FEBRUARY 2003 www.phparch.com VOLUME II - ISSUE 2 The Object Oriented The Object Oriented Evolution of PHP5Evolution of PHP5 A Look At The New OOP Model Using The Zend Engine 2.0 By Zeev Suraski Reviewed for you: IonCube PHP Accelerator 1.3.3 CodeCharge Studio 1.0 Plus: Tips&Tricks, Book Reviews, Product Reviews and much more Creating A CustomizedCreating A Customized Template-EngineTemplate-Engine Hacking the Smarty Template Engine Data Fingerprinting with Hash Functions in PHP Time Travel: Breadcrumbs and Session History with PHP Enterprise Applications: PHP in a Multitier Environment PHP in a Multitier Environment The Magazine For PHP Professionals php|architect Technologies Ltd. Visit www.zend.com for evaluation version and ROI calculator Zend Performance Suite Reliable Performance Management for PHP Serve More. With Less. The designers of PHP offer you the full spectrum of PHP solutionsThe designers of PHP offer you the full spectrum of PHP solutions IINNDDEEXX Departments TABLE OF CONTENTS February 2003 · PHP Architect · www.phparch.com 3 php|architect Features 10 Time Travel - Breadcrumbs and History with PHP by Peter James 18 The Object Oriented Evolution of PHP by Zeev Suraski 27 PHP in an N-Tiered World by Dave Palmer 32 Creating a Customized Template-Engine by Andreas Demmer 38 Building a Turing Test with PHP and the GD Library by Marco Tabini 47 Using, Reusing and Extending Smarty by Tomica Jovanovic 55 Data Fingerprinting with Hash Functions in PHP by Leon Vismer 4 EDITORIAL RANTS 5 NEW STUFF 6 REVIEWS Zend Encoder V.3.1.0 22 REVIEWS LogiCreate 61 TIPS & TRICKS by John Holmes 65 BOOK REVIEWS 67 exit(0); Hello, Mr. Gates? EEDDIITTOORRIIAALL RRAANNTTSS EDITORIAL February 2003 · PHP Architect · www.phparch.com 4 php|architect Volume II - Issue 2 February, 2003 Publisher Marco Tabini Editors Arbi Arzoumani Brian K. Jones Marco Tabini Graphics & Layout Arbi Arzoumani Administration Emanuela Corso Authors Andreas Demmer, Peter James, Tomica Jovanovic, Dave Palmer, Zeev Suraski, Marco Tabini, Leon Vismer php|architect (ISSN 1705-1142) is published twelve times a year by Marco Tabini & Associates, Inc., P.O. Box. 3342, Markham, ON L3R 6G6, Canada. Although all possible care has been placed in assuring the accuracy of the contents of this mag- azine, including all associated source code, listings and figures, the publisher assumes no responsibil- ities with regards of use of the information con- tained herein or in all associated material. Contact Information: General mailbox: info@phparch.com Editorial: editors@phparch.com Subscriptions: subs@phparch.com Sales & advertising: sales@phparch.com Technical support: support@phparch.com Copyright © 2002-2003 Marco Tabini & Associates, Inc. — All Rights Reserved L ately, I’ve been measuring the progress of php|a in terms of “brilliant ideas”. After a careful analysis of our history up to this point, I have noticed that instead of following a smooth linear progression based on con- stant innovation, our ascension from the ashes of the publishing world seems to have resulted from short-lived but intense flashes of genius, which are then followed by long periods of cere- bral inactivity. (A related study also showed that I have way too much time on my hands, but I was far too busy to notice or even care about that). For example, Arbi came up with the idea of calling our mag- azine “php|architect” after I had been brooding over names like “The PHP Gazette” and “The PHP Informer” for days. I can only be thankful for the com- pletely random sequence of synaptic signals that made that brilliant idea come to life. Given the spontaneity of our collective genius, it would most definitely prove futile to even try to explain how we arrived at our most brilliant idea: to ask Brian Jones, who joined our editorial staff last month, to become our new Editor-in-Chief. I can only say that it was a moment of unparalleled brilliance. I’m sure that we burned a good number of those remaining brain cells which had not yet been fried by years of exposure to the radia- tion that our monitors happily produce to keep us warm, but it was worth it. This is, therefore, my last edi- torial as the Editor of php|a. I will still be the Publisher of this mag- azine and I will do my best to contribute my thoughts to our exit(0) column (whose name was another flash of inspiration, if I may say so myself), but I will move on to some of the new ini- tiatives that we have in store for you, and Brian will take over the entire editorial process of php|a. As my parting words from my editorial post, let me tell you about the Editor-in-Chief. The post of Editor-in-Chief is instrumental in defining the course and stature of a maga- zine, and I can only be happy that Brian has decided to accept our request to take this position with us (not to mention how happy I am that someone else will be doing it! But alas, poor foolish soul that he is, Brian will only read this once the maga- zine has already hit the virtual stands, and by then his fate will be sealed). Naturally, the person who can sport the title of Editor-in-Chief enjoys a great deal of power—a power that Brian promptly abused by asking me to rewrite this editorial, claiming that “my thoughts were too fragmented”. As if. That could ever. Happen. Let me now tell you about the Publisher. The post of Publisher affords great powers as well. That includes the power to edit and reject (did I say reject? I meant “evaluate”) the Editor-in- Chief’s monthly editorial. Regardless of whether his thoughts are fragmented or not. Ah, the bittersweet taste of revenge NNEEWW SSTTUUFFFF NEW STUFF ionCube Launches New Encoder British PHP software company ionCube Ltd. released version 2.0 of their standalone Encoder product last month. The new encoder providers additional features compared to its predecessors, such as the possibility of creating text headers that are appended to the encoded files. This could be useful, for example, for creating copyright and ownership notices, as well as instructions and how-to guides at the beginning of each file. The Encoder sells for $349.00 US. For more information, you can visit the ionCube website at : http://www.ioncube.com/encoder TechMeridian Releases XAVIOUR CMS TechMeridian, a new PHP development compa- ny based in the United States, has released a prod- uct called XAVIOUR Web Application Platform. According to TechMeridian, XAVIOUR represents a combination of the features normally found in content management and templating systems. It promotes reusability of the code and provides a flexible framework that can easily be extended by writing code directly into the templates, if neces- sary. XAVIOUR is entirely based on PHP and PostgreSQL, thus providing a platform that can easily be taken to an enterprise-level of stability and performance. The software product costs $199.00 US for a single-domain license. More information can be found on the TechMeridian website at : http://www.techmeridian.com/xaviour OpenOSX Updates OpenWeb With PHP 4.3.0 MacIntosh open-source software provider OpenOSX have updated their OpenWeb CD prod- uct to include the latest version of PHP. OpenWeb is a CD compilation of open-source software for the MacIntosh market designed to provide publishing and development tools to Web developers and webmasters. Besides technologies like Apache, PHP and MySQL, it also includes a shopping card, a content management system and a graphical management interface. The new 2.5.1 update is available to registered users of the OpenWeb product free of charge. A new full subscription can be purchased for $60 US from the OpenOSX website at : http://openosx.com/openweb/ 2003 PHP Conference in Montréal This just hot off the press—The Québec PHP Association announced that they will be holding a PHP conference in Montréal, Canada, on March 20th and 21st. The conference will attract a who’s who of the PHP community, from PHP creator Rasmus Lerdorf to Zend-engine co-creator (and php|a author) Zeev Suraski. The conference will include sessions in both French and English, and it is sure to attract visitors from the Americas as well as from Europe. The php|a team will be with a booth and to cover the event. http://phpconf.phpquebec.com/ February 2003 · PHP Architect · www.phparch.com 5 php|a The Magazine For PHP Professionals php|architect We Dare You To Be A Professional. Subscribe to php|a Today and Win a book from Wrox Press RREEVVIIEEWWSS REVIEWS February 2003 · PHP Architect · www.phparch.com 6 T he simplicity and immediateness of a scripting lan- guage like PHP is a double-edged sword. On the one hand, everyone has direct access to the source code; no need to compile for separate platforms and distribute separate versions of your application. On the other everyone has direct access to the source code, which makes the protection of intellectual property really difficult. Let’s face facts, it would be difficult for a software market to exist without some form of code protection. After all, PHP consultants and software developers are selling their knowledge, which, for better or for worse, is somewhat embedded into the source code they pro- duce. The demand for code protection has resulted in several products which have been developed to make it possible to limit the functionality of a PHP script (or a series of scripts) so as to facilitate a commercial licens- ing scheme. The Zend Encoder, produced by Zend Technologies (yep, the same folks who wrote the Zend Engine on which PHP is based) is a rather complete system that makes it possible to transform a PHP source file into an “intermediate” representation of itself—that is, a pre- interpreted set of bytecode instructions that the PHP interpreter would be able to execute but that are quite meaningless to a human being. The resulting file is fur- ther mangled to make reverse-engineering almost impossible. In addition, it is possible to require that a Reviewed For You Zend EEncoder V.3.1.0 By Marco Tabini The Cost: $960.00 - $2,880.00 (US) (or less through special small business pricing) Requirements: -Supported PHP versions: 4.0.5 up through 4.3.0. -Supported operating systems: -Linux glibc 2.1 / 2.2 (e.g. RedHat 6.x/7.x/8.x, Debian 4.2, SuSE 6.4, Mandrake 8.1, and others) -Windows® 98 / NT 4.0 / 2000 / XP. -Solaris Sparc 2.6 /2.7 /2.8 (Non-GUI ver- sion). -Supported Web Servers for deployment: -Apache 1.3.x, IIS 4 / 5 -Zeus (using FastCGI) or any Web server that supports CGI -The Graphical User Interface is supported under Windows and Linux only. Product Page: Zend Encoder Home Page: Zend Technologies (http://www.zend.com) Company Background: Zend Technologies provides web developers and enterprises using PHP, integrated software solutions for developing, protecting and scaling their PHP applications providing a foundation that allows companies to efficiently and effectively develop PHP based web applications. Zend's founders are the designers of PHP 3, PHP 4 and Zend Engine 1.0; on which all PHP sites and applications are run. They are also currently leading the design and develop- ment of PHP 5 and the Zend Engine 2.0. REVIEWS February 2003 · PHP Architect · www.phparch.com 7 Zend Encoder V.3.1.0 script only run if a special “license file” is present and provided by the end-user, thus making it possible to limit the execution of a script to a specific timeframe (limited trial), or to specific IPs, and so on. Installation Zend installation systems are, in my experience, among the best ones available to the PHP community. As in most cases, the Encoder is a Java-based applica- tion that will run on pretty much any platform—the Zend website allows you to download a version for Windows, Linux or Solaris. On Linux, the platform I tested it on, the application is set up through a very straightforward process that even connects to the Zend website and downloads the appropriate license code automatically. A free 14-day trial of the Encoder is available, its only limitation being that your encoded files will only work for three days, regardless of what settings you choose when convert- ing them. The User Interface Once installed, the Encoder launched flawlessly—no ifs, ands or buts about it. It features a neat graphical user interface (shown in Figure 1) that makes using the software for the encoding of large numbers of files easy and convenient. As you can see, the interface is based on the concept of a “project”—this way, you can encode entire direc- tories of PHP scripts at the click of a mouse. In fact, I tried to encode the entire php|a website, and the entire operation took only a few seconds. The original files were not overwritten (if they were, I’d lose our source code!), but copied over to a destination folder of our choosing. The program even skipped over our CVS folders automatically! The Encoder supports several options designed to enrich the value of encoded files. For example, it’s pos- sible to prepend a clear-text header to the file that allows you to insert installation or usage comments, or even plain PHP code that is executed if the server is not set up properly to accept encoded files. In addition, Figure 1 REVIEWS February 2003 · PHP Architect · www.phparch.com 8 Zend Encoder V.3.1.0 the Encoder also applies several opti- mizations to the code while encod- ing it (although I did not find much in the way of improvement to our scripts’ performance I guess we just write good code!), and it is pos- sible to require that each encoded script only work with other encoded scripts. This last feature can be very important if, for example, your include files contain your custom license authentication mechanism and you don’t want them to be replaced with dummy versions that circumvent your scheme. Licensing Capabilities Perhaps one of the most interest- ing features of the Encoder is its abil- ity to encode a project and control the functionality that an end-user has access to by issuing a special license file. This can be very useful if you plan to offer specialized “trial” ver- sions of your application that the end-user can play with, build upon as needed and then upgrade to a “full” version by just installing a single file. Licensing is only available if support for it is activated when a script is encoded. The licensing screen (Figure 2) offers a wide variety of options, including the ability to limit the execution of the scripts using constraints such as time or IP or even a hardware ID that is generated by a small Zend appli- cation distributed together with the Encoder. Distributing the Code Once encrypted, a project can be redistributed by simply transferring the files to another system. Depending on the settings, you may also need to dis- tribute a license file. In order to execute your script on a target system, your customers will need to install a copy of the Zend Optimizer together with their installation of PHP. This is not normally a big problem, as the Optimizer is a freely available product whose installation only require a small change in the php.ini file. However, if the appli- cation is being hosted by a third party, it might be dif- ficult to convince them to install this software. Advanced Capabilities And Documentation In addition to the GUI, the Encoder also features the necessary tools for encoding scripts and generating license files on-the-fly through a command-line exe- cutable. This can be helpful if your goal is to hand out licenses in an automated fashion directly from a web- site. There is no online help for the Encoder, but the instal- lation includes a well-thought-out manual in PDF for- mat that provides plenty of information on using the Encoder, both programmatically and from the GUI. Unfortunately, neither the installation program nor the GUI application itself offers any hints that the docu- mentation itself exists, and this may discourage the less-than-zealous user. Bottom Line The Zend Encoder is not a cheap product, although you can actually get it very inexpensively through the Zend Small Business Program that we illustrated in last month’s issue of php|a ($295.00 US will grant you a license to the Encoder, the Zend Studio IDE and the Zend Performance Suite). However, it is also a very well-thought-out product that offers ease-of-use and consistency—something you don’t always find in the world of PHP. If you’re looking for a way to protect your products and want the maximum flexibility possible, then I rec- ommend you check this product out. If your business qualifies for the Small Business Program (visit http://www.zend.com/store/products/zend- smallbiz.php for more information). I think you will find that the entire package offers tremendous value at a very reasonable price. php|a Figure 2 FFEEAATTUURREESS FEATURES February 2003 · PHP Architect · www.phparch.com 10 Introduction The great philosopher and novelist George Santayana once told us: “Those who cannot remember the past are condemned to repeat it.” The past has always been a vital part of the present. Like a map, it tells us where we’ve been and gives us important information with which to make decisions about the future. If you’re asking yourself what all of this has to do with PHP, let me show you. Information is critical. If you are reading this maga- zine, your business probably revolves around informa- tion, and you probably recognize the value of that information to the people who want it. The fact is, regardless of what your business is, every time someone visits your site you have the opportunity to capture use- ful information about them. That information can be used to significantly enhance their experience on your site, and there are many levels of detail to be had. For instance, you could request that users register and log in to your site, which usually has required the provision of at least some personal information on behalf of the end user. You could use this to contact your customers with promotions or newsletters, or tar- get their demographic (age, gender, location) with advertising. While the gleaning of this personal data requires action from the user (ie, voluntary registra- tion), other types of information can be gathered pas- sively and silently. A prime example of the type of data which can be collected behind the scenes is ‘patterns of use’ informa- tion. This can provide invaluable insight into how your site is being used, allowing you to make decisions about the layout of your site. This could influence link Time TTravel - Breadcrumbs aand History wwith PPHP By Peter James With all of the things to consider when designing and laying out your site, you can quickly become lost and over- whelmed. Usability, accessibility and localization usually require attention before a single line of code is written. While I can’t possibly hope to cover all of these topics meaningfully in a single article, what I can do is give you some code to implement one very important (and often overlooked) tool to increase your site’s usability: Breadcrumbs. Information is critical. If you are reading this magazine, your business probably revolves around information, and you probably recognize the value of that information to the people who want it. PHP Version: 4.0 and Above O/S: Any Additional Software: N/A REQUIREMENTS [...]... to replace objects with object handles The object handles would essentially be numbers, indices in a global object table Much like any other kind of variables, they will be passed and returned by value Thanks to this new level of indirection we will now be moving around handles to the objects and not the objects themselves In effect, this feature means that PHP will behave as if the objects themselves... http://www.example.com/foo/bar/index.php an example of what we’d get from this variable is /foo/bar/index.php The method then gets the highest directory in the path, also the current directory, which in this case would be bar Then it explodes the path and puts all of the pieces into the $dirs variable It now loops over all of the entries in $dirs $base keeps a running concatenation of the directories already processed and is the basis for... numerous other factors As an aside, one popular tool that can aid in the discovery and inspection of this data is phpOpenTracker Another silently collected class of data, which will be our primary focus in this article, is the history of the current session This is the most easily handled type of information We can get it as they navigate, use it while we have them on the site, and then discard it when their... petej@shaman.ca 17 FEATURES FEATURES The Object Oriented Evolution of PHP By Zeev Suraski One of the key ingredients in the upcoming version 5 of PHP will be the Zend Engine 2.0, with support for a brand new object- oriented programming model This article describes the evolution of the object- oriented programming support in PHP, covering the new features and changes that are scheduled for PHP 5 Where did... Hansel and Gretel - Brothers Grimm, et al Earning their name from the above-quoted famous tale, breadcrumbs are a navigation tool that helps the user find their context, and quickly navigate back to anywhere in that context Breadcrumbs can be used to expose the structure of the site to the user, allowing them to learn the location of items Usually found near the top of a web page under the title banner,... significantly In turn, it means that the feasibility of using PHP for large-scale projects becomes much easier to explain What else is new? As one could expect, the Zend Engine 2 packs quite a few other features to go along with its brand new February 2003 · PHP Architect · www.phparch.com The Object Oriented Evolution of PHP object model Some of the features further enhance object- oriented capabilities, such... history was the fact that despite the very limited functionality, and despite a host of problems and limitations, object oriented programming in PHP thrived and became the most popular paradigm for the growing numbers of off -the- shelf PHP applications This trend, which was mostly unexpected, caught PHP in a sub-optimal situation The fact that objects were not behaving like objects in other OO languages,... result into the container variable? Don't know what I'm talking about? Say hallelujah While PHP 3 and 4 did address these problems to a certain extent by providing syntactic hacks to pass around objects by reference, they never addressed the core of the problem: Objects and other types of values are not created equal, therefore, Objects should be passed around by reference unless stated otherwise The Answer... encapsulation The class’s job is to build breadcrumbs from the script’s URL, and return the finished product There are two member variables: $_separator, which contains the character used to delimit the links in the breadcrumb, and $_label_map, which is a list of labels to use for directory names This code works off of the directories in the script’s URL, and the label map allows us to give these directory... $joanne and $joe will no longer be objects, but rather, object handles, let’s say 4 and 7 respectively These integer handles point to slots in some global objects table where the actual objects sit When we send them to wed(), the local variables $bride and $groom will receive the values 4 and 7; setHusband() will change the object referenced by 4; setWife() will change the object referenced by 7; and when . 2003 www.phparch.com VOLUME II - ISSUE 2 The Object Oriented The Object Oriented Evolution of PHP 5Evolution of PHP5 A Look At The New OOP Model Using The Zend Engine 2.0 By. More. With Less. The designers of PHP offer you the full spectrum of PHP solutionsThe designers of PHP offer you the full spectrum of PHP solutions IINNDDEEXX Departments TABLE