PHPBuilder.com has posted what they consider to be the top five content management systems written in PHP including Drupal and Joomla.

With solutions such as the Zend Framework and CodeIgniter making it easier than ever to create complex web applications, it can be tempting to flex your developer muscles and create custom framework-based solutions whenever the opportunity arises. However, the PHP community has also made great strides with another type of web development solution, as the content management system (CMS).

He looks at some of the key features of each and points out some of the more popular sites using them as a backend. He wants to give you a starting point to look into:

• Drupal
• ExpressionEngine
• Joomla
• Silverstripe
• WordPress

PHPBuilder.com has a new article from Jason Gilmore on security in command-line applications posted today and what you can do to help protect your scripts from unwanted system command access.

In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating how to build web applications that can tightly integrate with both the operating system and third-party software.

He mentions the proper filtering of input strings (user input), how it can protect your and your application as well as a few examples of using the PHP execution functions (like exec or passthru) and how to apply the shell escaping commands (like escapeshellarg) as a first layer of security.

In this new post from Brandon Savage he looks at automated build tools and how they're more relevant now than ever in your application's lifecycle.

Build systems are just as relevant to the web (if not more so) than they are to compiled code. Build systems offer significant advantages to the development of software applications, and it is crucial that developers not take them for granted.

He suggests a few reasons to those naysayers out there as to why build processes and tools are pertinent to web development:

• Build systems make continuous integration easier.
• Build systems ensure that the same process is followed each and every time when making a release.
• With a one-step system, errors are reduced.
• Creating a build system reenforces the entire development process.
• A build system introduces formality to the release process.

On the CMSMatch.com site there's a new post with a "top ten" list ranking some of the popular content management systems:

CMS Match collected data on CMS functionality categories, such as core apps, flexibility, interoperability, mobile internet, performance, security and available support. The available functionalities are scored for each CMS. For example a blog functionality. Scores range from not available (0 points) through limited (5 points) to fully supported (10 points). Based on these scores, CMS Match was able to calculate a top 25.

PHP content management systems included in their list are eZ Publish, Acquia, WordPress and Joomla.

Alexey Zakhlestins has posted about a build system created by developers of the Symfony framework as PHP's answer to Make and Rake - Pake.

Often, while working on software projects, one finds, that there are repetitive tasks, which would be much easier to deal with, if automated. In the C/Unix world, this task is often solved by Make, Java programmers prefer Apache Ant, Ruby programmers use Rake. The fact, which is not commonly known, is, that PHP also has such instrument, and it is called Pake. It was originally created by authors of Symfony framework. Unfortunately, they never wrote any documentation, which killed adoption rates.

He shows what a sample "Pakefile.php" file might look like and links to the github page for his revamp of the project to add a few more helpers. You can also install it as a PEAR pacakge.

Rob Allen (as a part of his work on his WinPHP Challenge entry) has posted a little code snippet to his blog about fetching the list of all databases sitting on a SQL Server instance.

I need to get a list of databases from SQL Server for the currently logged in user. Initially, I found a built in function sp_databases. This looked promising, until I discovered that it didn't work for my user. I'm pretty sure that it's related to permissions. The user just has db_owner on a specific database and nothing else.

He ended up selecting from a sys.database table where the name wasn't in a grouping of standard SQL Server databases (like "master" or "msdb"). He wrapped this in a foreach with a try/catch to catch errors thrown and drops all of the names into a regular array.

Matthew Turland came across an interesting bug when working with the Cares Document Checker he's developing related to linting (running a syntax check) on a given PHP file.

While doing a lint check on a code block, a parse error was occurring on a line that contained a comment in the original source file. [...] Presumably what was happening was, even though the var_dump() call showed that actual newlines were being interpreted correctly, the r was also being interpreted rather than taken literally. This caused the comma following it to generate the error I was receiving.

An alternative to the method he was using, shell_exec, is proc_open, a function that opens a resource to handle a command execution and allows for more than just the "point and shoot" execution that things like shell_exec, or system.

Justin has posted a few cool things that you can do by combining PHP with someof the Windows functionality PHP has access to (either via direct function calls or through the COM object).

Many PHP examples out there are designed for a linux/unix operating system. I am going to give some examples of some interesting functionality that only works with php running in a windows environment (IIS or apache).

Hist list includes little things like ejecting the CD-ROM and sending things to the printer out to working with the registry and listing the current system processes.

In this recent tutorial from NETTUTS.com they show how to create a "better login system" that supports a bit of access control functionality to even further secure your site.

Net.tuts+ has published several great tutorials on user login systems. Most tutorials only deal with authenticating the user, which allows for two levels of security: logged in and not logged in. For many sites, a finer degree of control is needed to control where users can go and what they can do. Creating an access control list (ACL) system will give you the flexibility for granular permissions.

They walk you through the database creation (user information), coding the ACL and user authentication classes, how to check a user's permissions and how to create a user admin screen to allow for easy maintenance. You can find the complete source of the tutorial here.

On NETTUTS.com a recent tutorial has been posted about the integration of your PHP application with PayPal's Instant Payment Notification system.

Today we are going to combine Paypal with PHP to allow for the easy processing of payments on your website.

You'll need a Premier PayPal Account to get it all working as well as already have a server with a working PHP installation (there's no setup and install for that in this tutorial). There's ten different steps in the process and screenshots and code are provided the whole way:

• Creating a PayPal Account
• Enable IPN
• Building a Simple HTML Page
• Building a PayPal Button
• Writing ipn.php
• Creating the Database
• Account Creation
• Emailing the Login Credentials
• Invalid Payment Email
• User Login