Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
Implementing Secure User Auth in PHP Applications with Long-Term Persistence
Jul 23, 2015 @ 10:14:23

On the Paragon Initiative blog there's a post showing you how to implement secure authentication with long term persistence (a secure "remember me" essentially) in a PHP application

A common problem in web development is to implement user authentication and access controls, typically accomplished through sign-up and log-in forms. Though these systems are simple enough in theory, engineering one that lives up to application security standards is a daunting undertaking.

Without a great deal of care and sophistication, authentication systems can be as fragile as a cardboard lemonade stand in a category five hurricane. However, for everything that can go wrong, there is an effective (and often simple) way to achieve a higher level of security and resilience.

He starts with a look at passwords - how to correctly hash them, how salts play into it and some suggestions about password policies. From there he gets into the "remember me" handling, giving two common problems with most systems: insufficient randomness and timing leaks (timing attack issues). He then proposes a different kind of solution, storing some additional information in the database record, a "selector" that's not timing dependent to find the record then use a timing attack safe method to compare the hashes. He ends the post with a brief look at account recovery and some things to watch out for if you plan to implement it.

tagged: secure authentication application longterm persistence

Link: https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence

NetTuts.com:
The Repository Design Pattern
Nov 26, 2013 @ 11:53:16

While design patterns are a wider topic than just PHP, the NetTuts.com site has posted a new tutorial looking at the Repository Pattern and uses PHP and PHPUnit to illustrate how the pattern works. They looks at the structure of the pattern at a high level and provide a more "real world" example too.

The Repository Design Pattern, defined by Eric Evens in his Domain Driven Design book, is one of the most useful and most widely applicable design patterns ever invented. Any application has to work with persistence and with some kind of list of items. These can be users, products, networks, disks, or whatever your application is about. If you have a blog for example, you have to deal with lists of blog posts and lists of comments. The problem that all of these list management logics have in common is how to connect business logic, factories and persistence.

They start with an overview of the pattern and some of the problems that it can help to solve. They also briefly mention the Gateway pattern that will be used in the examples to pull information into the Repository. After covering some of the basic concepts, they get into the code (going the TDD route) showing how to manage comments, like from a blog, inside a repository. It implements a "Comment" class, a persistence mechanism (the Gateway) and a Factory class that takes in the comment data and returns a correctly formatted object. Finally, they make the repository class and show how to add and retrieve comments from its internal data set.

tagged: designpattern repository gateway factory persistence tutorial

Link: http://net.tutsplus.com/tutorials/php/the-repository-design-pattern/

Russell Walker:
Active Record vs Data Mapper for Persistence
Oct 18, 2013 @ 10:19:13

Russell Walker has a new post today comparing two popular methods for abstracting out database access and working with your data - the Active Record and Data Mapper patterns for data persistence.

These two design patterns are explained in Martin Fowler's book 'Patterns of Enterprise Application Architecture', and represent ways of handling data persistence in object oriented programming.

He gives simple code examples of both - one showing a basic "save" call with Active Record and the other showing the saving of a "Foo" entity using similar logic. Along with these examples, he also includes a few points about the major advantages and disadvantages related to the pattern. He also talks some about "service objects", the go-between that the data mapper pattern uses to combine business logic and the mapper object. He ends the post by making some suggestions about which to use, depending on the need of course.

tagged: activerecord datamapper persistence database interface designpattern

Link: http://russellscottwalker.blogspot.co.uk/2013/10/active-record-vs-data-mapper.html

NetTuts.com:
Evolving Toward a Persistence Layer
Sep 12, 2012 @ 10:51:17

On NetTuts.com there's a new article posted that introduces you to the concept of a persistence layer in a PHP application:

One of the most confusing design pattern is persistence. The need for an application to persist its internal state and data is so tremendous that there are likely tens – if not hundreds – of different technologies to address this single problem. Unfortunately, no technology is a magic bullet. [...] In this tutorial, I will teach you some best practices to help you determine which approach to take, when working on future applications. I will briefly discuss some high level design concerns and principles, followed by a more detailed view on the Active Record design pattern, combined with a few words about the Table Data Gateway design pattern.

Included in the post is a high-level application design with the business logic is at the core and the persistence technology/layer exists outside of it. They show how to create a simple, working solution for a persistence layer to handle a blog post and its contents. It talks about characterization tests, the table gateway design pattern and the possible move to the active record pattern.

tagged: persistence layer tutorial logic blog example

Link:

Zend Developer Zone:
ZendCon 2010 Podcast - A New Approach to Object Persistence in PHP
Jan 11, 2011 @ 13:05:50

On the Zend Developer Zone there's a new post sharing the latest episode of their ZendCon 2010 sessions series - a talk from Stefan Priebsch about object persistence in PHP.

The object-relational impedance mismatch makes persisting PHP objects in a relational database a daunting task. How about these new schemaless NoSQL databases? We will have a look at the problems involved with persisting PHP objects, and introduce design patterns that help solving these problems. Putting the patterns to good use, we will build a working PHP object persistence solution for MongoDB.

You can download the episode as an mp3 and follow along with the slides for a more complete picture.

tagged: podcast zendcon10 session stefanpriebsch object persistence

Link:

Zend Developer Zone:
Junction -- a new persistance layer for PHP 5
Oct 05, 2007 @ 07:59:00

On the Zend Developer Zone today, there's a new post about a new project that's been launched - an object persistence layer for PHP, Junction.

The goal is to automate basic query construction, decouple the application from the database, and allow for faster development. With Junction you write a simple data object (the only requirement is that it have getters and setters) and a mapping file, following that you can start interacting with the database.

The project is completely open source (under the MIT license) and is operating under the "release early, release often" mentality. You can grab this most recent download directly from their site.

tagged: junction persistence layer php5 project hibernate junction persistence layer php5 project hibernate

Link:

Zend Developer Zone:
Junction -- a new persistance layer for PHP 5
Oct 05, 2007 @ 07:59:00

On the Zend Developer Zone today, there's a new post about a new project that's been launched - an object persistence layer for PHP, Junction.

The goal is to automate basic query construction, decouple the application from the database, and allow for faster development. With Junction you write a simple data object (the only requirement is that it have getters and setters) and a mapping file, following that you can start interacting with the database.

The project is completely open source (under the MIT license) and is operating under the "release early, release often" mentality. You can grab this most recent download directly from their site.

tagged: junction persistence layer php5 project hibernate junction persistence layer php5 project hibernate

Link:

Alexander Netkachev's Blog:
Installing Propel object persistence layer for Web application
Sep 15, 2006 @ 07:29:05

In his latest entry, Alexander Netkachev explains how to install the Propel object persistence layer and it's needed packages into your PHP application.

Object persistence layer provides the developers with the API that allows them to operate with data of the application in object-oriented manner. The developers can use known OOP methods for searching for and restoring the objects from the database. Something like this you can find on the main page of the Propel project and in the Wikipedia article about ORM technology.

These enthusiastic words roused my interest in the technology and I promised myself I would spend some time on testing a software for generating object persistence classes. And I ready to try the Propel library, because it is used by the Symphony framework, which I plan to test in a couple of weeks.

He starts with a little background information about why he's chosen to go with Propel and the process he followed to get things up and running smoothly. He links to the software you'll need (Propel, Creole, and Phing) and gives the install structure and environment variables you'll need to set. Finally, he gives an example .bat file to help perform the install automatically, reducing the problems that could happen when done manually.

tagged: propel object persistence layer creole phing application tutorial propel object persistence layer creole phing application tutorial

Link:

Alexander Netkachev's Blog:
Installing Propel object persistence layer for Web application
Sep 15, 2006 @ 07:29:05

In his latest entry, Alexander Netkachev explains how to install the Propel object persistence layer and it's needed packages into your PHP application.

Object persistence layer provides the developers with the API that allows them to operate with data of the application in object-oriented manner. The developers can use known OOP methods for searching for and restoring the objects from the database. Something like this you can find on the main page of the Propel project and in the Wikipedia article about ORM technology.

These enthusiastic words roused my interest in the technology and I promised myself I would spend some time on testing a software for generating object persistence classes. And I ready to try the Propel library, because it is used by the Symphony framework, which I plan to test in a couple of weeks.

He starts with a little background information about why he's chosen to go with Propel and the process he followed to get things up and running smoothly. He links to the software you'll need (Propel, Creole, and Phing) and gives the install structure and environment variables you'll need to set. Finally, he gives an example .bat file to help perform the install automatically, reducing the problems that could happen when done manually.

tagged: propel object persistence layer creole phing application tutorial propel object persistence layer creole phing application tutorial

Link:

SitePoint PHP Blog:
CouchDb: document oriented persistence
Sep 07, 2006 @ 07:49:40

Harry Fuecks mentions an interesting project today on the SitePoint Blog - CouchDb - a stand-alone document store, accessible via XML REST.

Firing up the CouchDb server on Windows is a breeze—follow the README. PHP-wise, you need the new http extension which is most easily done on Win32 by grabbing the most recent PHP 5 release (5.1.6) and the corresponding collection of PECL modules.

The interface between CouchDb and PHP is REST - XML + HTTP - you can also point your browser directly at the CouchDb server (default - localhost:8080) and get around with a little help from the CouchDb wiki.

So, if it's Just Another Database, why should we pay attention? Harry notes (with a code example) that it's more about how it stores the information and not just that it does. His example takes in a POST request from a form and pushes it (raw data) into the CouchDb functions. He also gives an example of where this would be handy - in a wiki (like Dokuwiki) where the files are currently stored on the filesystem instead of in a database.

tagged: couchdb interesting document oriented persistence post wiki raw data couchdb interesting document oriented persistence post wiki raw data

Link: