses a number of technologies, including PHP, Python, and MongoDB. Recently, a need arose to use sequential identifiers for users, similar to an auto_increment column in MySQL.

First, create a sequence collection that you can use to determine the next identifier in the sequence. The following creates a collection called seq that has a single sequence in it (for users), but you can add as many as you need:

db.seq.insert({"_id":"users", "seq":new NumberLong(1)});

Before adding a new user, you need to increment the sequence by one and fetch the next identifier. Fortunately, the findandmodify() command provides an atomic way to do this. Using the MongoDB shell, the command would look something like this:

db.seq.findAndModify({
    query: {"_id":"users"},
    update: {$inc: {"seq":1}},
    new: true
});

Because I'm using Lithium, I added a method for fetching the next identifier to my User model:

<?php
 
namespace app\models;
 
class User extends \lithium\data\Model {
 
    static public function seq() {
        $seq = static::_connection()->connection->command(
            array('findandmodify' => 'seq',
                  'query' => array('_id' => 'users'),
                  'update' => array('$inc' => array('seq' => 1)),
                  'new' => TRUE
            )
        );
 
        return $seq

Truncated by Planet PHP, read more at the original (another 2980 bytes)

In a new post to his blog today Sean Coates talks about some of his work with Iterators in PHP and how, despite a bad example in the manual, he solved his issue (and updated the PHP manual too).

In the back end, we have models that connect to CouchDB. These models implement the Iterator pattern to allow easy traversal of a record's keys. [...] Little did I realize that this implementation is very broken. [...] Over the past few years, I've implemented many iterators in this way, using PHP's implicit array manipulation functions (reset(), current(), key(), next()). He points out some issues with how PHP handles array index tracking and how, in the previous PHP manual example, it incorrectly checked for "false" against the current array value. His updated version doesn't have this issue. You can see it here.

On the TigerFish Interactive blog today there's a new post for Drupal-ers out there about using the SimpleTest plugin for Drupal 6 to run automated tests against Ajax callbacks.

In Drupal 6's excellent SimpleTest module, a method called drupalPost() allows you to simulate a button press on a form by taking the form's data and using HTTP POST to submit it. But what if you want to POST data to an AJAX callback URL? By default, SimpleTest checks which submit button you have pressed, but of course, when POSTing using AJAX, you probably won't have pressed a button!

After doing some searching on a problem he had - submitting a form without the actual form on a page - he decided the best solution was to create a base class that inherits from DrupalWebTestCase. This base class allowed him to make a POST request (via curl) to the page and simulate a form request. The code for the method is included.

On DevShed.com today there's a new tutorial about implementing the Asirra CAPTCHA system (from Microsoft) into your application for spam prevention.

Unlike other types of captcha that utilize difficult text obfuscation techniques (such as Google reCaptcha), this system utilizes images of dogs and cats, such as those shown in this screenshot.

They describe some of the reasons to use the system (hard to break, doesn't use sessions, easy to integrate) and how it works. They show how to implement the system on both the server and client side.

Earlier this week, I spent most of a day tracing through code in search of the source of a bug that was causing part of our application to fail in strange ways.

In the back end, we have models that connect to CouchDB. These models implement the Iterator pattern to allow easy traversal of a record’s keys.

When I wrote the code to implement Iterator several months ago, I dutifully checked the PHP Manual and adapted the reference example that I found there:

<?php
class Record implements Iterator
{
    // (partial class, showing the iterator implementation only)

	public $_data = array();

	public function rewind()
	{
		reset($this->_data);
	}
 
	public function current()
	{
		return current($this->_data);
	}
 
	public function key()
	{
		return key($this->_data);
	}
 
	public function next()
	{
		return next($this->_data);
	}
 
	public function valid()
	{
		return (current($this->_data) !== false);
	}

}

Little did I realize that this implementation is very broken. I’ll explain why, below.

Over the past few years, I’ve implemented many iterators in this way, using PHP’s implicit array manipulation functions (reset(), current(), key(), next()). These functions are very convenient because PHP arrays are so powerful — arrays in PHP work like ordered hash tables in other languages.

PHP’s implicit management of an array’s iteration index (the value that is incremented by next() and referenced by key()) is indeed convenient, but the convenience can sometimes be offset by its very implicitness — the value is hidden from you, the PHP programmer.

In PHP, generic array iteration (without the implicit iterator) isn’t actually as simple as it sounds. Remember that arrays aren’t arrays in the traditional sense, but ordered hash tables. Consider this:

$data = array('zero','one','two','three');
for ($i=0; $i<count($data); $i++) {
    // yeah, don't calculate count() on every iteration
    echo "{$data[$i]}\n";
}

Output:

zero
one
two
three

This first example is easy to iterate — the array contains sequential, numeric, zero-based keys. It gets more complicated when using non-sequential, and non-numeric keys:

$data = array(
    'apple',
    'cow' => 'moo',
    'pig' => 'oink',
    'orange'
);
for ($i=0; $i<count($data); $i++) {
    echo "{$data[$i]}\n";
}

Output:

apple
orange
Notice: Undefined offset: 2 in - on line 10
Notice: Undefined offset: 3 in - on line 10

I could use foreach, but because a numeric loop illustrates the point more clearly, here’s how I might implement the above code so that it works:

$data = array(
    'apple',
    'cow' => 'moo',
    'pig' => 'oink',
    'orange'
);
$k = array_keys($data);
for ($i=0; $i<count($data); $i++) {
    echo "{$data[$k[$i]]}\n";
}

Output:

apple
moo
oink
orange

This brings us back to the Iterator implementation. Why isn’t the code above correct? Take a closer look at this:

public function valid()
{
    return (current($this->_data) !== false);
}

A value of false in the array is indistinguishable from a false value returned by current(). Using the above implementation with the following array would cause it to bail after orange (and subsequently might cause you to waste a day tracking down the cause):

array(
    'apple',
    'orange',
    false,
    'banana',
);

On Tuesday night, I updated the manual to use an improved Iterator implementation. It’s probably a bit slower (so you can use the internal-indexing implementation if you’re sure your arrays will never contain false), but my implementation is more robust.

<?php
/**
 * A mixed-key iterator implementation
 *
 * Note: these array_keys() calls are slow. The array keys could be cached
 * as long as the cache value is invalidated when $_data is changed.
 */
class It implements Iterator
{
	public $_data = array();
	protected $_index = 0;

	public function rewind()
	{
		$this->_index = 0;
	}
 
	public function current()
	{
		$k = array_keys($this

Truncated by Planet PHP, read more at the original (another 765 bytes)

Jani Hartikainen has a suggestion for all PHP developers out there - stop using die() for handling errors!

What's the most common pattern for error handling you see in beginner's PHP code? - That's right, do_X() or die('do_X failed);. That's nice and all, as at least you have some sort of error handling, but I think this way of handling errors must go. There is no place for it in modern PHP code - it's the worst way to handle errors, not much better than not handling them at all.

He talks about why die() is so bad and some alternatives to it - trigger_error (with a custom error handler) and exceptions. When used correctly, these two can help your script correctly catch and handle errors without the mess of a die().

On his blog today Giorgio Sironi has a response to this post from the I Am Learning PHP blog asking if web scripting languages really need OOP functionality.

Yesterday I came across a question: Do Web-Scripting Languages Really Need OOP? Here's my answer: only if you want to do more than an Hello World script (which is paradoxically how old school programmers measure the utility of a language.) I'll express some of my thoughts without compromises, which will be up to you.

He opposes the claims of the other post, noting that there's a reason most PHP frameworks are object-oriented and his concern with some of the comments on the post. He also responds to two of the comments on the post - one about the private scope and the other about namespaces.

Here's what was popular in the PHP community one year ago today:

• Community News: The DooPHP Framework
• NETTUTS.com: Using htaccess Files for Pretty URLS
• PHPBuilder.com: Building a PHP Calendar
• IT World: How Microsoft Made PHP Suck Less on Windows
• CatsWhoCode.com: 15 PHP regular expressions for web developers
• Reinhold Weber's Blog: MVC anatomy for PHP developers
• Giorgio Sironi's Blog: Never write the same code twice: Dependency Injection
• NETTUTS.com: How to Create A Simple Web-based Chat Application
• DevShed: PHP 5 Helpers: Calling Methods Out of Object Scope
• Sameer Borate's Blog: Top 25 Most Dangerous Programming Errors
• Symfony Blog: The symfony Reference Guide: The new book about symfony
• IBM developerWorks: MVC with Agavi - Add forms and database support with Agavi and Doctrine
• PHPClasses.org: India will become number 1 source of PHP developers soon
• Kevin van Zonneveld's Blog: Prepare for PHP 5.3
• Chris Hartjes' Blog: So You Want To Telecommute? Part 1 - Building Trust

About a month ago my good friend Lorna Mitchell put out a call for stories on how working with Open Source has influenced people's careers. Given that a lot of my recent career has been driven by my involvement in Open Source, I shared my story with Lorna. But I also wanted to share some of my story with everyone. So here is my story and opinion on how Open Source can influence your career in a positive way.

In a new post to his blog today Gonzalo Ayuso offers some tips for those out there wanting to cluster their PHP applications effectively.

Sometimes a web server and a database is fair enough to meet our project requirements. But if the project scales we probably need to think in a clustered solution. This post is an attempt at being an unsorted list of ideas working with clustered PHP applications. Maybe more than a list of ideas is a list of problems that you will face when swapping from a standalone server to a clustered server.

He touches on a few different topics you might need to consider:

• consistency in source code
• writing to the file systems
• deployment problems
• authentication/authorization issues
• handling sessions/logs/cache files

On the IBM developerWorks site there's a recent tutorial about using PHP and Javascript with the XMPP to create a small web-based notification tool (called Pingstream).

Real-time web applications are networked applications, with web-based user interfaces, that display Internet information as soon as it's published. Examples include social news aggregators and monitoring tools that continually update themselves with data from an external source. In this tutorial, you will create Pingstream, a small notification tool that uses PHP and JavaScript to communicate over the Extensible Messaging and Presence Protocol (XMPP), a set of XML technologies designed to support presence and real-time-communications functionality.

You'll need to already have the usual software installed - PHP, Apache and MySQL - as well as a few others: Openfire, jQuery, Strophe, XMPPHP and LastRSS. They introduce some of the concepts behind real-time messaging, the XAMPP protocol and, of course the code to show how to create their service.