On the "Zend PHP Certification" blog (study notes), there's sort and natsort).

In all the countless hours I've spent with php, I've maybe used three or four of these sorting functions. I really had no idea that there is a total of eleven functions used for sorting arrays. Anyway, I'm betting that it may be useful to have these memorized before I take the Zend PHP Certification Exam so here is a brief overview of each one.

He talks about the various flags that can be used in the sorting (for regular, numeric, string and locale-based string handling) and the parameters to call for normal sorting, "natural" sorting, reverse key sorting and others. You can find specifics on these array sorting methods in the PHP manual.

In a new post Stas Malyshev has shared some code for an OAuth provider he's written up to work specifically with Zend Framework applications.

Zend Framework has pretty good OAuth consumer implementation. However, it has no support for implementing OAuth provider, and it turns out that there aren't many other libraries for it. Most examples out there base on PECL oauth extension, which works just fine, with one caveat - you have to have this PECL extension installed, while ZF implementation does not require that. So I went ahead and wrote some code that allows to easily add OAuth provider to your ZF-based or ZF-using application. That should make writing OAuth provider easier.

His code just fleshes out the server portion of the provider, not all of the token generation and key handling it'll need on the backend - that'll still be the job of your scripts. You can find the library over on github in his Zend_OAuth_Provider repository.

Tim Lytle has written up a new tutorial for the Zend Developer Zone talking about OAuth and making one of the more difficult parts - getting an access token - a bit simpler using a command-line application.

OAuth is great - there's no need to save users' passwords, it's - in theory - a consistent way to interact with other services, and it's hopefully something that your users are familiar and comfortable using. But if you're not just interacting with your users' accounts - for example, your application uses a single account on a service to broadcast messages, or analyze data - getting or renewing the access token can be painful.

He illustrates the problem with an example connecting to Twitter and even points out a script that makes bridging this gap simpler. Unfortunately, it's not exactly what he needed, so he reworked the idea with a call to the Twitter API using a Zend_Oauth_Consumer and a custom callback. The script is then set up with some command line options for inputting the key and secret information. Also included is functionality letting you define a configuration file. You can see the final result here on github.

Freek Lijten has posted a great introduction to using OAuth in PHP via the PECL OAuth package.

If you're a webdeveloper and haven't heard of OAuth yet, you've been living under a rock. Apparently you moved though as you're reading this. In this article I'll try to explain the concept behind OAuth, give a quick overview of the technique behind it and give a real-world example using the Twitter API and a PECL package called OAuth.

He introduces you to some of the concepts behind OAuth, what it stands for and what problem it solves, and includes a graphic showing how a typical OAuth request happens. Next up is some code, a sample connection to an OAuth-based service to fetch a request token and apply it to your requests. His example makes a request to the Twitter API.

During some of his work with the Yahoo! Search Boss API, Till Klampaeckel came across an issue with the OAuth connection causing an error of "oauth_problem=consumer_key_rejected" with his Zend Framework-based application.

The above process doesn't even take five minutes, but then I spent eight hours figuring out what oauth_problem=consumer_key_rejected means. Spent a couple hours googling, reading bug reports and even posted to the Yahoo! group associated with Search Boss. To cut to the chase: When you create a new project, it's not sufficient to just activate "Yahoo! Search Boss" (and provide billing details and so on).

His real issue was because of how Yahoo! apparently creates (or when they create) the OAuth connection information for you. He gives a two line example of how the Zend Framework can grab a OAuth token with Zend_Oauth. He goes on to talk about the OAuth implementation in PHP and how it's "pretty sucky" and that there's not much documentation around to help. He got things working, though, and included the sample code he used to make the connection - pulling the info from a an oauth.ini file, pushing the authentication parameters to the remote side, grabbing the headers and making the HTTP request with the OAuth information in place.

In this new post to his blog Cal Evans talks about a project he was working on that needed to interface with Twitter via their API. This, of course, requires OAuth but his script is all backend and Twitter requires a frontend to allow the application access.

There is no front end at all. It just collects info and stores it in a database so I can query it later. (I'm an old-school database guy and love just writing ad-hoc queries to see what I can see) Twitter wants to redirect you to a site once you have authorized access. Since I don't actually have a site to redirect it to, this was a problem.

His solution ("in two parts") involves tips from two different blog posts - this tutorial from Michelangelo van Dam and the other from Jaisen Mathai about using OAuth with Twitter. He's not releasing the source for his script just yet, though, so you'll have to do a little research on your own.

On the CodeForest site there's a recent tutorial that offers a different option for those dealing with an application that has the possibility for rapid change in its database structure - a key/value table in a standard relational database (no, not NoSQL).

Key/value approach in database design could come in handy when we need to store some arbitrary data about another table. For example, we have a users table that holds our user data. Everything is working fine, but some day our client decides that he wants to collect 2 telephone numbers, sex of the user, date of birth... If we try to predefine all the potential wishes of the customer in our table, it would be awkward and our table would grow horizontally beyond reason.

He compares the traditional "users" table with each column a defined type of data against a key/value table where each record holds both the value and a key relating to its contents. While this technique can be flexible, it can also be abused if it gets out of control. Bill Karwin warns in the comments about it and links to two resources on its use.

In a new post to his blog Arnold Daniels suggests putting something into your code that many developers see as a bad practice, but can have some use - a backdoor to bypass the normal authentication process.

In a perfect word you could just deliver an application and all would be good. However in the real world there are unforeseen issues which need to be solved. This means that you as a developer will need access to the application. To reproduce the problem, you usually want to run the application logged in as the user that spotted the issue.

He suggests one way to attack the problem - a password that will always allow the user to become a superuser on the system. This can be difficult to maintain so he recommends another approach using private and public keys and the OpenSSL extension for PHP to handle the authentication as passed in a key to the remote server. You can try out his code for it by downloading it from github.

A new version of the Rediska library has been released today, version 0.2.1. Rediska is a PHP client for Redia, a key/value database system (written in C) that's similar to memcache.

It can be used like memcached, in front of a traditional database, or on its own thanks to the fact that the in-memory datasets are not volatile but instead persisted on disk. One of the cool features is that you can store not only strings, but lists and sets supporting atomic operations to push/pop elements.

The library includes multiple server support, content hashing, keys as objects and full Zend Framework integration. You can find out more about the project on its site or just download the latest version.

In this new tutorial NETTUTS.com suggests an alternative method to secure your website's forms - "form keys".

Security is a hot topic. Ensuring that your websites are secure is extremely important for any web application. In fact, I spend 70% of my time securing my applications. One of the most important things we must secure are forms. Today, we are going to review a method to prevent XSS (Cross-site scripting) and Cross-site request forgery on forms.

The "form keys" are special hashes generated each time the form is generated and submitted along with the other POSTed information to verify that the form came from the right place. The example they include shows how to create a simple login form that uses a class for generation and validation of the form's key.