News Feed
Jobs Feed

News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Lorna Mitchell:
OAuth Middleware for Slim
October 09, 2013 @ 11:53:37

Lorna Mitchell has posted about some middleware for the popular Slim (micro)framework that helps with OAuth functionality.

OAuth can be anything you want it to be, the standards are lax and give you plenty of room for getting the right implementation for your system. However you proceed, though, you'll need to check an access token on every request - and in a Slim application, a middleware can help enormously since it hooks in to every request by design. I've recently implemented this and thought I would share.

She's created a basic middleware component that can be easily dropped into the framework to handle the checking of the tokens via an "AuthService" object. She also includes a brief snippet of how she generates the codes, combining the output of bin2hex and openssl_random_pseudo_bytes.

0 comments voice your opinion now!
oauth middleware slim access token validation generate

Extract Objects from an Access Database with PHP, Part 2
June 03, 2013 @ 10:37:24 has posted the second part of their series covering connecting PHP to a legacy Access database. In part one they introduced you to working with the data and how to extract the object. In this new part they look at specific file types and how to pull out their data.

In this second part we'll learn how to extract Acrobat PDF documents and take a brief look at a selection of image formats. The only similarity that PDF, GIF, PNG, etc., have when stored in an Access database is that they are all wrapped in an OLE container consisting of a variable length header and trailer. As we shall see, the trailer can be ignored as it was with the package discussed in Part 1. The header is more useful, but doesn't contain all the information we need.

They get into the details of the headers for each type of object and include screenshots of what they look like in a hex viewer. The code for the complete class is included in the post, making it easy to drop in and get started with your transition from database object to external file.

0 comments voice your opinion now!
extract object access database tutorial series pdf image

Creating a PHP OAuth Server
January 01, 2013 @ 11:56:46

On today there's a new tutorial posted about creating your own OAuth server in PHP using the oauth-php package to do the "heavy lifting".

If you've ever integrated with another API that requires security (such as Twitter), you've probably consumed an OAuth service. In this article, I'll explore what it takes to create your own three-legged OAuth server allowing you, for example, to create your own secure API which you can release publicly.

They include a visual representation of the OAuth authentication flow (it's not the simplest thing) and the database structure/sample code you'll need to get the server up and listening. Also included is a registration form and how to generate a request token and give back an access token. There's also some sample code showing how to validate the request and it's access token to check for a correct (and allowed) request.

0 comments voice your opinion now!
tutorial oauth server oauthphp flow authentication access validate
The Secret PHP Optimization of version 5.4
June 14, 2012 @ 12:12:42

In this new post from Manuel Lemos on the blog about some of the performance enhancements that were introduced in the latest PHP releases (the 5.4.x series) including variable access optimization.

PHP 5.4 introduced several performance optimizations. One of them was not discussed much in the PHP community but it may affect the performance of your code depending on the way you write it.

He gets into some of the details surrounding the variable access optimization, pointing out how to get the most out of this improvement. He also does a bit of speculation about future versions of the language, including the possible introduction of "Just In Time" compilers.

0 comments voice your opinion now!
optimization version variable access object property
Creating a Custom ACL in PHP
May 11, 2012 @ 10:53:23

On there's a recent tutorial showing you how to create a basic access control list in PHP (not in any specific framework). It allows you to define not only user permissions but groups and group permissions as well.

So, what are the advantages of an ACL model? The first advantage is security. Using this model will make your application more secure and less vulnerable to exploits. When securing any program, it is good to give to the user only the privileges he/she needs. That means that, for example, you should not give super administrator privileges to someone who will only manage website content. The ACL security model allows you to do just that. The second advantage is the easiness of user management. You can divide users into groups, while each group has certain access permissions. Also, you can easily add new user groups, delete the old ones or change group permissions.

They include the database structure you'll need to make the backend work (four tables) and the code to create an "Acl" class with methods to check a user+group for a permission, get the permissions for a user and get the permissions for a group. It's a pretty simple system and has a lot more that could be added to it to make it more robust, but it's a good start.

0 comments voice your opinion now!
custom acl access control permission group tutorial database
Using an Access Database with PHP
May 08, 2012 @ 14:57:38

On the site there's a new tutorial (from David Francis) about connecting to a database (a basic introduction using PDO) and doing some of the common operations with the connection.

Wouldn't it have been better for them to able to maintain their database where ever they were? Of course, but how? Simple - put it online. [...] In this article I'll focus on the essential elements of PHP you'll need to use an existing Access database online. One other item that's standard with a Windows installation is the availability of ODBC drivers. These are essential for the use of Access from PHP.

He includes a sample database structure (with "product", "product_category" and "category" tables) and includes some sample code showing how to connect to the remote database and perform some basic actions - select, update, insert and delete

0 comments voice your opinion now!
tutorial database remote access pdo
Role Based Access Control in PHP
March 13, 2012 @ 13:10:05

On today there's a new tutorial posted (from Martin Psinas) about using role-based access controls in PHP-based applications. His method isn't based in any specific framework, so it's easily portable to just about any app out there.

In this article I will discuss my personal favorite approach: role based access control (RBAC). RBAC is a model in which roles are created for various job functions, and permissions to perform certain operations are then tied to roles. A user can be assigned one or multiple roles which restricts their system access to the permissions for which they have been authorized.

He starts with a warning that, if not properly maintained, a role-based system like this can get to be somewhat chaotic so a rules should be in place around the adding and removing of permissions at certain times. His functionality is based on a few database tables - roles, permissions and cross-reference tables between users/roles & permissions/roles. All of the code you'll need to implement the system is included in a Role class, the PrivilegedUser class and the methods you'll need to add/remove/check the logged in user's permissions.

0 comments voice your opinion now!
role access privilege tutorial database permission
CakePHP AclComponent - ACOs, AROs and Mapping
February 29, 2012 @ 11:38:12

On the Refulz blog they've posted the next in their series about access control in CakePHP applications. In this new article they look at Access Request Objects (AROs) and Access Control Objects (ACOs) and how they can be managed via the built-in ACL functionality.

Continuing with Access Control Lists, we will read about the two Access Control Lists and their mapping. The Access Request Objects (AROs) are a list of the things that seek permissions and the Access Control Objects (ACOs) are the resources on which permissions are required. Both the lists are maintained in the tow tables, namely aros and acos respectively.

Included in the post is the SQL you'll need to create the tables for the system to use as well as some basic code to use the AclComponent with the ACOs/AROs. They also show how to use the parentNode method to create parent/child relationships between the objects.

0 comments voice your opinion now!
cakephp tutorial access control acl aro aco request aclcomponent

Lorna Mitchell' Blog:
PHP OAuth Provider Access Tokens
August 30, 2011 @ 08:28:04

Lorna Mitchell has posted the latest in her look at OAuth in PHP to her blog today, an introduction to access tokens - generating and handling them in your application.

I've been working with OAuth, as a provider and consumer, and there isn't a lot of documentation around it for PHP at the moment so I thought I'd share my experience in this series of articles. [...] This entry follows on from the ones about the initial requirements, how to how to handle request tokens, and authenticating users.

In this latest post, she talks about the three different types of tokens - consumer, request and verififier - and how to use them to locate a user in your app's users. Her code validates the request token and verifier against the database and, if successful, inserts the rest of the token information for the user.

0 comments voice your opinion now!
oauth provider tutorial access token consumer secret verifier

Matthew Weier O'Phinney's Blog:
Proxies in PHP
July 06, 2011 @ 08:10:08

In a new blog post Matthew Weier O'Phinney has taken a look at proxy objects (the Proxy design pattern) and how it differs from some of the other popular patterns.

Of the other patterns mentioned, the one closest to the Proxy is the Decorator. In the case of a Decorator, the focus is on adding functionality to an existing object -- for instance, adding methods, processing input before delegating to the target object, or filtering the return of a method from a target object.

Proxies stand in for objects and have several benefits for your application that may or may not need all of the overhead a full object could cause. Matthew focuses on one benefit in particular - consuming and controlling access to another object. He sets up a problem of wanting to use properties/methods on objects that aren't exposed directly (like a protected method). His solution is a proxy layer class on top of the original object. He includes a few "gotchas" to look out for when using this technique including overwriting all necessary methods and copying over all of the needed properties.

0 comments voice your opinion now!
proxy designpattern object access method property

Community Events

Don't see your event here?
Let us know!

composer application overview component language opinion series hhvm release introduction install package hack podcast unittest security code symfony2 facebook framework

All content copyright, 2014 :: - Powered by the Solar PHP Framework