Tài liệu Blogging and the Damage Done pptx

But Firebird also comes in a second flavour, called “Super Server,” which implements a server process that oper-ates between the client applications and the database file, caring about t

FEBRUARY 2005 VOLUME IV - ISSUE 2

Plus: Security Corner, Reviews, News and much more

LEARNING PHP WAS NEVER THIS MUCH FUN

Come learn PHP in Paradise with us

(and spend less than many other conferences)

Ilia Alshanetsky - Accelerating PHP Applications, Marcus Boerger - Implementing PHP 5 OOP Extensions, John Coggeshall - Programming Smarty , Wez Furlong - PDO: PHP Data Objects , Daniel Kushner - Introduction to OOP in PHP 5, Derick Rethans - Playing Safe: PHP and Encryption, George Schlossnagle - Web Services in PHP 5, Dan Scott - DB2 Universal Database, Chris Shiflett - PHP Security: Coding for Safety, Lukas Smith - How About Some PEAR For You?, Jason Sweat - Test-driven Development with PHP, Andrei Zmievski PHP-GTK2

The Magazine For PHP Professionals

Moon Palace Resort, Cancun, Mexico May 11-15 2005

At php|tropics, take the exam and

Get Zend Certified

and we'll pay your fees!

For more information and to sign up: http://www.phparch.com/tropics

Early-bird discount in effect for a limited time!

Easy: you look at how much damage it’s causing Prettymuch every human invention is neutral in itself; any ben-efits (or drawbacks) come from the way it’s used: atomicenergy can be used to power a city or destroy it; cars make it trav-

el over distances that were unthinkable just a hundred years ago

possible, and are happily destroying our planet with their

pollut-ing emissions

Blogs have finally reached the “do and die” level of usage They

started as glorified online diaries Comments mutated them into

electronic sounding boards RSS turned them into a self-publishing

tool The corporate world has rapidly misused them into

propa-ganda weapons

Running your own blog, as many of our readers and authors do,

is, in many cases, a liberating experience Personally, I like the idea

of throwing my ideas out there in a free-form format and let other

people take them apart, comment on them and, possibly, even use

them

Many people, it seems to me, have pretty much the same

atti-tude with regards to how they run their blogs Where they go

wrong, in my opinion, is in the fact that they continue to think of

blogs as personal diaries, which is often incompatible with the way

their readers see them

For my part, as much as I love writing on my blog, I often find

myself being overly cautious about what I write in it—because, no

matter what I think, people see it not as “Marco’s blog,” but as

“php|architect’s blog.” This severely limits, in my mind, the range

of topics I can cover and how I can cover them In fact, this

prob-lem has come up more than once when people have criticized me

either for dissing our competition or for failing to disclose ties with

companies that were mentioned in my posts one way or another

In both the instances I recall, the comments were misplaced—I

didn’t dis the competitors, but simply expressed a personal

prefer-ence, and the ties between us and another company had nothing

to do with my posts

Still, I respect the fact that, to many people, my blog is a way to

peek into the less-public face of php|architect, which is just fine

but requires a bit more thoughts than “I’ll write about what I had

for breakfast.” Some people—and many companies—have yet to

figure out what the limits of blogging are Thus, we see

employ-ees of corporations posting proprietary information and getting

fired for it (and justly so), and employees posting completely

harmless information and getting fired for it anyway (in a

decided-ly unfair manner)

What I find really funny is the fact that so much fuss is being

made about blogs when they are, in fact, nothing more than

the tip of the iceberg Clearly, the problem is somehow

con-nected to the fact that a weblog reads like a friendly chat but

php|architect

Volume IV - Issue 2 February, 2005

Publisher

Marco Tabini

Editorial Team

Arbi Arzoumani Peter MacIntyre Eddie Peloke

Graphics & Layout

php|architect (ISSN 1709-7169) is published twelve times a year by Marco Tabini & Associates, Inc., P.O Box 54526, 1771 Avenue Road, Toronto, ON M5M 4N5, Canada

Although all possible care has been placed in assuring the accuracy of the contents of this magazine, including all associated source code, list- ings and figures, the publisher assumes no responsibilities with regards

of use of the information contained herein or in all associated material.

Contact Information:

General mailbox: info@phparch.com

Editorial: editors@phparch.com

Subscriptions: subs@phparch.com

Sales & advertising: sales@phparch.com

Technical support: support@phparch.com

Copyright © 2003-2004 Marco Tabini & Associates, Inc — All Rights Reserved

BBllooggggiinngg aanndd tthhee

What’s New!

php|architect launches php| tropics 2005

Ever wonder what it's like to learn PHP in paradise? Well, this year we've decided to give you a chance to find out!

We're proud to announce php|tropics 2005, a new conference that will take place between May 11-15 at the Moon Palace Resort in Cancun, Mexico The Moon Palace is an all- inclusive (yes, we said all inclusive!) resort with over 100 acres of ground and 3,000 ft of private beach, as well as excellent state-of-the-art meeting facilities

As always, we've planned an in-depth set of tracks for you, combined with a generous amount of downtime for your enjoyment (and your family's, if you can take them along with you).

We even have a very special early-bird fee in effect for a limited time only.

For more information, go to http://www.phparch.com/tropics

Maguma Workbench 2.2

Maguma has announced the release of Maguma Workbench 2.2

On 20 January 2005, Maguma published the newest version of Maguma Workbench Maguma

Workbench 2.2 has new features, more stability and a new pricing concept During the same period

Maguma will also publish the Maguma Workbench SDK, for more independence to create new

mod-ules for your Workbench For this reason Maguma has created a competition for developers, to create

new plugins.

The new features, like the PHP Function list, drag´n´drop and the hotkey F12 (hide/restore tool

win-dows) brings you more efficiency Patches have also been applied to the PHP Code Parser, Class

Wizard, Script Parameter Implementation and more (see Changelog for more details at

h

http://support.maguma.com/?article=changelog220 )

With this release of Workbench we are also making a reality of “Make it your Workbench” which

means now the core price of Workbench is only 69 Euro and it’s up to the user to choose which modules/features they want to add

to the core product The core provides the basic features such as Syntax highlighting, Class browsing, and script execution, while

the extra modules provide the added features such as local filesystem browsing, debugging, regular expression developer, and

much more So each customer can buy only the function and modules that they need and will use.

For more information visit: h http://www.maguma.com/ /

The Zend PHP Certification Practice Test Book is now available!

We're happy to announce that, after many months of hard work, the Zend PHP Certification Practice Test Book, written by John Coggeshall and Marco Tabini, is now available for sale from our website and most book sellers worldwide!

The book provides 200 questions designed as a learning and practice tool for the Zend PHP Certification exam Each question has been written and edited by four members of the Zend Education Board the very same group who prepared the exam The questions, which cover every topic in the exam, come with a detailed answer that explains not only the correct choice, but also the question's intention, pitfalls and the best strategy for tackling similar topics during the exam.

For more information, visit h http://www.phparch.com/cert/mock_testing.php p

PostgreSQL 8.0

The folks at PostgreSQL have announced the release of PostgreSQL 8.0

This is the first PostgreSQL release to natively run on Microsoft Windows as a

server It can run as a Windows service This release supports NT-based Windows releases

like Win2000, XP, Win2003 Older releases like Windows 95, 98, and ME are not supported because these operating systems do not have the infrastructure to support PostgreSQL A separate installer project has been created to ease installation on Windows:

h

http://pgfoundry.org/projects/pginstaller

For more information visit: h http://www.postgresql.org

Check out some of the hottest new releases from PEAR.

dis-curl and libdis-curl 7.13.0

curl.haxx.se has announced the latest release of curl and libcurl 7.13.0 Some of the changes

include:

• added ——ffttpp aaccccoouunntt and CCUURRLLOOPPTT FFTTPP AACCCCOOUUNNTT

• added CCUURRLLOOPPTT SSOOUURRCCEE UURRLL and CCUURRLLOOPPTT SSOOUURRCCEE QQUUOOTTEE

• obsoleted CCUURRLLOOPPTT SSOOUURRCCEE HHOOSSTT, CCUURRLLOOPPTT SSOOUURRCCEE PPAATTHH, CCUURRLLOOPPTT SSOOUURRCCEE PPOORRTT and CCUURRLLOOPPTT PPAASSVV HHOOSSTT

• added ——33pp uurrll, ——33pp uusseerr and ——33pp qquuoottee

This release also contains many bug fixes.

For more information or to download, visit c curl.haxx.se e

Netdoc 1.25

The people at visiomode.com have announced the release of Netdoc 1.25

Netdoc is a content management system that focuses tightly on content creation and

edit-ing Netdoc 1.25 comes with a complete user privilege system Websites can be made global readable, only readable to some, or

even global writable These privileges can be applied also to any part of the website, and defining them takes generally only a ple of rules

cou-Netdoc is made with PHP and it stores the data into a MySQL database and uses Apache as a web server cou-Netdoc is installed on the server and it creates dynamic pages with friendly URLs The site is updated through the web interface directly on that same server and thus there is no pushing of content or FTP transfer taking place at any time.

For more information visit: h http://www.visiomode.com m

Looking for a new PHP Extension? Check out some of the lastest offerings from PECL.

pecl_http 0.2.0

Currently implemented features:

• Building absolute URIs

• RCF compliant HTTP redirects

• Caching by “Last-Modified” and/or ETag (with ‘on the fly’ option)

• Sending data/files/streams with (multiple) ranges support

• Negotiating user preferred language/charset

• Convenient request functions to HEAD/GET/POST if libcurl is available

The Vulcan Logic Disassembler hooks into the Zend Engine and dumps all the opcodes (execution units) of a script.

is, for all intents and purposes, cast in the Internet stone—as the Romans used to say, verba volant, scripta

manent What is written in a blog “sticks” and has the potential of embarrassing a company by

short-circuit-ing its carefully choreographed PR spin machine

Is this really so bad, though? Consider this: information that goes on a blog stays on a blog Yes, it can becrawled by a spider, but, eventually, any information that’s deleted at the source will drop off search engines

A posting being propagated by outside sources, such as other blogs, is a bit more problematic, but

eventual-ly even those blogs will let it go Now consider this: Google owns a collection of some ten or more years’worth of Usenet news Ten years! Anything any one of us has ever posted on Usenet—as well as hundreds ofpublic mailing lists—has stuck around for all this time (and is likely to stick around for a lot longer)

The persistence of Usenet data, to me, is much more troublesome than blogs There are plenty of posts I’d

rather I never made (go ahead search them all and post them on your blog!), but for the most part the thing

that bothers me is that I never made a posting with the idea that I was creating a permanent record of mymischief On top of that, Usenet has been around for a lot longer than blogs—so there’s plenty of sillinessgoing around for everyone

In the end, the corporate world seems to be developing its usual odi et amo relationship with blogs: on onehand, they’re a great tool for public relations, while on the other they are a source of infinite frustration It’sthe age-old problem of public relations: wanting as much third-party publicity as possible, which is often con-sidered as more reliable than company-sponsored fluff, but only if the corporation is in complete control of it

In my neck of the woods, that’s called having your pie and eating it, too, although I suspect someone elsemay use a slightly cruder term connected to the food by-products of male cattle But only on their weblog

Editorial Continued from Page 6

BBllooggggiinngg aanndd tthhee D Daam maaggee D Doonnee

“PHP & MySQL” almost sounds like a tautology,

but this is a bit unfair in respect to the other

data-bases available SQLite is a very strong contender,

especially if there are many read operations and little in

the way of write operations PostgreSQL gets excellent

reviews, but still struggles with the market share

Microsoft SQL Server (“MSSQL”) is usually only

avail-able in a heterogeneous network, but a renowned IT

magazine benchmarked various web server setups

(Apache, IIS, PHP, ASP.NET, MySQL, MSSQL) a couple

of years ago, with Apache on Linux and MSSQL on

Windows being the winning combination

A DBMS that has been mostly neglected by both

developers and the media is the Firebird database It all

began on September 4, 1984, when former DEC

employee Jim Starkey sat down and started to

imple-ment his own database server This was later pursued at

Borland, and resulting InterBase turned out to be a

quite successful product that was well-received by the

market (even though Borland tried to rename itself with

very little success)

The next important step in the development of the

software turned out to be July 25, 2000 The same day

the fatal Concorde crash near Paris happened, Borland

(then probably Inprise) took the source code of their

InterBase database system and turned it into open

source This launched a new project, FirebirdSQL, thatdeveloped the database server further based onBorland’s code The code was issued under the InterBase Public License v1.0, also known as IPL(h http://www.borland.com/devsupport/interbase/opensourc- - e

e/IPL.html l), which is a variant of the Mozilla PublicLicense

Speaking of Mozilla, when the Mozilla project startedworking on his standalone browser, they first code-named it Phoenix However, since there already existed

a motherboard manufacturer with that name, thebrowser was rechristened “Mozilla Firebird.” Thiscaused some confusion, at least according to the

“Firebird-the-database” faction After some discussions,the Mozilla project changed the name of its browser tothe one we now all know: Firefox (which is not a fox,

by the way, but a panda—despite the logo) TheFirebird database, however, kept its name

REQUIREMENTS

PHP 4.x , 5.x + InterBase extension

OS Linux, Max, Windows Other Software Firebird

Code Directory phpfire

February 2005 ● PHP Architect ● www.phparch.com

When praising the vast database support that PHP

pro-vides, the products that are mentioned most often are

the likes of MySQL, SQLite, PostgreSQL and MSSQL,

but there are several others One database that has

been rather neglected for a long time is Firebird It’s

time for a closer look

FEEAATTUURREE

PHP Under Fire

The current version of Firebird, as of writing this

arti-cle, is 1.5.2 The codebase of this release, however, is

already called Firebird 2, the next large milestone The

reason for this is that the original codebase turned into

open source by Borland was written in C; the major

goals for Firebird 2 are a general code-cleaning and, of

course, porting the product to C++ The developers

hope—among other things—for a serious speedup of

the software

The feature list of Firebird 1.5 is already quite

impres-sive, including ACID compliance (including full

transac-tion control), stored procedures (written in PSQL),

trig-gers, UDFs, generators, full SQL-92 Entry Level 1

sup-port and most of SQL-99—some other databases took

a lot of time to achieve this The database is available

on all major platforms, including Linux, Mac OS X and

Windows Since Firebird supports an OS-independent

data format, changing the platform is rather easy

Installation

Firebird is available from its SourceForge project site at

h

http://firebird.sourceforge.net/ / The download section

features both the source code and binary releases:

RPMs for Linux, packages for Mac OS X and both ZIP

archives and self-contained installers for the Windows

platform There are two flavours available: the “Classic”

version of Firebird works on a file basis, which makes it

very easy to deploy but really hard when parallel

processes try to access the same database file (and

maybe even try to perform write operations on it) But

Firebird also comes in a second flavour, called “Super

Server,” which implements a server process that

oper-ates between the client applications and the database

file, caring about things like request processing and

threading For FreeBSD, Mac OS X and Solaris,

current-ly oncurrent-ly the classic versions are available; in fact, Mac

users are stuck with the older version 1.51 (that’s

cor-rect—the current version is indeed 1.5.2, with one

more dot) There is also an embedded server available,

making it possible to bundle Firebird with other cations (similarly to how SQLite now comes with PHP5)

appli-Windows and Mac users have it quite easy to installFirebird: they can download convenient installers thattake care of copying the files to the system (see Figures

1 and 2) For Windows, a ZIP package is also available,

so the users can take care of copying the files selves Note that the Mac installation hung consistent-

them-ly on one of my test machines—if something like thishappens, you will have to go back even further to a pre-vious version

Under Linux, you can either install the RPM file or dosome more work yourself For the latter, the TGZarchive contains the shell script iinnssttaallll sshh, which takescare of the installation and copies firebird into//oopptt//ffiirreebbiirrdd// (see Figure 3) Among these files is ashell script, called uunniinnssttaallll sshh,, that does exactly what

ter user It is called ssyyssddbbaa (or SSYYSSDDBBAA, as Firebird does

not care too much about upper or lower case when it

comes to usernames) and has the default password

mmaasstteerrkkeeyy If you’re using the Linux installer, you can

enter your own password for this user; on other

sys-tems, you should change ssyyssddbbaa’s password

immedi-ately after installation for obvious security reasons In

the bbiinn directory of Firebird, you find the ggsseecc tool,

which can be used to both change passwords and add

or delete users However, for real convenience, you can

use a web-based tool—we’ll look into that later on

There are several client libraries for Firebird, including

an ODBC driver and, of course, a PHP extension

up nothing The reason for this is a historical one: since

Firebird was previously called InterBase and PHP has

always had great database support, the extension

car-ries interbase in its name and the associated manual

Installation under Windows is easy: the extensions

directory (called eexxtteennssiioonnss in PHP 4 and eexxtt in PHP 5)

contains the file pphhpp iinntteerrbbaassee ddllll that hooks you up

with the client libraries of Interbase, so the only thing

you have to do is to modify pphhpp iinnii:

extension=php_interbase.dll

If you are compiling by yourself, be sure to use the

compilation switch ——wwiitthh iinntteerrbbaassee You can also

pro-vide the directory to the libraries:

——wwiitthh iinntteerrbbaassee==//vvaarr//ffiirreebbiirrdd//lliibb Afterwards, the

installed extension

Administration

The first steps when administering the newly installed

database is, of course, to change the credentials for the

master user—and create a new one that takes care of

the sample application we are about to develop This

can be done using a console: the bbiinn directory of the

Firebird installation contains the ggsseecc tool, which can

be used for this task However, since we are using PHP

anyway, this is a good opportunity to use a web-based

interface written in PHP The tool is called ibWebAdmin

(“ib” standing for Interbase), and available for free at

h

http://ibwebadmin.sourceforge.net/ /(see Figure 5) Before

actually using this software, you first have to configure

it After unpacking the archive and copying it onto the

web server, the file iinncc//ccoonnffiigguurraattiioonn iinncc pphhpp requires

some special attention There, you have to provide

some information about the Firebird installation Most

important are the following values:

•• BBIINNPPAATTHH—Directory to the Firebird binaries

•• SSEECCUURRIITTYY DDBB—Location of the Firebird

data-base that contains user names and othersecurity-related information (usually calledsseeccuurriittyy ffddbb)

•• TTMMPPPPAATTHH—Temporary path, where the webserver requires read and write access intoWindows users have the additional requirement to useforward slashes only in their filenames Here are somesample values for a default installation under Windows.Linux users can more or less use the values already pres-ent in the ccoonnffiigguurraattiioonn iinncc pphhpp file without makingany change

set-$$HHTTTTPP ** VVAARRSS arrays to access form and session data; as

a consequence, you must not set rreeggiisstteerr lloonngg aarrrraayyss

in pphhpp iinnii to OOffff, although this is the standard setting

in pphhpp iinnii rreeccoommmmeennddeedd After this is done, however, thesoftware works quite well You can then first login to anexisting database or create a new one The best way is

to first connect to sseeccuurriittyy ffddbb and then add a newuser Finally, create a new database file (in our samples://ttmmpp//ffiirreebblloogg ggddbb, your mileage may vary), providingthe new user credentials Then, create a file(ccoonnnneecctt iinncc pphhpp) where you provide the username,associated password and the hostname The latter is aconcatenation of the server name, a colon and the (full)path to the database file This file will be included in allscripts, enabling it to provide the database parametersapplication-wide

The sample application will be a really simple weblogwith a comment feature For this, we need two tables.One contains the blog entries As mentioned earlier, it’s

a very simple blog, so this table only has a few fields:title of the entry, text of the entry, creation date of theentry For the latter field, we set a default value of

‘‘nnooww’’ In Firebird, this automatically uses the currentdate and time as default value whenever a new record

FEEAATTUURREE

PHP Under Fire

DROP table entries;

CREATE table entries (

id INTEGER NOT NULL PRIMARY KEY,

title VARCHAR(100),

content VARCHAR(2000),

creation DATE DEFAULT ‘now’

);

As you see, we also have a primary key: the iidd field

There is nothing like AAUUTTOO IINNCCRREEMMEENNTT or IIDDEENNTTIITTYY in

Firebird, but something even better: Generators A

sim-ilar concept exists in PostgreSQL and Oracle These

generators can later be used to create a suitable value

for iidd, even using a trigger or manually, as you will see

in a later listing Here is the code to create a generator

that will then be used for the eennttrriieess table:

DROP GENERATOR entries_gen;

CREATE GENERATOR entries_gen;

Users can add comments to weblog

entries These entries will also be

saved in the database, but in

anoth-er table This one is rathanoth-er similar in

concept to the eennttrriieess table, but

also contains a foreign key—as well

as its own generator:

DROP table comments;

CREATE table comments (

id INTEGER NOT NULL PRIMARY KEY,

entries_id INTEGER,

content VARCHAR(2000),

creation DATE DEFAULT ‘now’

);

DROP GENERATOR comments_gen;

CREATE GENERATOR comments_gen;

Now you are set—it’s time to move

on to some PHP coding!

Basic SQL Operations

The first step in working with PHP

and Firebird is to connect to the data

source This is done using the

iibbaassee ccoonnnneecctt(())function As

param-eters, you provide the host,

user-name and password—so all the data

that is already available via the

ccoonn nneecctt iinncc pphhpp file The return value of

iibbaassee ccoonnnneecctt(())is either a handle to

the connection or FFaallssee if

some-thing did not work out as planned

The following code snippet just

checks this information and displays

} else { echo ‘Something went wrong ’;

parame-<form method=”post”

action=”<?php echo $_SERVER[‘PHP_SELF’]; ?>”>

Title: <input type=”text” name=”title” /><br />

Comment: <textarea name=”content” cols=”40”

rows=”5”></textarea><br />

Figure 4

Figure 5

February 2005 ● PHP Architect ● www.phparch.com

Upon submitting the form, an SQL statement is

assem-bled and then sent to the database See a modified

excerpt from the code:

$sql = sprintf(“INSERT INTO entries (id, title,

The expression GGEENN IIDD((eennttrriieess ggeenn,, 11)) retrieves the

current value of the provided generator and increases it

to the next value The complete listing is available in

the code archive for this article under the name

iinnsseerrtt bbaadd pphhpp It’s probably obvious why the file carries that

name: assembling an SQL query like that opens up your

application to SQL injection attacks and must be

avoid-ed at any cost You should, instead, use parameterizavoid-ed

queries Instead of “pasting” values into the SQL

state-ment, you use placeholders and later provide values for

those placeholders The InterBase/Firebird extension

then glues the values to the placeholders and takes care

of any potentially dangerous special characters

In order to implement this, you first have to prepare

database handle and the parameterized SQL statement

(each parameter being marked by the question mark

expects the statement object (returned by

iibbaassee pprreeppaarree(())) and then a list of the values of all

placeholders Here is a shortened code snippet thatdemonstrates the usage of these two functions:

$sql = “INSERT INTO entries (id, title, content) VALUES (

concate-Reading Out Information

Up to now, we have only sent information towards thedatabase but did not care too much about the returnvalues This will change in this section The return val-

result set of these queries Once you have these, the

“standard” naming convention that most PHP sions use applies to Firebird as well:

exten-<<ddaattaabbaasseennaammee>> ffeettcchh aassssoocc(()) fetches the current row

<<ddaattaa bbaasseennaammee>> ffeettcchh oobbjjeecctt(())creates an object where field

loop, in connection with one of those functions, ates over the whole result set so that you can send theinformation gathered to the browser Do note that, bydefault, field values are saved in uppercase even if theywere typed in lowercase in the CCRREEAATTEE TTAABBLLEE SQL state-ment

iter-The following (again, simplified) code snippet reads

10 if (isset( $_POST [ ‘title’ ]) && isset( $_POST [ ‘content’ ])) {

11 if ( false !== ( $db = ibase_connect ( $host , $user , $pass ))) {

12 $sql = “INSERT INTO entries (id, title, content) VALUES (

13 GEN_ID(entries_gen, 1), ?, ?);” ;

14 $query = ibase_prepare ( $db , $sql );

15 if ( false !== ( $result = ibase_execute ( $query , $_POST [ ‘title’ ], $_POST [ ‘content’ ]))) {

16 echo ‘<p>Saved entry.</p>’ ;

Listing 1

all the available information from the database, in

reverse chronological order, and prints it out to the

browser:

if (false !== ($result1 = ibase_query($db,

‘SELECT * FROM entries ORDER BY creation DESC’))) {

TENT)

htmlspecialchars($row1->CON-);

}

In the same script, all commentsassociated to a blog entry are readout This is a point where preparedstatements really come in handy andhelp with the performance:

iibbaassee eexxeeccuuttee(()) is called The ment is therefore only compiled

10 if ( false !== ( $db = ibase_connect ( $host , $user , $pass ))) {

11 if ( false !== ( $result1 = ibase_query ( $db , ‘SELECT * FROM entries ORDER BY creation DESC’ ))) {

12 $selectcomments = ibase_prepare ( $db , ‘SELECT * FROM comments WHERE entries_id = ? ORDER BY creation DESC’ );

13 while ( $row1 = ibase_fetch_object ( $result1 )) {

14 printf ( ‘<p><b><big>%s</big> (%s)</b></p><p>%s</p>’ ,

15 htmlspecialchars ( $row1 -> TITLE ),

16 htmlspecialchars ( $row1 -> CREATION ),

17 htmlspecialchars ( $row1 -> CONTENT )

19 print ‘<blockquote>’ ;

20 $result2 = ibase_execute ( $selectcomments , $row1 -> ID );

21 while ( $row2 = ibase_fetch_object ( $result2 )) {

22 printf ( ‘<p><small>%s</small></p>’ , $row2 -> CONTENT );

24 print ‘</blockquote>’ ;

25 print ‘<form method=”POST” action=”insert-comments.php”>’ ;

26 print ‘<input type=”hidden” name=”id” value=”’ $row1 -> ID ‘“ />’ ;

27 print ‘<input type=”text” name=”content” />’ ;

28 print ‘<input type=”submit” value=”Add comment” />’ ;

once and gets a different parameter each time:

while ($row1 = ibase_fetch_object($result1)) {

$result2 = ibase_execute($selectcomments,

After each blog entry and the associated set of

ments, a small form is printed out where a new

com-ment may be added:

print ‘<form method=”POST”

action=”insert-comments.php”>’;

print ‘<input type=”hidden” name=”id” value=”’

$row1->ID ‘“ />’;

print ‘<input type=”text” name=”content” />’;

print ‘<input type=”submit” value=”Add comment” />’;

print ‘</form>’;

The complete code for this script, sseelleecctt pphhpp, can be

found in Listing 2 Figure 6 shows its output

Transactions

Firebird also offers decent support for ACID

transac-tions We could need this in the file

iinnsseerrtt ccoommmmeennttss pphhpp, where the comment forms from the

pre-vious sections post their data to There, we first have to

check if an entry with the provided ID exists in the

eennttrriieess table If so, we can add the comment data to

the ccoommmmeennttss table However, what happens if a parallel

process deletes the blog entry between the SSEELLEECCTT FFRROOMM

eennttrriieess statement and the IINNSSEERRTT IINNTTOO ccoommmmeennttss

state-ment? In this case, transactions come in handy In order

to implement them, you first have to call

iibbaassee ttrraannss(()), providing the database handle Thereturn value of this function call is then a transactionhandle You can use this

iibbaassee pprreeppaarree(()) instead of the database handle

However, at the end of the script all transactions will berolled back (new behavior under PHP 5) unless they are

iibbaassee ccoomm mmiitt(()) Therefore, you should always call this function toend your transactions In order to rollback, you use the

The iinnsseerrtt ccoommmmeennttss pphhpp script from Listing 3 ments the aforementioned concept First, it checks ifthere is a blog entry with the provided ID by trying toSSEELLEECCTT data and then checking if anything wasreturned If that succeeds, the provided content is writ-

sub-mits the statements within the transaction to the datasource

Advanced Features

Firebird offers several other features for advanced users

Among them is the support for triggers Imagine thatyou delete one blog entry from the database Whathappens to all its comments? They have to be deleted

as well For this, a trigger comes in very handy The lowing snippet, available in the code archive as a file(ttrriiggggeerr ssqqll), gets rid of the useless comments when-ever a blog entry gets removed:

fol-DROP TRIGGER delete_entry;

February 2005 ● PHP Architect ● www.phparch.com

10 if (isset( $_POST [ ‘content’ ]) && isset( $_POST [ ‘id’ ])) {

11 if ( false !== ( $db = ibase_connect ( $host , $user , $pass ))) {

12 $t = ibase_trans ();

13 $sql1 = “SELECT * FROM entries WHERE id = ?;” ;

14 $query1 = ibase_prepare ( $t , $sql1 );

15 if ( false !== ( $result1 = ibase_execute ( $query1 , $_POST [ ‘id’ ])) &&

16 false !== ( $row1 = ibase_fetch_object ( $result1 ))) {

17 $sql2 = “INSERT INTO comments (id, entries_id, content) VALUES (

You can directly send this SQL code to the database

Another nice feature of Firebird is the support for

Stored Procedures and UDFs, User Defined Functions

Both are a way to include your own code within the

database and then execute it However, this is outside

of the scope of this article—you do not need any

spe-cial PHP features to use this functionality

However there are some additional PHP functions

that can be used with Firebird data sources For

instance, you can create your own user management

and do not have to rely on ibWebAdmin:

•• iibbaassee aadddd uusseerr(())—adds a user to the

securi-ty database (provided in the first parameter),

using the username and password of a user

that may add users (parameters #2 and #3)

and the user name and password of the new

user (#4 and #5)

•• iibbaassee ddeelleettee uusseerr(())—deletes a user

(parameter #4) from the security database

(parameter #1), using the privileges of the

user/password combination provided in

parameters #2 and #3

•• iibbaassee mmooddiiffyy uusseerr(())—changes user

infor-mation, using the same function signature as

iibbaassee aadddd uusseerr(())

The behavior of these functions, however, has changed

in PHP 5 in combination with the introduction of the

SuperServer edition of Firebird Now, you have to use

the service manager to connect to the security

data-base and change user information:

include ‘connect.inc.php’;

$server = ibase_service_attach($host, $user, $pass);

ibase_add_user( ); //or ibase_delete_user()

//or ibase_modify_user() ibase_service_detach($server);

However, obviously, using a GUI tool is much more

convenient

BLOBs

Among the data types supported by Firebird are also

BLOBs—Binary Large OBjects They can be used to

store binary data—even large amounts of it—in the

database You first have to create a database that tains a field with data type BLOB:

con-DROP TABLE blobdata;

CREATE TABLE blobdata(filename VARCHAR(255), data BLOB);

Afterwards, the following steps write binary data intothe table:

ibase_query($db, $sql, $filename, $id);

Listing 4 contains a small application (bblloobb pphhpp) thatlets the user upload a file and writes it directly into thedatabase, using PHP’s HTTP upload functionality.Reading back the binary data from the database is per-formed using just a few steps as well: simply SSEELLEECCTT theblob column from the table, provide the result as

BLOB data:

include ‘connect.inc.php’;

$db = ibase_connect($host, $user, $pass);

$result = ibase_query(‘SELECT data FROM blobdata’);

$row = ibase_fetch_object($result);

$blobinfo = ibase_blob_info($row->DATA);

$blob = ibase_blob_open($row->DATA);

$blobdata = ibase_blob_get($blob, $blobinfo[0]);

Using Database Abstraction Layers

Several well-known database abstraction layers offer Firebird support Most prominently, the upcoming and long-anticipated PDO (PHP Data Objects

8 if (isset( $_FILES [ ‘upload’ ]) &&

9 is_uploaded_file ( $_FILES [ ‘upload’ ][ ‘tmp_name’ ])) {

10 include ‘connect.inc.php’ ;

11 $db = ibase_connect ( $host , $user , $pass );

12 $blob = ibase_blob_create ( $db );

13 ibase_blob_add ( $blob ,

file_get_contents ( $_FILES [ ‘upload’ ][ ‘tmp_name’ ]));

14 $id = ibase_blob_close ( $blob );

15 $sql = ‘INSERT INTO blobdata(filename, data) VALUES (?,

?);’ ;

16 ibase_query ( $db , $sql , $_FILES [ ‘upload’ ][ ‘name’ ], $id );

17 print ‘<p>Added file to the database.</p>’ ;

18 }

19 ?>

Listing 4

Interface) layer h http://pecl.php.net/package/PDO

includes a provider for Firebird data sources

h

http://pecl.php.net/package/PDO_FIREBIRD D, but you

should be aware that development has not finished yet

Users of Unix/Linux can install the required packages

using the PEAR installer:

pear install PDO

pear install PDO_FIREBIRD

In the not too distant future, this will change to the

fol-lowing:

pecl install PDO

pecl install PDO_FIREBIRD

Windows users can refer to the following address at

h http://snaps.php.net/win32/PECL_5_0 for compiledPHP 5.0.x versions of the modules or to

h http://snaps.php.net/win32/PECL_UNSTABLE E for 5.1.xversions Once you do that (and assuming that every-thing goes to plan), a unified access to Firebird datasources using the “future” of PHP’s database accessbecomes available (see Figure 7)

As you might have guessed, you will also get lucky

if you search PEAR for suitable packages Both

Firebird (and InterBase) with special drivers Thus, asyou can see, Firebird is a well-respected and also fully-featured alternative to more mainstream DBMS,despite its relatively low penetration in the PHP arena

So do give Firebird a try—and maybe you’ll “fire” one

of your other database systems instead!

F

FEEAATTUURREE

PHP Under Fire

To Discuss this article:

http://forums.phparch.com/199

Christian Wenz is author or co-author of over four dozen books, quently writes for renowned IT magazines and speaks at conferences around the globe He is Germany’s very first Zend Certified Professional, principal at the PHP Security Consortium and maintainer or co-maintain-

fre-er of sevfre-eral PEAR projects.

Award-winning IDE for dynamic languages, providing a powerful workspace for editing, debugging and testing your programs Features advanced support for Perl, PHP, Python, Tcl and XSLT, on Linux, Solaris and Windows

Download your free evalutation at www.ActiveState.com/Komodo30

Figure 7

February 2005 ● PHP Architect ● www.phparch.com

F

FEEAATTUURREE

20

Like many web developers, I often work with data

sub-mitted from web pages or web service clients into PHP

applications Recently, while working on a validation

class to ensure quality user input, I happened upon the

PEAR module HTML_QuickForm As it turned out, a

great deal of the validation I needed to do for the

proj-ect was easily handled by using this module

Additionally, specialty form validation could be

accom-plished with ease by assigning custom functions to do

validation What a treat! Sometimes, it is humbling to

have to throw away a few hours of work to take

advan-tage of

something which allows you to do more quickly—with

HTML_QuickForm, I didn’t mind

As has been the case when beginning to learn other

PHP modules or other programming elements of style,

my first reaction to HTML_QuickForm was enthusiasm

and intrigue, quickly followed by a fear and

apprehen-sion of the learning curve After working through a

cou-ple of HTML_QuickForm examcou-ples from the PEAR

web-site and elsewhere (see references), however, it was

sur-prising to see how little code I needed to take care of

the tasks I work on most every day In addition, if you

find yourself needing further flexibility and features in

validation or presentation, it isn’t hard to integrate

HTML_QuickForm with your own custom validation

functions and display forms using popular templating

engines like Smarty a nd Flexy

External PHP Libraries

Libraries of PHP code can enable developers to plish more with less code There are a number of well-written libraries with a variety of uses that are available

accom-In addition to writing less code, by taking advantage ofcode able to save a great deal of

Had it with redundant form validation? Does separating

application and presentation code have you all mixed up?

Check this article for an overview of the Smarty

templat-ing engine, the PEAR HTML_QuickForm form buildtemplat-ing

module and a complete mini application that cleanly

divides application and presentation as well as handling

comprehensive form validation.

URL

h http://www.devarticles.com/c/a/Web-Design- - U

F

time Of course writing applications with libraries isn’t

all peaches and cream—it can be difficult, especially at

first, to learn a new library Beyond just learning a new

syntax, sometimes you’ve got to dramatically change

your way of thinking about solving problems It is also

important to consider portability factors should you

need to move your application to other servers when

selecting code libraries

I’ve found the biggest obstacle when learning a new

tool to be keeping a beginner’s mindset and not

get-ting too frustrated when the code doesn’t immediately

produce the results I expect

To give you a demonstration of some of

HTML_QuickForm’s capabilities, we’ll create a web

reg-istration application that validates user inputs using

built-in methods We’ll also take advantage of

valida-tion through regular expressions and custom funcvalida-tions

The Smarty template engine will help keep our

presen-tation logic separate from the application logic Our

database requirements are limited to simple selects and

inserts For demonstration of this mini app, MySQL 4+

suits our needs just fine, but an alternate database

serv-er could easily be substituted PEAR’s DB module is used

to pass the few simple database queries to a MySQL

database Should you prefer a different database server,

the application should only require a modification of

the database connection

First, though, a brief introduction to the tools of

Smarty and HTML_QuickForm

Why Use a Template Engine?

PHP template engines offer developers an approach to

development that helps draw a division between

pres-entation in HTML and application code in PHP Ever

find yourself lost in a PHP script composed of mostly

HTML with very little PHP application code? Or find

your otherwise clean code into a bit of a kludge?

Many articles have been written on the value of

sep-arating presentation code of a website (e.g.: HTML,

CSS, graphics, and so on) from the application logic

Templating engines offer a mostly painless way to do

make this separation happen

Fortunately, there are many well-documented PHPtemplating engines out there to choose from Amongthe more popular PHP templating engines are PHPSavant, patTemplate, Smarty and PEAR’sHTML_Template_Flexy Other scripting languages havetemplating engines too: Mason, for example, is a pop-ular example for Perl, while Cheetah appears to be one

of the most selected template engines for Python, andeven Ruby has several

It seems that, as PHP’s overall popularity hasincreased, so has its popularity for use in sophisticatedweb applications The greater the sophistication of anapplication, the more difficult that application can be

to maintain when application code is combined withthe HTML Through a bit of a Forrest Gump-like obser-vation, even when I’ve got a good plan, the more lines

of code I write, the more complicated that code gets.Lengthy, complicated code is tough to work with.Lengthy, complicated code is even tougher to workwith if it is code that you’ve inherited from some otherprogrammer Clean code goes a long way toward mak-ing an application easier to maintain, which, in turn,can improve your present and future relationships withthose who may be assuming maintenance duties ofyour project

That is really the biggest reason why I’m sold on plating engines: they allow you to write clear, simplecode This is done by demanding a level of discipline ofthe developer in keeping the presentation code con-tained within the template file

tem-Enough Already, How About an Example?

Fair enough Take a look at Listing 1 for a snippet ofmixed application and presentation code

First, an SQL statement is built The SQL statementlooks to select all matching records from a user tablewhere the email and password columns in the table

function safely formats the input so that it can be used

values from $$ RREEQQUUEESSTT[[‘‘eemmaaiill’’]] and wwoorrdd’’]] and adds and escapes quotes appropriately The

method, and the results of that query are assigned tothe $$rrooww variable as an array If $$rrooww has no values, alogin error message is displayed, otherwise a successful

F

FEEAATTUURREE

HTML_QuickForm and Smarty

// select user and get row

$sql = ‘SELECT * FROM tbl_user ‘

‘WHERE email = ‘ $db -> quoteSmart ( $_REQUEST [ ‘email’ ])

$sql = ‘SELECT * FROM tbl_user ‘ ‘WHERE email = ‘

$db -> quoteSmart ( $_REQUEST [ ‘email’ ]) ‘ AND password = ‘

$db -> quoteSmart ( $_REQUEST [ ‘password’ ]);

$row = $db -> GetRow ( $sql );

$smarty -> assign ( ‘row’ , $row );

$smarty -> display ( ‘template.tpl’ );

Listing 2

login message is shown

Now, in all truthfulness, this is a very readable and

easy to maintain piece of code as it stands It is possible

that, with the addition of some comments, even a

non-developer would be able to figure what is going on

with these few lines For an experienced developer,

even if there were a few hundred lines of code like this,

they would likely still be easy to maintain The case for

using templating engines becomes easier to make

when both the length and sophistication of the code is

greater than this particular example

Try That with a Smarty Template

With Smarty, we split the original PHP file into two files:

a PHP file (Listing 2) and a template file (Listing 3)

The first line of the PHP snippet hides some gory

creates an instance of the Smarty class We’ll get into

the code for configuring Smarty later The SQL

state-ment and execution of the SQL statestate-ment is identical to

the snippet in Listing 1 Following the execution of the

SQL statement through $$ddbb >>GGeettRRooww(($$ssqqll)), the $$rrooww

variable is assigned to the Smarty variable called rrooww

with $$ssmmaarrttyy >>aassssiiggnn((‘‘rrooww’’,, $$rrooww))

If you are new to working with classes, it may feel

strange to work with different sets of variables For me,

after becoming more familiar with this syntax, it now

seems more appropriate to have a set of variables

reserved exclusively for the purpose of presentation

The last line of the PHP calls the Smart display method

($$ssmmaarrttyy >>ddiissppllaayy((‘‘tteemmppllaattee ttppll’’))), where the

tem-plate file tteemmppllaattee ttppll is passed as an argument At

that point, Smarty reads and interprets our template

file

In Listing 3, a test is performed to determine if the

$$rrooww variable has a count of zero and the appropriate

message is then displayed

For those new to Smarty, that gives you a brief feel

for the syntax The Smarty Crash Course at

hhttttpp::////ssmmaarrttyy pphhpp nneett//ccrraasshhccoouurrssee pphhpp offers a great

introduction

Why Smarty?

Documentation, popularity, performance, debuggingconsole and ease of use have all been reasons why I’vebeen drawn to Smarty Most all of the benefit I see fromusing Smarty could be accomplished by using Flexy oranother template engine

My first exposure to Smarty came after reading anarticle in php|architect in the summer of 2004 ReadingJason Sweat’s articles on Phrame and Model ViewController (php|architect, May 2003), I was in search of

a cleaner way to build applications While initially ested in the architectural benefits that Phrame andMVC could bring to web applications, it became appar-ent that by using Smarty on its own, it would be possi-ble to realize the benefits I was looking for

inter-What is HTML_QuickForm?

HTML_QuickForm is a PEAR module for developingHTML forms The module has been around for a num-ber of years HTML_QuickForm offers tools for form cre-ation as well as flexible methods for validating formdata

Not unlike Smarty, there are alternatives toHTML_QuickForm The popularity ofHTML_QuickForm, as well as its flexibility, history andthe ability to integrate it with a number of differenttemplate engines were reasons I decided to pursueHTML_QuickForm

Sometimes (OK—often) users need some assistancewhen filling out a web form Validation can be handled

on the client side through JavaScript That validationshould probably be reinforced with server-side valida-tion to ensure malicious posts or posts from browserswithout JavaScript are properly verified.HTML_QuickForm can take care of both server-side andclient-side validation, but, in this article, we’ll concen-trate on the former only

If you’ve written your own validation functions, haps they accept an input value, a failed prompt, aminimum length and a maximum length among otherparameters When you want to validate a value, youmight pass your function those arguments and expect

per-a vper-alue in return This is similper-ar to the wper-ayHTML_QuickForm allows you to do validation In fact,you can take a look at Listing 4 for a quick intro toHTML_QuickForm

After including HHTTMMLL//QQuuiicckkFFoorrmm pphhpp, an instance ofthe HTML_QuickForm object is created and the formname (and ID), method and action are defined with

$$ffoorrmm == nneeww HHTTMMLL QQuuiicckkFFoorrmm((‘‘ffrrmmTTeesstt’’,, ‘‘PPOOSSTT’’,,

February 2005 ● PHP Architect ● www.phparch.com

6 $form -> addElement ( ‘text’ , ‘email’ , ‘Email’ );

7 $form -> addElement ( ‘text’ , ‘name’ , ‘Name’ );

[[$$ SSEERRVVEERR[[‘‘RREEQQUUEESSTT UURRII’’]]))

Next, two text fields name and email are defined

element of a submit button element is then added

$$ffoorrmm >>aaddddRRuullee(()) method The eemmaaiill field is assigned a rule

that requires a valid email The rule for the nnaammee field,

on the other hand, only requires that a non empty

value be submitted

A test is then performed to see if the form is valid

through $$ffoorrmm >>vvaalliiddaattee(()) If the form is validated

suc-cessfully, the date is “frozen,” which allows no further

editing, and a “validated!” is echoed back to the

brows-er This mini demo ends with the display of the form

When executed, the code from Listing 4 is rendered

as shown in Figure 1 If that form is submitted and thevalidation succeeds, the user would see a screen likeFigure 2 Should validation fail, the user would end upwith a screen like Figure 3

I found it odd at first to adjust to building forms grammatically like this, but I really enjoy the benefit ofthe built-in validation now Still, the code in this exam-ple may look too inflexible for your needs In the nextexample, we’ll go over how to combine the tools ofSmarty and HTML_QuickForm for a mini registrationapplication

pro-A very good introduction to the features and ways touse HTML_QuickForm is on the PEAR website at

h http://pear.php.net/manual/en/package.html.html-quick- - f

form.tutorial.php

Smarty and HTML_QuickForm

HTML_QuickForm allows rendering ofthe form to be handled by the defaultrenderer as done in the example inListing 4 or through a template render-

er The basic HTML_QuickForm ates a form that is completely function-al; however, if you are building a proj-ect with some greater design require-ments, you might find that defaultappearance does not meet the needs ofyour project By defining an alternatetemplate renderer withHTML_QuickForm, it is possible toachieve greater presentation cus-tomization and control over the form’slabels and elements as well as valida-tion messages

gener-The example project we’re about toexamine combines Smarty andHTML_QuickForm in a simple registra-tion application This application can

be set up with these steps on your owndevelopment machine:

• Install the latest version of thePEAR::DB and

PEAR::HTML_QuickForm ules Instructions for installationare available at the PEAR website

mod-h http://pear.php.net

• Install the Smarty templateengine Smarty and installationinstructions can be found at

h http://smarty.php.net

• Create a new MySQL 4+ base (this example uses the nameddbb tteesstt for it) and run the SQLcode shown in Listing 5 Thecommands in that file createtables for registration (ttbbll rreeggiiss

data-F

FEEAATTUURREE

HTML_QuickForm and Smarty

Figure 1

Figure 2

ttrraattiioonn) and conferences (ttbbll ccoonnffeerreennccee).

Additionally, a few records are inserted into

ttbbll ccoonnffeerreennccee so that we may have some

basic data to work with

• Create a directory named rreeggAApppp within a

web-viewable location

• Store iinnddeexx pphhpp, rreeggffoorrmm ttppll and

tthhaannkkyyoouu ttppll inside the new rreeggAApppp

directo-ry

• In iinnddeexx pphhpp, the $$ttppll >>ccoommppiillee ddiirr variable

may need to be modified from //ttmmpp to the

full or relative path of a directory which is

writable by the webserver //ttmmpp should be

fine for many non-Windows users

• SSmmaarrttyy ccllaassss pphhpp may exist on your

machine in a location different than is

speci-fied in the iinnddeexx pphhpp file Depending on how

the Smarty template engine was installed,

this rreeqquuiirree may need to be modified to

match your system

• Modify the $$ddssnn variable in the iinnddeexx pphhpp file

to a MySQL user that has SSEELLEECCTT and IINNSSEERRTT

privileges on the new database For

demon-stration purposes, it should be fine to use

the username and password used for

creat-ing the database

After completing the steps above, if all went well you’ll

be able to point a browser at the newly created

direc-tory and see the web page shown in Figure 4

How Does It Work?

The first few lines include the PEAR modules andSmarty class file, which enables the use of their respec-tive classes and methods

After requiring the modules, it is possible to set up aDSN-style connection string and connect to the data-base If the attempt to connect to the database results

in an error, the code ends by echoing out that message.Next, a new Smarty template object is created andthe paths for the Smarty template and template compi-lation directories are defined By default, Smarty looks

to place templates in a sub-directory called tteemmppllaatteess,while the compilation of templates is done within asub-directory named tteemmppllaatteess cc The Smarty compila-tion process interprets template files into PHP files andplaces those files within the compilation directory

In this example, the template files are located in thecurrent directory This was done for simplicity, as thereare only two template files The template compilationdirectory was defined as //ttmmpp to keep things easy to set

up It seems to be considered good form to place thetemplate compilation directory in a location which isnot viewable through the web—but do remember that

it must be writable by the web server To reduce thesteps for setup in this demonstration, the

selected

One very cool feature of Smarty is a debugging sole, which you can enable by setting the ddeebbuuggggiinnggvalue to ttrruuee When debugging is turned on, theSmarty debugging console pops up in a new browserwindow This can be hugely helpful in seeing a big-pic-ture view of variables that are available for use in theSmarty template file If you’re like me and get stucksometimes because you can’t see something rightunder your nose, this tool can help

con-Next, a couple arrays are set up The data from thesearrays are used in HTML select elements The first array

is built by selecting data from the database A request

is made of the database for upcoming conferencerecords (ID values and conference information) Thatdata is assigned to the $$aaCCoonnffeerreennccee variable throughthe $$ddbb >>GGeettAAssssoocc(())method $$aaPPrreeffiixx is a two-dimen-sional array of prefixes There are a number of ways topopulate select elements, both withinHTML_QuickForm and through Smarty Building aselect element with results from a database was anexample that seemed important to include

With some preliminary variable definitions out of theway, the HTML_QuickForm object is created ffrrmmRReegg isdefined as the name and ID of the form, PPOOSSTT is themethod and the action is set through the $$ SSEERRVVEERR vari-able $$ SSEERRVVEERR[[‘‘RREEQQUUEESSTT UURRII’’]] The next group of linesare all very similar—form elements are rapidly defined

of code adds a header, the two select elements that

February 2005 ● PHP Architect ● www.phparch.com

F

FEEAATTUURREE

24

HTML_QuickForm and Smarty

CREATE TABLE tbl_registration (

id int(11) NOT NULL auto_increment,

ts timestamp(14) NOT NULL,

registrationdate datetime NOT NULL,

conferenceid int(11) NOT NULL,

prefix varchar(4),

firstname varchar(100) NOT NULL,

lastname varchar(20) NOT NULL,

address1 varchar(50) NOT NULL,

address2 varchar(50),

city varchar(50) NOT NULL,

state varchar(30) NOT NULL,

zip varchar(10) NOT NULL,

phone varchar(15),

email varchar(50) NOT NULL,

KEY idx_conference_email (conferenceid,email,id)

);

CREATE TABLE tbl_conference (

id int(11) NOT NULL auto_increment,

cost decimal(10,0) NOT NULL,

date date NOT NULL,

location varchar(80) NOT NULL,

title varchar(255) NOT NULL,

);

INSERT INTO tbl_conference (cost, date, location, title)

VALUES (200, ‘2005-07-11’, ‘Las Vegas’, ‘Vegas baby, Vegas!’);

INSERT INTO tbl_conference (cost, date, location, title)

VALUES (99, ‘2005-07-18’, ‘Boston’, ‘Solving problems through

big-ger government’);

INSERT INTO tbl_conference (cost, date, location, title)

VALUES (500, ‘2005-07-25’, ‘Toronto’, ‘Management Consulting’);

Listing 5

were defined earlier and some text fields

It is possible to group form elements together by

cre-ating an array of elements as is done for

$$cciittyySSttaatteeZZiipp Here cciittyy, ssttaattee and zziipp elements are

method That array is added to the form object

through the $$ffoorrmm >>aaddddGGrroouupp(()) method

A couple of custom validation functions are

behaves slightly differently, depending on the type of

rule that is being called For example, the first

rule is assigned the name cchheecckkCCiittyySSttaatteeZZiipp It

executes a callback function of vvCCiittyySSttaatteeZZiipp The

second rule is assigned the name cchheecckkPPhhoonnee

and works using the specified regular expression

//dd\\{{33}}\\DD**\\dd{{33}}\\DD**\\dd{{33}}\\DD**\\dd{{44}}\\DD**\\dd**$$// If you’re

unfamiliar with regular expressions or have a tough

time with them as I do, the string can

be broken down like this:

I almost always need to seek reference

when creating regular expressions, but

they can allow you to do such great

things with very limited code that it’s

almost always worth the effort This

val-idation test only passes after receiving a

phone number that matches the

for-mat defined in the regular expression

221122 555555 11221122, for example, matches, as

would ((221122)) 555555 11221122 eexxtt 1122 An

alternative regular expression would be

more welcoming for attendees coming

from outside the United States and

Canada Take a look at George

Schlossnagle’s regular expressions

arti-cles from the March 2004 and April

2004 editions of php|architect for

deeper information in putting regular

expressions to work in PHP

Once these specialty validation rules

defined, they are added with the

accepts the name of the field or group

that the rule applies to as well as a

prompt to display if a validation rule

is the type of rule which is being applied (e.g required,email or a custom rule)

Gaining On It!

All the form elements have been defined and thegroundwork for validation has been completed Thenew renderer object is created by passing the Smarty template object Presentation behaviours are defined for the renderer

These methods receive their parameters as Smarty plate code, which is then used in rendering the formwhen required fields or errors are encountered

tem-The code attempts to validate the form through the

$$ffoorrmm >>vvaalliiddaattee(())method If the form data passes idation rules, the form is processed with the

val-aaddddRReeggiissttrraattiioonn(())function That function inserts a

reg-F

FEEAATTUURREE

HTML_QuickForm and Smarty

Figure 3

Figure 4

istration record into the database A

thank you message is defined and

the tthhaannkkyyoouu ttppll template is

dis-played

If the form doesn’t pass validation

(because of invalid or no input), the

$$ffoorrmm object accepts the $$rreennddeerreerr

renderer to build the HTML The

renderer is defined as a Smarty

vari-able called ffoorrmm ddaattaa, which allowsthe Smarty template access to thevariables within the $$rreennddeerreerr as

$$ffoorrmm ddaattaa

two functions First, the

vvCCiittyySSttaatteeZZiipp(())validation functionreturns true or false depending onthe data that it received Then,

func-tion inserts a registrafunc-tion record

If any of this is unclear or seemskind of ethereal as we’ve not seenany concrete HTML tags yet, noworries The tangible HTML is rightaround the corner The Smarty vari-ables that have been assigned willsoon be put to work

The Templates

The iinnddeexx pphhpp file hands things off

to the template file by passing itsname as a parameter to the Smarty

ddiissppllaayy(())method

The rreeggffoorrmm ttppll file is mostlyHTML, with a bit of Smarty codethrown in for good measure Thefile begins as a typical HTML webpage with cascading style sheet(CSS) definitions Curly braces arespecial to Smarty, just as the <<??pphhppand ??>> tags are special to PHP Ifyou prefer, Smarty allows you tochange the default curly bracedelimiter to something different.We’ll stay with the default delimiterfor this example If you stay withthe curly braces, you can keepHTML exempt from Smarty inter-pretation by adding the special tags

Smarty comments can be added inyour template code as {{** ccoommmmeenntt

In iinnddeexx pphhpp, the renderer’s ments were made available to theSmarty template variable

ele-$$ffoorrmm ddaattaa with the line:

$tpl->assign(‘form_data’, derer->toArray());

$ren-Check out Figure 5 for a look at the

February 2005 ● PHP Architect ● www.phparch.com

Smarty debug console window.

$$ffoorrmm ddaattaa has a great bunch of

these elements assigned to it

The registration form begins with

<<ffoorrmm {{ $$ffoorrmm ddaattaa aattttrriibbuutteess }}>>

and builds out the form tag to

include the nnaammee, iidd, mmeetthhoodd and

iinnddeexx pphhpp This example doesn’t

use hidden fields, but many web

applications rely on them If we had

hidden field form elements to

dis-play, they could all be rendered

with the single tag

{{$$ffoorrmm ddaattaa hhiiddddeenn}}

The rest of the template builds

rows of form labels and form

ele-ments The first few lines display the

ccoonnffeerreenncceeiidd select element (I

reformatted the code a bit to make

it more readable here):

In this template file, you can see

how all form elements—even those

of different types—are displayed in

a very uniform way

So What About Validation

Messages?

A-ha! That is one of the best parts

Back in the iinnddeexx pphhpp file, template

styles were defined for rreeqquuiirreedd

and eerrrroorr Now, the required field

elements have an asterisk before

their label when displayed in a

browser If an error is encountered,

the label’s colour changes and an

error message is shown to the right

of the form element Nothing

needs to be done to the template

file to make this happen See Figure

6 for an example

Figure 7 shows the result of a

suc-cessful form submission

One Step Beyond

In some instances, displaying errors

following the form element like thismight not be preferred An alterna-tive is to display the errors groupedtogether Errors are availablethrough $$ffoorrmm ddaattaa eerrrroorrss as anarray The following template codeloops through that array andreturns the error messages

{if $form_data.errors|@count > 0 }

{foreach from=$form_data.errors item=err}

(for data activity), “View” (for theinterface) and ‘Controller’ (fordetermining what the programshould do) There are a number ofdifferent PHP application frame-works using this architecture,including PHPMVC, Phrame andMojavi Projects with a great deal ofapplication logic can be madeclearer by isolating the controller

code from your application code

In the December 2004 PHPArchitect, Lukasz Karapuda wrote

an interesting article about his plified implementation of MVC I’mworking on a side project whichuses this adaptation and am finding

sim-it makes easier to make featureenhancements and modifications

by touching a limited amount ofcode

Conclusion

Through this mini application,we’ve covered some of the featuresavailable with Smarty andHTML_QuickForm We’ve seen howHTML_QuickForm can be used inthe building and processing offorms and how these tools togethercan help create a project with a sep-aration of application and presenta-tion PHP is a fantastic languagewith a talented and generous com-munity We’ve touched just on afew among the hundreds oflibraries available for PHP that canenable you to develop quality appli-cations without completely rein-venting the wheel

I’ve found the toolsHTML_QuickForm and Smarty have

a kind of synergy that can be easilyleveraged in producing flexible webforms with clean application andpresentation code

F

FEEAATTUURREE

February 2005 ● PHP Architect ● www.phparch.com

HTML_QuickForm and Smarty

27

To Discuss this article:

http://forums.phparch.com/200

David lives in Southwestern New Hampshire with his foxy wife, their two cats and their Australian Shepherd When not at or driving to or from work, he enjoy KEXP Seattle, hope, irony, rural living, web development and the out- doors He can be reached at d dave@perrin.net.

Figure 7

NEXCESS.NET Internet Solutions

SITEWORX control panel

/mo SMALL BIZ $ 21 95

NODEWORX Reseller Access

All of our servers run our in-house developed PHP/MySQL

server control panel: INTERWORX-CP

INTERWORX-CP features include:

- Rigorous spam / virus filtering

- Detailed website usage stats (including realtime metrics)

- Superb file management; WYSIWYG HTML editor

INTERWORX-CP is also available for your dedicated server Just visit

http://interworx.info for more information and to place your order

WHY NEXCESS.NET? WE ARE PHP/MYSQL DEVELOPERS

LIKE YOU AND UNDERSTAND YOUR SUPPORT NEEDS!

ORDER TODAY AND GET 10% OFF ANY WEB HOSTING PACKAGE

VISIT HTTP://NEXCESS.NET/PHPARCH FOR DETAILS

NEW! PHP 5 & MYSQL 4.1.X

PHP4 & MySQL 3.x/4.0.x options also available

We'll install any PHP extension you need! Just ask :)

MONEY BACK GUARANTEE

FREE DOMAIN NAME

4.1.x

3.x/4.0.x

FEEAATTUURREE

occurred in software engineering The first change is

one of scale—in fact, a continuous change since the

first program was written The second one is

distri-bution

More and more applications are expected to run over

the Internet, a context that is distributed by nature and

that tends to drive huge increases in application load

So, in a more distributed system, there is the need to

ensure that the system will be robust enough in the

event of partial failures, that it will handle the required

load and that it will be scalable when the demand for

concurrent use exceeds the original specification

The consequence of these considerations is the need

of an architecture that allows systems to face

non-func-tional requirements (capabilities) such as performance,

scalability, manageability, availability, security, capacity,

extensibility and so on, while at the same time

manag-ing and hidmanag-ing the resultmanag-ing complexity to developers

Unfortunately, most—if not all—of the PHP platforms

available are monolithic and CMS-oriented, and the

vast majority of PHP applications have their own

under-lying platform that reinvents the wheel each time Also,

in PHP “there are many ways to do things,” but at the

same time there is no—or, at least, I don’t know of

any—particular “recommended” way to perform

enter-prise application development that meets the ments above

require-These are the reasons why the Solarix iConnect tecture has been designed and implemented

archi-About the iConnect architecture

So, what is the iConnect architecture? iConnect is anOpen Source, PHP 5-based, multi-tier and service-ori-

Enterprise Development with the

iConnect Architecture

by Alex Pagnoni

This article explains about the PHP 5 iConnect architecture

and the reasons it has been designed It also provides a

complete example of a simple distributed web application

that uses the whole architecture.

URL

h http://www.solarix.it/index.php/home/standard/-

?

?content_page=technology/architecture/index.htm l

l

i

ented set of containers and components; it is also a

col-lection of specifications and a methodology for

build-ing web-enabled enterprise applications

Most of the components are licensed under the

Mozilla Public License, which is similar to the LGPL, so

you can use the architecture with commercial

applica-tions

iConnect was built over years of experience in PHP

platforms and applications delivered to small/medium

businesses and enterprises iConnect represents the

result of experience in many areas, including best

prac-tices, frameworks, design patterns and idioms

iConnect defines a five-tier architecture, as shown in

Figure 1:

• Resource tier: contains resources such as

data/legacy;

• Integration tier: logical integration to resources;

• Business tier: contains enduring business

iConnect components cover the middle tier

(presenta-tion, business, integration), while the resource tier is

managed by databases, legacy systems and other

appli-cations, and the client tier is left to web agents

iConnect also defines a multi-layered architecture:

• Lower platform: the operating system (hides the

hardware);

• Upper platform: the web and application servers

(hides the implementation of the operating

sys-tems);

• Virtual platform: the APIs and specifications

(provides the interfaces to the application server);

• Application: the components (business and

presentation logic)

All of the capabilities, tiers and layers are strictly

orthog-onal The key to creating durable enterprise

architec-tures is to allow trade-offs among them iConnect tries

to allow such trade-offs by providing a set of building

blocks

iConnect building blocks

The following are the building blocks of the iConnect

architecture (see Figure 2):

• Carthag, also known as iConnect Platform: a

common platform for the whole architecture, justlike J2SE for J2EE;

• Web services, data access and a set of tors for the integration tier;

connec-• iConnect Enterprise Application Server (EAS):contains and delivers distributed business logic,

in the form of deployable modules, like EJB;

• iConnect Web Application Server (WAS):deploys and serves web applications (called

webapps), with something similar to servlets

(webapp handlers) and JSP (PHP itself);

• iConnect Portal Server: organizes WAS webapplications, putting together EAS modules andthe (portlet-like) presentation logic using a MVCdesign pattern

As you can see, iConnect is in many ways similar to theJ2EE architecture; iConnect, however, tries to deliver asimple set of APIs and specifications and lightweightcomponents

Carthag, the iConnect Platform

Carthag is the platform of the whole architecture andsits just over the PHP runtime Carthag introduces inPHP 5 a way of organizing application files and classesthat is similar to Java

The familiar Java concepts of packages, class files andclass loaders have been implemented in Carthag; thereare other similar projects in the PHP community, how-

February 2005 ● PHP Architect ● www.phparch.com

ever Carthag is PHP 5-native and is already used in

pro-duction in many customer solutions

Aside from the core (base, bootstrap, class loaders,

and class registry), Carthag also features (see Figure 3):

• Language and base packages: system, IO, file,

data types, exceptions, process, utilities, XML,

manipulators, net, archives;

• Standards: interfaces, collections, design

pat-terns (DAO, singleton, observing, registry,

com-mand, etc.), idioms;

• Integration: data access, web services;

• Common application frameworks: database

abstraction, validation, native language support,

sessions, authentication/authorization, logging,

templates;

• Development tools: unit testing, autodocs,

build system, CARs, deployment

As you can see, Carthag is not a

Web-only/CMS-orient-ed platform: it is aimWeb-only/CMS-orient-ed at all sorts of applications

Classes are organized in hierarchical packages: each

package has its own directory and class files, and each

class has its own file You would organize the code by

putting classes in their package just like Java, e.g.: the

oorrgg aaccmmee mmyyaapppp MMyyAApppplliiccaattiioonn class will reside in the

oorrgg//aaccmmee//mmyyaapppp directory inside the root of your

appli-cation or, better, inside the ccllaasssseess directory, with the

MMyyAApppplliiccaattiioonn pphhpp file name (see Figure 4)

As you can understand from the paragraph above,

Carthag applications are entirely object-oriented In

order to import a Carthag class in the ccllaassssppaatthh, you

would call:

Carthag::import(‘org.acme.myapp.MyApplication’);

Each class must declare its own package, so theoorrgg aaccmmee mmyyaapppp MMyyAApppplliiccaattiioonn class would declare thefollowing at the top of its class file:

Enterprise Development with the iConnect Architecture

Figure 3

Figure 4

by calling PPHHPP ccllaassssnnaammee pphhpp from the CLI (they

are called embedded because they embed the

logic for calling and bootstrapping Carthag);

• CAR (Carthag Application Archive) applications:

just like Java’s JARs, CARs are archives (created

using ttaarr) launched from the CLI using this

syn-tax:

carthag -c application.car

You can find examples of simple Carthag applications

in ccaarrtthhaagg code directory:

• hheelllloowwoorrlldd is a very simple hello world

exam-ple;

• hheelllloowwoorrlldd22 is the same as the previous one,

but uses Carthag’s pipes to print “Hello world”;

• hheelllloowwoorrlldd wweebb is an ECA application;

• hheelllloowwoorrlldd ccaarr is an example of a CAR archived

application;

• hheelllloowwoorrlldd aapppp shows a simple application with

its own launch script, and features a class

organ-ized in a package

I also recommend that you have a look at the rreeaaddmmee

files included inside each example directory; there, you

can find more information and setup instructions

iConnect Integration

iConnect Integration is a collection of connectors and

other vendor-specific code (some Open Source and

some commercial) for accessing resources in the

Enterprise Information System, such as legacy system,

databases, and so on (see Figure 5)

iConnect Platform and PHP already provide data

access, web services and other “connectors,” such as

PHP’s Java class access, COM, and so forth; however,they are logically put here

iConnect Enterprise Application Server

iConnect EAS is a system for the development anddeployment of distributed, component-based businessapplications

EAS components (called modules) address criticalbusiness functions as objectified business logic, featur-ing encapsulation of business logic into businessobjects and an object-to-relational mapping persist-ence system

EAS is the standard component architecture for ing distributed, object-oriented business applications inthe iConnect architecture EAS makes possible to builddistributed applications by combining componentsdeveloped by different vendors An EAS module can bedeveloped once and deployed on multiple platformswithout repackaging or source code modification

build-Developers do not have to understand low-leveldetails, nor do they have to implement features likepersistence, distributed logic serving and other com-plex items

EAS modules are bundled as a eeaass archive (in TARformat) that contains two directories:

• ccllaasssseess: where all the classes are stored;

• MMEETTAA IINNFF: this directory contains the eeaass xxmmlldefinition file, where information about the mainclass to call resides

Each EAS module has its own name; its format followsthe same convention as Carthag’s package names, e.g.:oorrgg aaccmmee mmyyaapppplliiccaattiioonneeaass Before usage, EAS moduleshave to be deployed in the EAS server, using the eeaassddee ppllooyyeerr script inside EAS’ bbiinn directory:

easdeployer deploy myeas.eas

February 2005 ● PHP Architect ● www.phparch.com

Also, the EAS server (which is itself a long-running PHP

script) must be started before applications can access

remote EAS modules:

easserver start

An EAS module must contain at least one class file, and

that class must be referenced inside the eeaass xxmmll file

This is the class that exposes the surface area of the

module and that is remotely accessed by applications

This class must extend the

ccoomm ssoollaarriixx eeaass EEAASSPPeerrssiisstteennttOObbjjeecctt if persistence is

needed); each method that should

be exposed must begin with the eeaass prefix, e.g.:

MMyyEEAASSOObbjjeecctt::::eeaassCCaallccuullaatteePPrriiccee(())

Once an EAS module has been written and deployed

in an EAS server, you should set permissions for

access-ing it in the ccoonnff//uusseerrss xxmmll EAS configuration file; you

can have multiple accounts, and for each account you

should define which EAS modules can be accessed If

you change this file when the EAS server is running, you

should refresh its configuration:

easserver refresh

Remote applications can then access remote EAS

mod-ules as if they were local classes In order to locate a

remote module, an EAS locator format is defined; youmust pass the locator to the EEAASSFFaaccttoorryy class when youwant to instantiate a remote class Here’s an example:

$loc =

‘eas://myuser:mypwd@www.acme.org:9000/org.acme.myeas’

; try {

$hw = EASFactory :: getEAS(new EASLocator($loc));

} public function deploy() {}

public function undeploy() {}

public function redeploy() {}

}

Inside the iiccoonnnneecctt eeaass//HHeellllooWWoorrllddEEAASS directory incode examples, you can find an example of a simpleEAS module The example doesn’t use persistence, but

it shows how to build a simple EAS module just like theone above and how to use it

There are two classes inside the iiccoonnnneecctt eeaass ry:

directo-F

FEEAATTUURREE

Enterprise Development with the iConnect Architecture

Figure 6

• LLooccaallHHeellllooWWoorrlldd pphhpp: an example of calling an

EAS module deployed in the local host without

using the EAS server;

• RReemmootteeHHeellllooWWoorrlldd pphhpp: an example of calling an

EAS module deployed in a remote host (or a local

one too) using the EAS server

The rreeaaddmmee ttxxtt file contains instructions on usage and

deployment You can find even more detailed examples

(some of which also use persistence) inside the

iConnect EAS distribution

iConnect Web Application Server

The iConnect Web Application Server (WAS) plays more

or less the role of Tomcat in the iConnect architecture

It handles the deployment and serving of web

applica-tions (called webapps) and offers something similar to

servlets (called webapp handlers) and JSP (PHP itself,

through a dedicated webapp handler)

The iConnect WAS sits over the Apache web server

and is tightly coupled with it; unlike EAS, WAS is not a

background script and each time a page is called from

the Web, a new instance of it is started

Each request is processed and the control is passed to

the webapp handler, which, in turn, matches a pattern

as defined inside the webapp’s wweebb xxmmll configuration

file, located inside the WWEEBB IINNFF directory A webapp may

use more than a single handler and can define multiplematching patterns

Webapps or external applications may provide newwebapp handlers aside from the two handlers providedwith WAS (the default one, that outputs the requestedfiles, and the PHP one, that runs PHP scripts)

Inside the iConnect WAS’ ccoonnff//wweebbaapppp sskkeell directory,there is a skeleton that can be used to start a newwebapp by just copying it to a new place You can alsofind an example of the wweebb xxmmll file inside it

Webapps are usually distributed as common ttggzzarchives The name of the directory containing the files

is also the name of the webapp, and the name of thedirectory where the webapp resides inside the WAS’webapps directory

There are two methods to deploy a webapp:

• Through the “admin” webapp, using the

“Deploy a new web application” button;

• Through the “deployer” script located insidethe WAS’ bbiinn directory:

deploy method webapp

There are multiple methods to deploy a webapp: from

an archive, from the filesystem directly, from a webupload, from CVS External applications can define newdeployment methods

Once a webapp has been deployed, it can be called

February 2005 ● PHP Architect ● www.phparch.com

by accessing its directory (or virtual host, if set in

Apache configuration) from the web The wweebb xxmmll file

defines what file should be used as the index

docu-ment; subsequently, each request must contain the

iinnddeexx pphhpp receiver file in the URL

For example, if you have a file named eexxaammppllee pphhpp

inside the mmyywweebbaapppp webapp, you’d call it from the

browser as follows:

http://localhost/was/webapp/index.php/example.php

The iinnddeexx pphhpp file is reserved for WAS’s used and

should be copied as it is from the webapp skeleton It

calls the real WAS receiver and instantiates the whole

application server

As said above, once the iinnddeexx pphhpp receiver has been

called, the webapp handler that matches the request

receives the ccoomm ssoollaarriixx wwaass wweebbaapppp WWeebbAAppppRReeqquueesstt

and ccoomm ssoollaarriixx wwaass wweebbaapppp WWeebbAAppppRReessppoonnssee classes

from the webapp processor The handler is delegated

to process the request (e.g.: with its own front

con-troller) and build the response

The iConnect Portal Server explained later is an

example of an external application providing a custom

webapp handler with its own front controller

You can check out Figure 6 for more details about the

workflow that the WAS server follows when serving a

request In particular, you can see that the business

logic is separated from the presentation logic using the

MVC design pattern The logic can reside inside the

webapp or inside local/remote EAS modules (especially

for complex webapps)

Inside the iiccoonnnneecctt wwaass code directory, you can find

two examples:

• hheelllloowwoorrlldd: a simple example of a webapp that

uses the PHP webapp handler to execute PHP

scripts;

• hheelllloowwoorrlldd22: a simple example of a webapp

that executes PHP scripts using classes

iConnect Portal Server

The iConnect Portal Server is a data presentation and

delivery system for building enterprise portals over the

iConnect Web Application Server Users of the platform

have a customized single point of access to the

compa-ny’s information systems and resources

iConnect Portal Server is suitable for any type of Web

application: Internet, Intranet and Extranet

The iConnect Portal Server defines a new webapp

handler, as well as a set of concepts and classes for

building portlet-like sites The building blocks of a

Portal Server webapp are the grid, themes, modules,

slots, blocks, classes, pages and templates (see Figure

7)

A module is a collection of pages, blocks and classes

(or at least one of them), and can use other module’spages, blocks and classes Modules are assembledtogether in order to build a Web application

Modules are put inside the webapp’s uulleess directory, with their own subdirectory called justlike the module Complete modules contain the follow-ing directories:

WWEEBB IINNFF//mmoodd • ccllaasssseess: this is where are all module’s classesare stored using the traditional Carthag format(e.g.: ccllaasssseess//oorrgg//aaccmmee//mmyymmoodduullee11//MMyyCCllaassss pphhpp);this directory is automatically added to the ccllaassss ppaatthh when the module is called;

• ppaaggeess: home of the module’s pages;

• bblloocckkss: module block definition files and plates are stored here

tem-A block is the application area (the view) for the logic(the model); blocks are independent of each other, butcan cooperate and communicate A block is composed

by a definition file, a template that handles the tation and a class that handles the model

presen-A block’s class must extend the

a very simple block (from lloowwoorrlldd//HHeellllooWWoorrlldd pphhpp), that only defines a “mes-sage” variable:

hheelllloowwoorrlldd//ccllaasssseess//hheell <?php Carthag::package(‘helloworld’);

Carthag::import(‘com.solarix.portalserver.page.Portal ServerBlock’);

class HelloWorld extends PortalServerBlock { public function run(WebAppRequest $req, WebAppResponse $res) {

$this->set(‘message’, ‘Hello World!’);

} }

no blocks, a single block or more than a block (in a cise order)

pre-Pages define how blocks are organized inside the gridusing a specific layout: which blocks to use and where.Pages can be thoughts as sections with the same layout

of applications in the site/portal Depending on the

F

FEEAATTUURREE

February 2005 ● PHP Architect ● www.phparch.com

Enterprise Development with the iConnect Architecture

35

blocks, the same Portal Server page can be used to

show different type of contents

Here’s an example of a page

(hheelllloowwoorrlldd//ppaaggeess//iinnddeexx xxmmll) using the hheelllloowwoorrlldd

ccoolluummnn and rrooww refer to the position inside the grid

(which slot), while ppoossiittiioonn refers to the position inside

the slot

The grid and the blocks use PHP-based templates:

each block has its own template, which is included,

once transformed, inside the grid template at the

posi-tion defined by the grid’s logic A very simple example

of a Portal Server template

(hheelllloowwoorrlldd//bblloocckkss//hheell lloowwoorrlldd ttppll pphhpp) matching the previous HHeellllooWWoorrlldd

class follows:

<p><?=$message;?></p>

The $$mmeessssaaggee variable comes from the

$$tthhiiss >>sseett((‘‘mmeessssaaggee’’,, ‘‘HHeelllloo WWoorrlldd!!’’)) statement in the

PPoorrttaallSSeerrvveerrBBlloocckk::::sseerrAArrrraayy(()), you can also pass

build loops (even nested ones) inside the template

The grid template may look something similar toListing 1 As you can see, you can use any PHP instruc-tion in the template, since it is, for all intents and pur-poses, a PHP script

In order to call a Portal Server page, you pass themodule containing the page and the name of the pageitself to the receiver as follows:

http://www.acme.org/index.php/helloworld/index/

To pass GET/POST parameters to modules, you writethem prefixed by a string like “modulename_” So, inorder to retrieve a page from an hypothetical contentmanagement system whose module name is “content”and that uses ccoonntteenntt ppaaggee for choosing which page todisplay, you would call:

http://www.acme.org/index.php/common/std/?content_pag e=index

Please note that in the example the word page hasnot the same meaning of Portal Server page

Each block called by the page is responsible for itsown area, and calls its own logic; modules allow devel-opers to easily build, maintain and upgrade sites, andalso permit simple code reuse by copying (and, whenneeded, adapting) a module’s directory to anotherwebapp

The typical scenario is to have a repository containing

a collection of modules of any type (content ment, news, blogs, menus, site mapper, front-end/back-end modules and so on), copying theminside a new webapp and then take care of the custom

manage-“collage work.”

You can find a simple example, composed of a singleblock that prints “Hello world,” inside the iiccoonnnneecctt ppoorrttaallsseerrvveerr code directory As always, have a look atthe rreeaaddmmee ttxxtt file first

A complete iConnect example

So, how do all these components fit together? Let’ssuppose that we want to display a simple message (theusual “Hello world”) in our fresh new portal, whichmust be structured in a modular way that can beextended later, and that the message must be receivedfrom a remote application

Using the iConnect architecture, the applicationwould be composed of an EAS module, calledHelloWorldEAS and a Portal Server-based webappcalled hheelllloowwoorrllddaapppp The tools we need are: