PHP vs Ruby

Posted on February 22nd, 2008 in PHP, Ruby On Rails by Ashish Tagged Frameworks, JavaScript, MySQL, PHP

PHP vs Ruby – Practical Language Differences

There are rather significant syntactical differences between PHP and Ruby. For example PHP requires semicolons at the end of lines and generally requires curly brackets to enclose blocks of code. Ruby, on the other hand, uses newline characters to denote the end of a line of code and many code constructs such as function definitions, and various loops are ended with the word “end” rather than being surrounded by curly braces. Below is an example of PHP vs Ruby syntax.

PHP Function

function say_hello($name) {
$out = "Hello $name";
return $out;
}

Ruby Function

def say_hello(name)
out = "Hello ${name}"
return out
end

In Ruby, you don’t have to specify the return line as the return value of the last evaluated line is returned automatically. There are other differences in syntax between PHP and Ruby and, in general, Ruby is more concise yet it is not cryptic. Another general note about PHP is that PHP has a very large number of “built-in” functions – many more than Ruby. The Rails framework adds some nice helper methods for formatting dates, numbers, currency, and the like. PHP, however, has a vast library of functions that can do almost anything you will need. The naming of the PHP functions and the order of the parameters they take are somewhat inconsistent, but the functions are there making PHP an amazingly complete tool set for web application development. An example of the naming inconsistency is evident in function names such as strpos() vs str_replace(). Sometimes an underscore is used to separate words and other times it’s not. While that can be annoying, it’s something you can memorize in time and it’s not a huge deal. What really matters to me is what can PHP do that Ruby can’t and vice versa.

PHP5 was first released over three years ago, July 13, 2007. Frustratingly, and for various compatibility reasons, PHP5 is just now beginning to be an available choice on shared hosting accounts. Nevertheless, my comparison is between PHP5 and Ruby. Both PHP5 and Ruby have object oriented features albeit, Ruby is more sophisticated in terms of OO constructs. But I wanted to know what the real difference is between the languages. When I begin development of my next web application, what will I notice in terms of the differences between the languages.

The Similarities Between PHP and Ruby

Before getting started, I know that PHP and Ruby have very significant syntactic differences and different people may prefer one over the other. So it may be harder to implement certain features in one language over the other. Nevertheless both languages can do almost the same things. Both languages have try/catch/throw style exception handling. Exceptions are new to PHP5 as PHP4 does not have them. Both languages can be used in an object oriented way. Ruby has more powerful object oriented features but most developers probably won’t notice a difference in a normal web application. Both languages have additional functionality that can be added through libraries. In general, when developing web applications, I have not yet run into a time when I was working with one language and hit a road block where the language I was using was not capable of expressing the functionality I needed. Sometimes things are easier in one language versus the other but both PHP and Ruby have been able to “do” the same things.

About Frameworks

You can’t talk about Ruby for web development without mentioning Rails. Rails is fantastic and makes developing web applications much easier due to all of the built-in functionality. My favorite aspect of Rails is the ActiveRecord functionality. Often times, many of the objects in my applications are virtually empty except for inheriting from ActiveRecord. Validation is a breeze with Rails and is usually one line such as:

validates_presence_of :attribte_name

The built-in error handling with error_messages_for is very helpful. If you need more flexibility with the display of error messages, there are plugins to available for that. The ability to turn email sending on and off for testing is extremely nice. Having different configuration files for live, testing, and development environments is great.

PHP has over 40 different frameworks available. I’ve spent a significant amount of time studying PHP frameworks. The most popular ones appear to by CakePHP and Symfony. Both of these frameworks are essentially Rails clones. I think Symfony is the largest, and most comprehensive of the two. My favorite PHP Framework, howevever, is CodeIgniter. It is a Model-View-Controller style framework and has a strong Rails feel to it, but it is much lighter weight. CodeIgniter has no code generators like Rails has. It does have an ActiveRecord style Database class but it is not as powerful as the ActiveRecord in Rails. It is, however, quite nice and very helpful – much better than nothing. CodeIgniter, as far as I know, does not have anything comparable to Migrations in Rails.

PHP Does Not Have Formal Namespaces

PHP does not officially support namespaces and Ruby does. So organizing your code in a PHP application is something that’s left to the developer to figure out. PHP5 has the ability to autoload classess that are undefined. It is a very useful function and one that I have used to organize my code into name spaces. I essentially name classes with underscores separating directory names. Here is my autoload function that replaces underscores with slashes to create a path to the class files that I am using.

define("PROJECT", "/path/to/project/classes/");
define("LIBRARY", "/path/to/my/main/php5/library/classes/");

I have a bunch of classes that I continually reuse in my PHP applications. The path to the root directory of my library is stored in the LIBRARY constant. Any classes I write that either extend my core library or are specific to the project I am working on get stored in the location specified by the PROJECT constant. This has been a system that works really well for me and is a good workaround for PHP not having namespaces. So PHP not having formal namespaces has not really hindered my development efforts.

Documentation

PHP kills Ruby and Rails when it comes to ease of finding, reading, and even generating documentation. The PHP website has wonderful, helpful, searchable documentation. The Rails Documentation is comprehensive but much harder to navigate and has far fewer code examples. PHPDocumentor also produces much better looking documentation that is easier to navigate than RDoc does.

Hosting Ruby (on Rails) Is Painful And Expensive

All the Ruby applications I have developed to date have used the Rails framework. So this is a comparison between hosting a PHP Application and a Ruby on Rails application. PHP has several good MVC style frameworks. My favorite is CodeIgniter and I’ll be posting an article about it soon. Using a framework or not, PHP is extremely easy to host. Locate virtually any hosting company, sign up for an account and start dropping your files on the server. I can’t say the same for Ruby on Rails.

I started off with a DreamHost account but performance and reliability were miserable. I ended up switching to a virtual dedicated server at Rimu Hosting and have been extremely please with their service. I’m running Apache 2.0 + Mongrel + ISPConfig and it’s working out nicely. But every time I want to deploy a new application I have to…

* Set up a mongrel cluster
* Configure 2 or three ports for the mongrel cluster
* Create a map file for my random load balancer
* Set up a way to restart the cluster if the server reboots
* Configure Apache to forward requests to the mongrel cluster
* Configure capistrano to deploy the application.

Fortunately capistrano handles all of the annoying tedium associated with deploying the application and restarting the server. So once capistrano is setup and working, future deployments are a breeze. Also worth noting, this assumes you have your source code in Subversion. So you have to make sure that Subversion is set up and accessible over the internet to the deployment server as well as your development machine. It is good practice to have you source code in version control and you should be doing this whether the project is PHP or Ruby. If you are not using subversion and, therefore, not using capistrano, deploy a rails application is very time consuming and frustrating. Lastly, you need ssh access to your deployment server if you are going to be using Ruby on Rails whereas PHP can be deployed entirely over FTP.

To have a reasonable and reliable hosting environment for Ruby on Rails applications, you should have a virtual private server (VPS) or a dedicated server. So that will cost you at least $50 per month. You can host multiple Rails applications on the same VPS but the RAM requirements for running the mongrel clusters will quickly catch up to you. While you could host well over 50 PHP sites running on your VPS you will only be able to have a handful of Rails applications.

Conclusion

I suspect very few people will argue that PHP is a more elegant language or is more powerful than Ruby. Frankly, Ruby is probably may favorite language that I have ever worked with and I have worked with Classic ASP, ASP.NET, VB.NET, C#, Java, and Perl all rather extensively over the years. Ruby is both highly expressive and concise which is rare and refreshing.

Rails is a very comprehensive and effective web development Framework and there’s nothing exactly like it in PHP. You get a huge amount of functionality for free. Developing in Ruby on Rails is also a very fast process because Ruby is a very concise language requiring much less typing than any other language I’ve worked with. CodeIgniter is a really nice PHP framework. It will give you a great boost when developing your next PHP application.

The hosting and deployment struggles with Ruby on Rails is a major sticking point for me though. As the owner of a web development company many of our smaller clients do not have the budget for their own VPS account and even if they did, we don’t have the staff to manage a large number of VPS accounts or dedicated servers. Keeping the security updates current, managing any issues that may occur with email, and all the other headaches that go along with managing your own VPS or Dedicated server is more than we care to take on for the relatively small, practical dfference between PHP and Ruby. For large projects, it may be worth the trouble, but for small to medium sized projects, PHP is much easier to deploy, less expensive to host, and the language is capable of taking on everything those types of sites require. For our projects, development time with PHP is not noticeably longer than with Ruby on Rails. Ruby on Rails integrates a lot of things for the developer.

There is ActiveRecord for managing the link between models and the database, migrations for keeping development and live databases in sync, built in testing, the ajax – prototype javascript library is included, and you get a well defined file system structure. While it may not all be packaged together as well, PHP can do all of the above.

Leave a comment... (0)

Ruby or PHP which one is for you

Posted on February 22nd, 2008 in PHP, Ruby On Rails by Ashish Tagged Frameworks, JavaScript, MySQL, PHP

Will Ruby kill PHP?

With the recent rise in popularity of the Ruby programming language (largely driven by the excellent but not perfect web framework called Rails), I’ve noticed a little fear in the air … fear on the part of some people in the PHP community.

Will Ruby kill PHP?

The short answer is: NO.

MY REASONING

Though Ruby and PHP are both scripting languages that make developing web applications much easier than it is, say in the Java world, they are very different beasts … each appeals to a different audience.

RUBY IS ELEGENT BUT COMPLEX

Before I go on, I want to point out that Ruby is a great language and I think it makes perfect sense for PHP developers to learn a little Ruby: it is always a good idea to learn other languages because it will make you a better programmer.

That said, I believe Ruby will not appeal to, or fill the need of most PHP’ers – Ruby can be a little too abstract.

JAVA NERDS LOVE RUBY

Ruby is attracting many from the Java world because it expresses very advanced concepts in a simple syntax – contrast this to Java’s (often times) kludgy and verbose representation.

Ruby appeals to the Java crowd because Java people have been trained to think in terms of large scale enterprise applications – regardless of the size of the project.

… These ‘abstractions’ (generally speaking) lend themselves well to larger projects.

WHY PHP WORKS

PHP is often criticized because it has both a procedural and an object oriented way of doing things. Some people think that this divergence (within the language), takes away from it … I think this is part of its strength!

Objected oriented constructs are great for creating cleaner designs that are easier to maintain and promote the possibility of code reusability. Code reuseability is an often touted advantage of OOP, but from what I’ve seen in the Java world, it is not achieved so often.

With OOP, there is a cost of added complexity and overhead – you simply have to write more code to do things when you do it via OOP.

PHP PROVES THAT NON OO LANGUAGES STILL HAVE THEIR PLACE

I would suggest that the vast majority of PHP work is found in simple projects:

* Email from a web page.
* Process a simple form and save to a database.
* Create a simple store with 10 items.

My point is, that for many PHP projects, OOP may be a little overkill.

WHY RUBY WILL NOT KILL PHP

In Ruby everything is an object (even numbers!) and the core language has very sophisticated constructs that need to be understood to use Ruby effectively – Ruby strength is also its’ weakness.

… I don’t see the majority of PHP users wanting to jump that deep into the world of programmatic abstraction – for most, there is simply no point.

Ruby is a very clean language and it has lots of things going for it. But PHP has lots of things going for it too. You can point out spots where Ruby code is cleaner than PHP, but you can point out spots where (I think) PHP code is cleaner than Ruby …

Today I would consider PHP the better choice because it is well established (lots of IDEs, open source projects, easy hosting etc ..) and proven.

Ruby is just starting to get into the mainstream … and there are still some fundamental issues with Ruby and web development.

For example: Ruby integration with APACHE is still not stable. It works … but there are known problems and can be a hassle to set up.

Ruby has a long way to go, I can’t argue for the programming details as I still like my Perl but from the SysAdmin side Ruby and Rails for the matter are an absolute nightmare.

Ruby in itself is slow, doesn’t understand threads like every other language out there so it doesn’t integrate into apache like PHP or Perl or Python or the other hundreds of web scripting languages.

Until Mongrel came out you were forced to use fast_cgi, which is a dead method of rendering pages, apache’s mod_fcgi is crap and lighttpd’s fcgi is better but the server itself is not stable enough for production.

Ruby has to start by modernizing it’s preprocessor before it even has a small chance in hell of overtaking PHP and even then Rails has a long way to go before it’s ready for the primetime, the ease at which a programmer can cause Rails to leak memory is astounding.

By: Stefan Mischook in Killersite.com

Leave a comment... (0)

symfony Open-Source PHP Web Framework

Posted on February 19th, 2008 in Frameworks by Ashish Tagged framework, JavaScript, MySQL, PHP

Symfony in Brief

A framework streamlines application development by automating many of the patterns employed for a given purpose. A framework also adds structure to the code, prompting the developer to write better, more readable, and more maintainable code. Ultimately, a framework makes programming easier, since it packages complex operations into simple statements.

Symfony is a complete framework designed to optimize the development of web applications by way of several key features. For starters, it separates a web application’s business rules, server logic, and presentation views. It contains numerous tools and classes aimed at shortening the development time of a complex web application. Additionally, it automates common tasks so that the developer can focus entirely on the specifics of an application. The end result of these advantages means there is no need to reinvent the wheel every time a new web application is built!

Symfony was written entirely in PHP 5. It has been thoroughly tested in various real-world projects, and is actually in use for high-demand e-business websites. It is compatible with most of the available databases engines, including MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. It runs on *nix and Windows platforms. Let’s begin with a closer look at its features.

Symfony Features

Symfony was built in order to fulfill the following requirements:

* Easy to install and configure on most platforms (and guaranteed to work on standard *nix and Windows platforms)
* Database engine-independent
* Simple to use, in most cases, but still flexible enough to adapt to complex cases
* Based on the premise of convention over configuration–the developer needs to configure only the unconventional
* Compliant with most web best practices and design patterns
* Enterprise-ready–adaptable to existing information technology (IT) policies and architectures, and stable enough for long-term projects
* Very readable code, with phpDocumentor comments, for easy maintenance
* Easy to extend, allowing for integration with other vendor libraries

Automated Web Project Features

Most of the common features of web projects are automated within symfony, as follows:

* The built-in internationalization layer allows for both data and interface translation, as well as content localization.
* The presentation uses templates and layouts that can be built by HTML designers without any knowledge of the framework. Helpers reduce the amount of presentation code to write by encapsulating large portions of code in simple function calls.
* Forms support automated validation and repopulation, and this ensures a good quality of data in the database and a better user experience.
* Output escaping protects applications from attacks via corrupted data.
* The cache management features reduce bandwidth usage and server load.
* Authentication and credential features facilitate the creation of restricted sections and user security management.
* Routing and smart URLs make the page address part of the interface and search-engine friendly.
* Built-in e-mail and API management features allow web applications to go beyond the classic browser interactions.
* Lists are more user-friendly thanks to automated pagination, sorting, and filtering.
* Factories, plug-ins, and mixins provide a high level of extensibility.
* Ajax interactions are easy to implement thanks to one-line helpers that encapsulate cross-browser-compatible JavaScript effects.

Development Environment and Tools

To fulfill the requirements of enterprises having their own coding guidelines and project management rules, symfony can be entirely customized. It provides, by default, several development environments and is bundled with multiple tools that automate common software-engineering tasks:

* The code-generation tools are great for prototyping and one-click back-end administration.
* The built-in unit and functional testing framework provides the perfect tools to allow test-driven development.
* The debug panel accelerates debugging by displaying all the information the developer needs on the page he’s working on.
* The command-line interface automates application deployment between two servers.
* Live configuration changes are possible and effective.
* The logging features give administrators full details about an application’s activities.

Who Made Symfony and Why?

The first version of symfony was released in October 2005 by project founder Fabien Potencier, coauthor of this book. Fabien is the CEO of Sensio (http://www.sensio.com/), a French web agency well known for its innovative views on web development.

Back in 2003, Fabien spent some time inquiring about the existing open source development tools for web applications in PHP. He found that none fulfilled the previously described requirements. When PHP 5 was released, he decided that the available tools had reached a mature enough stage to be integrated into a full-featured framework. He subsequently spent a year developing the symfony core, basing his work on the Mojavi Model-View-Controller (MVC) framework, the Propel object-relational mapping (ORM), and the Ruby on Rails templating helpers.

Fabien originally built symfony for Sensio’s projects, because having an effective framework at your disposal presents an ideal way to develop applications faster and more efficiently. It also makes web development more intuitive, and the resulting applications are more robust and easier to maintain. The framework entered the proving grounds when it was employed to build an e-commerce website for a lingerie retailer, and subsequently was applied to other projects.

After successfully using symfony for a few projects, Fabien decided to release it under an open source license. He did so to donate this work to the community, to benefit from user feedback, to showcase Sensio’s experience, and because it’s fun.

Why "symfony" and not "FooBarFramework"? Because Fabien wanted a short name containing an s, as in Sensio, and an f, as in framework–easy to remember and not associated with another development tool. Also, he doesn’t like capital letters. symfony was close enough, even if not completely English, and it was also available as a project name. The other alternative was "baguette."

For symfony to be a successful open source project, it needed to have extensive documentation, in English, to increase the adoption rate. Fabien asked fellow Sensio employee François Zaninotto, the other author of this book, to dig into the code and write an online book about it. It took quite a while, but when the project was made public, it was documented well enough to appeal to numerous developers. The rest is history.

The Symfony Community

As soon as the symfony website (http://www.symfony-project.org/) was launched, numerous developers from around the world downloaded and installed the framework, read the online documentation, and built their first application with symfony, and the buzz began to mount.

Web application frameworks were getting popular at that time, and the need for a full-featured framework in PHP was high. Symfony offered a compelling solution due to its impressive code quality and significant amount of documentation–two major advantages over the other players in the framework category. Contributors soon began to surface, proposing patches and enhancements, proofreading the documentation, and performing other much-needed roles.

The public source repository and ticketing system offer a variety of ways to contribute, and all volunteers are welcome. Fabien is still the main committer in the trunk of the source code repository, and guarantees the quality of the code.

Today, the symfony forum, mailing lists, and Internet Relay Chat (IRC) channel offer ideal support outlets, with seemingly each question getting an average of four answers. Newcomers install symfony every day, and the wiki and code snippets sections host a lot of user-contributed documentation. The number of known symfony applications increases by an average of five per week, and counting.

Is Symfony for Me?

Whether you are a PHP 5 expert or a newcomer to web application programming, you will be able to use symfony. The main factor in deciding whether or not to do so is the size of your project.

If you want to develop a simple website with five to ten pages, limited access to a database, and no obligations to ensuring its performance or providing documentation, then you should stick with PHP alone. You wouldn’t gain much from a web application framework, and using object orientation or an MVC model would likely only slow down your development process. As a side note, symfony is not optimized to run efficiently on a shared server where PHP scripts can run only in Common Gateway Interface (CGI) mode.

On the other hand, if you develop more complex web applications, with heavy business logic, PHP alone is not enough. If you plan on maintaining or extending your application in the future, you will need your code to be lightweight, readable, and effective. If you want to use the latest advances in user interaction (like Ajax) in an intuitive way, you can’t just write hundreds of lines of JavaScript. If you want to have fun and develop fast, then PHP alone will probably be disappointing. In all these cases, symfony is for you.

And, of course, if you are a professional web developer, you already know all the benefits of web application frameworks, and you need one that is mature, well documented, and has a large community. Search no more, for symfony is your solution.

If you would like a visual demonstration, take a look at the screencasts available from the symfony website. You will see how fast and fun it is to develop applications with symfony.

Fundamental Concepts

Before you get started with symfony, you should understand a few basic concepts. Feel free to skip ahead if you already know the meaning of OOP, ORM, RAD, DRY, KISS, TDD, YAML, and PEAR.

PHP 5

Symfony is developed in PHP 5 (http://www.php.net/) and dedicated to building web applications with the same language. Therefore, a solid understanding of PHP 5 is required to get the most out of the framework.

Developers who already know PHP 4 but not PHP 5 should mainly focus on the language’s new object-oriented model.

Object-Oriented Programming (OOP)

Object-oriented programming (OOP) will not be explained in this chapter. It needs a whole book itself! Because symfony makes extensive use of the object-oriented mechanisms available as of PHP 5, OOP is a prerequisite to learning symfony.

Wikipedia explains OOP as follows:

The idea behind object-oriented programming is that a computer program may be seen as comprising a collection of individual units, or objects, that act on each other, as opposed to a traditional view in which a program may be seen as a collection of functions, or simply as a list of instructions to the computer.

PHP 5 implements the object-oriented paradigms of class, object, method, inheritance, and much more. Those who are not familiar with these concepts are advised to read the related PHP documentation, available at http://www.php.net/manual/en/language.oop5.basic.php.
Magic Methods

One of the strengths of PHP’s object capabilities is the use of magic methods. These are methods that can be used to override the default behavior of classes without modifying the outside code. They make the PHP syntax less verbose and more extensible. They are easy to recognize, because the names of the magic methods start with two underscores (__).

For instance, when displaying an object, PHP implicitly looks for a __toString() method for this object to see if a custom display format was defined by the developer:

$myObject = new myClass();
echo $myObject;
// Will look for a magic method
echo $myObject->__toString();

Symfony uses magic methods, so you should have a thorough understanding of them. They are described in the PHP documentation (http://www.php.net/manual/en/language.oop5.magic.php).

PHP Extension and Application Repository (PEAR)

PEAR is "a framework and distribution system for reusable PHP components." PEAR allows you to download, install, upgrade, and uninstall PHP scripts. When using a PEAR package, you don’t need to worry about where to put scripts, how to make them available, or how to extend the command-line interface (CLI).

PEAR is a community-driven project written in PHP and shipped with standard PHP distributions.

The PEAR website, http://pear.php.net/, provides documentation and packages grouped by categories.

PEAR is the most professional way to install vendor libraries in PHP. Symfony advises the use of PEAR to keep a central installation point for use across multiple projects. The symfony plug-ins are PEAR packages with a special configuration. The symfony framework itself is available as a PEAR package.

You don’t need to know all about the PEAR syntax to use symfony. You just need to understand what it does and have it installed. You can check that PEAR is installed in your computer by typing the following in a CLI:

> pear info pear

This command will return the version number of your PEAR installation.

The symfony project has its own PEAR repository, or channel. Note that channels are available only since version 1.4.0 of PEAR, so you should upgrade if your version is older. To upgrade your version of PEAR, issue the following command:

> pear upgrade PEAR

Object-Relational Mapping (ORM)

Databases are relational. PHP 5 and symfony are object-oriented. In order to access the database in an object-oriented way, an interface translating the object logic to the relational logic is required. This interface is called an object-relational mapping, or ORM.

An ORM is made up of objects that give access to data and keep business rules within themselves.

One benefit of an object/relational abstraction layer is that it prevents you from using a syntax that is specific to a given database. It automatically translates calls to the model objects to SQL queries optimized for the current database.

This means that switching to another database system in the middle of a project is easy. Imagine that you have to write a quick prototype for an application, but the client has not decided yet which database system would best suit his needs. You can start building your application with SQLite, for instance, and switch to MySQL, PostgreSQL, or Oracle when the client is ready to decide. Just change one line in a configuration file, and it works.

An abstraction layer encapsulates the data logic. The rest of the application does not need to know about the SQL queries, and the SQL that accesses the database is easy to find. Developers who specialize in database programming also know clearly where to go.

Using objects instead of records, and classes instead of tables, has another benefit: you can add new accessors to your tables. For instance, if you have a table called Client with two fields, FirstName and LastName, you might like to be able to require just a Name. In an object-oriented world, this is as easy as adding a new accessor method to the Client class, like this:

public function getName()
{
return $this->getFirstName().’ ‘.$this->getLastName();
}

All the repeated data-access functions and the business logic of the data can be maintained within such objects. For instance, consider a class ShoppingCart in which you keep items (which are objects). To retrieve the full amount of the shopping cart for the checkout, you can add a getTotal() method, like this:

public function getTotal()
{
$total = 0;
foreach ($this->getItems() as $item)
{
$total += $item->getPrice() * $item->getQuantity();
}
return $total;
}

And that’s it. Imagine how long it would have required to write a SQL query doing the same thing!

Propel, another open source project, is currently one of the best object/relational abstraction layers for PHP 5. Symfony integrates Propel seamlessly into the framework, so most of the data manipulation described in this book follows the Propel syntax. This book will describe how to use the Propel objects, but for a more complete reference, a visit to the Propel website (http://propel.phpdb.org/trac/) is recommended.

Rapid Application Development (RAD)

Programming web applications has long been a tedious and slow job. Following the usual software engineering life cycles (like the one proposed by the Rational Unified Process, for instance), the development of web applications could not start before a complete set of requirements was written, a lot of Unified Modeling Language (UML) diagrams were drawn, and tons of preliminary documentation were produced. This was due to the general speed of development, to the lack of versatility of programming languages (you had to build, compile, restart, and who knows what else before actually seeing your program run), and most of all, to the fact that clients were quite reasonable and didn’t change their minds constantly.

Today, business moves faster, and clients tend to constantly change their minds in the course of the project development. Of course, they expect the development team to adapt to their needs and modify the structure of an application quickly. Fortunately, the use of scripting languages like Perl and PHP makes it easy to apply other programming strategies, such as rapid application development (RAD) or agile software development.

One of the ideas of these methodologies is to start developing as soon as possible so that the client can review a working prototype and offer additional direction. Then the application gets built in an iterative process, releasing increasingly feature-rich versions in short development cycles.

The consequences for the developer are numerous. A developer doesn’t need to think about the future when implementing a feature. The method used should be as simple and straightforward as possible. This is well illustrated by the maxim of the KISS principle: Keep It Simple, Stupid.

When the requirements evolve or when a feature is added, existing code usually has to be partly rewritten. This process is called refactoring, and happens a lot in the course of a web application development. Code is moved to other places according to its nature. Duplicated portions of code are refactored to a single place, thus applying the Don’t Repeat Yourself (DRY) principle.

And to make sure that the application still runs when it changes constantly, it needs a full set of unit tests that can be automated. If well written, unit tests are a solid way to ensure that nothing is broken by adding or refactoring code. Some development methodologies even stipulate writing tests before coding–that’s called test-driven development (TDD).

There are many other principles and good habits related to agile development. One of the most effective agile development methodologies is called Extreme Programming (abbreviated as XP), and the XP literature will teach you a lot about how to develop an application in a fast and effective way. A good starting place is the XP series books by Kent Beck (Addison-Wesley).

Symfony is the perfect tool for RAD. As a matter of fact, the framework was built by a web agency applying the RAD principle for its own projects. This means that learning to use symfony is not about learning a new language, but more about applying the right reflexes and the best judgment in order to build applications in a more effective way.

The symfony project website proposes a step-by-step tutorial illustrating the development of an application in an agile way. It is called askeet (http://www.symfony-project.org/askeet), and is recommended reading for those who want to learn more about agile development.

YAML

According to the official YAML website (http://www.yaml.org/), YAML is "a straightforward machine parsable data serialization format designed for human readability and interaction with scripting languages." Put another way, YAML is a very simple language used to describe data in an XML-like way but with a much simpler syntax. It is especially useful to describe data that can be translated into arrays and hashes, like this:

$house = array(
‘family’ => array(
‘name’ => ‘Doe’,
‘parents’ => array(’John’, ‘Jane’),
‘children’ => array(’Paul’, ‘Mark’, ‘Simone’)
),
‘address’ => array(
‘number’ => 34,
’street’ => ‘Main Street’,
‘city’ => ‘Nowheretown’,
‘zipcode’ => ‘12345′
)
);

This PHP array can be automatically created by parsing the YAML string:

house:
family:
name: Doe
parents:
- John
- Jane
children:
- Paul
- Mark
- Simone
address:
number: 34
street: Main Street
city: Nowheretown
zipcode: "12345"

In YAML, structure is shown through indentation, sequence items are denoted by a dash, and key/value pairs within a map are separated by a colon. YAML also has a shorthand syntax to describe the same structure with fewer lines, where arrays are explicitly shown with [] and hashes with {}. Therefore, the previous YAML data can be written in a shorter way, as follows:

house:
family: { name: Doe, parents: [John, Jane], children: [Paul, Mark, Simone] }
address: { number: 34, street: Main Street, city: Nowheretown, zipcode: "12345" }

YAML is an acronym for "YAML Ain’t Markup Language" and pronounced "yamel". The format has been around since 2001, and YAML parsers exist for a large variety of languages.

The specifications of the YAML format are available at http://www.yaml.org/.

As you can see, YAML is much faster to write than XML (no more closing tags or explicit quotes), and it is more powerful than .ini files (which don’t support hierarchy). That is why symfony uses YAML as the preferred language to store configuration. You will see a lot of YAML files in this book, but it is so straightforward that you probably don’t need to learn more about it.

For Installation Instruction Please Visit Here.

Leave a comment... (0)

CakePHP an Open Source PHP Framework

Posted on February 18th, 2008 in Frameworks by Ashish Tagged Frameworks, JavaScript, MySQL, PHP

CakePHP is a free open-source rapid development framework for PHP. Its a structure of libraries, classes and run-time infrastructure for programmers creating web applications originally inspired by the Ruby on Rails framework. Primary goal is to enable developers to work in a structured and rapid manner – without loss of flexibility.

In 2005, Michal Tatarynowicz wrote a minimal version of a Rapid Application Framework in PHP. He found that it was the start of a very good framework. Michal published the framework under the MIT license, dubbing it Cake, and opened it up to a community of developers, who now maintain Cake under the name CakePHP.

Features of CakePHP

CakePHP has several features that make it a great choice as a framework for developing applications swiftly and with the least amount of hassle. Here are a few in no particular order:

1. Active, friendly community
2. Flexible Licensing
3. Compatibility with PHP4 and PHP5
4. Integrated CRUD for database interaction and simplified queries
5. Application Scaffolding
6. Model View Controller (MVC) Architecture
7. Request dispatcher with good looking, custom URLs
8. Built-in Validation
9. Fast and flexible templating (PHP syntax, with helpers)
10. View Helpers for AJAX, Javascript, HTML Forms and more
11. Security, Session, and Request Handling Components
12. Flexible access control lists
13. Data Sanitization
14. Flexible View Caching
15. Works from any web site subdirectory, with little to no Apache configuration involved

Requirements

In order use CakePHP you must first have a server that has all the required libraries and programs to run CakePHP:
Server Requirements

Here are the requirements for setting up a server to run CakePHP:

1. An HTTP server (like Apache) with the following enabled: sessions, mod_rewrite (not absolutely necessary but preferred)
2. PHP 4.3.2 or greater. Yes, CakePHP works great in either PHP 4 or 5.
3. A database engine (right now, there is support for MySQL 4+, PostgreSQL and a wrapper for ADODB).

Installing CakePHP : Getting the most recent stable version

There are a few ways you can secure a copy of CakePHP: getting a stable release from CakeForge, grabbing a nightly build, or getting a fresh version of code from SVN.

To download a stable version of code, check out the files section of the CakePHP project at CakeForge by going to http://cakeforge.org/projects/cakephp/.

To grab a nightly, download one from http://cakephp.org/downloads/index/nightly. These nightly releases are stable, and often include the bug fixes between stable releases.

To grab a fresh copy from our SVN repository, use your favorite SVN client and connect to https://svn.cakephp.org/repo/trunk/cake/ and choose the version you’re after.

Unpacking

Once you’ve downloaded the most recent release, place that compressed package on your web server in the webroot. Now you need to unpack the CakePHP package. There are two ways to do this, using a development setup, which allows you to easily view many CakePHP applications under a single domain, or using the production setup, which allows for a single CakePHP application on the domain.

Setting Up CakePHP

The first way to setup CakePHP is generally only recommended for development environments because it is less secure. The second way is considered more secure and should be used in a production environment.

NOTE: /app/tmp must be writable by the user that your web server runs as.

Development Setup

For development we can place the whole Cake installation directory inside the specified DocumentRoot like this:

/wwwroot
/cake
/app
/cake
/vendors
.htaccess
index.php

In this setup the wwwroot folder acts as the web root so your URLs will look something like this (if you’re also using mod_rewrite):

www.example.com/cake/controllerName/actionName/param1/param2

Production Setup

In order to utilize a production setup, you will need to have the rights to change the DocumentRoot on your server. Doing so, makes the whole domain act as a single CakePHP application.

The production setup uses the following layout:

../path_to_cake_install
/app
/config
/controllers
/models
/plugins
/tmp
/vendors
/views
/webroot <– This should be your new DocumentRoot
.htaccess
index.php
/cake
/vendors
.htaccess
index.php

Suggested Production httpd.conf

DocumentRoot /path_to_cake/app/webroot

In this setup the webroot directory is acting as the web root so your URLs might look like this (if you’re using mod_rewrite):

http://www.example.com/controllerName/actionName/param1/param2

Advanced Setup: Alternative Installation Options

There are some cases where you may wish to place Cake’s directories on different places on disk. This may be due to a shared host restriction, or maybe you just want a few of your apps to share the same Cake libraries.

There are three main parts to a Cake application:

1. The core CakePHP libraries – Found in /cake
2. Your application code (e.g. controllers, models, layouts and views) – Found in /app
3. Your application webroot files (e.g. images, javascript and css) – Found in /app/webroot

Each of these directories can be located anywhere on your file system, with the exception of the webroot, which needs to be accessible by your web server. You can even move the webroot folder out of the app folder as long as you tell Cake where you’ve put it.

To configure your Cake installation, you’ll need to make some changes to /app/webroot/index.php (as it is distributed in Cake). There are three constants that you’ll need to edit: ROOT, APP_DIR, and CAKE_CORE_INCLUDE_PATH.

1. ROOT should be set to the path of the directory that contains your app folder.
2. APP_DIR should be set to the path of your app folder.
3. CAKE_CORE_INCLUDE_PATH should be set to the path of your Cake libraries folder.

/app/webroot/index.php (partial, comments removed)
if (!defined(’ROOT’))
{
define(’ROOT’, dirname(dirname(dirname(__FILE__))));
}

if (!defined(’APP_DIR’))
{
define (’APP_DIR’, basename(dirname(dirname(__FILE__))));
}

if (!defined(’CAKE_CORE_INCLUDE_PATH’))
{
define(’CAKE_CORE_INCLUDE_PATH’, ROOT);
}

An example might help illustrate this better. Imagine that I wanted to set up Cake to work with the following setup:

1. I want my Cake libraries shared with other applications, and placed in /usr/lib/cake.
2. My Cake webroot directory needs to be /var/www/mysite/.
3. My application files will be stored in /home/me/mysite.

Here’s what the file setup looks like:

/home
/me
   /mysite <– Used to be /cake_install/app
      /config
      /controllers
      /models
      /plugins
      /tmp
/vendors
      /views
index.php

/var
   /www
     /mysite <– Used to be /cake_install/app/webroot
       /css
       /files
       /img
       /js
       .htaccess
        css.php
        favicon.ico
        index.php

/usr
    /lib
        /cake <– Used to be /cake_install/cake
            /cake
                /config
                /docs
                /libs
                /scripts
                app_controller.php
                app_model.php
                basics.php
                bootstrap.php
                dispatcher.php
                /vendors

Given this type of setup, I would need to edit my webroot index.php file (which should be at /var/www/mysite/index.php, in this example) to look like the following:

It is recommended to use the ‘DS’ constant rather than slashes to delimit file paths. This prevents any ‘missing file’ errors you might get as a result of using the wrong delimiter, and it makes your code more portable.
if (!defined(’ROOT’))
{
define(’ROOT’, DS.’home’.DS.’me’);
}

if (!defined(’APP_DIR’))
{
define (’APP_DIR’, ‘mysite’);
}

if (!defined(’CAKE_CORE_INCLUDE_PATH’))
{
define(’CAKE_CORE_INCLUDE_PATH’, DS.’usr’.DS.’lib’.DS.’cake’);
}

Configuring Apache and mod_rewrite

While CakePHP is built to work with mod_rewrite out of the box, we’ve noticed that a few users struggle with getting everything to play nicely on their systems. Here are a few things you might try to get it running correctly:

1. Make sure that an .htaccess override is allowed: in your httpd.conf, you should have a section that defines a section for each Directory on your server. Make sure the AllowOverride is set to All for the correct Directory.
2. Make sure you are editing the system httpd.conf rather than a user- or site-specific httpd.conf.
3. For some reason or another, you might have obtained a copy of CakePHP without the needed .htaccess files. This sometimes happens because some operating systems treat files that start with ‘.’ as hidden, and don’t copy them. Make sure your copy of CakePHP is from the downloads section of the site or our SVN repository.
4. Make sure you are loading up mod_rewrite correctly! You should see something like LoadModule rewrite_module libexec/httpd/mod_rewrite.so and AddModule mod_rewrite.c in your httpd.conf.
5. If you are installing Cake into a user directory (http://example.com/~myusername/), you’ll need to modify the .htaccess files in the base directory of your Cake installation, and in the app/webroot folder. Just add the line "RewriteBase /~myusername/".
6. If for some reason your URLS are suffixed with a long, annoying session ID (http://example.com/posts/?CAKEPHP=4kgj577sgabvnmhjgkdiuy1956if6ska), you might also add "php_flag session.trans_id off" to the .htaccess file at the root of your installation as well.

Database Configuration

Your app/config/database.php file is where your database configuration all takes place. A fresh install doesn’t have a database.php, so you’ll need to make a copy of database.php.default. Once you’ve made a copy and renamed it you’ll see the following:

app/config/database.php

var $default = array(’driver’ => ‘mysql’,
‘connect’ => ‘mysql_connect’,
‘host’ => ‘localhost’,
‘login’ => ‘user’,
‘password’ => ‘password’,
‘database’ => ‘project_name’,
‘prefix’ => ”);

Replace the information provided by default with the database connection information for your application.

One note about the prefix key: the string you enter there will be prepended to any SQL call that Cake makes to your database when working with tables. You define it here once so you don’t have to specify it in other places. It also allows you to follow Cake’s table naming conventions if you’re on a host that only gives you a single database. Note: for HABTM join tables, you only add the prefix once: prefix_apples_bananas, not prefix_apples_prefix_bananas.

CakePHP supports the following database drivers:

1. mysql
2. postgres
3. sqlite
4. pear-drivername (so you might enter pear-mysql, for example)
5. adodb-drivername

The ‘connect’ key in the $default connection allows you to specify whether or not the database connection will be treated as persistent or not. Read the comments in the database.php.default file for help on specifying connection types for your database setup.

Your database tables should also follow the following conventions:

1. Table names used by Cake should consist of English words in plural, like "users", "authors" or "articles". Note that corresponding models have singular names.
2. Your tables must have a primary key named ‘id’.
3. If you plan to relate tables, use foreign keys that look like: ‘article_id’. The table name is singular, followed by an underscore, followed by ‘id’.
4. If you include a ‘created’ and/or ‘modified’ column in your table, Cake will automatically populate the field when appropriate.

You’ll also notice that there is a $test connection setting included in the database.php file. Fill out this configuration (or add other similarly formatted configurations) and use it in your application by placing something like:
var $useDbConfig = ‘test’;

Inside one of your models. You can add any number of additional connection settings in this manner.

Global Configuration

CakePHP’s global configuration can be found in app/config/core.php. While we really dislike configuration files, it just had to be done. There are a few things you can change here, and the notes on each of these settings can be found within the comments of the core.php file.

DEBUG: Set this to different values to help you debug your application as you build it. Specifying this setting to a non-zero value will force Cake to print out the results of pr( ) and debug( ) function calls, and stop flash messages from forwarding automatically. Setting it to 2 or higher will result in SQL statements being printed at the bottom of the page.

Also when in debug mode (where DEBUG is set to 1 or higher), Cake will render certain generated error pages, i.e. "Missing Controller," "Missing Action," etc. In production mode, however (where DEBUG is set to 0), Cake renders the "Not Found" page, which can be overridden in app/views/errors/error404.thtml.

CAKE_SESSION_COOKIE: Change this value to the name of the cookie you’d like to use for user sessions in your Cake app.

CAKE_SECURITY: Change this value to indicate your preferred level of sessions checking. Cake will timeout sessions, generate new session ids, and delete old session files based on the settings you provide here. The possible values are:

1. high: sessions time out after 20 minutes of inactivity, and session id’s are regenerated on each request
2. medium: sessions time out after 200 minutes of inactivity
3. low: sessions time out after 600 minutes of inactivity

CAKE_SESSION_SAVE: Specify how you’d like session data saved. Possible values are:

1. cake: Session data is saved in tmp/ inside your Cake installation
2. php: Session data saved as defined in php.ini
3. database: Session data saved to database connection defined by the ‘default’ key.

Routes Configuration

"Routing" is a pared-down pure-PHP mod_rewrite-alike that can map URLs to controller/action/params and back. It was added to Cake to make pretty URLs more configurable and to divorce us from the mod_rewrite requirement. Using mod_rewrite, however, will make your address bar look much more tidy.

Routes are individual rules that map matching URLs to specific controllers and actions. Routes are configured in the app/config/routes.php file. They are set-up like this:

Route Pattern
<?php
$Route->connect (
‘URL’,
array(’controller’=>’controllername’,
‘action’=>’actionname’, ‘firstparam’)
);
?>

Where:

1. URL is the regular expression Cake URL you wish to map,
2. controllername is the name of the controller you wish to invoke,
3. actionname is the name of the controller’s action you wish to invoke,
4. and firstparam is the value of the first parameter of the action you’ve specified.

Any parameters following firstparam will also be passed as parameters to the controller action.

Leave a comment... (0)

php.MVC is an open source framework for PHP Web applications

Posted on February 18th, 2008 in Frameworks by Ashish Tagged Frameworks, JavaScript, MySQL, PHP

php.MVC implements the Model-View-Controller (MVC) design pattern, and encourages application design based on the Model 2 paradigm. This design model allows the Web page or other contents (View) to be mostly separated from the internal application code (Controller/Model), making it easier for designers and programmers to focus on their respective areas of expertise.

The framework provides a single entry point Controller. The Controller is responsible for allocating HTTP requests to the appropriate Action handler (Model) based on configuration mappings.

The Model contains the business logic for the application. The Controller then forwards the request to the appropriate View component, which is usually implemented using a combination of HTML with PHP tags in the form of templates. The resulting contents are returned to the client browser, or via another protocol such as SMTP.

php.MVC is a PHP port of Jakarta Struts. It currently supports many features of Struts, including declarative application configuration via the XML digester.

Key Features of php.MVC

• Free OpenSource software: This gives users full control of the software, and the able to modify the source code to suit specific needs.

• Security: php.MVC applications have only one entry point (per application). This makes it easy to protect sensitive application code and data.

• Flexible Installation: Individual php.MVC applications can be installed outside of the main php.MVC library directory tree.

• Multi-applications: There is no limit to the number of applications per php.MVC installation.

• Object Oriented design (OOD). The php.MVC framework is based on OOD principles, making it more extendable and maintainable.

• Database integration: The php.MVC framework ships with the Pear::DB Database Abstraction Layer, and a driver for the MySQL relational database manager (RDBM) is provided.

• Action Chaining: php.MVC allows for passing control to other Actions. This makes it easy to process a sequence of Actions (business logic classes) and static resources (pages).

• XML configuration: php.MVC uses declarative application configurations using Extensible Markup Language (XML) files. Each application has its own XML configuration file.

• MVC Model 2 design: php.MVC implements the Model-View-Controller (MVC) Model 2 design pattern. The Model 2 paradigm allows the separation of the application presentation from the business logic, making it easier for designers and programmers to focus on their respective areas of expertise.

• Form button mapping: php.MVC implements the LookupDispatchAction class to enable HTML form buttons to be mapped to particular business logic methods. For example, a form submit button called "Add to Cart" could be mapped to an Action class method called MyCartAction->addToCart(…).

• Message Resources: php.MVC provides a PropertyMessageResources class that handles messages in text string properties files with parametric replacement. This can provide Locale-sensitive messages for internationalized applications.

• The php.MVC framework is based on Jakarta Struts application framework design. Struts has proven to be reliable, extendable and well supported.

Requirements

• PHP enabled Web server

• PHP v. 4.1.0 or greater

• XML parser (James Clark’s expat is usually included with most PHP versions)

Installation

MS Windows Installation

1) Copy the phpmvc-beta-xxx.zip archive to the Web server (SCP/FTP)

2) Unpack the tarball zip

• SSH to the Web server

• Change to the directory where phpmvc will live. Eg: C:\WWW\

• Backup/move any existing phpmvc directory. Eg: C:\WWW\phpmvc-BAK

• Unzip the phpmvc-beta-xxx.zip archive to the target directory.
Eg: C:\WWW\phpmvc

• Remove the phpmvc-beta-xxx.zip tarball [optional]

3) Setup the Simple Example application

• Move into the main phpmvc directory. Eg: C:\WWW\phpmvc

• Set the Simple Example application root and module directory in Main.php
Note: These paths are absolute file-system paths.
Note: In this case the paths are the same as Simple Example Main.php file is in the php.MVC root directory.

/* ———- Application Paths ———- */
// Set php.MVC library root directory
$appServerRootDir = ‘C:/WWW/phpmvc’; // no trailing slash

// Set the application path
$moduleRootDir = ‘C:/WWW/phpmvc’; // no trailing slash
/* ———- Application Paths ———- */

• Enable write permission on the WEB-INF/phpmvc-config.data file.
Note: The Web server must have write permission on WEB- INF/phpmvc-config.data file
Note: The WEB-INF/* directory tree should be accessable ONLY by localhost per .htaccess file
Note: If you have admin access to the server, change the phpmvc-config.data file to be writable
by the Web server group for added security.

4) Setup the OOHForms demo module

• Move into the OOHForms demo module directory. Eg: C:\WWW\phpmvc\oohforms

• Set the OOHForms demo application root and module directory in Main.php
Note: These paths are absolute file-system paths.

/* ———- Application Paths ———- */
// Set php.MVC library root directory
$appServerRootDir = ‘C:/WWW/phpmvc’; // no trailing slash

// Set the application path
$moduleRootDir = ‘C:/WWW/phpmvc/oohforms’; // no trailing slash
/* ———- Application Paths ———- */

• Enable write permission on the WEB-INF/phpmvc-config.data file for this application.
Note: As above

5) Test Web access to WEB-INF/*

• There should be NO access or directory listing to WEB-INF/* in the main or sub application.

6) Test the basic php.MVC framework demos

• The Simple Example:
Browse to your install directory, with the path "do=stdLogon".
Eg: http://myserver.com/phpmvc/Main.php?do=stdLogon

• The OOHForms demo:
Browse to the phpmvc/oohforms/index.php file and follow the links.

7) Troubleshooting

• If all you get is file path errors, please try setting the $osType variable in the Main.php files to the correct server OS.
Eg: $osType = ‘WINDOWS’;

Linux (Redhat) Installation

1) Copy phpmvc-beta-xxx.tgz to the Web server (FTP)

2) Unpack the tarball

• SSH to the Web server

• Change to the directory where phpmvc will live.
bash$ cd www

• Backup/move any existing phpmvc directory
bash$ mv phpmvc phpmvc-BAK

• Create the phmmvc directory and unpack archive
bash$ tar xvzf phpmvc-20021126.tgz

• Remove the phpmvc-beta-xxx.tgz tarball [optional]
bash$ rm phpmvc-beta-xxx.tgz

3) Setup the Simple Example application

• Move into the main phpmvc directory
bash$ cd phpmvc
Check the path to the phpmvc root directory ($appServerRootDir)
bash$ pwd (/home/myhome/www/phpmvc)

/* ———- Application Paths ———- */
// Set php.MVC library root directory
$appServerRootDir = ‘/home/myhome/www/phpmvc’; // no trailing slash

// Set the application path
$moduleRootDir = ‘/home/myhome/www/phpmvc’; // no trailing slash
/* ———- Application Paths ———- */

• Enable write permission on the phpmvc-config.data file.
bash$ chmod o+w WEB-INF/phpmvc-config.data (*** world writable ***)

Note: The Web server must have write permission on WEB- INF/phpmvc-config.data file
Note: The WEB-INF/* directory tree should be accessable ONLY by localhost per .htaccess file
Note: If you have root access to the server, change the phpmvc-config.data file to be writable
by the Web server group for added security.
bash$ chmod g+w WEB-INF/phpmvc-config.data
root# chgrp apachegroup WEB-INF/phpmvc-config.data

4) Setup the OOHForms demo module

• Move into the OOHForms demo module directory
bash$ cd oohforms

• Set the main application root directory in Main.php
bash$ vi Main.php

• Set the OOHForms demo application root and module directory in Main.php

/* ———- Application Paths ———- */
// Set php.MVC library root directory
$appServerRootDir = ‘/home/myhome/www/phpmvc’; // no trailing slash

// Set the application path
$moduleRootDir = ‘/home/myhome/www/phpmvc/oohforms’; // no trailing slash
/* ———- Application Paths ———- */

• Enable write permission on the phpmvc-config.data file
bash$ chmod o+w WEB-INF/phpmvc-config.data (*** world writable ***)
Notes: As above

5) Test Web access to WEB-INF/*

• There should be NO access or directory listing to WEB-INF/* in the main or sub application.

6) Test the basic php.MVC framework demos

• The Simple Example:
Browse to your install directory, with the path "do=stdLogon".
Eg: http://myserver.com/phpmvc/Main.php?do=stdLogon

• The OOHForms demo:
Browse to the phpmvc/oohforms/index.php file and follow the links.

7) Troubleshooting

• If all you get is file path errors, please try setting the $osType variable in the Main.php files to the correct server OS.
Eg: $osType = ‘UNIX’;

User Guides can be found here:

http://www.phpmvc.net/docs/guides/guidesIdx.php

You Can download php.MVC from here

http://www.phpmvc.net/download/downloadIdx.php?doc=phpmvc-docs

Leave a comment... (0)

PHP date function – Uses and Examples

Posted on February 14th, 2008 in PHP by Ashish Tagged JavaScript, MySQL, PHP

PHP date function, References, Examples, Exceptions and uses

PHP date fuction is used to format local date/time. Core of the date function is timestamp which is "the number of seconds from January 1, 1970 at 00:00" Otherwise known as the Unix Timestamp, this measurement is a widely used standard that PHP has chosen to utilize.

php date function Syntax:

string date ( string $format[, int $timestamp ] )

The date function uses letters of the alphabet to represent various parts of a typical date and time format. e.g. :

d: The day of the month. The type of output you can expect is 01 through 31.
m: The current month, as a number. You can expect 01 through 12.
y: The current year in two digits ##. You can expect 00 through 99

We’ll tell you the rest of the options later, but for now let’s use those above letters to format a simple date! The letters that PHP uses to represent parts of date and time will automatically be converted by PHP.

However, other characters like a slash "/ – :" can be inserted between the letters to add additional formatting. e.g.

<?php
echo date("m/d/y");
echo date("m-d-y");
?>

Output will be
02/27/10
02-27-10
respectively.

Errors/Exceptions

Every call to a date/time function will generate a E_NOTICE if the time zone is not valid, and/or a E_STRICT message if using the system settings or the

Below is an example which shows, the first argument of the date function tells PHP how you would like your date and time displayed. The second argument allows for a timestamp and is optional.

This example uses the mktime function to create a timestamp for tomorrow. To go one day in the future we simply add one to the day argument of mktime. For your future reference, we have the arguments of mktime.

Note: These arguments are all optional. If you do not supply any arguments the current time will be used to create the timestamp.

mktime(hour, minute, second, month, day, year, daylight savings time)

<?php
$tomorrow = mktime(0, 0, 0, date("m"), date("d")+1, date("y"));
echo "Tomorrow is ".date("m/d/y", $tomorrow);
?>

Output will be
Tomorrow is 02/28/10

PHP Date – Reference

Important Full Date and Time:

r: Displays the full date, time and timezone offset. It is equivalent to manually entering date("D, d M Y H:i:s O")

Time:

a: am or pm depending on the time
A: AM or PM depending on the time
g: Hour without leading zeroes. Values are 1 through 12.
G: Hour in 24-hour format without leading zeroes. Values are 0 through 23.
h: Hour with leading zeroes. Values 01 through 12.
H: Hour in 24-hour format with leading zeroes. Values 00 through 23.
i: Minute with leading zeroes. Values 00 through 59.
s: Seconds with leading zeroes. Values 00 through 59.

Day:

d: Day of the month with leading zeroes. Values are 01 through 31.
j: Day of the month without leading zeroes. Values 1 through 31
D: Day of the week abbreviations. Sun through Sat
l: Day of the week. Values Sunday through Saturday
w: Day of the week without leading zeroes. Values 0 through 6.
z: Day of the year without leading zeroes. Values 0 through 365.

Month:

m: Month number with leading zeroes. Values 01 through 12
n: Month number without leading zeroes. Values 1 through 12
M: Abbreviation for the month. Values Jan through Dec
F: Normal month representation. Values January through December.
t: The number of days in the month. Values 28 through 31.

Year:

L: 1 if it’s a leap year and 0 if it isn’t.
Y: A four digit year format
y: A two digit year format. Values 00 through 99.

Other Formatting:

U: The number of seconds since the Unix Epoch (January 1, 1970)
O: This represents the Timezone offset, which is the difference from Greenwich Meridian Time (GMT). 100 = 1 hour, -600 = -6 hours

Examples

Calculate days between two given dates. For example, if $datum1 = 20071215 and $datum2 = 20081215, the output will be 366

<?php
function calculate_day_between($datum1,$datum2)
{
if( is_numeric($datum1) && is_numeric($datum2) && strlen($datum1) == 8 && strlen($datum2) == 8 )
{
$dat = ($datum1 < $datum2)? $datum1 : $datum2;
$datv = ($datum1 < $datum2)? $datum2 : $datum1;
$i = 0;
while( $dat < $datv)
{
$i++;
switch(substr($dat,6,2))
{
case ‘28′: $dat += (substr($dat,4,2) == 02 && substr($dat,0,4)%4 > 0 )? 73 : 1;
break;
case ‘29′: $dat += (substr($dat,4,2) == 02 && substr($dat,0,4)%4 == 0 )? 72 : 1;
break;
case ‘30′: $dat += (in_array( substr($dat,4,2), array(04,06,09,11)))? 71 : 1;
break;
case ‘31′: $dat += (substr($dat,4,2) == 12 )? 8870 : 70;
break;
default: $dat++;
break;
}
}
return $i-1;
}
else
{
return false;
}
}
?>

To get number of Weeks in a particular Year

<?php

$weeks_in_year = strftime("%W",strtotime("12/31/2007"));

To get the number of weeks in a particular Month

date("W") – date("W",strtotime(date("F") . " 1st " . date("Y"))) + 1;

To find the business days between two dates

<?php
//The function returns the no. of business days between two dates and it skeeps the holidays
function getWorkingDays($startDate,$endDate,$holidays){
//The total number of days between the two dates. We compute the no. of seconds and divide it to 60*60*24
//We add one to inlude both dates in the interval.
$days = (strtotime($endDate) – strtotime($startDate)) / 86400 + 1;

$no_full_weeks = floor($days / 7);
$no_remaining_days = fmod($days, 7);

//It will return 1 if it’s Monday,.. ,7 for Sunday
$the_first_day_of_week = date("N",strtotime($startDate));
$the_last_day_of_week = date("N",strtotime($endDate));

//The two can’t be equal because the $no_remaining_days (the interval between $the_first_day_of_week and $the_last_day_of_week) is at most 6
//In the first case the whole interval is within a week, in the second case the interval falls in two weeks.
if ($the_first_day_of_week < $the_last_day_of_week){
if ($the_first_day_of_week <= 6 && 6 <= $the_last_day_of_week) $no_remaining_days–;
if ($the_first_day_of_week <= 7 && 7 <= $the_last_day_of_week) $no_remaining_days–;
}
else{
if ($the_first_day_of_week <= 6) $no_remaining_days–;
//In the case when the interval falls in two weeks, there will be a Sunday for sure
$no_remaining_days–;
}

//The no. of business days is: (number of weeks between the two dates) * (5 working days) + the remainder
$workingDays = $no_full_weeks * 5 + $no_remaining_days;

//We subtract the holidays
foreach($holidays as $holiday){
$time_stamp=strtotime($holiday);
//If the holiday doesn’t fall in weekend
if (strtotime($startDate) <= $time_stamp && $time_stamp <= strtotime($endDate) && date("N",$time_stamp) != 6 && date("N",$time_stamp) != 7)
$workingDays–;
}

return $workingDays;
}

//Example:

$holidays=array("2006-12-25","2006-12-26","2007-01-01");

echo getWorkingDays("2006-12-22","2007-01-06",$holidays)
// => will return 8
?>

To count quarters between dates

function countQuarters($begindate, $enddate)
{
if (!isset($begindate) || empty($begindate) || !isset($enddate) || empty($enddate))
return -1;

$countyears = date("Y", strtotime($enddate)) – date("Y", strtotime($begindate));
$quarters = 0;

if (date("Y", strtotime($enddate)) == date("Y", strtotime($begindate)))
{
if (date("m", strtotime($enddate)) != date("m", strtotime($begindate)))
{
if (date("m", strtotime($enddate)) > date("m", strtotime($begindate)))
{
$difference = date("m", strtotime($enddate)) – date("m", strtotime($begindate));

$quarters += ceil((int) $difference / 4);
}
else
{
return -1;
}
}
}
else
{
$quarters = (int) $countyears * 4;
if (date("m", strtotime($enddate)) != date("m", strtotime($begindate)))
{
if (date("m", strtotime($enddate)) > date("m", strtotime($begindate)))
{
$difference = date("m", strtotime($enddate)) – date("m", strtotime($begindate));

$quarters += ceil((int) $difference / 4);
}
else
{
$afterbegin = 12 – (int) date("m", strtotime($begindate));
$untilend = date("m", strtotime($enddate));

$quarters = ($quarters – 4) + ceil(($afterbegin + $untilend) / 4);
}
}
}

return $quarters;
}

Country Zone : Time Zone Name
-12 : Dateline Standard
-11 : Samoa Standard Time
-10 : Hawaiian Standard Time
-8 : Pacific Standard Time
-7 : Mexican Standard Time, Mountain Standard Time
-6 : Central Standard Time, Mexico Standard Time
-5 : Eastern Standard Time Eastern Time, SA Pacific Standard Time
-4 : Atlantic Standard Time, SA Western Standard Time, Pacific SA Standard Time
-3.5 : Newfoundland Standard Time
-3 : SA Eastern Standard Time, E. South America Standard Time
-2 : Mid:Atlantic Standard Time
-1 : Azores Standard Time, Cape Verde Standard Time
0 : Universal Coordinated Time, Greenwich Mean Time
1 : Romance Standard Time, Central Africa Standard Time, Central European Standard Time
2 : Egypt Standard Time, South Africa Standard Time, E. Europe Standard Time, FLE Standard Time, GTB Standard Time
3 : Arab Standard Time, E. Africa Standard Time, Arabic Standard Time, Russian Standard Time
3.5 : Iran Standard Time
4 : Arabian Standard Time, Caucasus Standard Time, Afghanistan Standard Time
5 : West Asia Standard Time
5.5 : India Standard Time
5.75 : Nepal Standard Time
6 : Central Asia Standard Time
6.5 : Myanmar Standard Time
7 : SE Asia Standard Time, North Asia Standard Time
8 : China Standard Time, W. Australia Standard Time, Singapore Standard Time, Taipei Standard Time, North Asia East Standard Time
9 : Tokyo Standard Time, Korea Standard Time, Yakutsk Standard Time
9.5 : AUS Central Standard Time, Cen. Australia Standard Time
10 : AUS Eastern Standard Time, E. Australia Standard Time
West Pacific Standard Time, Tasmania Standard Time, Vladivostok Standard Time
11 : Central Pacific Standard Time
12 : Fiji Standard Time, New Zealand Standard Time
13 : Tonga Standard Time

To generate an array of dates that are mondays or any given dates best used for reporting purposes

Here’s a way to return the Internet Time with correct date:

<?php
$curtime = time();
$utcdiff = date(’Z', $curtime); // get difference to UTC in seconds
$bmttime = $curtime – $utcdiff + 3600; // BMT = UTC+0100
$ssm = date(’H', $bmttime)*3600 + date(’i', $bmttime)*60 + date(’s’, $bmttime); // seconds since midnight (BMT)
$ibeats = $ssm/86.4; // 86400 seconds = 1000 beats, so 1 beat = 86.4 seconds

echo ‘i.Beats : ‘ . date(’D, d M Y’, $bmttime) . ‘ @’ . $ibeats;
?>

Note: If you would try date(’D, d M Y @B’, $bmttime), the resulting beats would be wrong because the timezone used for calculation of the beats within the date() function is still your local one but the timestamp is UTC+0100. Another working way would be:

<?php
$curtime = time();
$utcdiff = date(’Z', $curtime); // get difference to UTC in seconds
$bmttime = $curtime – $utcdiff + 3600; // BMT = UTC+0100

echo ‘i.Beats : ‘ . date(’D, d M Y’, $bmttime) . ‘ @’ . date(’B', $curtime);
?>

Other Handy Functions for dates in php

To check for any particular date use checkdate function

Syntax: bool checkdate ( int $month , int $day , int $year )

Month: The month is between 1 and 12 inclusive.
Day : The day is within the allowed number of days for the given month . Leap year s are taken into consideration.
Year : The year is between 1 and 32767 inclusive.

Example:

<?php
var_dump(checkdate(12, 31, 2000));
var_dump(checkdate(2, 29, 2001));
?>

The above example will output:

bool(true)
bool(false)

date_default_timezone_set — Sets the default timezone used by all date/time functions in a script

date_default_timezone_get — Gets the default timezone used by all date/time functions in a script

date_sun_info — Returns an array with information about sunset/sunrise and twilight begin/end
Syntax: array date_sun_info ( int $time , float $latitude , float $longitude )

date_sunrise — Returns time of sunrise for a given day and location
Syntax: mixed date_sunrise ( int $timestamp [, int $format [, float $latitude [, float $longitude [, float $zenith [, float $gmt_offset ]]]]] )
date_sunrise() returns the sunrise time for a given day (specified as a timestamp ) and location.

date_sunset — Returns time of sunset for a given day and location
Syntax: mixed date_sunset ( int $timestamp [, int $format [, float $latitude [, float $longitude [, float $zenith [, float $gmt_offset ]]]]] )
date_sunset() returns the sunset time for a given day (specified as a timestamp ) and location.

gettimeofday — Get current time
Syntax: mixed gettimeofday ([ bool $return_float ] )
This is an interface to gettimeofday(2). It returns an associative array containing the data returned from the system call.

microtime — Return current Unix timestamp with microseconds
Syntax: mixed microtime ([ bool $get_as_float ] )
microtime() returns the current Unix timestamp with microseconds. This function is only available on operating systems that support the gettimeofday() system call.

mktime — Get Unix timestamp for a date
Syntax: int mktime ([ int $hour [, int $minute [, int $second [, int $month [, int $day [, int $year [, int $is_dst ]]]]]]] )
Returns the Unix timestamp corresponding to the arguments given. This timestamp is a long integer containing the number of seconds between the Unix Epoch (January 1 1970 00:00:00 GMT) and the time specified.

Leave a comment... (0)

Opening Windows using JavaScript

Posted on February 13th, 2008 in JavaScript by Ashish

Generally, we are familiar with setting the target of a link to "_new" to spawn a secondary browser; there are other interesting ways of opening/launching of windows too using JavaScript.

JavaScript can help load 3 kinds of windows:

-Regular secondary window
-Modal window
-DHTML window

"status=1" tells the method to display the status bar; "1" is the computer equivalent of "yes"

Manipulating the window

There are various methods available to move, close, resize or reload the window.

-window.location.reload() //reloads window
-window.close() //closes window
-window.moveTo(x,y) //moves window to specified location
-window.moveBy(x,y) //moves window by specified offset
-window.resizeTo(x,y) //resizes window to specified dimensions
-window.resizeBy(x,y) //resizes window by specified amount

To use these methods on the current window, simply call them as is on the page. You can also use them on the opened window, by following these two steps:

Step 1: When opening a window, assign a variable to it:

mywin=window.open("http://www.hurricanesoftwares.com")

Step 1: Use this variable to reference the opened window, then apply the desired method on it:

mywin.location.reload //reload mywin
mywin.moveTo(0,0) //positions window at upper left corner of monitor

Ok, getting back on track…

Modal Window

Modal windows are a fun Internet Explorer specific feature. The window sits "focused" on the page until the user clicks on the close button. The window does not go into the background no matter what (for example, clicking on the main window).

window.showModalDialog("http://www.hurricanesoftwares.com","","dialogWidth:500px;dialogHeight:500px")

Notice how I use dialogWidth and dialogHeight to specify the window’s dimension. You also need to specify the unit, which in this case I use px.

DHTML Window

A new type of window is emerging, one I think is worth mentioning. It is now possible to recreate the entire window interface through JavaScript and DHTML. The result is a less intrusive, inline popup window.

Leave a comment... (0)

The World’s Most Misunderstood Programming Language

Posted on February 12th, 2008 in JavaScript by Ashish Tagged Frameworks, JavaScript, MySQL, PHP

JavaScript, aka Mocha, aka LiveScript, aka JScript, aka ECMAScript, is one of the world’s most popular programming languages. Virtually every personal computer in the world has at least one JavaScript interpreter installed on it and in active use. JavaScript’s popularity is due entirely to its role as the scripting language of the WWW.

Despite its popularity, few know that JavaScript is a very nice dynamic object-oriented general-purpose programming language. How can this be a secret? Why is this language so misunderstood?

The article by Douglas in Crockford.com clearly shows the lack of knowledge or misunderstanding people have about JavaScript.

I do believe that there can be several reasons why people haven’t taken the JavaScript as strongly as they took other server side languages like PHP, Ruby etc though JS is used in almost all the websites.

The problem of JavaScript is that for years there have been no decent debugging tools. Because of that it takes a huge amount of effort just to write stable code. At the end the day a programmer is so frustrated with JavaScript that at the point he’s not interested in looking into ‘cool’ features.

I think it’s libraries like Prototype, script.aculo.us, etc. that have breathed new life in to JavaScript. At any rate, they caused me to take a second look at the language and realize its power and usefulness.

I would highly recommend Dojo, http://dojotoolkit.org/, to anyone thinking of doing any type of semi-complex javascript or AJAX. It also has scads of utility scripts that, in the past, I have found myself writing over and over again.

Though the docs are currently sparse, there a large number of test cases that give great examples and the mailing list is incredibly helpful. Dojo is also great example of how to properly write OO javascript. They even use a package naming structure similar to Java to help organize code.

I have also found few people in my vicinity who thinks that COBOL is most misunderstood programming language.

Leave a comment... (0)

How much you know about JavaScript

Posted on February 12th, 2008 in JavaScript by Ashish Tagged Frameworks, JavaScript, MySQL, PHP

Think you know all about JavaScript? Well Read On..

JavaScript is a scripting language most often used for client-side web development. It was the originating dialect of the ECMAScript standard. As such, it is a dynamic, weakly typed, prototype-based language with first-class functions.

JavaScript was influenced by many languages and was designed to have a similar look to Java, but be easier for non-programmers to work with. The language is best known for its use in websites (as client-side JavaScript), but is also used to enable scripting access to objects embedded in other applications.

Despite the name, JavaScript is essentially unrelated to the Java programming language, though both have a common debt to C syntax, and JavaScript copies many Java names and naming conventions. The language was renamed from LiveScript in a co-marketing deal between Netscape and Sun in exchange for Netscape bundling Sun’s Java runtime with their browser, which was dominant at the time. The key design principles within JavaScript are inherited from the Self programming language.

"JavaScript" is a trademark of Sun Microsystems. It was used under license for technology invented and implemented by Netscape Communications and current entities such as the Mozilla Foundation.

avaScript was originally developed by Brendan Eich of Netscape under the name Mocha, later LiveScript, and finally renamed to JavaScript. The change of name from LiveScript to JavaScript roughly coincided with Netscape adding support for Java technology in its Netscape Navigator web browser. JavaScript was first introduced and deployed in the Netscape browser version 2.0B3 in December of 1995. The naming has caused confusion, giving the impression that the language is a spinoff of Java and has been characterized by many as a marketing ploy by Netscape to give JavaScript the cachet of what was then the hot new web-programming language.

To avoid trademark issues, Microsoft named its dialect of the language JScript. JScript was first supported in Internet Explorer version 3.0, released in August 1996 and included Y2K compliant date functions, unlike those based on java.util.Date in JavaScript at the time.

Netscape submitted JavaScript to Ecma International for standardization resulting in the standardized version named ECMAScript.

JavaScript Features

Structured programming

JavaScript supports all the structured programming syntax in C, e.g. if statement, while loops, switch statement, etc. One exception is scoping: JavaScript supports function-level scoping, but not block-level scoping.

Dynamic programming

dynamic typing
As in most scripting languages, types are associated with values, not variables. For example, a variable x could be bound to a number, then later rebound to a string. JavaScript supports various ways to test the type of an object, including duck typing.
objects as associative arrays
JavaScript is heavily object-based. Objects are associative arrays, such that object property names are associative array keys. obj.x = 10 and obj["x"] = 10 are equivalent, the dot notation being merely syntactic sugar. Properties and their values can be added, changed, or deleted at run-time.
interpreted
Conforming JavaScript engines must be able to interpret (as opposed to compile) source code. This allows JavaScript to include an eval function.

Function-level programming

first-class functions
Functions are first-class; they are objects themselves. As such, they have properties and can be passed around and interacted with like any other object.
inner functions and closures
Inner functions (functions defined within other functions) are created each time the outer function is invoked, and variables of the outer functions for that invocation continue to exist as long as the inner functions still exist, even if that invocation is finished (e.g. if the inner function was returned) — this is the mechanism behind closures within JavaScript.

Prototype-based

prototypes
JavaScript uses prototypes instead of classes for defining object properties, including methods, and inheritance. It is possible to simulate many class-based features with prototypes in JavaScript.
functions as object constructors
Functions double as object constructors along with their typical role. Prefixing a function call with new creates a new object and calls that function with its local this keyword bound to that object. The function’s prototype property determines the new object’s prototype.
functions as methods
Unlike many object-oriented languages, there is no distinction between a function definition and a method definition. Rather, the distinction occurs during function calling; a function can be called as a method. When a function is invoked as a method of an object, the function’s local this keyword is bound to that object.

Others

run-time environment
JavaScript typically relies on a run-time environment (e.g. in a web browser) to provide objects and methods by which scripts can interact with "the outside world". (This is not a language feature per se, but it is common in most JavaScript implementations.)
variadic functions
An indefinite number of parameters can be passed to a function. The function can both access them through formal parameters and the local arguments object.
regular expressions
JavaScript also supports regular expressions in a manner similar to Perl, which provide a concise and powerful syntax for text manipulation that is more sophisticated than the built-in string functions.

Use in Web pages

The primary use of JavaScript is to write functions that are embedded in or included from HTML pages and interact with the Document Object Model (DOM) of the page. Some simple examples of this usage are:

* Opening or popping up a new window with programmatic control over the size, position and ‘look’ of the new window (i.e. whether the menus, toolbars, etc. are visible).
* Validation of web form input values to make sure that they will be accepted before they are submitted to the server.
* Changing images as the mouse cursor moves over them: This effect is often used to draw the user’s attention to important links displayed as graphical elements.

Because JavaScript code can run locally in a user’s browser (rather than on a remote server), it can respond to user actions quickly, making an application feel more responsive. Furthermore, JavaScript code can detect user actions which HTML alone cannot, such as individual keystrokes. Applications such as Gmail take advantage of this: much of the user-interface logic is written in JavaScript, and JavaScript dispatches requests for information (such as the content of an e-mail message) to the server. The wider trend of Ajax programming similarly exploits this strength.

A JavaScript engine (also known as JavaScript interpreter or JavaScript implementation) is an interpreter that interprets JavaScript source code and executes the script accordingly. The first ever JavaScript engine was created by Brendan Eich at Netscape Communications Corporation, for the Netscape Navigator web browser. The engine, code named SpiderMonkey, is implemented in C. It has since been updated (in JavaScript 1.5) to conform to ECMA-262 Edition 3. The Rhino engine, created primarily by Norris Boyd (also at Netscape) is a JavaScript implementation in Java. Like SpiderMonkey, Rhino is ECMA-262 Edition 3 compliant.

By far, the most common host environment for JavaScript is a web browser. Web browsers typically use the public API to create "host objects" responsible for reflecting the DOM into JavaScript. The web server is another common application of the engine. A JavaScript webserver would expose host objects representing a HTTP request and response objects, which a JavaScript program could then manipulate to dynamically generate web pages.

JavaScript Compatibility considerations

The DOM interfaces for manipulating Web pages are not part of the ECMAScript standard, or of JavaScript itself. Officially, they are defined by a separate standardization effort by the W3C; in practice, browser implementations differ from the standards and from each other, and not all browsers execute JavaScript.

To deal with these differences, JavaScript authors can attempt to write standards-compliant code which will also be executed correctly by most browsers; failing that, they can write code that checks for the presence of certain browser features and behaves differently if they are not available. In some cases, two browsers may both implement a feature but with different behavior, and authors may find it practical to detect what browser is running and change their script’s behavior to match. Programmers may also use libraries or toolkits which take browser differences into account.

Furthermore, scripts will not work for all users. For example, a user may:

* use an old or rare browser with incomplete or unusual DOM support,
* use a PDA or mobile phone browser which cannot execute JavaScript,
* have JavaScript execution disabled as a security precaution,
* or be visually or otherwise disabled and use a speech browser

To support these users, Web authors can try to create pages which degrade gracefully on user agents (browsers) which do not support the page’s JavaScript.

Security

JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the Web. Browser authors contain this risk using two restrictions. First, scripts run in a sandbox in which they can only perform Web-related actions, not general-purpose programming tasks like creating files. Second, scripts are constrained by the same origin policy: scripts from one Web site do not have access to information such as usernames, passwords, or cookies sent to another site. Most JavaScript-related security bugs are breaches of either the same origin policy or the sandbox.

Cross-site vulnerabilities

A common JavaScript-related security problem is cross-site scripting, or XSS, a violation of the same origin policy. XSS vulnerabilities occur when an attacker is able to cause a trusted Web site, such as an online banking website, to include a malicious script in the webpage presented to a victim. In that example, the script can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim’s authorization.

XSS vulnerabilities can also occur because of implementation mistakes by browser authors.

XSS is related to, but not the same as, cross-site request forgery or XSRF. In XSRF, one website causes a victim’s browser to generate fraudulent requests to another site, with the victim’s legitimate HTTP cookies attached to the request.

Misunderstanding the client-server boundary

Client-server applications, whether they involve JavaScript or not, must assume that untrusted clients may be under the control of attackers. Thus any secret embedded in JavaScript could be extracted by a determined adversary, and the output of JavaScript operations should not be trusted by the server. Some implications:

* Web site authors cannot perfectly conceal how their JavaScript operates because the code is sent to the client and obfuscated code can be reverse engineered.
* JavaScript form validation only provides convenience for users, not security. If a site verifies that the user agreed to its terms of service, or filters invalid characters out of fields that should only contain numbers, it must do so on the server, not only the client.
* It would be extremely bad practice to embed a password in JavaScript (where it can be extracted by an attacker), then have JavaScript verify a user’s password and pass "password_ok=1" back to the server (since the "password_ok=1" response is easy to forge).

Browser and plugin coding errors

JavaScript provides an interface to a wide range of browser capabilities, some of which may have flaws such as buffer overflows. These flaws can allow attackers to write scripts which would run any code they wish on the user’s system.

These flaws have affected major browsers including Firefox, Internet Explorer, and Safari.

Plugins, such as video players, Macromedia Flash, and the wide range of ActiveX controls enabled by default in Microsoft Internet Explorer, may also have flaws exploitable via JavaScript, and such flaws have been exploited in the past. In Windows Vista, Microsoft has attempted to contain the risks of bugs such as buffer overflows by running the Internet Explorer process with limited privileges.

Sandbox implementation errors

Web browsers are capable of running JavaScript outside of the sandbox, with the privileges necessary to, for example, create or delete files. Of course, such privileges aren’t meant to be granted to code from the Web.

Incorrectly granting privileges to JavaScript from the Web has played a role in vulnerabilities in both Internet Explorer and Firefox. In Windows XP Service Pack 2, Microsoft tightened the rules on what JavaScript would be run with high privileges by Internet Explorer.

Some versions of Microsoft Windows allow JavaScript stored on a computer’s hard drive to run as a general-purpose, non-sandboxed program. This makes JavaScript (like VBScript) a theoretically viable vector for a Trojan horse, although JavaScript Trojan horses are uncommon in practice.

Leave a comment... (0)

Sprint Soft Lunches WiMAX Service, in Chicago, Baltimore and Washington, D.C.

Posted on February 11th, 2008 in Industry News by Ashish Tagged Industry News

Demonstrating continuing progress with its next-generation wireless network initiative, Sprint (NYSE: S) today announced new Xohm(TM) mobile Internet business agreements involving web portal services and WiMAX network access devices. The company also named an advertising agency of record to help launch the Xohm brand in the United States.

A soft launch of Xohm mobile Internet service is underway with employees in Chicago, Baltimore and Washington, D.C., in preparation for commercial WiMAX service launch beginning later this year in select U.S. cities.

"Sprint is delivering on its Open Internet vision with exciting and differentiated WiMAX services," explained Barry West, president of Sprint’s Xohm business unit. "The new service agreements and device commitments will help Xohm subscribers access, enjoy, store and secure personal digital and user-generated content while experiencing new device innovation."

Sprint is exhibiting Xohm WiMAX applications, access devices and showing WiMAX broadband technical demonstrations during the 2008 International CES show in Las Vegas at booth # 31561, South Hall, in the Las Vegas Convention Center. The company plans to enhance and safeguard the Xohm personal broadband experience as it expands its WiMAX services ecosystem.

Leave a comment... (0)

Mind Tree

Categories

Archives

Recent Posts

Meta

Search

Tags

Partners

Useful Links