PHPMaster.com has posted the second part of their look at the Openbiz Cubi framework (part one here), this time focusing on the code - mostly XML - that you'll need to create your own custom module.

In the first part of this series we talked about the development challenges we face and how Openbiz Cubi can help by providing a solid, ready-to-use web application framework. In this part we'll see how to build our own module and dive a bit deeper into the core architecture of the framework.

They include the SQL you'll need to run to create a new table for the "Customer" module they're going to help you build. With that in place, they walk you through the command to execute to make the module skeleton, the locations of the XML files to work with and the contents of each. Included in the module are things like a data object, a module description file and the form object. He finishes up the post with a look at the overall flow of the Cubi execution so you know where each piece falls.

On PHPMaster.com they've posted a new tutorial by Sean Hudgston that helps you understand HTTP digest authentication, a simple way to authenticate a user or script against your application.

Digest Access Authentication is one method that a client and server can use to exchange credentials over HTTP. This method uses a combination of the password and other bits of information to create an MD5 hash which is then sent to the server to authenticate. Sending a hash avoids the problems with sending a password in clear text, a shortfall of Basic Access Authentication.

He starts out by looking at the "basic authentication" mechanism that's built into most web servers and points out that it has a major flaw - sending the username/password in (pretty much) plain text. Digest, on the other hand, uses a MD5 hash created from a few pieces of information including username, realm and request method. The result is sent as a header back to the server that can then be parsed by PHP. He also talks about improving on the basic version of the digest method using the qop, nc, and cnonce optional parameters.

On NetTuts.com today there's a new tutorial posted showing you how to create a theme for PyroCMS, an open source, PHP-based content management system with a large user base and community.

Like most content management systems, PyroCMS uses front-end themes. Though PyroCMS themes are built a bit differently than what you might be used to from other systems, they're still quite easy to create. They're so easy, in fact, that very little PHP experience is required to assemble them!

He walks through things like the folder structure of the templates directory and how to get started on a custom "Foo" theme of your own. He covers how to lay out the HTML markup for the theme and how you can use partials for the sections of the site. He briefly touches on using multiple layout files and how to use different layouts shown only to mobile devices.

Chris Jones has a new post today showing you how to use Oracle and PHP together to process data offline via the Oracle Streams Advanced Queuing feature.

Offloading slow batch tasks to an external process is a common method of improving website responsiveness. One great way to initiate such background tasks in PHP is to use Oracle Streams Advanced Queuing in a producer-consumer message passing fashion. [...] The following example simulates an application user registration system where the PHP application queues each new user's street address. An external system monitoring the queue can then fetch and process that address. In real life the external system might initiate a snail-mail welcome letter, or do further, slower automated validation on the address.

He includes the SQL needed to create the database and configure the queue system as well as start it up and get it ready for requests. He shows how to push an address into the queue for processing and how to get the results once it has completed in both the SQL and from the oci_* functions in PHP.

NetTuts.com has a new tutorial posted suggesting a few ways you can make testable and maintainable code in PHP applications.

Frameworks provide a tool for rapid application development, but often accrue technical debt as rapidly as they allow you to create functionality. Technical debt is created when maintainability isn't a purposeful focus of the developer. Future changes and debugging become costly, due to a lack of unit testing and structure. Here's how to begin structuring your code to achieve testability and maintainability - and save you time.

There's a few concepts they cover in the tutorial including DRY (don't repeat yourself), working with dependency injection and actually writing the tests with PHPUnit. They start with a bit of code that needs some work and use the tests to help refactor it into something that can be easily mocked (using Mockery).

Matthew Setter has written up a post to his site that continues his look at the features of Zend Framework 2. This time he's looking specifically at hydrators, models and the table gateways and their use in connecting your application with a database.

One set of features has really been helping me of late ones that really have me smiling; these are: Hydrators, Models and Table Gateways. If you're new to ZF2 or database interaction with frameworks, then you're in a perfect position as today's post will be giving you a good introduction to the basics of using both together.

He starts with a look back at how it all was done in ZF1 and shows how using these three components makes for an even better system, allowing the model to be completely data-source agnostic. His examples start with the table gateway class, showing how to connect it with a "users" table. From there he adds in the model (with an "exchangeArray" method) and a hydrator that maps the table columns to the properties on the entity. He shows how to add this setup to the service configuration and its use in a controller, returning a full list of the records in the "user" table.

In his latest post to his site Chris Jones shows you how to update the Zend Framework 2 tutorial app (quickstart) to make it work with an Oracle database instead.

This post shows the changes to the ZF2 tutorial application to allow it to run with Oracle Database 11gR2. [...] The instructions for creating the sample ZF2 application are here. Follow those steps as written, making the substitutions shown [in the rest of the post].

The full schema definition is included in the post, complete with the same sample data as the tutorial. He includes the updates you'll need to make to the database configuration for the OCI8 connection and changes to the code to accommodate the Oracle data format (mostly uppercasing everything).

Brandon Savage has a new post to his site today showing you how to compile and install PHP 5.5, the next major upcoming release for the language (in RC status as of the time of this post though).

There's always a lag behind new releases of PHP and releases of packages for operating systems such as Ubuntu. This lag time means that you could be kept from upgrading to the latest and greatest PHP for a year or more, unless you use an outside repository like Dotdeb. [...] Instead, I roll my own version of PHP. It's simple and easy to do, and something that any developer can do. Here's my instructions for doing so on a fresh Ubuntu installation.

He gives a reason or two why you might want to "roll your own" installation and helps you get the environment prepared via some "aptitude" install commands for supporting software. Commands are included for installing needed dependencies, configuring/building PHP and updating Apache to use this new install. He finishes it up with a few smaller things to do like making the php.ini and enabling the Zend opcode caching extension.

Simon Holywell has a new post talking about cookie security in PHP, focusing on some of the PHP configuration settings that can help.

The security of session handling in PHP can easily be enhanced through the use of a few configuration settings and the addition of an SSL certificate. Whilst this topic has been covered numerous times before it still bears mentioning with a large number of PHP sites and servers having not implemented these features.

He talks about the httponly flag when setting the cookie/in the configuration, the "use only cookies" for sessions and forcing them to be "secure only".

On PHPMaster.com today there's an article with some good suggestions about ways to deprecate parts of an API safely.

Deprecation can happen for various reasons - perhaps an API is no longer useful and has reached its end-of-life, or the refactoring of code to improve its reusability and testability obsoletes particular methods. In this article I'll share with you some key points that you should follow when deprecating APIs so you can continue to grow your code and provide fair warning to those who depend on it.

They break it up into a few different steps:

• Prepare for Refactoring
• Employ the Single Responsibility Principle
• Communicate with your Users
• Remove the Old Code