I'm pleased to present you with part one of a two part series on creating a photo site using PHP, jQuery, and AJAX. Originally, I intended to fit the entire tutorial into one screencast, but that quickly became a pipe dream as I realized that there was simply too much to cover. Nevertheless, even if you only watch this first video, you should learn a great deal.

In this first part of the series he'll walk you through creating a simple login form to authenticate the user, grab images from the database and show how to keep the database updated. There's a screencast along with the code/html for the tutorial as well as a source download if you just want to skip straight to the good stuff.

I am pretty happy to announce that I have just deployed a new version of the symfony project website with a brand new "Plugins" section (look at the top menu entries) to replace the Trac plugin management system.

The new section has a listing of all of the available plugins (can be filtered) and dedicated pages for each of them with things like license, version and release information. You can also search the plugins based on keywords and authors. Developers adding their plugins have a full admin interface and uses the Trac accounts to manage access.

Yes! Its here! Phorum 5.2 has reached alpha status. Its been over a year since we branched the 5.1 code and started on 5.2. A lot has changed and Phorum is better for it. Much of the success of Phorum 5.2 goes to Maurice Makaay. He has done a lot of work to make the core code cleaner and easier for module developers. He has also been instrumental in the documentation project. As for new features and changes, below are a few. We are still updating a wiki page with all the changes and features at http://www.phorum.org/development/wiki/Phorum52News.

Updates for the users and admins include:

• Brand new template. Emerald is a more modern, full featured template. It uses many interface design recommendation used by usability professionals.
• Better error messages when posting to help your users know what is wrong.
• New announcement module that gets announcements out of the message list and into a more prominent position.
• More modules included with Phorum and officially supported.
• Sanity checks updated to help admins know if their Phorum is running properly.

The idea is to give the owner of the blog the ability to manage the blog by being able to remove users and articles as required, or to alter the status of users by upgrading them to admin status or banning them. It is also a place where the administrator can start new topics that will then garner their own replies.

They go through the creation of the main admin script (functionality managed with a switch statement, including other external PHP files) and the functions that go in each of those individual files to make things work - managing messages, managing users, and managing categories.

Over the final two chapters of this tutorial, I'm going to guide you through the process of creating two real-world PHP applications. Not only will this introduce you to practical application development with PHP, but it will also give you an opportunity to try out all the theory you've imbibed over the past weeks.

The first application is fairly simple. It's a polling system for a web site, one which allows you to quickly measure what your visitors think about controversial issues.

They start with setting up the database to hold the votes - two simple tables, questions and answers. Then, it's on to the code - first displaying the form the users will vote with, then handling their response. Of course, what would a good application be without some kind of administrative utility to help manage and view the results - so they build one. It helps add/remove questions and check out the results of the polls.

Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.

In the tutorial he talks about the bad reputation that PHP seems to be gathering and how it's less about the langauge and more about the applications written in it. His response is shown the the acronym in the title: PAVISE- Privacy, Administration, Validation, Integrity, Sociology and Environment.

• Privacy deals with keeping server-related info away from the client (what it shouldn't see)
• Administration suggests knowing how things are configured, even if you don't have the access to change them
• Validation (a huge factor) keeps the user data entered from doing bad things to you and your application
• Integrity is the overall strength of your application
• Sociology talks about methods to protect yourself from the social engineering that can happen to anyone
• Environment requires knowing if you're working on a secure platform or not, which could undermine all other efforts

Under each of the headings items are listed out and detailed to help give you a more concrete example. Code examples are also included where appropriate.

He quotes from their site where it mentions that their goal is to "continually evolve by attracting a community [...] to provide additional functionality to the already existing rich feature set."

Of the five raeasons he gives, here are a few:

• difficult to integrate into an existing design
• admin navigation issues
• security

While some of the issues her points out here are a matter of personal preference, the "security" aspect caught my eye. These days, especially with all of the talk about security in the PHP community, that should be one of the first things groups look at in their software. From his comments, OSCommerce doesn't make it very easy to implement a patch either.]]> Tue, 07 Mar 2006 07:09:38 -0600