joestump.net

A client of mine is taking the proactive approach of packaging all of their software using PEAR and distributing it via a custom PEAR channel. I can’t recommend this enough for people that are distributing their PHP code to a number of clients/users.

The problem is that, by default, PEAR channels are consumable by anyone with an internet connection. I sent an email to Greg asking him if there was a way to restrict this and how to go about doing it. As it turns out it’s not only available, but detailed in the free excerpt from his new book The PEAR Installer Manifesto.

There are a number of ways to restrict access. The more complicated approach involves coding a script that handles the authentication and then restricts packages on a per client basis. This is a great way to say client X can install packages A, C and F, while client Y can only install packages B and D.

The route I ended up taking involved simply setting up HTTP-Auth using and .htaccess and .htpasswd file. Once you have that set up and working you can log in with the following commands.

$ pear -d "pear.mychannel.com" login

Follow the instructions by entering your username and password and you should see a confirmation that you’re logged in. After that you’re allowed to download and install.

I won’t be talking about Framework much here any more, but I did want to mention that I released Framework 0.1.8 and that it’s now installable via my very own PEAR channel at http://pear.joestump.net.

$ pear channel-discover pear.joestump.net
$ pear install --alldeps joestump/Framework

I’ve finally gotten around to creating a home for Framework. I’ve installed Trac, imported the repository into SVN, tagged various releases, etc. Please feel free to submit bugs and write some documentation for me.

This is a fairly major upgrade for the little framework that could. I haven’t stopped developing Framework. Quite the contrary, I’ve been working on it extensively as I’m starting to build sites utilizing it. Other than the extensive changes, fixes, etc. anybody wishing to try this out will be pleasantly surprised that there is now an example document root in the examples.

• Added Framework_Exception
• Added Framework_Template for unified templating in modules
• Added __sleep() and __wakeup() to Framework_Object and Framework_Object_DB
• Added $this->template->plugins_dir = array('plugins',$path.'/'.'plugins') to Framework_Presenter_Smarty
• Added Framework_Auth_ACL to handle Access Control Lists based on module/event pairings
• Added Framework_Request
• Added Framework_User::__isset()
• Added Framework_Site_Common::stop() which is ran from Framework::stop() when processing has completed
• Added config.xml for site configuration data
• Added Framework_Presenter_JSON which utilizes php-json
• Fixed a bug when creating custom user classes in Framework_Uset::singleton()
• Fixed how Framework_User::__construct() detected the userField from Framework_Session
• Fixed misspelled function call in Framework_User
• Fixed a bug where Framework_Object was attempting to create a log file before Framework_Site_Common had been created
• Fixed mispelled return code in Framework::start()
• Fixed a bug where a module’s event was running before the session/user had been authenticated
• Changed Framework_Presenter_REST to include XML_Serializer options
• Changed all Exception’s to Framework_Exception
• Changed Framework_Object::__construct() to use Framework_Site_Common::$logFile to create instance of PEAR Log in Framework::$log
• Removed a few references to deprecated constants in Framework_Presenter_Module
• Deprecated Framework_User::$userTable, Framework_User::$userField, Framework_User::$defaultUser, Framework_User::$userClass (see config.xml)

Download Framework 0.1.1

1. PHP5 comes with a new MySQL extension called mysqli. While the i stands for improved, interface and incompatible (some say incomplete - HA!).
2. Supports MySQL versions starting with MySQL 4.1.
3. The new function was basically a way to start over and clean things up to work with the new features in 4.1+.
4. Includes SSL connections, stronger password algorithm, prepared statements prevent SQL injection, no default connection parameters. Overall, their goal was to make it safer.
5. Can make use of new and more efficient MySQL binary protocol, prepared statements give massive performance improvements on large data sets, faster overall code, support for gzip compressed connections. Additionally, the MySQL server can be embedded into PHP (wtf?).
6. You can use either OOP or procedural interfaces, prepared statements make certain operations easier and there’s less that can go wrong (which seems a bit ambiguous).
7. Some redundant functions have been dropped, some new functions that support new features and persistent connections are no longer support (about damn time).
8. The OOP interface is “marginally” slower than the procedural interface, but tiny compared to the cost of actually getting the data. In other words, use whichever you like.
9. In PHP5, the OOP interface supports Exceptions (ie. ConnectException, etc.).
10. Added autocommit(), commit() and rollback() functions to the OOP interface.
11. Now supports multiple queries with the multi_query() function. This looks absurdly awkward. Not sure if I can even think of a reason to use this. This functionality was added specifically for stored procedures which can return multiple result sets.

Nevermind, Ian just noticed he’s reading the notes verbatim from the manual. That being said, this looks like an extremely interesting enhancement over the old MySQL client library. We’ll probably look into switching things over when we get back and start forming a larger MySQL strategy.

So I finally broke down today and started working on my first WordPress plugin. I liked how recent links worked, but I wanted an aggregated list of both links I found interesting and my Flickr photos. I was going to hack the recent links plugin that I had used, but decided against it in the end. In the end I decided that it made sense to store my interesting links on del.icio.us and my photos on Flickr and then aggregate them into a single list, which is what you see now below this post.

This way my photos stay on Flickr and my links stay on del.icio.us, but they show up inline on my blog’s frontpage. I’ve got a few bugs and kinks to work out still, but it’s definitely ready for beta testing. If you are interested in playing with it then give me a shout and I’ll package it up for you to test out.

• Integrates with Flickr and stores photo and tag information into a MySQL table.
• Integrates with del.icio.us and stores link and tag information into a MySQL table.
• Uses PEAR’s DB and HTML_Request packages and PHP5’s SimpleXML extension to seemlessly fetch and cache new content every hour or every time an admin visits the website.

So I was doing some client work today when I noticed something somewhat disturbing; phpinfo() has a logo that sends data back to php.net. I’m not sure exactly what the data is, but here’s the offending markup.

<img border="0" src="?=PHPE9568F34-D428-11d2-A769-00AA001ACF42" alt="PHP Logo" />

The somewhat more disturbing part is that this image also sets a cookie. The cookie appears to hold both my country and the IP address of the requesting agent.

COUNTRY=USA%2C64.34.176.111

I’ve looked at a few scripts and found that the src of the image file appears to change slightly between installations. I’m sure it’s nothing malicious, but it is a bit odd.

Anyone else know anything about this?

As some of you may know I run a small picture hosting site. A user emailed me the other day to say that Internet Explorer was only allowing her to download images at BMP images, despite the image being a JPG or a GIF. Turns out this is a known issue. I figured that had to be a way to turn off caching via the HTTP headers and I think I have a solution. If you’re sending dynamic files via PHP give these headers a try.

<?php

// Your file's extension
$ext = 'jpg';

// Your file's name
$name = 'goofypicture.jpg';

// Your file's location
$src = '/path/to/'.$name;

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Type: image/".$ext);
header('Content-Disposition: inline; filename="'.$name.'"');
header("Content-Length: ".filesize($src));

?>

I’ve fixed a minor security hole in my PEAR version of the framework that I created for the ONLamp.com article Understanding MVC in PHP. Everyone who is currently using Framework 0.0.6 or below should update their install immediately.

To upgrade:

$ pear upgrade "http://www.joestump.net/jax/content/source/Framework/Framework-0.0.7.tgz"

To install:

$ pear install "http://www.joestump.net/jax/content/source/Framework/Framework-0.0.7.tgz"

I am currently writing an article about PHP5 and MVC frameworks for web programming for onlamp.com. Part of writing the article required me writing an MVC framework to showcase the theories and ideas behind MVC programming. The result is what I simply call Framework. The following are the installation instructions.

$ pear install "http://www.joestump.net/code/Framework/Framework-0.0.6.tgz"

As new version become available you can also use the above command to upgrade by replacing install with upgrade and the URL for the newly released version. Once it is installed check out /path/to/PEAR/doc/Framework for installation instructions and the article describing how MVC frameworks work.

You will also need Smarty installed in your path as Smarty/Smarty.class.php. Once that is done it should all work fine. Please feel free to email me with questions and concerns, however, this is not supported code at this time and not to be considered stable in any way.

UPDATE: You will want to check out the PEAR category on my site for the latest version of Framework, which is currently 0.1.1