We previously covered how to authenticate an author to the blog, but we still have nothing ensuring only authenticated authors can access the new Administration Module. This is the domain of Zend_Acl, an implementation of an Access Control List system which limits access to resources by the roles assigned to a user.

He starts by helping you understand access control lists including roles and privileges. He plans out the different roles that he wants the application to have first (always a good first step) and then implements them in a class extending the Zend_Acl component. He wraps this all in a front controller to make it easy to use.

He also tosses in a bit there at the end about CSS and styling to handle the forms for login and the administration piece of the blog he created earlier.

In the previous entry, we created a new Administration Module to hold blog management functionality, added a Module specific layout for it, and discussed the upcoming need to ensure this is only accessible by authorised Authors. In this entry I'll unravel some of Zend_Form's mysteries in adding a login form, before using Zend_Auth to implement authentication for authors.

He includes the code (controller and view) to add the login form as a part of the Author functionality and, using a few decorators to help him build the form how he likes it, extends the Zend_Form component to make his form with username, password and submit elements. He throws in some validation and a bit of error checking to finish it off.

For years I've wanted to run a personal Web site but never found the time to do it. A couple of weeks ago a few Zenders and I started leasing a dedicated server which gave us each a bit more hosting flexibility. Once we got the machine up and running I decided it was finally time to actually launch my own personal Web site.

He lists the technologies he's using including the Zend Framework, the Zend_Gdata component and the Zend_Cache (for local caching of his blog feeds from Blogger).

In this article we're going to take a stab at setting up a default blog style, using some filler content, and finally capturing the design with a Zend_View template to be consumed by Zend_Layout as a common HTML Layout for the entire future blog.

He uses the Blueprint CSS framework for his projects, a simple system that helps you lay out pages it a bit more sensible fashion without having to worry about the underlying CSS so much. He shows how to integrate the library into his project and gives some sample HTML to style with it. Then, with a little help from the Zend_Layout component, he splits it up into a layout that can be used over the entire website (code included).

It's almost obligatory when introducing a new programming topic, that the author present the simplest possible example. Usually this means getting a programming language or framework to print "Hello World" to the screen. I'm going to be no different. So much for originality...

He shows how to set up everything, down to the Apache VirtualHost directive and hosts file to get the web server and localhost working correctly. He includes the code for the boostrap file and how to create your first controller (along with its view, of course).

You should all see a few commits commencing at the weekend. Probably all in one go since I largely have a standard skeleton I use already. [The URL is] http://svn.astrumfutura.org/zfblog/.

He's working live on it so things might break from time to time, but at least you can keep up with his thoughts and ideas on methods for some of the common blogging tasks.

You can find the first two parts of the series here - Part 1 and Part 2

Starting any new application is like walking into a shop and being dazzled by the displays. You want everything but finally realise you only have so much resources to spend. So you isolate the specifics you must have, and focus on those.

This first part focuses on the planning stages of the application. He works through the features he wants the blog to have and some of the external libraries he's going to rely on (things like PHPUnit and jQuery). His goal for the series and the application is to have something he can replace his current blog with and to provide readers a step by step detail of the progress along the way.

Ben congratulates Stefan for the nomination, for making the list when others in the PHP community didn't.

Stas, on the other hand, disagrees a bit with some of the comments made by the reporter that wrote up Stefan's piece:

I do not see how reporting a bunch of vulnerabilities (most of them fixed by the time of publication - for which thanks to Stefan Esser as the responsible reporter) is "thoroughly exposing the insecure nature of PHP". Bugs and bug reports - including ones that may affect security in one way or another - are nothing but commonplace in both open-source and non-open-source software worlds.

You can check out the full list for yourself on the eWeek site.

• Chris Shiflett
• Elizabeth Smith
• Lorna Mitchell
• Jon Gibbins
• Ben Ramsey
• Travis Swicegood

Check back as the day progresses for more sites added to the list! Are you participating? Let us know and we'll add you to the list!

Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.

He mentions two things in particular - their addition of salted passwords and secure cookies.