web development

How to add transparent SoapHeader authentication as decorator to any existing service class

This should not be limited to it, but I’d like to show how I implemented this inside the Zend Framework and its Zend_Soap_* components.

SoapHeader authentication is a widely used method to secure access to soap Webservices where the credentials are in the request header.

Activating this type of authentication is for me down to a change from this:

$soap = new Zend_Soap_Server($uri.'&wsdl', $serverOptions);

to this:

$soap = new Zend_Soap_Server($uri.'&wsdl', $serverOptions);
$soap->setClass('My_Soap_Decorator_Secure', 'My_Service_'.$serviceName);

This is the basic decorator code:

 * This class decorates Soap service classes, provides and enforces authentication via soap header 'authenticate'
 * @author Karsten Deubert <karsten@deubert.net>
class My_Soap_Decorator_Secure
     * @var bool
    protected $_authenticationHeaderPresent = false;

     * @var mixed
    protected $_authenticatedUser = null;

     * @var mixed
    protected $_serviceClass = null;

    public function __construct($class)
        if (!class_exists($class))
            throw new Exception('invalid class: '.$class);
        $this->_serviceClass = new $class();

     * @param mixed $data
     * @return void
    public function authenticate($data)
        $this->_authenticationHeaderPresent = true;

        // authentication code which checks if credentials are valid

        $this->_authenticatedUser = $yourAuthenticatedUser;

    public function __call($name, $arguments)
        if (!$this->isAuthenticationHeaderPresent() || is_null($this->_authenticatedUser))
            throw new Exception('authentication failed');
        if (!is_callable(array($this->_serviceClass, $name)))
            throw new Exception('invalid service class method');

        return call_user_func_array(array($this->_serviceClass, $name), $arguments);

The usual soap request with authentication header should now look like this:

$authData = new stdClass();
$authData->user = 'foo';
$authData->secret = 'bar';

$authHeader = new SoapHeader($namespace, 'authenticate', $authData);

$soapClient = new SoapClient('http://foo.bar/asdf?wsdl',
        'cache_wsdl' => 0,
        'soap_version' => SOAP_1_1

With this header the soap server will first execute the authenticate method from the decorator, then (if successful) pass the method call via magic __call to the inner service class and its fooMethod() in this example.

Voila, transparent SoapHeader authentication separated from your service classes ;)

What I haven’t researched fully yet is if there is a way to specify the authenticate header in the WSDL – every comment appreciated.

Zend Studio 7 and Zend Framework 1.9.0 released

Zend Studio 7.0 brings a host of new features and enhancements that will help you develop faster, resolve defects more quickly, and take advantage of the latest PHP technologies directly from your development environment.

With full support for PHP 5.3, greatly enhanced source code editing, easy debugging through  integration with Zend Server, code generation through integration with Zend Framework, and improved performance, Zend Studio maintains its position as the leading solution for professional PHP developers.

Zend Studio

New features in Zend Framework 1.9:

  • Complete support for PHP 5.3 as well as 5.2 means developers can use the latest PHP language features in their Zend Framework-based apps
  • RESTful web services: now made easier through automated routing/detection
  • Message queues: useful for offload processing (credit card transactions, media uploads), cross-platform communication, user messaging features, and more.
  • LDAP: Microsoft ActiveDirectory & Novell, plus searching, filtering, and tree features
  • RSS & Atom: consume these popular feed formats using a common API and higher performance cached HTTP
  • DBUnit support: DBUnit’s test data setup and teardown make unit testing Zend Framework applications much easier

Zend Framework 1.9 Features PHP 5.3 Readiness and New Professional Components

Downloads are running, Testsuites will show if ZF 1.9 breaks anything, and I will take the opportunity to fix some plugin issues with Zend Studio while upgrading ;)

Elegant OOP HTML scraping with DOMDocument

Over the years, I had to do html scraping sometimes. At my very first coding attempts some years ago, I found the explode() function to be pretty nice for this purpose. Not being satisfied with its (nonexistant) fault-tolerance, I learned regular expressions and used them. But regex only gets you so far in the DOM-tree. Finally, I arrived at the DOMDocument class, the builtin PHP answer to DOM parsing/manipulation. Looking into this is really worth it, because it a) solves the problem (99.99%) and has a nice OOP way to achieve it.

I will show you two very simple examples with all three methods – see for yourself why one should use DOMDocument ;)

Sample 1:

<!DOCTYPE html
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
        <div id="fetchme">


// explode
$dataFirst = explode('<div id="fetchme">', $sample);
$dataSecond = explode('</div>', $dataFirst[1]);
$result = trim($dataSecond[0]);
echo $result;

// regex
preg_match('#<div id="fetchme">(.*)</div>#is', $sample, $matches);
$result = trim($matches[1]);
echo $result;

// domdocument
$doc = new DOMDocument();
$element = $doc->getElementById('fetchme');
$result = trim($element->nodeValue);
echo $result;

All three methods get this very simple example right ($result will be ‘foobar’).

Adding complexity, two of them fail badly, because they do not know which closing tag belongs to which opening tag.

Sample 2:

<!DOCTYPE html
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
            <div id="fetchme">


The scraping methods are the same as for the first example, but with different output:
The explode method returns: ‘foo <div> bar’
The regex method returns: ‘foo <div> bar </div> </div>’ (the non-greedy regex would return the same as the explode version).
The DOMDocument method returns ‘foo bar’, because nodeValue strips htmltags. But the DOMElement $element holds just the content of the div #fetchme as we wanted it. It gets it right again.


You should know, some sites do not follow the (x)html standards correctly and therefore DOMDocument can fail. It also likes to throw exceptions then, but besides complaining you can still use > 90% of the document. If you want to disable the exceptions, you could either do it with @$doc->loadHTML() or $doc->strictErrorChecking = false.


Besides DOMDocument solving the tag-matching issues, it also provides a much cleaner way to do HTML scraping jobs imho. It also is a lot more fault tolerant, one could use xpath-queries against the document, etc.

How to install cruisecontrol/phpUnderControl in Debian Etch

This is how I install cruisecontrol/phpUnderControl, including all dependencies, in a fresh Debian Etch machine.

# add the backport mirror for java and subversion
echo "deb http://www.backports.org/debian etch-backports main contrib non-free" >> /etc/apt/sources.list

# add the backport mirror key
gpg --keyserver hkp://pgp.mit.edu --recv-keys 16BA136C
gpg --armor --export 16BA136C | apt-key add -

apt-get update

# install backports (java and subversion)
apt-get -t etch-backports install sun-java6-bin sun-java6-jre
apt-get -t etch-backports install subversion

# install apache (mainly for phpmyadmin) and php5 + cli
apt-get install apache2-mpm-prefork
apt-get install php5 php5-cli php5-dev
apt-get install php-pear make

# install xdebug (needed for phpunit)
pecl install xdebug
echo "zend_extension=/usr/lib/php5/20060613+lfs/xdebug.so" >> /etc/php5/cli/php.ini

# install phpunit and phpundercontrol via pear
pear upgrade --force pear
pear channel-discover pear.phpunit.de
pear channel-discover components.ez.no
pear install phpunit/phpunit
pear install --force --alldeps channel://components.ez.no/Graph
pear install --force --alldeps channel://pear.phpunit.de/phpundercontrol-0.4.7

# get and extract cruisecontrol
apt-get install unzip wget
cd ~
wget http://freefr.dl.sourceforge.net/sourceforge/cruisecontrol/cruisecontrol-bin-2.8.2.zip
unzip cruisecontrol-bin-2.8.2.zip -d /opt
cd /opt
ln -s cruisecontrol-bin-2.8.2 cruisecontrol

# run phpundercontrol modifications against cruisecontrol
phpuc install /opt/cruisecontrol

# first testrun
cd /opt/cruisecontrol

Review: Lightweight PHP5 OOP MVC framework “simples” by Daniel ’smacks’ Harrington

This is a small review of Daniel ’smacks’ Harringtons beta php5 oop mvc framework “simples”. He sent me this comment yesterday:

Hi Karsten,

dein Beitrag ist zwar schon etwas her, steht aber bei Google zum Thema Micro-Framework ziemlich weit oben. Da ich gerade ebenfalls in der Situation war und etwas einfaches wie Sinatra für PHP gesucht und nichts ansprechendes gefunden habe, hab ich mich letztendlich hingesetzt und selber etwas zusammengestrickt.

Es hört auf den Namen “simples”, bietet Routing, MVC und ein bischen mehr, bietet aber z.B. keine Datenbank-Unterstützung an und kommt mit recht wenig Code aus. Da es bis jetzt noch keine Doku gibt, lohnt es sich auch mal im Code zu stöbern.

Feedback ist immer willkommen!

Ps. Das Ganze bitte noch als Beta betrachten. Für den produktiven Einsatz ist es bisher noch nicht gedacht.

He says that in his search for a lightweight php mvc framework, he didn’t find anything that satisfied his needs, and so he started to write his own. It is called “simples”, is still beta, has no comments, no documentation, no database support, but offers mvc, routing, “and some more”. It is not meant for production usage at the moment.

The first thing I noticed is that all of the configuration is done via constants. I don’t think a framework, which will be only one part of an application, should pollute global scope (even constants) too much, if at all. One improvement could be to add a prefix to the configuration (smacks_*), but I highly prefer a config class, which loads its content based on an environment (which itself could be set via ONE prefixed constant) via xml or php files. You can have different configurations for different purposes this way, and just have to switch the environment somewhere.

Another point considering ‘namespaces’ (in a general, not the php 5.3 namespaces way) is, that all “simples” framework classes also don’t have a prefix. You don’t want collisions there.

I also miss autoloading (do I always want to load anything? no.) and a response object.

All in all, the most important point is: Why should I want to use simples? I don’t see one point which is outstanding somehow… yet ;)

My very own LAMP development tool list for windows

Today i’d like to share my very own LAMP (Linux Apache Mysql PHP) development tool list for windows.

I don’t really care if it is Windows XP 32 or Vista 64, if the system supports all the hardware my workstation has (i.e. more than 4gb ram -> Vista 64).

Tier one tools (misc dev tools):

  • Mozilla Firefox – browser
    • Firebug – developer plugin: “Firebug integrates with Firefox to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.”
      • Firephp – Firebug extension: “FirePHP enables you to log to your Firebug Console using a simple PHP method call. All data is sent via response headers and will not interfere with the content on your page. FirePHP is ideally suited for AJAX development where clean JSON and XML responses are required.”
      • Yslow – Firebug extension “performance”: “YSlow analyzes web pages and why they’re slow based on Yahoo!’s rules for high performance web sites.”
    • Selenium IDE – developer plugin “test automation”: “Selenium IDE is an integrated development environment for Selenium tests. It is implemented as a Firefox extension, and allows you to record, edit, and debug tests. Selenium IDE includes the entire Selenium Core, allowing you to easily and quickly…”
    • Firegestures – usability plugin: “A customizable mouse gestures extension which enables you to execute various commands and user scripts with five types of gestures.”
  • Scite – lightweight, extremely fast text editor, including syntax highlighting, folding, tabbed interface
  • Zend Studio/Eclipse (main IDE) – full featured IDE
    • PDT – PHP Development Tools
    • Mylyn – task & planning tools, issue/bug tracker integration
    • Subversive – subversion plugin
  • PuTTY – ssh/telnet tool: “PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator.”
  • WinSCP – sftp/scp tool: “WinSCP is an open source free SFTP client and FTP client for Windows. Legacy SCP protocol is also supported. Its main function is safe copying of files between a local and a remote computer.”
  • Total Commander – file manager, ftp tool, two file windows
  • WinRAR – archiver for rar/zip/tar/gz/…
  • TrueCrypt – highly secure, portable data storage: “Free open-source disk encryption software for Windows Vista/XP, Mac OS X, and Linux”
  • TortoiseSVN – subversion client: “A Subversion client, implemented as a windows shell extension.”
  • VMware Workstation – virtual machines
    • LAMP vm
      • Xdebug – debug helpers: The Xdebug extension helps you debugging your script by providing a lot of valuable debug information.”
      • phpMyAdmin – web-based database administration: “phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement.”

Tier two tools (specific dev tools):

Tier three tools (communication/support):

  • Microsoft Outlook (if Exchange is available) – emails, calendar
  • Mozilla Thunderbird – emails, calendar
  • UltraVNC – remote desktop, direct connection
  • TeamViewer – remote desktop through firewalls, easy and fast setup – very good for helping “not so experienced” users
  • Miranda IM – lightweight IM client (icq, aim, msn, jabber, …)
  • mIRC – “the” IRC client
  • Skype – voice chat

Tier four tools (music/media)

Windows Settings:

  • fixed taskbar with quicklaunch (icons have always the same order), visible time and no “hide unused icons” stuff

Zend Framework 1.8.0 released

“I’m pleased to announce the Zend Framework 1.8.0 release, the first in our 1.8 series of releases. This release marks the culmination of several long-standing projects, as well as a formalization of many of our recommended practices. There are two major stories in this release: first, the addition of several components designed to provide and promote Rapid Application Development; second, two offerings that make using Zend Framework in the cloud easier.” [1]

Some thoughts, in no particular order:

If you know Amazon S3 (Amazon Simple Storage Soluation, a web-service for storing and receiving files, scalable, fast, safe) then you should have a look at Zend_Service_Amazon_S3. The Zend Framework not only offers a nice object oriented implementation, but also provides a PHP Stream Wrapper. Why is this so nice? Because one could add Amazon S3 support to existing applications by simply prefixing any standard file-operation with ’s3://’. This is the code sample from the documentation:

require_once 'Zend/Service/Amazon/S3.php';

$s3 = new Zend_Service_Amazon_S3($my_aws_key, $my_aws_secret_key);


file_put_contents("s3://my-own-bucket/testdata", "mydata");

echo file_get_contents("s3://my-own-bucket/testdata");

Support for Amazon EC2 (Amazon Elastic Comput Cloud) has also been added (Zend_Service_Amazon_Ec2).

“Amazon EC2 provides a web service to allow launching and managing server instances within Amazon’s data centers. These server instances may be used at any time for any length of time — allowing you to scale your site only when you need to handle extra traffic, or run your services entirely from the EC2 platform.” [1]

Zend Framework jumped the train for “the” cli interface to the framework via Zend_Tool. One could create whole projects, models, controllers, views with it. This makes sense for starters imho. My full featured Zend Studio for Eclipse with customized code templates does this job way better for me. One thing i miss (Agavi has it! ^^) is a phpunit interface and some configuration which tests should be run. In my opinion, just the existance of such an option would encourage more users to think about/actually use unit tests.

Routing now supports translation aware routes, and route chaining capabilites. Those are fetures i know and love from Agavi.

There are loads of other new features (see [1]), which I haven’t checked yet – sometimes simply because they didn’t interest me.

I’m curious if switching our main project on monday to ZF 1.8.0 will break any test ^^.

[1] Zend Developer Zone: Zend Framework 1.8.0 Released

aiTris – PHP playing Tetris

Yesterday i found some code i wrote in 2002. I was bored in school, and was asking myself if it would be possible to let PHP play tetris, including some visualisation. There was no AJAX or any well-known JavaScript Framework  at that time (of which i had known), so after some “print a full game table for every move you do” sessions, i finally (ab)used outputbuffer-flushing and some DHTML (dom-manipulation through javascript).

The whole thing is only one ~25kb file and resembles a full tetris playing program ;)

Since it was a fun project in my earlier stages, there are some things missing: “good code”, comments, coding standard (naming schemes), oop, … But it works.

The “AI”-part of the script is a “try and weight every possible move, choose the best” approach – one can tune the formula for this calculation for different results.

aiTris – PHP playing Tetris – Demo – just press the start button

I hereby release the source under the same license as i have chosen for this blog (creative commons share alike), so have fun!

IT-Arbeitsplätze in Köln

Mein Hauptarbeitgeber, die Karo Internet GmbH, sucht unter anderem für das Projekt Xchar neue Mitarbeiter.

Für folgende Stellen wird gesucht:


Agavi chapter in the book “Quality Assurance in PHP Projects”

Later this year, there will be a book on “Quality Assurance in PHP Projects” by Sebastian Bergmann (the author of PHPUnit) and Stefan Priebsch. Their own teaser:

“Stefan Priebsch and myself, Sebastian Bergmann, are writing a book on “Quality Assurance in PHP Projects”. The book will be published in English and German at the same time later this year.
The idea for the book is that Stefan Priebsch and I write the introductory as well as the concluding chapters while other authors contribute case studies for the middle part of the book.”

Source: Quality Assurance in PHP Projects – Introduction

As I just discovered, one case study in this book is about Agavi, contributed by David Zülke. There is also an abstract for this chapter: “Testing Agavi: Why Test Isolation Matters”.

I’m looking forward to this book: interesting topic(s), interesting case studies.