Features 8 An Introduction to Drupal A modular framework for content management by TITUS BARIK 16 PHP Web Services: An Introduction to SOAP Implementing web services with the NuSOAP Library by ALESSANDRO SFONDRINI 23 Logging and Monitoring with log4php A simple way to implement logging in your applications by KNUT URDALEN 32 Advanced SQLite Development A database solution to simplify your code and help you create high-performance applications by PETER LAVIN SPECIAL REPORT 44 Where on the Web is PHP? PHP Version Tracker Report by DAMIEN SEGUY TM Columns 4 EDITORIAL 6 php|news 50 TEST PATTERN Stocking Fillers Year-end book reviews by MARKUS BAKER 55 SECURITY CORNER Context by CHRIS SHIFLETT 60 PRODUCT REVIEW Zend Studio 5.0 by PETER MacINTYRE 68 exit(0); Ode to My Keyboard by MARCO TABINI If you want to bring a php-related topic to the attention of the professional php community, whether it is personal research, company software, or anything else, why not write an article for php|architect? If you would like to contribute, contact us and one of our editors will be happy to help you hone your idea and turn it into a beautiful article for our magazine. Visit www.phparch.com/writeforus.php or contact our editorial team at write@phparch.com and get started! Download this month’s code at: http://www.phparch.com/code/ CONTENTS WRITE FOR US! Volume 4 - Issue 12 Publisher Marco Tabini Editor-in-Chief Sean Coates Editorial Team Arbi Arzoumani Peter MacIntyre Eddie Peloke Graphics & Layout Aleksandar Ilievski Managing Editor Emanuela Corso News Editor Leslie Hill news@phparch.com Authors Marcus Baker, Titus Barik, Peter Lavin, Peter B. MacIntyre, Robert Mark, Damien Seguy, Alessandro Sfondrini, Chris Shiflett, Knut Urdalen php|architect (ISSN 1709-7169) is published twelve times a year by Marco Tabini & Associates, Inc., P.O. Box 54526, 1771 Avenue Road, Toronto, ON M5M 4N5, Canada. Although all possible care has been placed in assuring the accuracy of the contents of this magazine, including all associated source code, listings and figures, the publisher assumes no responsibilities with regards of use of the information contained herein or in all associated material. php|architect, php|a, the php|architect logo, Marco Tabini & Associates, Inc. and the Mta Logo are trademarks of Marco Tabini & Associates, Inc. Contact Information: General mailbox: info@phparch.com Editorial: editors@phparch.com Subscriptions: subs@phparch.com Sales & advertising: sales@phparch.com Technical support: support@phparch.com Printed in Canada Copyright © 2003-2005 Marco Tabini & Associates, Inc. All Rights Reserved I f you follow PHP releases, closely, you’ll have noticed that PHP 5.1.0 was released on Thursday November 24, 2005. This release was billed as paramount in PHP’s history, touted by many core developers as “the first solid PHP 5 release.” This supposed banner release was quickly overshadowed on the developers’ mailing list as problematic: a change that was made late in the release candidacy cycle (a new internal Date class) will break hundreds, if not thousands (or perhaps hundreds of thousands?) of deployed PHP applications. It was generally accepted knowledge that new functionality can’t break existing code, but this “knowledge” proved simply incorrect. In this case, PEAR has an existing (and well-deployed) Date class of its own. As you know, PHP doesn’t currently have namespacing, so you obviously cannot have a Date class in PHP and then declare a second one for PEAR. Much discussion ensued, including a strong push towards an accepted namespace standard for PHP (perhaps we’ll see it in the 5.x series, and all signs point to namespaces in PHP 6 at the latest). The really interesting discussion for me, though was something along the lines of “why should core care about PEAR?” Yet another political discussion. It seems that the technical problems are (relatively) easy to solve, and the real problem is on the social side. So, should PHP core care about PEAR? Tough call. On one hand core should be given first-rights to any sort of class, function, variable or constant name. The other side (again) is social: when most users download and install a package from PEAR, they do so from pear.php.net. As far as those users are concerned, they’re downloading both PHP and PEAR from php.net, so they should work together. Unfortunately, there’s no easy and permanent solution to this problem. However, Ilia, the 5.1 release manager—and past author for php|architect—wisely reacted quickly, and on November 28, 2005, PHP 5.1.1 was released, temporarily solving this problem, by removing the new internal Date class. One growing pain averted, if only temporarily. PHP’s integration and many offerings from php.net gives it somewhat of an “empire” status. This metaphor is further extended when see how PHP has conquered much of the web in its short lifetime. Tips & Tricks takes a break this month to make way for a special feature called “Where in the World is PHP?” In this piece, Damien Seguy shares his company’s findings on how PHP has infiltrated nearly every market, territory, and size of web application. This boom is no accident. As you saw last month, PHP is making great strides in the enterprise, and is shedding its “quick & dirty” reputation. Long live the dynamically typed variable! THE PHP EMPIRE EDITORIAL 4 • php|architect • Volume 4 Issue 12 PHP 5.5.1 “The PHP Development Team would like to announce the immediate release of PHP 5.1.1. This is a regression correction release aimed at addressing several issues introduced by PHP 5.1.0, the core changes as follows: • Native date class is withdrawn to prevent namespace conflict with PEAR’s date package. • Fixed fatal parse error when the last line of the script is a PHP comment. • eval() hangs when the code being evaluated ends with a comment. • Usage of \{$var} in PHP 5.1.0 resulted in the output of {$var} instead of the $var variable’s value enclosed in {}. • Fixed inconsistency in the format of PHP_AUTH_DIGEST between Apache 1 and 2 sapis.\ • Improved safe_mode/open_basedir checks inside the cURL extension. Get your hands on the latest release at php.net! PHPBase Alpha Phpbase.org announces their alpha release. What is it? According to phpbase.org, “PhpBase is a set of Open Source PHP classes and functions aimed to help developers submitting their data to Google Base. The main purpose for a tool like this is the need to keep data submissions accurate and avoid common errors that might occur when submitting to standard schemes recommended by Google. The code still in development, and will be added to a subversion repository once we get the project approved at berlios.de.” Get all the latest info from phpbase.org. ZEND Studio 5 Zend.com announces their latest release of the Zend Studio, version 5. “The product is a full Life Cycle development solution that allows developers to easily and more effectively create, test, and deploy their PHP applications across the enterprise. Zend Studio 5, the most widely used Integrated Development Environment for PHP, has been enhanced with new features to assist in the development, debugging, testing, and deployment of PHP applications, including easy integration with other enterprise applications. Available in three editions; Standard, Professional, and Enterprise, Zend Studio 5 includes support for PHP 5 as well as an easy switching mechanism allowing users to move between PHP 4 and PHP 5 for full application development, and also seamlessly integrates with Zend Platform 2 to provide a complete development and deployment solution for business-critical, PHP-based applications.” Visit Zend.com to grab the latest release and check out all the latest features. OBM-Open Business Management 1.0.2 OBM is proud to announce the latest release of their Business Management application version 1.0.2. Need a free management application for your business? Check out OBM. According to OBM’s site: “BM is an Intranet application which goal is to help manage a company or an organization. 6 • php|architect • Volume 4 Issue 12 news php|architect Releases New Design Patterns Book We’re proud to announce the release of php|architect’s Guide to PHP Design Patterns, the latest release in our Nanobook series. You have probably heard a lot about Design Patterns —a technique that helps you design rock-solid solutions to practical problems that programmers everywhere encounter in their day-to-day work. Even though there has been a lot of buzz, however, no-one has yet come up with a comprehensive resource on design patterns for PHP developers—until today. Author Jason E. Sweat’s book php|architect’s Guide to PHP Design Patterns is the first, comprehensive guide to design patterns designed specifically for the PHP developer. This book includes coverage of 16 design patterns with a specific eye to their applications in PHP when building complex web applications, both in PHP 4 and PHP 5 (where appropriate, sample code for both versions of the language is provided). For more information, http://www.phparch.com/shop_product.php?itemid=96. Looking for a new PHP Extension? Check out the latest from PECL. hash 1.0 Native implementations of common message digest algorithms using a generic factory method. ps 1.3.3 ps is an extension similar to the pdf extension but for creating PostScript files. Its api is modelled after the pdf extension. Fileinfo 1.0.2 This extension allows retrieval of information regarding vast majority of files. This information may include dimensions, quality, length etc. Additionally, it can also be used to retrieve the mime type for a particular file and, for text files, the proper language encoding. sdo 0.7.0 Service Data Objects (SDOs) enable PHP applications to work with data from different sources (like a database query, an XML file, or a spreadsheet) using a single interface. Check out the hottest new releases from PEAR. PHP_Compat 1.5.0RC1 PHP_Compat provides missing functionality for older versions of PHP. Note: PHP_Compat can be used without installing PEAR. 1) Download the package by clicking the “Download” link. 2) Find the file you need. Each function is in its own file, e.g. array_walk_ recursive.php. 3) Place this file somewhere in your include_path. 4) Include it, e.g. <?php require_once ‘array_walk_recursive.php’;?> The function is now ready to be used. HTML_AJAX 0.3.1 Provides PHP and JavaScript libraries for performing AJAX (Communication from JavaScript to your browser without reloading the page) Log 1.9.3 The Log framework provides an abstracted logging system. It supports logging to console, file, syslog, SQL, Sqlite, mail, and mcal targets. It also provides a subject - observer mechanism. File_SearchReplace 1.1.0 Provides various functions to perform search/ replace on files. Preg/Ereg regex supported along with faster but more basic str_replace routine. Cache_Lite 1.6.0 This package is a little cache system optimized for file containers. It is fast and safe (because it uses file locking and/or anti-corruption tests). Net_DNS 1.0.0rc3 A resolver library used to communicate with a name server to perform DNS queries, zone transfers, dynamic DNS updates, etc. Creates an object hierarchy from a DNS server response, which allows you to view all of the information given by the DNS server. It bypasses the system resolver library and communicates directly with the server. HTML_QuickForm_ advmultiselect 1.1.0 The HTML_QuickForm_advmultiselect package adds an element to the HTML_ QuickForm package that is two select boxes next to each other emulating a multi-select. Net_IPv4 1.3.0 Class used for calculating IPv4 (AF_INET family) address information such as network as network address, broadcast address, and IP address validity. As OBM improve, it is approaching what are called CRM (with sales force , help desk, time tracking sections) but can be used simply as a contact database or as a shared calendar. OBM represents a framework above which many modules are written.” Interested? Get more info from http://obm.aliacom.fr/. PHPDocumentor 1.3.0 RC4 Phpdoc.org announces the latest release of phpdocumentor 1.3.0 RC4. What’s new? • Full PHP 5 support, phpDocumentor both runs in and parses Zend Engine 2 language constructs. Note that you must be running phpDocumentor in PHP 5 in order to parse PHP 5 code • XML:DocBook/peardoc2: default converter now beautifies the source using PEAR’s XML_Beautifier if available • inline {@example} tag - this works just like {@source} except that it displays the contents of another file. • customizable README/ INSTALL/CHANGELOG files • phpDocumentor tries to run .ini files out of the current directory first, to allow you to put them anywhere you want • multi-national characters are now allowed in package/ subpackage names • images in tutorials • un-modified output • html/xml source highlighting This release also contains many bug fixes. Get the latest info and start documenting at phpdoc.org. Volume 4 Issue 12 • php|architect •7 an introduction I n their every day development, most web consulting companies encounter many of the same components when designing pages for non- profit organizations and activist groups. These requirements include forums, a donation system, membership management, newsletters, and articles, just to name a few. Many of these organizations also have small to mid-size e-commerce needs, to effectively sell and distribute promotional materials, or to handle signups for paid events. Developers often tackle this task by rolling their own systems in an attempt to make their sites as customizable as possible, while still providing core components to build on for each individual client. In theory, it sounds like a good idea. In practice, the limitations of their underlying frameworks ultimately result in nothing more than a mash of hacks that only loosely integrate the unique elements required for their clients. In the worst case, web development shops end up coding the entire thing from scratch, each and every FEATURE LINKS: Drupal Handbook: http://drupal.org/handbook Drupal Modules: http://drupal.org/project/Modules PHP Template: http://drupal.org/project/phptemplate Democratica Theme, by Chris Messina, part of the CivicSpace distribution of Drupal: http://drupal.org/handbook TO DISCUSS THIS ARTICLE VISIT: http://forum.phparch.com/272 8 • php|architect • Volume 4 Issue 12 Organizations these days are demanding content management applications, from company homepages to large, community websites. Let Drupal help you build these sites quickly and efficiently by building on a common, modular framework. PHP: 4.4 O/S: Debian OTHER SOFTWARE: Drupal 4.6.3 by TITU S BARIK 9 • php|architect • Volume 4 Issue 12 An Introduction to Drupal time. Somehow, rolling your own system never quite works out the way it needs to. Even if you have two well-written components, it is often the case that it’s not the components themselves that are the problem, but the integration points that add burdensome complexity. Integrating disjoint components, say Forum A with Shopping Cart B, has until now, been a difficult problem to solve. This article introduces Drupal, a modular, open source content management platform that attempts to address these difficult challenges. Drupal provides a flexible, extensible framework—an alternative to roll-your-own content management solutions. It can be refit for a variety of different content systems, including community portal sites, personal weblogs, and resource directories, simply by adding and removing sophisticated modules. Drupal offers you a working, tested framework for building components, and handles the insignificant but tedious details of module management, user management, and integration, so you can focus on developing the core of your project. More importantly, Drupal has a very large user base, and modules to handle most common functionality are already available. When these modules don’t exist, the hooks system allows the developer to create custom modules to interact with the Drupal core, while leveraging the existing Drupal building blocks. It’s not at all surprising, then, that the focus of this article is not on complex development or PHP code, at least not directly. In fact, it’s quite the opposite. In this article, we’ll develop a mock political organization’s web site, Democratica, without writing a single line of code. Along the way, I’ll demostrate the various built-in and contributed modules that allow you to get a site up running quickly and effortlessly. Installation This section discusses the installation and configuration details of Drupal, including the pre-requisite software requirements. Our test installation consists of Drupal 4.6.3, PHP 4, and Apache 2, running on Linux with a MySQL 4.1 database server. Though Drupal supports both MySQL and PostgrseSQL, be advised that most available third-party modules are coded specifically for MySQL. This effectively forces you to use the former, regardless of what the Drupal core modules support. Drupal allows you to host multiple sites on a single Drupal instance. These sites can be found under the sites folder. For simplicity, I’ll only utilitize a single site setup in this article. After creating and assigning the appropriate permissions to your database, load the tables: mysql -u nobody -p drupal < database/database.mysql Next, enter the sites/default folder and modify settings.php ; namely, modify the db_url , and base_url . Drupal works best on dedicated hosting systems. Since Drupal FIGURE 1 The first screen you’ll encounter after installing Drupal. 10 • php|architect • Volume 4 Issue 12 An Introduction to Drupal memory requirements increase proportionally with the number of active modules, the default PHP memory limit of 8 MB provided by most shared hosting providers is typically not enough. To be safe, set this value to 32M or 64M in php.ini . If the memory requirements are not successfully met, Drupal will behave strangely, displaying broken administrative menus and erratic page rendering. Next, add the following to your crontab : 0 * * * * wget -O - -q http://democratica/cron.php This allows for scheduled events to trigger properly within Drupal. Such events include search indexing, mass mailing, and scheduled publishing. That’s all there is to the installation. Navigate to your Drupal site using your web browser, and you’ll be presented with a base page, as shown in Figure 1. Finding Your Way Around It’s time to create your first account. User #1 is provided with full administrative access. All subsequent users are given authorized user access. Additional groups can be generated though the Drupal system as well, providing fine granularity amongst different group types. In Democratica, for example, we may want special access for employees, and different access priveleges for members and guests, After logging in, select the administer menu. You’ll be presented with Drupal’s recent system events, a web-based logging system for monitoring the activity on your web site. A typical administration page is shown in Figure 2. For now, enter the settings menu, and change the FIGURE 2 Administration section of Drupal FIGURE 3 The Drupal donation block. FIGURE 4 Administration section of Drupal default name of the site to Democratica. You should also set your time zone. Feel free to modify any other settings, as well. Perhaps the two most useful menus under administer are blocks and modules. The modules menu allows you to extend the core functionality of Drupal. Within this menu, you’ll activate and install module components to tailor the functionality that your site requires. For example, you could enable search, forums, events, and so forth. The blocks menu enables and disables boxes that can be positioned on the left and right side bars of your web site. The available blocks vary, depending on which modules are currently active. Under modules, notice that the page and story modules are checked by default. Now, jump up to the create content menu. You’ll notice that there are two available content types: page and [...]... the Democratica theme that we’re interested in requires PHPTemplate Luckily, this takes very little effort Simply download the PHPTemplate engine from the Drupal web site, and extract it to the themes/engines folder Next, download and extract the Democratica theme, and place it in your themes folder Login to your web site as administrator and access the themes menu The Democratica theme is now automatically... produce a SOAP Fault document using NuSOAP soap_fault() method We specify three properties: • the fault Code—which can be either the client or the server—is set to “Sender”, as the problem lies in the wrong data type of the input the client sent • the Reason, set to “Input err”, • and the Detail, which explains the problem that occurred Of course, using return to produce the SOAP Fault document we prevent... with the logging event It will also add events to the root logger The handler is connected to the server through the setCallbackObject() function on the server driver and the server is started at the end with the start() function Save Listing 19 as server .php and start it with the command line: php server .php It will start listening on port 9090 on localhost Now you can try to connect to it with the. .. process the header entry (which, when processed, will be no longer forwarded) The value of actor is the URI of the recipient There are, however, two special cases: if the attribute is absent, then the recipient automatically becomes the recipient; if the attribute is set to http://schemas.xmlsoap.org/soap/actor/next the destination is intended to be the first intermediary SOAP Body element The body... namespace-qualified When sending the message over HTTP (as we will), the POST method should be used to both send the call and obtain the response In PHP, we can do this using the socket functions The content type we should specify is text/xml, but text/plain also works The encoding depends on the application that we are dealing with In the first part of Listing 1, there is an example of a valid RPC... whether any fault occurred (we analyze the $fault variable created by NuSOAP), whether the IDs sent match the ones returned, and eventually print the result This was a really basic program, just to get started with the simplest possible application of Web Services— a sort of “Hello World.” Writing the server will be a bit more difficult Writing the server file In Listing 4, you can find the code for the. .. create their own surveys Unsurprisingly, Drupal makes this task simple and reusable through the survey module The survey module depends on the forms module, which provides an API for adding usercustomizable form elements within modules First, install the form module and activate it Then, install and activate the survey module Under the create content menu, the survey item will appear, in addition to the. .. NuSOAP, create the server object 21 • php| architect • Volume 4 Issue 12 ($s) and register a method (get_transaction()) The interesting part of the code is this function It requires two parameters the transaction ID and the customer ID—which we will use to build our MySQL query The first step of the function is to check that the data type of the parameters is “integer”; otherwise, it will produce an error... message, there is no header element, and that’s OK, since it is optional Look at the body element: in sub-element GetPrice (defined by the URI Some-URI), we store the product code and name, to obtain the price The second part of Listing 1 contains a possible response Note that this is the bare XML response message, without HTTP headers (a few lines that the server sends to indicate whether the operation... code to a file in the same directory as the configuration file, since log 4php looks for the configuration file in the same directory by default—more on this in a moment The first thing that is done here is to include the LoggerManager which is responsible for providing logger instances that are defined by the configuration file The LoggerManager operates as a singleton pattern, and the configuration . http://obm.aliacom.fr/. PHPDocumentor 1.3.0 RC4 Phpdoc.org announces the latest release of phpdocumentor 1.3.0 RC4. What’s new? • Full PHP 5 support, phpDocumentor. that you must be running phpDocumentor in PHP 5 in order to parse PHP 5 code • XML:DocBook/peardoc2: default converter now beautifies the source using PEAR’s