First off, creating a rich Domain Model, where multiple domain objects with well-defined constraints and rules interact, can be a daunting task. Second, not only is it necessary to define from top to bottom the model itself, but it's also necessary to implement from scratch or reuse a mapping layer in order to move data back and forward between the persistence layer and the model in question.

They include an example of a set of domain models tat relate to one another - a blog setup with posts, comments and users. They show how to create the AbstractEntity to handle a bit of the magic behind the scenes, an example "Post" and "Comment" models and how they can be put to work creating some posts and appending comments. A little bit of markup is included to output the results.

In all the countless hours I've spent with php, I've maybe used three or four of these sorting functions. I really had no idea that there is a total of eleven functions used for sorting arrays. Anyway, I'm betting that it may be useful to have these memorized before I take the Zend PHP Certification Exam so here is a brief overview of each one.

He talks about the various flags that can be used in the sorting (for regular, numeric, string and locale-based string handling) and the parameters to call for normal sorting, "natural" sorting, reverse key sorting and others. You can find specifics on these array sorting methods in the PHP manual.

The Git-based project hosting service GitHub is certainly the belle of today's technology ball, having attracted more than 1 million registered users and amassed more than 2 million hosted projects in less than three years. [...] GitHub High Scores and GitHub Badges are two examples of third-party services created using the GitHub API, which is capable of carrying out any task you might wish to perform via GitHub.com. With it you can create, edit and search repositories, learn more about fellow GitHub users, and manage repository issues.

Jason shows how to use the php-github-api library to connect to the API, search repository information, get user details, finding their repositories and accessing restricted resources (things only available for the authenticated user like updating your account or working with your own repositories).

About to dive into MVC and wondering which one has the most wealth in terms of documentation/code comments as well as a decent community.

Suggestions in the comments include both old and new options including:

• Symfony
• CodeIgniter
• Zend Framework
• Yii

Warden is a user database authorization package for the FuelPHP framework that aims to fast track development by handling the work load of uthenticating user's. Built for performance, it comes with a ready-to-use user model and database install script.

The package uses bcrypt for password hashing and also provides features for forgotten passwords, password resets and "remember me" functionality. Installation is as simple as adding it to your "always_load" package list and setting up a few configuration options. Sample code for its features is included. You can get the latest version directly from github.

The main point about 2-step verification is that something else than your computer provides that token. If it's on your computer and that one gets stolen (or hacked into), it won't help much for the additional security. That's why you need a second device for those tokens. Some banks do that with SMS/Text Messages (Facebook, too), other give you special devices for that (eg. RSA keys) and the last group does it with your smartphone.

At the request of a client, they created a tool that did just this, but for PHP. As a result, they created the GoogleAuthenticator library that makes it easy to implement in your application. There's even an example of it in use. For more information about the Google Authenticator tool, see this page on Google Code.

Please help us create the definitive resource for this topic. We believe that stackoverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form Based Authentication For Websites" should be a fine topic for such an experiment.

They want to include topics like logins, storing passwords, "forgot password" security, OpenID, browser autocompletion, password strength, email validation and more. They already laid out eight different sections with summaries including:

• How To Remain Logged In - The Infamous "Remember Me" Checkbox
• Using Secret Questions
• Checking Password Strength
• Much More - Or: Preventing Rapid-Fire Login Attempts
• Two-Factor Authentication and Authentication Providers

There's some good feedback from other users with other suggestions and links to external resources that could shed some more light on the topic.

Recent advancements in PHP offer the developer a variety of tools to improve the security of login systems. [...] This programming tutorial will teach you how to create a simple, yet secure login script utilizing PHP using MySQL and bracing for XSS attack prevention.

Other features include no persistent logins, preventing direct file access, an idle timeout on the user session, protection against session fixation and anti-brute force measures. Full (procedural) code is provided as well as screenshots from phpMyAdmin showing the database table structure. You can grab the code for the project here.

This phase is probably the most familiar to us as developers, as it's simply a login form. The consumer will send the user to us at the URL we provided in the request token, and the user will have the request token key as a parameter. The access control on this page will look the same as on the rest of the website; if the user has a session already then the page is displayed, otherwise they must be logged in to see it.

She talks about verifying the authentication token passed in (from the value already generated and put into a database table), the grant/deny process and the information to update in her sample table when the user falls into the "granted" side of things. She also briefly mentions the optional callback that can be passed to a service like this and how to handle its value.

So, why can't you maintain state with HTTP? The main reason is because HTTP is a stateless protocol, meaning that it has no built-in way of maintaining state between transactions. For example, when a user requests one page followed by another, HTTP does not provide a way for us to tell which user made the second request. In this article we will look at what maintaining state in PHP applications entails.

They introduce cookies and how they can be used to store information about the user's session on their client for a certain amount of time. This makes it much simpler for the cross-page or cross-session details to persist. There's a bit of code showing how to set and get a cookie and how to do the same with a session.