People often think that when you are coding PHP you have to do things “the PHP way”. Well, let me clear it up for you: there’s no such thing as “the PHP way”. If there’s something that defines PHP is its flexibility to be as ugly or as beautiful as you want it to be. With that in mind, what prevents you from taking the lessons learned in one language to another?

That’s the premise I always have when I’m coding. Let me give you a for instance. On Node.js, I normally use express.js as a framework. Check it out, it’s pretty awesome. One of the things I love in express.js, is its route middleware capabilities. When I code in any PHP framework, that’s one of the things I miss the most.

Not many PHP frameworks are flexible enough to support such concepts. One of them is, though. Lithium has many of the things I love about PHP (5.3+ obviously, as I consider anything < 5.3 a waste of my time lately), and some of the things I love about other languages. One of them is Lithium’s addiction to closures. I love it. They allowed me to take the concept of express.js’ route middleware and apply it to my PHP code.

Let’s start with a dummy application skeleton. A users table:

CREATE TABLE `users`(
    `id` INT NOT NULL AUTO_INCREMENT,
    `email` VARCHAR(255) NOT NULL,
    `password` VARCHAR(255) NOT NULL,
    PRIMARY KEY(`id`)
);

INSERT INTO `users`(`email`, `password`) VALUES(
    'test@email.com', '$2a$04$U7qYPVYq2YBxqfHL8F2pteERxQYwLTVtAjMIh48Lef9sLSiMVtGHy',
    'john@email.com', '$2a$04$U7qYPVYq2YBxqfHL8F2pteERxQYwLTVtAjMIh48Lef9sLSiMVtGHy'
);

In your app/config/bootstrap/connections.php, make sure you uncomment the default database and hook it up to the database owning the table we just created. We’ll also be using sessions, so uncomment the session.php reference in app/config/bootstrap.php. You may have noticed that our initial users have a password set to a specific value, which means a specific salt was used (the password hashed there in plain text is ‘password’, minus the quotes.). So go ahead and add the following to your app/config/bootstrap/session.php file:

use lithium\security\Auth;
use lithium\security\Password;

$salt = '$2a$04$U7qYPVYq2YBxqfHL8F2pte';
Auth::config(array(¬
    'adapter' => 'Form',
    'model' => 'Users',
    'filters' => array('password' => function($text) use($salt){
        return Password::hash($text, $salt);
    }),
    'validators' => array(
        'password' => function($form, $data) {
            return (strcmp($form, $data) === 0);
        }
    ),
    'fields' => array('email', 'password')
));

The salt was generated with a call to \lithium\security\Password::salt('bf', 4). I always use blowfish for password hashing (and 2^16 iterations in production). If you don’t use blowfish, here’s why you should. Anyway so you may want to store the hash on a better, configurable approach. I opted for a simple variable for this example. Once the salt is defined, I went ahead and configured Auth to use lithium’s Password::hash() method for hashing using the generated salt, and telling it how to compare hashed passwords against the database value. Pretty simple.

Let’s now build the Users model. It won’t have anything in there, really. So just create your app/models/User.php file with the following contents:

<?php
namespace app\models;

class Users extends \lithium\data\Model {
}
?>

Now the controller. Create a file named app/controllers/UsersController.php with the following contents:

<?php
namespace app\controllers;

use lithium\security\Auth;

class UsersController extends \lithium\action\Controller {
    public function login() {
        if (!empty($this->request->data)) {
            $user = Auth::check('default', $this->request);
            if ($user) {
                $this->redirect(array('action' => 'view', 'id' => $user['id']), array('exit' => true));
            }
        }
    }

    public function logout() {
        Auth::clear('default');
    }
}
?>

Nothing really complicated there. Don’t forget the view in app/views/users/login.html.php:

<?php
echo $this->form->create();
echo $this->form->field('email');
echo $this->form->field('password', array('type' => 'password'));
echo $this->form->submit('Login');
echo $this->form->end();
?>

That should give you a working login / logout. Add some dummy actions to the UsersController.php file:

public function view() {
    echo 'view';
    $this->_stop();
}

public function edit() {
    echo 'edit';
    $this->_stop();
}

Ok now we are ready to play with some route middleware. What we want to achieve is the following:

• No action named edit, on any controller, should be accessible without a logged in user.
• When accessing either the Users::edit or Users::view action, there should be an ID specified as a route parameter, and it should match an existing User record.
• When accessing the Users::edit action, the given user should match the currently logged in user.

These are pretty basic security checks that you would normally put on the controller. Not this time. Edit your app/config/routes.php file and add the following right below the use statements found at the beginning of the file:

use lithium\net\http\RoutingException;
use lithium\action\Response;
use lithium\security\Auth;
use app\models\Users;

These are all classes that we will use in our route middleware. Let’s start with the first checkpoint we want to achieve: “No action named edit, on any controller, should be accessible without a logged in user“. Add the following to the routes.php file, below the content we just added:

Router::connect('/{:controller}/{:action:edit}/?.*', array(), array(
    'continue' => true,
    'handler' => function($request) {
        if (!Auth::check('default')) {
            return new Response(array('location' => 'Users::login'));
        }
    }
));

The first parameter (continue) ensures that this route definition is treated as a continuation route. This is because we don’t want to interrupt any normal route / parameter processing in this definition. We just wanna “grab” all calls to any edit action, and check (using Auth) for a valid user. If none is found, we process the request by returning a Response, which in the end redirects the user to the login page. If there is indeed a logged in user, the router will continue looking for other route definitions to match the request. So now all edit actions require a logged in user. Cool.

Next in our list: “When accessing either the Users::edit or Users::view action, there should be an ID specified as a route parameter, and it should match an existing User record.” Add the following to the routes.php file, below the content we just added:

Router::connect('/{:controller:users}/{:action:edit|view}/{:id:\d*}', array('id' => null), function($request) {
    if (empty($request->params['id'])) {
        throw new RoutingException('Missing ID');
    } elseif (!Users::first(array('conditions' => array('id' => $request->params['id'])))) {
        throw new RoutingException('Invalid ID');
    }
});

We are now getting more serious. In this definition, we are only matching the Users controller, and actions named either edit or view, which may or may not contain an id parameter. The route handler first checks to make sure the id parameter is given (if not, a RoutingException is thrown.) If the parameter is specified, it is used to find a matching User record with the given ID. If none is found, yet another RoutingException is thrown (you may wish to do something different here, like ensuring a 404 status). If the user is found, the route is not handled, which means some other route definition will handle it (the default route, in this case.)

The final checkpoint we have is: “When accessing the Users::edit action, the given user should match the currently logged in user.” So add the following to the routes.php file, below the content we just added:

Router::connect('/{:controller:users}/{:action:edit}/{:id:\d+}', array('id' => null), function($request) {
    $user = Auth::check('default');
    if ($user['id'] != $request->params['id']) {
        throw new RoutingException('You can only edit your own account');
    }
    return $request;
});

This defines a specific match to the Users::edit action with a set id parameter. We use that parameter to make sure it matches the ID of the logged in user. If it doesn’t match, we throw a RoutingException. If it does match, we return the request as we have successfully processed it.

You can now try accessing the edit and view actions using different scenarios: with a logged in user, while being logged out, editing a user which is not the current logged in user, etc. Everything should be nicely protected. And yet our controller code remained untouched. Nice, huh? That’s routing middleware for you.

No related posts.

While working on it, I tried to aim for developers at different levels of knowledge, yet a disclaimer has to be made: this is not a beginners book. It will not teach you how to install CakePHP, or how to get its friendly URLs working on Microsoft platforms (dodged that bullet.) It is written for CakePHP developers that are looking to solve different problems, and leverage their own applications. So no “building a blog” chapter in this book.

There are some recipes that deal with more complex topics, while others deal with what I consider interesting solutions to simple problems. Each recipe starts by proposing a problem, showing the solution, and giving an explanation of how the solution works. Most of the recipes include alternatives and extend the topic at hand beyond the scope of the problem they are solving, and some of them are based on open source packages that CakePHP community members (myself included) released.

This book also benefited from an unbelievably, super-cool, top of the world team of technical reviewers (the CakePHP 1.3 lead developer happens to be amongst them) that made its code shine (I am known for being humble.) They improved each recipe and proposed awesome alternatives to my original ideas. Because of that, this blog post is being written. I’m not sure sure I would’ve been as proud of the original version of the book

You should also know that the publishing company behind the publication of this book, Packt Publishing, is donating an important portion of the book earnings to the Cake Software Foundation, which is like The Force behind CakePHP. So I might not get rich, but at least the foundation will get some beers out of each sale. And trust me, nothing says thank you like a beer.

If you bought the book, I welcome any feedback you may have (you could also leave a review and tell others how super cool the book is.) If you are more of a bytes person and less of a paper person, and look forward to reading the digital version, you can also get the ebook.

No related posts.

<?php
function format($size) {
	$unit = 'B';
	$units = array(
		'GB' => 1024 * 1024 * 1024
		, 'MB' => 1024 * 1024
		, 'KB' => 1024
	);

	foreach($units as $currentUnit => $value) {
		if ($size > 2 * $value) {
			$size /= $value;
			$unit = $currentUnit;
			break;
		}
	}

	return number_format($size, 1) . ' ' . $unit;
}

$settings = array(
	'host' => 'localhost'
	, 'user' => 'root'
	, 'password' => 'password'
);

$databases = array();

mysql_connect($settings['host'], $settings['user'], $settings['password']);

$result = mysql_query('show databases');
while($row = mysql_fetch_array($result)) {
	$databases[] = $row['Database'];
}

foreach($databases as $database) {
	$sizes[$database] = 0;

	mysql_select_db($database);
	$result = mysql_query('show table status');
	while($row = mysql_fetch_array($result)) {
		$sizes[$database] += $row['Data_length'] + $row['Index_length'];
	}
}

mysql_close();

foreach($sizes as $database => $size) {
	echo $database . ' = ' . format($size) . '<br />';
}

echo '<br />TOTAL: ' . format(array_sum($sizes));

?>

When I ran it, I saw all my DBs where taking a total of 10.8 GB, much less than the 86 GB occupied in the partition. So it hit me, it has to be the binary logs, a set of files that store log events (more about them here). Indeed, if you would list the contents of /var/lib/mysql I would find a ton of .bin files, a lot of them as old as from 2007. Therefore, I realized I had to flush the logs.

In order to flush the binary logs, I logged in to the MySQL console as an administrator, and issued (if you are on a server with replication, you want to purge the binary logs instead):

FLUSH LOGS;
RESET MASTER;

After doing so, the MySQL partition is now taking a total of 12 GB. Much better!

No related posts.

The class uses nuSOAP for interacting with the SOAP server. You will need to download nuSOAP and copy it inside a folter named nusoap, located in the same location as this class’ file.

The source code for the class is the following (save it as MSNWebSearch.class.php):

<?php

define ('NUSOAP_PATH', dirname(__FILE__) . '/nusoap');
define ('MSN_API_KEY', 'Insert here your default MSN API key');
define ('MSN_API_ENDPOINT', 'http://soap.search.msn.com/webservices.asmx');
define ('MSN_API_NAMESPACE', 'http://schemas.microsoft.com/MSNSearch/2005/09/fex');

require_once(NUSOAP_PATH . '/nusoap.php');

class MSNWebSearch
{
	var $apiKey;
	var $filterAdult;
	var $languages;
	var $page;
	var $pages;
	var $query;
	var $records;
	var $recordsPerPage;

	function &MSNWebSearch($apiKey = null)
	{
		$this->apiKey = isset($apiKey) ? $apiKey : MSN_API_KEY;
		$this->filterAdult = false;
		$this->languages = 'en-US';
		$this->recordsPerPage = 10;
		$this->page = 1;
	}

	function getApiKey()
	{
		return $this->apiKey;
	}

	function setApiKey($apiKey)
	{
		$this->apiKey = $apiKey;
	}

	function getErrorMessage()
	{
		return $this->errorMessage;
	}

	function getFilterAdult()
	{
		return $this->filterAdult;
	}

	function setFilterAdult($filterAdult)
	{
		$this->filterAdult = $filterAdult;
	}

	function getLanguages()
	{
		return $this->languages;
	}

	function setLanguages($languages)
	{
		$this->languages = $languages;
	}

	function getPage()
	{
		return $this->page;
	}

	function setPage($page)
	{
		if ($page < 1)
		{
			$page = 1;
		}

		$this->page = $page;
	}

	function getPages()
	{
		return $this->pages;
	}

	function getQuery()
	{
		return $this->query;
	}

	function setQuery($query)
	{
		$this->query = $query;
	}

	function getRecords()
	{
		return $this->records;
	}

	function getRecordsPerPage()
	{
		return $this->recordsPerPage;
	}

	function setRecordsPerPage($recordsPerPage)
	{
		$this->recordsPerPage = is_int($recordsPerPage) && $recordsPerPage > 0 ? $recordsPerPage : 10;
	}

	function get()
	{
		$startIndex = ($this->page - 1) * $this->recordsPerPage;
		$elementsCount = $this->recordsPerPage;

		$parameters = array(
			'AppID' => $this->apiKey,
			'Query' => $this->query,
			'CultureInfo' => $this->languages,
			'SafeSearch' => ($this->filterAdult ? 'Strict' : 'Off'),
			'Requests' => array (
				'SourceRequest' => array (
					'Source' => 'Web',
					'Offset' => $startIndex,
					'Count' => $elementsCount,
					'ResultFields' => 'All'
				)
			)
		);

		if (isset($this->country))
		{
			$parameters['Location'] = $this->country;
		}

		$soapClient =& new soapclient(MSN_API_ENDPOINT);

		$soapResult = $soapClient->call('Search', array ('Request' => $parameters), MSN_API_NAMESPACE );

		if ($soapClient->getError())
		{
			$this->errorMessage = $soapClient->getError();

			return false;
		}

		$this->records = $soapResult['Responses']['SourceResponse']['Total'];
		$this->pages = ceil($this->records / $this->recordsPerPage);

		if (is_array($soapResult['Responses']['SourceResponse']['Results']))
		{
			$result = array();

			foreach ($soapResult['Responses']['SourceResponse']['Results'] as $item)
			{
				$result[] = array (
					'url' => $item['Url'],
					'urlDisplay' => $item['DisplayUrl'],
					'urlCache' => $item['CacheUrl'],
					'title' => isset($item['Title']) && trim($item['Title']) != '' ? $item['Title'] : $item['DisplayUrl'],
					'snippet' => $item['Description']
				);
			}
		}
		else
		{
			$result = array();
		}

		return $result;
	}
}
?>

The usage of this class is quite simple. Take a look at the following index.php file to see an example. You can see it working here. Please note that where it says 'My MSN API Key', you need to insert your own MSN API Key. If you don’t have one, get one now.

<?php
require_once(dirname(__FILE__) . '/MSNWebSearch.class.php');

if (isset($_GET) && isset($_GET['query']) && trim($_GET['query']) != '')
{
	$currentPage = 1;

	if (isset($_GET['page']))
	{
		$currentPage = $_GET['page'];
	}

	$msnSearch =& new MSNWebSearch();

	$msnSearch->setApiKey('My MSN API Key');
	$msnSearch->setQuery($_GET['query']);
	$msnSearch->setPage($currentPage);

	$result =& $msnSearch->get();

	if ($result !== false)
	{
		if ($msnSearch->getPages() > 1)
		{
			$navigation = array();

			$navigation['pages'] = $msnSearch->getPages();

			if ($msnSearch->getPage() > 1)
			{
				$navigation['back'] = $PHP_SELF . '?page=' . ($msnSearch->getPage() - 1) . '&query=' . urlencode($msnSearch->getQuery());
			}

			if ($msnSearch->getPage() < $msnSearch->getPages())
			{
				$navigation['next'] = $PHP_SELF . '?page=' . ($msnSearch->getPage() + 1) . '&query=' . urlencode($msnSearch->getQuery());
			}
		}
	}
}
?>
<html>
	<head>
		<titlevMSN Web Search</title>
	</head>
	<body>
		<center><p>
			<form action="<?php echo $PHP_SELF; ?>" method="GET">
				Search:
				<input type="text" name="query" size="70" value="<?php echo isset($_GET['query']) ? $_GET['query'] : ''; ?>" />
				<input type="submit" value="Search" />
				<?php
				if (isset($msnSearch) && $result !== false)
				{
				?>
				<br />
				<b><?php echo $msnSearch->getRecords(); ?></b> records matched your query.
				<?php
				}
				?>
			</form>
		</p></center>
		<?php
		if (isset($msnSearch) && $result === false)
		{
			?>
			There was an error with your search. Error message: <b><?php echo $msnSearch->getErrorMessage(); ?></b>.
			<?php
		}
		else if (isset($msnSearch))
		{
			if (isset($navigation))
			{
			?>
			<center><p>
				Pages: <b><?php echo $msnSearch->getPages(); ?></b>
				<?php
				if (isset($navigation['back']))
				{
				?>
				<a href="<?php echo $navigation['back']; ?>">Previous</a>
				<?php
				}

				if (isset($navigation['back']) && isset($navigation['next']))
				{
				?>
				|
				<?php
				}

				if (isset($navigation['next']))
				{
				?>
				<a href="<?php echo $navigation['next']; ?>">Next</a>
				<?php
				}
				?>
			</p></center>
			<?php
			}
			?>
			<ul>
			<?php
			foreach ($result as $item)
			{
			?>
			<li>
				<a href="<?php echo $item['url']; ?>"><?php echo $item['title']; ?></a>: <?php echo $item['snippet']; ?>
				<br />
				<font color="#008000"><?php echo $item['urlDisplay']; ?></font> - <a href="<?php echo $item['urlCache']; ?>">Cache</a>
			</li>
			<?php
			}
			?>
			</ul>
			<?php
		}
		?>
	</body>
</html>

Hope this helps anyone.

UPDATE [Aug 20, 2006]: After receiving some emails saying that the class didn’t work (which in fact does), I decided to publish a ZIP file that contains a working MSN Search Based Page. It includes nuSOAP as of July 19, 2006. First, download the ZIP file. Then, uncompress to a new directory on your webserver and EDIT the file index.php, looking for line 3. Insert your MSN API KEY there. After specifying your API key, you should be good to go for testing.

No related posts.

For Gmail (Google Mail) or GMaps (Google Maps) users, you have already experienced the power of Ajax. Notice how when you switch from page to page in GMail the browser page does not reload? That’s the power of Ajax.

In this post, I’ll give you an introduction to Ajax using a yet in beta stage, but very powerful open source PHP library called XAJAX. I’ll get right down to the coding (more information about this library can be obtained from its sourceforge site.)

As an example, I’ll develop the classic Country / State combo box combination. Normally, if we wanted the State combo to be updated by the current selected country, we would make one of two choices:

• Use Javascript by sending all countries and their respective provinces to the client browser, and update State combobox choosing those states that belong to the selected country.
• Reload the page when a different country has been selected, including only that country’s states in the State combo box.

With Ajax, we’ll do none of those. We’ll have the list of states per country on a server-side PHP script. When the country selection changes, we’ll use Xajax to update the list of available states based on the country selection. To simplify, I’ll do all this on the same PHP file.

We start by including the xanax library, and declaring a PHP function that will be called via Ajax when the country selection changes.

require_once(dirname(__FILE__) . '/xajax.inc.php');

function setCountry($countryCode)
{
        $provinces = array();

        switch($countryCode)
        {
                case 'AR':

                        $provinces['BA'] = 'Buenos Aires';
                        $provinces['CO'] = 'Cordoba';
                        $provinces['SL'] = 'Salta';
                        $provinces['SF'] = 'Santa Fe';

                        break;

                case 'US':

                        $provinces['CA'] = 'California';
                        $provinces['WA'] = 'Washington';

                        break;
        }

        $objResponse =& new xajaxResponse();

        if (count($provinces) > 0)
        {
                $objResponse->addScript("document.getElementById('province').disabled = false;");
                $objResponse->addScript("document.getElementById('province').options.length = 0;");

                foreach ($provinces as $id => $province)
                {
                        $objResponse->addScript("addOption('province','" . $province . "','" . $id . "');");
                }
        }
        else
        {
                $objResponse->addScript("document.getElementById('province').options.length = 0;");
                $objResponse->addScript("addOption('province','-- Select a Country first -','');");
                $objResponse->addScript("document.getElementById('province').disabled = true;");
        }

        return $objResponse->getXML();
}

The first few lines are quite easy to follow. The first interesting thing that we see here is when we start by creating the Xajax response ($objResponse =& new xajaxResponse();) After that, if there are states to be inserted, we enable the state control, reset the state combo box (by setting its option length to 0), and for each state we call a client side javascript function called addOption() that will insert the specified option in the combo box. If no states are to be inserted, then we empty the combo box, inserting only a dummy option, and disable the element.

Now, let’s see the next few server-side lines of code:

$xajax =& new xajax();

$xajax->registerFunction("setCountry");

$xajax->processRequests();

Here, we instantiate the main xajax handler, registering the function we’ve just created, and telling xajax to process any request. From here on, all the remaining code is client side (HTML). What we need to pay special attention to is the client side javascript function we already mentioned, which is included here, and the insertion of xajax generated javascript code, all of this is done within the header tag of the HTML document:

<?php
$xajax->printJavascript();
?>
<script type="text/javascript">
<!--
function addOption(selectId, txt, val)
{
        var objOption = new Option(txt,val);

        document.getElementById(selectId).options.add(objOption);
}
// -->
</script>

Finally, the code that dispatches xajax when the country selection changes:

<select name="country" id="country" onchange="xajax_setCountry(document.getElementById('country').value);">
<option value="">-- Select a Country --</option>
<option value="AR">Argentina</option>
<option value="US">United States</option>
</select>

You can see the code working here, and download the source file here.

No related posts.