NEXCESS.NET Internet Solutions 304 1/2 S. State St. Ann Arbor, MI 48104-2445 http://nexcess.net PHP / MySQL SPECIALISTS! Simple, Affordable, Reliable PHP / MySQL Web Hosting Solutions POPULAR SHARED HOSTING PACKAGES MINI-ME $ 6 95 POPULAR RESELLER HOSTING PACKAGES 500 MB Storage 15 GB Transfer 50 E-Mail Accounts 25 Subdomains 25 MySQL Databases PHP5 / MySQL 4.1.X SITEWORX control panel /mo SMALL BIZ $ 21 95 2000 MB Storage 50 GB Transfer 200 E-Mail Accounts 75 Subdomains 75 MySQL Databases PHP5 / MySQL 4.1.X SITEWORX control panel /mo N EX R ESELL 1 $ 16 95 900 MB Storage 30 GB Transfer Unlimited MySQL Databases Host 30 Domains PHP5 / MYSQL 4.1.X NODEWORX Reseller Access All of our servers run our in-house developed PHP/MySQL server control panel: INTERWORX-CP INTERWORX-CP features include: - Rigorous spam / virus filtering - Detailed website usage stats (including realtime metrics) - Superb file management; WYSIWYG HTML editor INTERWORX-CP is also available for your dedicated server. Just visit http://interworx.info for more information and to place your order. WHY NEXCESS.NET? WE ARE PHP/MYSQL DEVELOPERS LIKE YOU AND UNDERSTAND YOUR SUPPORT NEEDS! ORDER TODAY AND GET 10% OFF ANY WEB HOSTING PACKAGE VISIT HTTP://NEXCESS.NET/PHPARCH FOR DETAILS Dedicated & Managed Dedicated server solutions also available Serving the web since Y2K /mo N EX R ESELL 2 $ 59 95 7500 MB Storage 100 GB Transfer Unlimited MySQL Databases Host Unlimited Domains PHP5 / MySQL 4.1.X NODEWORX Reseller Access /mo CONTROL PANEL : php php 5 php php 4 NEW! PHP 5 & MYSQL 4.1.X PHP4 & MySQL 3.x/4.0.x options also available We'll install any PHP extension you need! Just ask :) 128 BIT SSL CERTIFICATES AS LOW AS $39.95 / YEAR DOMAIN NAME REGISTRATION FROM $10.00 / YEAR GENEROUS AFFILIATE PROGRAM UP TO 100% PAYBACK PER REFERRAL 30 DAY MONEY BACK GUARANTEE FREE DOMAIN NAME WITH ANY ANNUAL SIGNUP 4.1.x 3.x/4.0.x II NN DD EE XX 6 EDITORIAL You Know Nothing 7 What’s New! 51 Test Pattern The Never Ending Backlog by Marcus Baker 55 Product Review Jaws 0.5: Just When You Thought it was Safe to Go Back in the Water by Peter B. MacIntyre 59 Security Corner Persistent Logins 62 exit(0); Oh No, Not Again! by Marco Tabini 10 The Anatomy of a Hit: An Advanced PHP & MySQL Hit Counter by John R. Zaleski, Ph.D. 22 Solving the Unicode Puzzle by Michael Toppa 29 XMLPull An Alternative to DOM & SAX by Markus Nix 40 More on Advanced Sessions and Authentication in PHP5 by Ed Lecky-Thompson TABLE OF CONTENTS php|architect TM Departments Features Have you had your PHP today?Have you had your PHP today? The Magazine For PHP Professionals http://www.phparch.com NEW COMBO NOW AVAILABLE: PDF + PRINT NNEEWW LLoowweerr PPrriiccee!! NNOOTTHHIINNGG yyoouu kknnooww EEDDIITTOORRIIAALL S oftware development is humbling. Just when you think you’ve got a solid handle on every last (important) bit of tech- nology you need to complete the project at hand, you’re often slapped in the face with the news that you’re just plain wrong. This news can be both frustrating, and encouraging (at the same time, believe it or not). Let me set the scene. Your team has been commissioned with adding a new section to your corporate intranet. In the course of the addition, you adopt a new technology of some sort. Perhaps this is a new database abstraction layer, or a different manner of handling HTML forms. It could be anything; it doesn’t really mat- ter. Your team has worked on this new module for two months. You’ve put all of your collective knowledge and experience into the project. The launch date is in a couple days, and you’re actu- ally going to make your deadline. So, this sounds pretty good so far; what could go wrong? Perhaps one of the directors is about to walk in with a must-have feature that needs to be in the next release, and will disrupt your schedule? Sure. This happens all the time, but it’s not the scenario I’m thinking of—that’s just frustrating, and rarely the least bit encouraging. The bad situation that I’m thinking of is (oddly) free of managerial influence. This new technology that you’ve adopted is really great. It has a few problems, but you’ve managed to work around them. All things considered, it’s saved you many hours in the course of the past few weeks, and you’ve been bragging about it to your devel- oper-friends who work at different companies. Then, in the course of your daily, duly-diligent reading of various PHP news sources, you discover a brand-new, just-released-yester- day extension that could replace this other new technology you’ve already adopted. Not only is it a suitable replacement, but it solves all of the problems you had to work around, and also opens the door to new possibilities that you didn’t even consider. Frustrating because you’re about to release a critical project that encompasses technology that you’ve just discovered is inferior. But encouraging because you’re now awaiting the day you’re allowed to rip out all of that legacy (but, ironically, not-yet-released) code and employ a superior product. So, what’s my point? Simple: I know nothing. What I think I know is only temporary, and could be supplanted at any moment. My life as a developer is a constant journey of staying on top of things, and no matter how much I think I “have it covered,” there’s always something new about to appear on the weblog, newsgroup, or source repository of tomorrow. I hope the articles in this issue open your eyes to new ideas. Especially the XMLPull article, which I think is pretty sweet new (well, newer) technology, and that it’s not too late to incorporate these ideas into your current—or next—project. May 2005 ● PHP Architect ● www.phparch.com 6 php|architect Volume IV - Issue 5 May, 2005 Publisher Marco Tabini Editor-in-Chief Sean Coates Editorial Team Arbi Arzoumani Peter MacIntyre Eddie Peloke Graphics & Layout Aleksandar Ilievski Managing Editor Emanuela Corso News Editor Leslie Hill news@phparch.com Authors Marcus Baker, Ed Lecky-Thompson, Peter B. MacIntyre, Chris Shiflett, John R. Zaleski, Ph.D., Michael Toppa, Markus Nix php|architect (ISSN 1709-7169) is published twelve times a year by Marco Tabini & Associates, Inc., P.O. Box 54526, 1771 Avenue Road, Toronto, ON M5M 4N5, Canada. Although all possible care has been placed in assuring the accuracy of the contents of this magazine, including all associated source code, list- ings and figures, the publisher assumes no responsibilities with regards of use of the information contained herein or in all associated material. Contact Information: General mailbox: info@phparch.com Editorial: editors@phparch.com Subscriptions: subs@phparch.com Sales & advertising: sales@phparch.com Technical support: support@phparch.com Copyright © 2003-2005 Marco Tabini & Associates, Inc. — All Rights Reserved EE DD II TT OO RR II AA LL RR AA NN TT SS TM Solar 0.2.0 paul-m-jones.com announces the release of Solar 0.2.0. What is it? According to solarphp.com: "Solar is a simple object library and application repository (that is, a com- bined class library and application component suite) for PHP5." "Solar provides simple, easy-to-comprehend classes and components for the com- mon aspects of web-based rapid application development, all under the LGPL." Solar is designed for developers who intend to distribute their applications to the world. This means the database driver functions work exactly the same way for each supported database. It also means that localization support is built in from the start." Get all the latest info from solarphp.com. phpBB 2.0.14 The phpBB Group announces the release of phpBB 2.0.14, the "We know we are (not) furry" edition. "This release addresses some bugfixes as well as fixing some minor non- critical security issues. All issues not reported to us before being released are not credited to the founder, as usual." "As with all new releases, we urge you to update as soon as possible. You can, of course, find this download on our downloads page (http://www.phpbb.com/down- loads.php). As usual, three packages are available to simplify your update." "The Full Package contains entire phpBB2 source and English language package." For more information visit: http://phpbb.com NNEEWW SSTTUUFFFF May 2005 ● PHP Architect ● www.phparch.com 7 What’s New! NN EE WW SS TT UU FF FF Vogoo PHP API v0.8.2 Vogoo-API.com is happy to announce the release of Vogoo PHP API 0.8.2. Vogoo-API.com announces: Vogoo PHP API v0.8.2 is a free PHP API licensed under the terms of the GNU GPL. With Vogoo PHP API, you can easily and freely add professional collaborative filtering features to your Web Site. v0.8.2 features • Handles all member/product votes (available since v0.8) • Fast computation of similarities between members (available since v0.8) • One-to-one product recommen- dations (available since v0.8) • Ability for members to specify when they are not interested in a product recommendation Planned features for future versions • New engine based on products recommendations that gives better performances when little information is available on the member. • Real time targeted ads • Handles multiple product cate- gories • Collaborative filtering features available for non-member visi- tors • Administration tool • Engine for 'related sales'. • Engine for 'related sales'. Check out Vogoo-API.com for all the latest info. The Zend PHP Certification Practice Test Book is now available! We're happy to announce that, after many months of hard work, the Zend PHP Certification Practice Test Book, written by John Coggeshall and Marco Tabini, is now available for sale from our website and most book sellers worldwide! The book provides 200 questions designed as a learning and practice tool for the Zend PHP Certification exam. Each question has been written and edited by four members of the Zend Education Board--the very same group who prepared the exam. The questions, which cover every topic in the exam, come with a detailed answer that explains not only the correct choice, but also the question's intention, pitfalls and the best strategy for tackling similar topics during the exam. For more information, visit hhttttpp::////wwwwww pphhppaarrcchh ccoomm//cceerrtt//mmoocckk__tteessttiinngg pphhpp NNEEWW SSTTUUFFFF May 2005 ● PHP Architect ● www.phparch.com 8 Check out some of the hottest new releases from PEAR. MDB2_Schema 0.2.0 PPEEAARR::::MMDDBB22__SScchheemmaa enables users to maintain RRDDBBMMSS independent schema files in XML that can be used to create, alter and drop database entities and insert data into a database. Reverse engineering database schemas from existing databases is also supported. The format is compatible with both PEAR::MDB and Metabase. MDB2 2.0.0beta4 PEAR MDB2 is a merge of the PEAR DB and Metabase php database abstraction layers. Note that the API will be adapted to better fit with the new PHP 5-only PDO before the first stable release. It provides a common API for all supported RDBMS. The main difference to most other DB abstraction packages is that MDB2 goes much further to ensure portability. Among other things, MDB2 features: • An OO-style query API • A DSN (data source name) or array format for specifying database servers • Datatype abstraction and on demand datatype conversion • Portable error codes • Sequential and non sequential row fetching as well as bulk fetching • Ability to make buffered and unbuffered queries • Ordered array and associative array for the fetched rows • Prepare/execute (bind) emulation • Sequence emulation • Replace emulation • Limited Subselect emulation • Row limit support • Transactions support • Large Object support • Index/Unique support • Module Framework to load advanced functionality on demand • Table information interface • RDBMS management methods (creating, dropping, altering) • RDBMS independent xml based schema definition management • Reverse engineering schemas from an existing DB (currently only MySQL) • Full integration into the PEAR Framework • PHPDoc API documentation Currently supported RDBMS: • MySQL (mysql and mysqli extension) • PostGreSQL • Oracle • Frontbase • Querysim • Interbase/Firebird • MSSQL • SQLite • Others soon to follow. Cache 1.5.5RC1 With the PEAR Cache, you can cache the result of certain function calls, as well as the output of a whole script run, or share data between applications. DB_DataObject_FormBuilder 0.14.0 DB_DataObject_FormBuilder will aid you in rapid application development using the packages DB_DataObject and HTML_QuickForm. For having a quick but working prototype of your application, simply model the database, run DataObject's createTable script over it and write a script that passes one of the resulting objects to the FormBuilder class. The FormBuilder will automatically generate a sim- ple but working HTML_QuickForm object that you can use to test your application. It also provides a processing method that will auto- matically detect if an iinnsseerrtt(()) or update() command has to be executed after the form has been submitted. If you have set up DataObject's links.ini file correctly, it will also automatically detect if a table field is a foreign key and will populate a selectbox with the linked table's entries. There are many optional parameters that you can place in your DataObjects.ini or in the properties of your derived classes, that you can use to fine-tune the form-generation, gradually turning the prototypes into fully-featured forms, and you can take control at any stage of the process. Net_GeoIP 0.9.0alpha1 A library that uses Maxmind's GeoIP databases to accurately determine geographic location of an IP address. NNEEWW SSTTUUFFFF May 2005 ● PHP Architect ● www.phparch.com 9 Looking for a new PHP Extension? Check out some of the lastest offerings from PECL. archive 0.2 The archive extension allows reading and writing tar and cpio archives using libarchive ( http://people.freebsd.org/~kientzle/libarchive/). xmlReader 1.0.1 This extension wraps the libxml xmlReader API. The reader acts as a cursor going forward on the document stream and stopping at each node in the way. xmlReader is similar to SAX though uses a much simpler API. runkit 0.1.0 Replace, rename, and remove user defined functions and classes. Define customized superglobal variables for general purpose use. Execute code in restricted environment (sandboxing). mqseries 0.8.0 This package provides support for IBM Websphere MQ (MQSeries). colorer 0.2 Colorer take5 is a syntax highlighting and text parsing library, that provides services of text parsing in host editor systems in real-time and transforming results into colored text. For details, see http://colorer.sourceforge.net/ While colorer is primarily designed for use with text editors, it can be also used for non-interactive syntax highlighting, for example, in web applications. This PHP extension provides basic functions for syntax highlighting. CONFERENCES ApacheCon Europe 05 ApacheCon.com announces: "ApacheCon Europe, the official conference of the Apache Software Foundation (ASF) will be held July 18-22 in Stuttgart, Germany. For the forth consecutive year, half- and full-day pre-conference tutorials offer real world insight, techniques, and methodologies pivotal to the increasing demand for Open Source software. Topics include Scalable Internet Architectures, Web Services, PHP, mod_perl, Apache HTTP Server, Java, XML, Subversion, and SpamAssassin. The three main conference days offer a wide range of beginner, intermediate and advanced sessions. ApacheCon attendees have more than 70 sessions to choose from, to learn firsthand the latest developments of key Open-Source projects including the Apache HTTP Server, the world's most popular web server software. With plenty of room for networking and peer discussions, attendees can meet ASF Members and participants during the ApacheCon Expo, evening events, Birds Of a Feather sessions and a number of informal social gatherings." For more information visit: http://www.apachecon.com/ VS.Php 1.1.1 Jcx.Software brings news of the immediate availability of VS.Php version 1.1.1. This update adds support for PhpDoc commenting, secure ftp deployment capabilities and many bug fixes PhpDoc is a powerful feature of PHP that allows the devel- oper to add comments to the source code that can be used to generate documentation. VS.Php uses this information to provide a better intellisense content. For instance, VS.Php is able to parse those comments to determine what type is a particular variable. Intellisense uses this information to bet- ter help the developer. This update also adds support for secure ftp protocol for deploying applications through a secure connection. For information or to download VS.Php, visit: http://www.jcxsoftware.com/ PHPEdit 1.2 PHPEdit proudly announces the release of the latest version, PHPEdit 1.2 Next major version of PHPEdit is finally available for down- load. This version includes lots of changes in its internals, and adds new, powerful features to the IDE, like complete PHP5 support, real-time syntax checking, jump to declaration, SimpleTest integration, new document templates, phpDocumentor Wizard and lots of enhancements in existing tools like CodeHint, CodeInsight and CodeBrowser. This version is available for free to all our customers. You can download it and test it for 30 days. You can also buy a license to avoid the time limit. To grab the latest version, visit http://www.waterproof.fr/products/PHPEdit/ T he following methodology was motivated by a request from a client of mine who asked me to provide a web page access counter for their main corporate web site. A condition of the deal, though, was that they did not want to show the actual number of accesses, publicly, on the web site, itself. Instead, they wanted to keep track this data privately. Their reasons for omitting a public counter were in keeping with the idea that they did not want to broad- cast the activity on their site to all visitors, and, in keep- ing with the tone of their message, did not desire to display a typical web page access counter on their site. Instead, they wanted an access counter that would provide them with a means of comparing and contrast- ing the number of accesses from day to day so that they could analyze advertising impacts on the number of visitors who were hitting their site. As you may know, numerous types of Web counters exist that are wide ranging in their capabilities and styles. However, I wanted to tailor a solution for my client that would keep track of the number of accesses to their site, while providing a tool to view these data in a manner that was meaningful, and comparative. The output would provide an at-a-glance summary that would allow my client to assess the effectiveness of advertising campaigns with respect to changes in site activity. What developed was a custom hit counter which continues to evolve over time—an example screenshot can be seen in Figure 1. The benefits of this hit count- er are not so much in its uniqueness as in the possibili- ties it offers to the average PHP developer who is inter- ested in evolving their skills in the domain of PHP, REQUIREMENTS PHP 5.0 or greater (5.0.4 available) OS Win2K Prof, Win2K Advanced Server, WinXP SP1/SP2 Other Software MySQL version 4.0 or greater (4.1 available) Code Directory hitcounter May 2005 ● PHP Architect ● www.phparch.com FFEEAATTUURREE 10 The Anatomy of a Hit An Advanced PHP & MySQL Hit Counter by John R. Zaleski, Ph.D. The combined approach of capturing web page access, and charting the results provides a simple standalone capability for graphically displaying hit counts to a web site that requires only a basic working knowledge of PHP and MySQL, yet provides a basic model for expanding and developing a much more sophisticated counter. Furthermore, the methodology for charting the hit count data can be decoupled from basic web page access count- ing for use in academic, business, or other types of data mining applications where data charting and mining pro- vide a unique way of comparing and contrasting data as they change over time. FF EE AA TT UU RR EE RESOURCES URL hhttttpp::////wwwwww ttiizzaagg ccoomm//mmyyssqqllTTuuttoorriiaall// URL hhttttpp::////pphhpp rreessoouurrcceeiinnddeexx ccoomm//CCoommpplleettee__SSccrrii ppttss//AAcccceessss__CCoouunntteerrss//TTeexxtt__BBaasseedd// ii . Features Have you had your PHP today?Have you had your PHP today? The Magazine For PHP Professionals http://www.phparch.com NEW COMBO NOW AVAILABLE: PDF + PRINT. 6 EDITORIAL You Know Nothing 7 What’s New! 51 Test Pattern The Never Ending Backlog by Marcus Baker 55 Product Review Jaws 0.5: Just When You Thought it