Marcelo Gornstein has returned to his "IVR with PHP" series in this latest post (see others here and here). In this new post he shows you how to create a full flow of interaction for your callers:

The last article was about how to create call flow nodes for asterisk, using pagi and php, to easily create telephony applications. It's now time to add a layer on top of it, and create a complete call flow with several nodes.

He talks about NodeControllers to control execution flow, results from their execution, available actions and an example of creating a controller and adding nodes. He builds on this simple controller and shows how to handle a few actions including responding to user feedback, adding multiple menu options and some more complex logic using a closure to contain the functionality.

Marcelo Gornstein has a new post to his blog (in his PHP and PAGI series) showing how you can use call nodes to create more complicated telephony applications.

Now, since version 1.10.0, PAGI comes with a neat feature, which is a small abstraction layer over the pagi client, called "Nodes". Also, the "NodeController" will orchestrate how those nodes interact with each other. Nodes are essentially call flow nodes. These new features will allow you to implement complete call flows in no time, and maybe even without using the pagi client by yourself. In this article, I'll introduce the nodes by themselves (and how to unit test them), and will talk about the node controller in a latter article.

He introduces the concepts of these Nodes and shows how to create a simple client, make a node off of it and read in the user's input. Code is also included for a basic IVR menu, working with pre-prompt messages, digits, datetimes and calling card PIN numbers. There's also some examples of calling validators on the input, making callbacks, tracking the nodes via in internal system and mocking out the nodes for testing purposes.

On PHPMaster.com there's a recent tutorial introducing the concept of a "domain model" and showing how to create them in PHP (manually, not inside of any ORM or database solution).

First off, creating a rich Domain Model, where multiple domain objects with well-defined constraints and rules interact, can be a daunting task. Second, not only is it necessary to define from top to bottom the model itself, but it's also necessary to implement from scratch or reuse a mapping layer in order to move data back and forward between the persistence layer and the model in question.

They include an example of a set of domain models tat relate to one another - a blog setup with posts, comments and users. They show how to create the AbstractEntity to handle a bit of the magic behind the scenes, an example "Post" and "Comment" models and how they can be put to work creating some posts and appending comments. A little bit of markup is included to output the results.

On the "Zend PHP Certification" blog (study notes), there's sort and natsort).

In all the countless hours I've spent with php, I've maybe used three or four of these sorting functions. I really had no idea that there is a total of eleven functions used for sorting arrays. Anyway, I'm betting that it may be useful to have these memorized before I take the Zend PHP Certification Exam so here is a brief overview of each one.

He talks about the various flags that can be used in the sorting (for regular, numeric, string and locale-based string handling) and the parameters to call for normal sorting, "natural" sorting, reverse key sorting and others. You can find specifics on these array sorting methods in the PHP manual.

PHPBuilder.com has a new tutorial posted about interfacing with GitHub in PHP, using their API to hook into and pull down information about users and repositories.

The Git-based project hosting service GitHub is certainly the belle of today's technology ball, having attracted more than 1 million registered users and amassed more than 2 million hosted projects in less than three years. [...] GitHub High Scores and GitHub Badges are two examples of third-party services created using the GitHub API, which is capable of carrying out any task you might wish to perform via GitHub.com. With it you can create, edit and search repositories, learn more about fellow GitHub users, and manage repository issues.

Jason shows how to use the php-github-api library to connect to the API, search repository information, get user details, finding their repositories and accessing restricted resources (things only available for the authenticated user like updating your account or working with your own repositories).

In this new post to his blog Stoimen Popov talks about calling the "destructor" method of an object and why doing it directly could lead to some issues - like not actually destroying the object before the script ends.

At the end of the script the interpreter frees the memory. Actually every object has a built-in destructor, just like it has built-in constructor. So even we don't define it explicitly, the object has its destructor. Usually this destructor is executed at the end of the script, or whenever the object isn't needed anymore. This can happen, for instance, at the end of a function body. Now if we call the destructor explicitly, which as I said I've seen many times, here's what happen. As you can see calling the destructor explicitly doesn't destroy the object. So the question is...how to destroy an object before the script stops?

He points out that one way to "destroy" an object is to null it out and remove the structure from memory. This is tricky, though, because a clone of the object will still exist in memory, just not the original.

On Reddit.com there's a new post that asks the question, "which framework has the best documentation and community?"

About to dive into MVC and wondering which one has the most wealth in terms of documentation/code comments as well as a decent community.

Suggestions in the comments include both old and new options including:

• Symfony
• CodeIgniter
• Zend Framework
• Yii

Fuel framework users have another option when it comes to user authentication management in their applications. Ando has released Warden, a package that manages logins, password hashing and user ACLs.

Warden is a user database authorization package for the FuelPHP framework that aims to fast track development by handling the work load of uthenticating user's. Built for performance, it comes with a ready-to-use user model and database install script.

The package uses bcrypt for password hashing and also provides features for forgotten passwords, password resets and "remember me" functionality. Installation is as simple as adding it to your "always_load" package list and setting up a few configuration options. Sample code for its features is included. You can get the latest version directly from github.

Artur Ejsmont has a new post with a passionate call to arms for anyone who thinks that just because their URL has "https" in it, it's secure. He presents his suggestion on how to properly secure SSL API calls for your PHP application.

Lets make something clear from the very start: JUST BECAUSE THERE IS https:// IN THE URL OF THE REMOTE SERVICE IT DOES NOT MEAN THE CONNECTION IS SECURE! I am sorry for the tone of this post but i am enraged by how popular this issue is online. If you ask why i suggest a little experiment [involving changing your hosts file and using a self-signed certificate].

The issue he spotlights is all too common - a server serves up SSL pages but doesn't actually verify the certificate in the process. He gives a bad example of how some scripts handle this issue using the CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to turn off this verification - a very bad idea. To protect yourself from any kind of man-in-the-middle or DNS hijack issues, you should leave these on.

On the Liip blog there's a recent post talking about a tool Google offers to help you authenticate your users, a one-time passcode generator called Google Authenticator. The post talks about a PHP port of the same idea.

The main point about 2-step verification is that something else than your computer provides that token. If it's on your computer and that one gets stolen (or hacked into), it won't help much for the additional security. That's why you need a second device for those tokens. Some banks do that with SMS/Text Messages (Facebook, too), other give you special devices for that (eg. RSA keys) and the last group does it with your smartphone.

At the request of a client, they created a tool that did just this, but for PHP. As a result, they created the GoogleAuthenticator library that makes it easy to implement in your application. There's even an example of it in use. For more information about the Google Authenticator tool, see this page on Google Code.