Mike Purcell has a handy new post for the Symfony users out there wanting more flexibility with their sfGuardPlugin use in their application. He describes how you can use email instead of a username for working with the user information.

sfGuardPlugin is pretty awesome. It allows a symfony developer the ability to quickly implement a user login and access control system. However, there is an issue with respect to telling the plugin whether to use the username or the email column for validating user submitted input. After some Googling I found a few sites which forced sfGuardPlugin to use email rather than username, but only after quite a bit of work. What I am going to show will accomplish the same end goal, but with minor changes.

He starts with a look at the validator class, showing how the values are going to be passed to the backend. The plugin makes a call to a "retrieveByUsername" method to get the user's information, but his method overrides this...sort of. His method actually contains the query to fetch the user information by email instead. This is useful if you want to use the email address as a username for the site but still want to maintain data integrity on the user records (valid emails can then be used for auth and for sending messages).

On PHPBuilder.com there's a new article showing you how to create a dynamic username validator with the combination of PHP, MySQL and jQuery to do some of the front end work.

One of the easiest ways to streamline the registration process is by providing the user with real-time feedback regarding username availability. This is accomplished by monitoring the registration form's username field and immediately following the user's completion of this field, rather than waiting for the user to complete all fields and submit the form. Although a seemingly complex feature, it's actually easily accomplished thanks to the powerful jQuery library.

His scripts bases its checking on an "accounts" table that holds the username and password. The javascript (jQuery) handles the "blur" event on the username text field in the form and runs a check against a backend script to see if that username exists in the database (bound parameters used for helping to prevent SQL injections).

Adam Jensen has written up a new article today on how you can use the Zend_Auth component of the Zend Framework to authenticate your users in a few different ways based on a strategy selected.

For this example, we're going to allow our users to authenticate in one of multiple ways: e.g., against a database table, against an LDAP server, or by OpenID [1]. Zend_Auth already provides the necessary authentication adapters, so what we'll be concerned with here is how to implement all three systems without ending up in an FSUC situation.

He defines the code for the basic controller and a simple view that allows the user to select how they want to log in - email/password, username/password or OpenID. The model does all of the heavy lifting by letting the controller set the authentication type (strategy) and pulling in the correct Zend_Form instance along with its validation rules. Code is also included for the model and each of these.

Several sites have areas that have content protected behind a login making them difficult to pull into a script. Juozas Kaziukenas has created an option to help you past this hurdle - a PHP class (that uses cURL) that can POST the login data to the script and pull back the session ID.

But how you are going to do all this work with cookies and session id? Luckily, PHP has cURL extension which simplifies connecting to remote addresses, using cookies, staying in one session, POSTing data, etc. It's really powerful library, which basically allows you to use all HTTP headers functionality. For secure pages crawling, I've created very simple Secure_Crawler class.

The class uses the built-in cURL functionality to send the POST information (in this case the username and password, but it can be easily changed for whatever the form requires) and provides a get() method to use for fetching other pages once you're connected.

On his web development blog, Joey has posted a new list of eight handy regular expressions you can use in your code for common validations.

Here are eight examples of practical PHP regular expressions and techniques that I've used over the past few years using Perl Compatible Regular Expressions. This guide goes over the eight different validation techniques and describes briefly how they work. Usernames, telephone numbers, email addresses, and more.

Each of the regular expressions comes complete with an explanation of what it is and the kinds of strings it's looking for. Comments on the post have helped even more, finding places where they might break or not catch all possibilities.

Andreas Gohr has posted some info and code about one of the social networking/linking services out there, StumbleUpon. His post includes PHP code to figure out what your site's StumbleUpon ranking is.

StumbleUpon recently(?) added a "search result enhancement" feature to their toolbar. It adds StumbleUpon "star ratings" to Google results (See screenshot). This got me interested and I had a closer look at their extension...

As part of this "closer look" he came up with the code to return a general ranking for the URL you would give it. It does require a StumbleUpon auth key and username, but if you use the service already, you're one step ahead on that.

The IBM developerWorks site brings the community another great tutorial today, this time looking at the CakePHP framework and the creation of a simple application with it.

In "Cook up Web sites fast with CakePHP, Part 1: Adding related information and services", they build a sample application (Tor) from the ground up (installation guide and all) that will take in a username and password on a login page. Their goal is to show you how much time you could safe by using the framework over just the usual library-based (or procedural) programming methods.

You will need to be a bit familiar with PHP and the Model/View/Controller design pattern before you get started here, but if you have that down, you can just jump right in. You'll also either need to register with the site or log in with your account information to get to the good stuff.

Ryan Malesevich is taking a break from his look at some handy WordPress packages to share a small series on how to move from using MD5 hashes out to SHA-1 hashes for passwords in a MySQL database. He's posted part one today.

What if you're using MD5 in your web application and want to switch over to another encryption method. It's actually not that hard and I plan to cover them in this multi-part tutorial (I know I planned on writing this months ago, but it's better late then never). In this first part I plan on going over updating the database structure and a 'pseudo-code' of what will need to be done.

As mentioned, he gives the outline (pseudo-code) of how the process will work - basically, creating an SHA1 hash of the MD5 and the username in a "newpassword" column added to your database.

Encryption can be a difficult issue to comprehend, inside of PHP or not. Thankfully, there are resources out there that can help simplify things and bring them down to where they're really useful. This new tutorial from the IBM developerWorks site today is just such a resource.

In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. Get an overview of what it means to encrypt and decrypt information, as well as some practical examples involving passwords and other data, using PHP's built-in functionality.

They start off where any good encryption article should - with a primer in cyrptography. You can't understand the advanced without a good grasp on the basic. Using this knowledge, they start to work up their form, a simple username and password validation system.

They provide all of the code you'll need to build the form, and even intorduce you to the crypt() function. A bad use of this functionality is also illustrated. Of course, encryption is only half the fun, so they also include an example of decrypting the same information.