Crunching Data PHP with CrunchingCr unching DataData PHPPHP withwith From TAR to RAR in a ZIP From TAR to RAR in a ZIP INTERVIEW PRIMING PHP FOR THE ENTERPRISE PRIMING PHP FOR THE ENTERPRISE Idealabs Preps LAMP Up for the Big Time TURNING A CLASS INTO TURNING A CLASS INTO AN APPLICATION WITHAN APPLICATION WITH PHP-GTKPHP-GTK Automate your tasks with a GUI app STRENGTHENING THE STRENGTHENING THE AUTHENTICATION PROCESSAUTHENTICATION PROCESS Make that login more secure without HTTPS An XML APPROACH TO TEMPLATING An XML APPROACH TO TEMPLATING USING PHPTALUSING PHPTAL Making the peace between designers and developers MARCH 2005 VOLUME IV - ISSUE 3 MARCH 2005 VOLUME IV - ISSUE 3 www.phparch.com Get Ready For: Plus: Security Corner, Product Review, and much more LEARNING PHP WAS NEVER THIS MUCH FUN Come learn PHP in Paradise with us (and spend less than many other conferences) Ilia Alshanetsky - Accelerating PHP Applications, Marcus Boerger - Implementing PHP 5 OOP Extensions, John Coggeshall - Programming Smarty, Wez Furlong - PDO: PHP Data Objects, Daniel Kushner - Introduction to OOP in PHP 5 , Derick Rethans - Playing Safe: PHP and Encryption, George Schlossnagle - Web Services in PHP 5, Dan Scott - DB2 Universal Database, Chris Shiflett - PHP Security: Coding for Safety, Lukas Smith - How About Some PEAR For You? , Jason Sweat - Test-driven Development with PHP, Andrei Zmievski PHP-GTK2 The Magazine For PHP Professionals php| Tropics Moon Palace Resort, Cancun, Mexico. May 11-15 2005 At php|tropics, take the exam and Get Zend Certified and we'll pay your fees! For more information and to sign up: http://www.phparch.com/tropics Early-bird discount in effect for a limited time! II NN DD EE XX March 2005 ● PHP Architect ● www.phparch.com 4 6 Editorial It’s All in a Day’s Work 7 What’s New! 42 Test Pattern The Three Inch High Design Tool by Marcus Baker 48 Product Review Vertrigo: The Utopia of All-in-One’s ? by Peter B. MacIntyre 62 Security Corner Magic Quotes by Chris Shiflett 65 exit(0); HELP! I’m a PHP beauty stuck in the body of this Java programmer! by Marco Tabini 10 Crunching Data with PHP by Christian Wenz 19 Turning a Class Into an Application With PHP-GTK by Scott Mattocks 28 Interview Priming PHP for the Enterprise by Marco Tabini 33 Strengthening the Authentication Process by Graeme Foster 52 An XML approach to Templating using PHPTAL by José Pablo Ezequiel Fernández Silva TABLE OF CONTENTS php|architect TM Departments Features EEDDIITTOORRIIAALL I t’s no wonder that we are getting paranoid about the security of air travel—airports and airplanes seem to be a breeding ground for odd and bizarre behaviour. For some unknown reason, the normal laws of civilized society don’t seem to apply over interna- tional waters, or as soon as you’ve passed the first (of many) secu- rity checkpoints. On a flight, you’re forced to be in closer contact than you would ever allow under any circumstances with people you have never met in your life—and, most likely, would never want to have any- thing to do with if you knew them in the first place. Some of your fellow passengers are just plain inconsiderate—like the guy sitting next to you who takes off his shoes and the other one who drinks enough Martinis to kill a small horse. Airport security—not to be outdone by the very same people it is meant to server—is reaching new heights of stupidity. At one end of the line, an officer asks you to take off your shoes. “It’s optional, but if you don’t take them off they’ll search you at the other end of the line.” Well, duh… let’s see, should I take off my shoes now or everything else in the presence of that seven-feet-tall guard named “Bob” in thirty seconds? Um, let me think about it. On my way back from a recent trip to California, I sat right behind the security checkpoint and listened in on a screener who was performing a search on a fellow passenger-in-waiting who had actually refused to take off his shoes. The best part was the intro- duction, which went something like “Sir, could you step to the side please. Now, I will have to perform a search of your person because you ‘fit the profile.’ Of course, we can’t tell you what the profile is, but this will only take a moment.” So, on one side of the line someone tells you exactly “what the profile is,” and, on the other, someone else tells you that the pro- file is a secret. I hate to be stating the obvious, but that strikes me as slightly odd—then again, there is no limit to government silli- ness. Meanwhile, back in Canada our government is training more search dogs and pigs (yes, I said pigs) to sniff out smugglers. “Drugs,” you may be thinking? No. Illegally-imported food. It’s not the guy with the three-pound package of cocaine in his back- pack that we should be worried about—the real criminal is the eighty-year-old Italian lady with the salami in her purse. Until next month, happy readings! March 2005 ● PHP Architect ● www.phparch.com 6 php|architect Volume IV - Issue 3 March, 2005 Publisher Marco Tabini Editorial Team Arbi Arzoumani Peter MacIntyre Eddie Peloke Graphics & Layout Arbi Arzoumani Managing Editor Emanuela Corso News Editor Leslie Hill news@phparch.com Authors Marcus Baker, Graeme Foster, Peter B. MacIntyre, Scott Mattocks, Chris Shiflett, José Pablo Ezequiel Fernández Silva, Christian Wenz php|architect (ISSN 1709-7169) is published twelve times a year by Marco Tabini & Associates, Inc., P.O. Box 54526, 1771 Avenue Road, Toronto, ON M5M 4N5, Canada. Although all possible care has been placed in assuring the accuracy of the contents of this magazine, including all associated source code, list- ings and figures, the publisher assumes no responsibilities with regards of use of the information contained herein or in all associated material. Contact Information: General mailbox: info@phparch.com Editorial: editors@phparch.com Subscriptions: subs@phparch.com Sales & advertising: sales@phparch.com Technical support: support@phparch.com Copyright © 2003-2004 Marco Tabini & Associates, Inc. — All Rights Reserved IItt’’ss AAllll iinn aa DDaayy’’ss WWoorrkk EE DD II TT OO RR II AA LL RR AA NN TT SS TM NNEEWW SSTTUUFFFF March 2005 ● PHP Architect ● www.phparch.com 7 What’s New! php|architect launches php| tropics 2005 Ever wonder what it's like to learn PHP in paradise? Well, this year we've decided to give you a chance to find out! We're proud to announce php|tropics 2005, a new conference that will take place between May 11-15 at the Moon Palace Resort in Cancun, Mexico. The Moon Palace is an all- inclusive (yes, we said all inclusive!) resort with over 100 acres of ground and 3,000 ft. of private beach, as well as excellent state-of-the-art meeting facilities. As always, we've planned an in-depth set of tracks for you, combined with a generous amount of downtime for your enjoyment (and your family's, if you can take them along with you). We even have a very special early-bird fee in effect for a limited time only. For more information, go to http://www.phparch.com/tropics . NN EE WW SS TT UU FF FF ZEND Core for IBM Zend Core for IBM is a complete, certified and fully supported distribution of PHP 5 that tightly integrates with IBM's DB2 and CloudScape products, in addition to bundling all required third-party libraries for interaction with the outside world. The product includes such features as security updates, GUI-based management, granular control over configuration parameters and compatibility with Zend's other products, including Zend Platform. Zend Core will be available as a free download from both IBM's and Zend's websites in the second quarter of 2005. Support programs and Sevice Level Agreements will also be available for commercial clients in a variety of different configurations. For more information, visit the Zend Core for IBM site ( hhttttpp::////wwwwww 330066 iibbmm ccoomm//ssooffttwwaarree//ddaattaa//iinnffoo//zzeennddccoorree// ). phpBlog 2.0.1 Want to get into the world of blogging? Are you currently run- ning phpBB? If so, check out the latest release of phpBlog 2.0.1. The project’s hompage lists some of its features as: • Trackbacks • Montly archives • Miniblog • Rss • More… For more information or to down- load, visit hhttttpp::////wwwwww oouuttsshhiinnee ccoomm//pphhppbb bbbblloogg// Zend Studio 4.0 Zend has announced the release of Zend Studio 4.0 ( hhttttpp::////wwwwww zzeenndd ccoomm//ssttoorree//pprroodduuccttss//zzeenndd ssttuu ddiioo pphhpp ) Zend Technologies Inc. introduced Zend Studio 4.0, a new version of their PHP integrated development envi- ronment (IDE). Zend Studio runs on multiple operating systems including Mac OS X. The new release includes integrated support for all major database servers, according to the developer, including IBM DB2, Cloudscape, MySQL, Oracle, MS SQL Server, PostgreSQL, Derby and SQLite. New syntax highlighting works for XML and CSS previously PHP, HTML, XHTML and JavaScript were supported. PHPDocs support has been added and PHPDocumentor now lets users create documentation directly from the PHP project source code. Zend Studio 4 comes in a Standard edition for US$99 and a Professional edition for $299. Both prices include tech support and one year of updates and upgrades. For more information visit: hhttttpp::////wwwwww zzeenndd ccoomm// NNEEWW SSTTUUFFFF March 2005 ● PHP Architect ● www.phparch.com 8 Check out some of the hottest new releases from PEAR. DB_DataObject_FormBuilder 0.11.4 DDBB__DDaattaaOObbjjeecctt__FFoorrmmBBuuiillddeerr will aid you in rapid application development using the DDBB__DDaattaaOObbjjeecctt and HHTTMMLL__QQuuiicckkFFoorrmm packages. In order to have a quick but working prototype of your application, simply model the database, run DataObject's createTable script over it and write a script that passes one of the resulting objects to the FFoorrmmBBuuiillddeerr class. The FFoorrmmBBuuiillddeerr will automatically generate a sim- ple but working HHTTMMLL__QQuuiicckkFFoorrmm object that you can use to test your application. It also provides a processing method that will auto- matically detect if an iinnsseerrtt(()) or uuppddaattee(()) command has to be executed after the form has been submitted. If you have set up DataObject's links.ini file correctly, it will also automatically detect if a table field is a foreign key and will populate a selectbox with the linked table's entries. There are many optional parameters that you can place in your DataObjects.ini or in the properties of your derived classes, that you can use to fine-tune the form-generation, gradually turning the prototypes into fully-fea- tured forms, and you can take control at any stage of the process. DB 1.7.1 DB is a database abstraction layer providing: • An OO-style query API • Portability features that make programs written for one DBMS work with other DBMS's • A DSN (data source name) format for specifying database servers • Prepare/execute (bind) emulation for databases that don't support it natively • A result object for each query response • Portable error codes • Sequence emulation • Sequential and non-sequential row fetching as well as bulk fetching • Formats fetched rows as associative arrays, ordered arrays or objects • Row limit support • Transactions support • Table information interface • DocBook and phpDocumentor API documentation Cache_Lite 1.4.1 This package is a little cache system optimized for file containers. It is fast and safe (because it uses file locking and/or anti-corruption tests). XML_RPC 1.2.1 A PEAR-ified version of Useful Inc's XML-RPC for PHP. It has support for HTTP/HTTPS transport, proxies and authentication. I18Nv2 0.11.3 This package provides basic support to localize your application, like locale based formatting of dates, numbers and currencies. Beside that it attempts to provide an OS independent way to sseettllooccaallee(()) and aims to provide language, country and currency names translated into many languages. Maguma OpenStudio Maguma GmbH (Bolzano, Italy) will make the source code of Maguma Studio, Maguma's Windows- exclusive IDE, open! Beginning in March 2005 the full source code of Studio will be available for download and community participation. Maguma OpenStudio, as Maguma has named the product, is a milestone in the pursuit to the realization of Maguma's Open Source strategy. Maguma OpenStudio is a fast, easy and effective PHP IDE for beginners and professional developers alike. The newest product, the modular cross-plat- form IDE, Maguma Workbench, is Maguma’s second generation IDE and is also community focused through its flexibility to allows users to create custom modules for it. Maguma’s goal is to allow pro- grammers to "Have Fun Programming!" In March Maguma OpenStudio will be available for download on the Community site wwwwww pphhppwwiizzaarrdd nneett and on the Maguma Community site community hhttttpp::////ccoomm mmuunniittyy mmaagguummaa oorrgg// . For more information visit: hhttttpp::////mmaagguummaa oorrgg NNEEWW SSTTUUFFFF March 2005 ● PHP Architect ● www.phparch.com 9 Looking for a new PHP Extension? Check out some of the lastest offerings from PECL. big_int 1.0.0 Functions from this package are useful for number theory applications, or example in two-key cryptography. See tteessttss//RRSSAA pphhpp in the package for example of implementation of RSA-like cryptoalgorithm. The package has many bitset functions, which make it possible to work with arbitrary-length bitsets. This package is much faster than the one bundled into PHP BCMath and covers almost entirely the functions implemented in the PHP GMP extension without requiring any external libraries. Net_Gopher 1.0.0 An ffooppeenn(()) wrapper for retrieving documents via the gopher protocol. It includes additional function for parsing gopher directory entries. bz2_filter 1.1.0 A bzip2 compress/decompress stream filter implementation. It performs inline compression/decompression using the bzip2 algorithm on any PHP I/O stream. The data produced by this filter, while compatible with the payload portion of a bz2 file, does not include headers or trailers for full bz2 file compatibility. To achieve this format, use the ccoommpprreessss bbzziipp22:://// ffooppeenn wrapper built directly into PHP. intercept 0.2.0 Allows the user to request that a user-space function be called when a PHP function is executed. Support for class/object methods will be added later. mailparse 2.1.1 Mailparse is an extension for parsing and working with email messages. It can deal with rfc822 and rfc2045 (MIME) compliant messages. eZ publish 3.5.1 Ez.no announces the latest release of their content management system. From the announcement: ”eZ publish is an open source content management system and development framework. As a content management system (CMS) its most notable feature is its revolutionary, fully customiz- able, and extendable content model. This is also what makes it suitable as a platform for gener- al Web development. Its stand-alone libraries can be used for cross-platform, database independent PHP projects. eZ publish is also well suited for news publishing, e-commerce (B2B and B2C), portals, and corporate Web sites, intranets, and extranets. eZ publish is dual licenced between GPL and the eZ publish professional licence.” Get all the details from hhttttpp::////eezz nnoo// The Zend PHP Certification Practice Test Book is now available! We're happy to announce that, after many months of hard work, the Zend PHP Certification Practice Test Book, written by John Coggeshall and Marco Tabini, is now available for sale from our website and most book sellers worldwide! The book provides 200 questions designed as a learning and practice tool for the Zend PHP Certification exam. Each question has been written and edited by four members of the Zend Education Board the very same group who prepared the exam. The questions, which cover every topic in the exam, come with a detailed answer that explains not only the correct choice, but also the question's intention, pitfalls and the best strategy for tackling similar topics during the exam. For more information, visit hhttttpp::////wwwwww pphhppaarrcchh ccoomm//cceerrtt//mmoocckk__tteessttiinngg pphhpp W hen it comes to transferring data using the Internet, trying to make your files as small as possible is often a key element. It is rather lit- tle known, however, that PHP supports a variety of archive formats, in various ways: PHP extensions that are compiled in (or loaded using pphhpp iinnii settings or ddll(()) ), PEAR packages and other external scripts. This article surveys the most important and relevant possi- bilities in this area, always with short examples that are ready-to-use for your applications. PHP Extensions From a performance point of view, using a PHP exten- sion is very often the best way to solve a problem. Since you’re dealing with compiled code, performance is usually much better than interpreted PHP code. However, not all of these extensions are updated on a frequent basis and some of them lack important fea- tures. But before judging, let’s first have a closer look. The file format that is probably most widely used over the Internet is the ZIP format, because it has been around for a long time and applications to manipulate it are widely available on all platforms. Recent versions of Windows come with an internal ZIP module, but do not support other formats out of the box; Linux distri- butions and Mac OS X offer much more in this respect. Therefore, in order to avoid the hassle of additional software installation, using the ZIP format is a good idea. There is even a PHP module that supports ZIP— you can find it in the online manual at hhttttpp::////pphhpp nneett//mmaannuuaall//eenn//rreeff zziipp pphhpp . The module is a wrapper for the ZZIPlib library, a SourceForge project available at hhttttpp::////zzzziipplliibb ssff nneett// . This library sup- ports only extracting data from an archive, not creating new ZIP files. Therefore, it can only be used with exist- ing ZIP files. Doing so, however, is relatively easy: first, you have to ensure that the PHP module is present. If you are building PHP by yourself, you have to run ccoonn ffiigguurree with the ——wwiitthh zziipp==//ppaatthh//ttoo//zzzziipplliibb switch; Windows users just need to add the following line to their pphhpp iinnii file: extension=php_zip.dll REQUIREMENTS PHP 4.x , 5.x OS Any Other Software The modules and packages refer- enced in the article. Code Directory crunch March 2005 ● PHP Architect ● www.phparch.com FFEEAATTUURREE 10 Crunching Data with PHP by Christian Wenz There are various file formats to archive, pack, zip or crunch data. PHP supports many of them, in different ways: using external PHP scripts, PEAR packages or PHP extensions. FF EE AA TT UU RR EE [...]... not the authorization process, but, rather, the authentication process—that is, the process of actually finding out who is at the other end of the line This process is very simple, but within its simplicity lies the danger of complacency First, let me provide the code for a simple login screen, made up of two files—let’s call the page that contains the form login1 .php (Listing 1) and the page that the. .. automatically from the PHPDoc comments in the source code There is also a text file in PEAR’s doc directory that contains rather detailed information about the package Thankfully, the package can be used in a straightforward manner Again, it’s just a matter of taking the right steps in the right order: • First, load the PEAR module: require_once ‘Archive/Tar .php ; • Then, initialize the class: $tar =... check1 .php (Listing 2) The login process is straightforward to implement and it is a pervasive means of authentication Listing 1 contains a bare-bone login form which consists of two text boxes and two buttons, as shown in Figure 1 When either of the buttons is pressed, the form will post the name and password details to the check1 .php PHP script This, in turn, will capture the POST variables and then... frequently writes for renowned IT magazines and speaks at conferences around the globe He is Germany’s very first Zend Certified Professional, principal at the PHP Security Consortium and maintainer or co-maintainer of several PEAR projects To Discuss this article: http://forums.phparch.com/204 http://www.phparch.com NEW ! ce Lower Pri NEW COMBO NOW AVAILABLE: PDF + PRINT The Magazine For PHP Professionals... returns an array holding the container for the page, and a label for the tab You should also notice that I have connected a method to the switch-page signal This is raised any time the top page of the notebook changes It doesn’t matter if the page changes because the user clicks on a tab or if our code tells the notebook to bring a different page to the front—by connecting the signal to the showWarnings()... to the notebook’s switch-page signal simply grabs the array of errors from the package file manager and adds each one on its own line in the warnings area To add the text, we just call the insert_text() method of the GtkText widget insert_text() takes two parameters, the text to add and the position As with most string functions in PHP, -1 indicates the end of the string Listing 2 shows the code for. .. GtkVBoxes and GtkHBoxes Take note of the three parameters at the end of pack_start(): these are often forgotten, but can save you lots of headaches down the road The first, fill, tells the container whether or not the child widget should be resized to take up all of the available space when it is added The second, expand, lets the contain- March 2005 ● PHP Architect ● www.phparch.com Listing 3 1 . Development with PHP, Andrei Zmievski PHP- GTK2 The Magazine For PHP Professionals php| Tropics Moon Palace Resort, Cancun, Mexico. May 11-15 2005 At php| tropics, . form only in PHP 5. The library also contains some additional func- tions for gathering information about the files in the archive, including their size.