• PHP Advent - http://phpadvent.org/2011
• 24 Ways – Design and Developmenthttp://24ways.org/
• Performance Planet - http://calendar.perfplanet.com/2011/
• Ad Font - http://2011.adfont-calendar.com/
• Mozilla Developer Network - http://thewebrocks.com/calendar/
• Perl Advent - http://perladvent.org/2011/
• HTML5 and CSS3 - http://html5advent2011.digitpaint.nl/
• 12 Devs of Christmas - http://www.12devsofxmas.co.uk/

I hope you find these handy, and learn a thing of two!

12:25 < Fuel-Bot> [oil] philsturgeon pushed 2 new commits to master: https://github.com/fuel/oil/compare/a8e1387…4be84aa                                                   eighty4
12:25 < Fuel-Bot> [oil/master] Making more use of the Form::label() in the scaffold builds – Adam Barrett                                                                    el2ro
12:25 < Fuel-Bot> [oil/master] Merge pull request #18 from utahcon/master – Phil Sturgeon

Today at 12:25MST my pull request for Oil was merged into the master line, which means it is gold!

$geekScore++;

From FuelPHP.com:

Fuel is a simple, flexible, community driven PHP 5.3 web framework based on the best ideas of other frameworks with a fresh start.

How much clearer can they get?

The Geeks Behind FuelPHP

Dan Horrigan, Phil Sturgeon, Jelmer Schreuder and Harro Verton. If those names mean nothing to you, let me shed some light.

Dan Horrigan

Coding in PHP for 10+ years Dan has contributed to projects like CodeIgniter and PyroCMS, as well as PancakeApp.

Phil Sturgeon

Another great mind behind CodeIgniter. Just look at Phil’s blog, he has done it all!

Jelmer Schreuder

Look through Jelmer’s Github and you can see he is quite experienced as well. He is also super friend in the #fuelphp channel on Freenode.

Harro Verton aka WanWizard

After a long and sordid past as a mainframer he has found roots in programming and contributes a lot of support in #fuelphp as well. He has personally helped me through some of the beginning steps of using FuelPHP.

To all the geeks involved in FuelPHP, a huge thanks!

What Make Fuel Different?

Fuel is young, under a year as of this writing, but already it has seen support and contributions from 30+ developers. The maintainers are really open to anyone committing code cause they believe that since we all use it, we all deserve to support it. Or something like that. Basically if you use it and identify a bug, and you can fix it, then they will let you.

That is probably the best thing about this young framework is the amount of involvement everyone has. Being open source and hosted on GitHub anyone can get the source, and anyone can submit a pull request for changes to the code. I have personally been watching the commits in the IRC channel and I can attest that they are sincere in saying that things are getting done. And fast!

What Make Fuel Awesome?

Gleaming from other great frameworks (and languages) Fuel has been given some great tools. Like Oil.

Oil

Oil is a utility for the CLI that allows you to Generate code, Refine (run tasks, more on this later),  Package (install, update and remove packages) and Console (test code).

Tasks

Tasks are classes that can be run through the command line or set up as a cron job. They are generally used for background processes, timed tasks and maintenance tasks. Tasks can calls models and other classes just like controllers.

Because Tasks actually use the whole framework you can write scripts using the native language of FuelPHP and all things work. All the controllers, all the helpers etc are available to the user.

Lightweight

Autoloading is fun, and useful, but you don’t want to load everything everywhere. Fuel has an extensive (and configurable) configuration to allow you to only load what you want when you want.

Docs

The documentation is a ongoing project, and no where near perfect right now, but it certainly is coming along. Don’t take that to mean it isn’t helpful, cause it absolutely is! Also you can update the docs and commit the changes to the project

ORM and Active Record or just DB

ORM has been done, and done again. FuelPHP has an ORM, or you can opt for ActiveRecord, or if you don’t like either of those you can just use good old SQL. Fuel is flexible and this is a great example of how flexible they really are.

Why Not?!

If you haven’t been sold by my simple blog post on Fuel, then perhaps you need to play with the framework yourself. You can get it from http://fuelphp.com or  from GitHub.

What’s Next?

I am working on a series of blog posts showing how to do things with FuelPHP, so keep tuned for those.

The past few months have kept myself and my team quite busy, as we’ve turned our attentions from maintenance of the Zend Framework 1.X series to Zend Framework 2.0. I’ve been fielding questions regularly about ZF2 lately, and felt it was time to talk about the roadmap for ZF2, what we’ve done so far, and how the community can help.

He goes on to talk about the processes being taken to get Zf2.0 the exemplar of PHP 5.3 and to add namespaces to the project. He talks about his team, the road map and the struggles they have already expereienced:

After completing this process, my entire team — all three of us — started the work of migrating the code to namespaces. Ralph wrote a tool that scanned the library and created a map file of existing classes and suggested namespace/classname combinations. We then used this tool as a launching point for the migration, each of us working on a component at a time. This work was by no means automated — we discovered very quickly that such a tool only took care of the most cursory work. I detailed some of our findings a couple months back; we ran into a number of issues we never anticipated, and the progress has been far from speedy. At this point, however, we have migrated everything but theZend_Service classes, the MVC, and those components that build on top of the MVC (Application, Navigation, Form, etc.).

Finally he shares details about getting ZF2.0 available through Git and Github, and what the community can do to help:

A number of contributors are also starting to discuss rewrites and refactoring of components. Much of this is being done on the zf-contributors mailing list, and some on the #zftalk.dev channel on Freenode. If you are interested in contributing, I highly recommend subscribing to the list and dropping into the channel when you can.

You can read the post in it’s entirety at  http://weierophinney.net

When you instantiate a PHP Soap Class you pass it a WSDL (Web Services Description Language) and it looks like this:

$client = new SoapClient('http://example.com/services/thescript.php?wsdl');

Depending on how your caching is setup, this will go out to the WSDL provided, pull in the document and store it in a cache. The default cache for PHP is 86400 seconds. If you are familiar with time in seconds you know that that is 24 hours. So by default you only actually read the WSDL once in a 24 hour period. Normally this is not a problem.

What is a WSDL?

For that answer let’s turn to the W3 site:

WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information.

So in English that means it is a map to the services provided by the provider. Basically you get a copy of the map, and follow the endpoints to the answers you need.

One basic function of this is that it tells you want methods (services) are available on your fresh client.

When WSDLs go bad

So today one of my providers, without warning, updated their WSDL. This wreaked havoc on my system because I had cached the WSDL on my side for 24 hours (remember, the PHP default). The change was a super simple change, a change in URL for a service, that’s it!

The problem was that since PHP had already read the file within 24 hours it didn’t care that there was a new file, that the URLs had changed, and so it continued to work as it had before.

The real problem wasn’t that the URLs changed, that would have been fine if the provider hadn’t shut off the previously reported URLs.

Turn off the cache

So you are left with two options when something like this happens. First, you can sit and wait up to 24 hours for the problem to fix itself. This was not an option for us. The second is to clear your cache and try again.

Now PHP (on Linux) stores the cache for the Soap WSDL in /tmp and I wasn’t sure which one of the many files was the actual cache for this particular provider so I decided I would have to tell PHP to not cache the WSDL and try again.

Into php.ini I went, located the soap.wsdl_cache_enabled flag. I changed it from 0 to 1

soap.wsdl_cache_enabled=0

I saved the file and restarted Apache.

The service continued to fail. I was perplexed. I thought maybe I flubbed the save so I opened the php.ini again located my line and it was fine. So I looked around there to see if maybe I missed another important flag. The only thing I could find was soap.wsdl_cache_ttl listed as the “(time to live) Sets the number of second while cached file will be used instead of original one” I promptly changed this to 0 as well

soap.wsdl_cache_ttl=0

Restarted Apache, and finally my script stopped failing.

I have since re-enabled my cache ttl and enabled flags, as reading the WSDL every time is a resource hog that doesn’t need to be in place.

The Lesson Learned

The lesson learned by all today is be aware of your caching, and be aware of the changes you make to your live/production systems.

“to ensure free access, in perpetuity, to the projects we support”

From the About page:

The WordPress Foundation is a charitable organization founded by Matt Mullenweg to further the mission of the WordPress open source project: to democratize publishing through Open Source, GPL software.

The point of the foundation is to ensure free access, in perpetuity, to the projects we support. People and businesses may come and go, so it is important to ensure that the source code for these projects will survive beyond the current contributor base, that we may create a stable platform for web publishing for generations to come. As part of this mission, the Foundation will be responsible for protecting the WordPress, WordCamp, and related trademarks. A 501(c)3 non-profit organization, the WordPress Foundation will also pursue a charter to educate the public about WordPress and related open source software.

I have long been a fan of WordPress, and now even more so. I am always amazed at the things that Matt and company come up with to move forward the power of WordPress.

For all those true WordPress geeks out there, the new site is running the WordPress 3.0 development version.

I can’t seem to find a call like josso_authenticate($name, $pass), returning an array to be appended to user’s SESSION. I was expecting such a method, because SOAP is already used everywhere, so it shouldn’t be too hard implementing this.

Has anyone had success implementing this kind of “transparent” login?

JOSSO simply doesn’t make it easy to log people in with a single call. Instead you need to make an interface to the API to do so. I just so happen to have an example of such a wrapper function.

Logging In A User

To do everything and make it easy for future reuse I built two classes. The first is a Login Class and the second a Josso Class (below). My Login Class is pretty sparse, but it includes a wrapper to handle all the tasks required to login a user through Josso and get back the Josso details for that user.

The full code of each class is down at the bottom of the post, just expand the code block, but here is the function that is really what you are looking for Login->authorize()

Login->authorize()

public function authorize($username, $password){

 # make sure we have a valid username
 if(empty($username)){
 # return invalid username
 throw new LoginException('Invalid username');
 } else {
 $this->username = $username;
 }

 # make sure we have a valid password
 if(empty($password)){
 # return invalid username
 throw new LoginException('Invalid password');
 }

 # check that user exists
 if( ! $this->josso->userExists($this->username)){
 throw new LoginException('Invalid username');
 }

 # check Josso with username and password
 $this->assertion = $this->josso->assertIdentityWithSimpleAuthentication($username, $password);
 if($this->josso->error){
 throw new LoginException('Invalid username/password combination');
 }

 # resolve Authentication Assertion
 $this->token = $this->josso->resolveAuthenticationAssertion($this->assertion);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->session = $this->josso->getSession($this->token);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->user = $this->josso->findUserInSession($this->token);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->cleanUpUser();

 $this->roles = $this->josso->findRolesByUsername($this->username);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->cleanUpRoles();

 $this->user->sosPermissions =& $this->roles;
 }

What That Actually Did

As you can see you simply pass the $username and $password to the function and it runs through a ton of work for you.

First it validates the input, make sure you aren’t working for no reason.

Next it makes sure the userExists(), this will save you heartache later when JOSSO pretends a user exists, but really doesn’t.

Then I asserIdentityWithSimpleAuthentication() which literally means I pass those to JOSSO and wait for an answer. The answer returned is an assertion_id, which really doesn’t mean anything.

You then take the assertion_id returned and call resolveAuthenticationAssertion(), this will return your session_id if the login was valid.

With the session_id you call getSession(). This returns all the details of the session that JOSSO now has open. This varies depending on who setup your JOSSO implementation but you should have an identifying is (user_id) if nothing else.

I go on to make sure that JOSSO hasn’t forgotten anything by calling findUserInSession(), which literally just tells me who I am supposed to be working with.

The cleanUpUser() you could probably ignore, but our system returns an object with dots ( . ) in the name and I can’t stand that, so I change them to underscores ( _ ).

Finally I call back to my JOSSO install to get any roles the user has, again this will vary if your JOSSO doesn’t handle roles.

Login Class

class Login {

 public $token;
 public $username;
 public $session;
 public $roles;
 public $user;
 public $request;
 private $assertion;
 # this will hold the instance of Josso Controller we need
 private $josso;

 function Login($request = null){

 $this->josso = new Josso;
 if(!empty($request)){
 $this->request = $request;
 }
 }

 #validate an existing token
 public function validateToken($user_token){
 $session = $this->josso->accessSession($user_token);

 /*
 * For whatever reason Josso returns nothing if the session is valid
 * and the operation has been completed.
 */
 if( empty($session)){
 return true;
 }

 if($this->josso->error){
 throw new LoginException('Internal Error [Login]: '. __LINE__);
 }
 return false;
 }

 # authorize a user with password
 public function authorize($username, $password){

 # make sure we have a valid username
 if(empty($username)){
 # return invalid username
 throw new LoginException('Invalid username');
 } else {
 $this->username = $username;
 }

 # make sure we have a valid password
 if(empty($password)){
 # return invalid username
 throw new LoginException('Invalid password');
 }

 # check that user exists
 if( ! $this->josso->userExists($this->username)){
 throw new LoginException('Invalid username');
 }

 # check Josso with username and password
 $this->assertion = $this->josso->assertIdentityWithSimpleAuthentication($username, $password);
 if($this->josso->error){
 throw new LoginException('Invalid username/password combination');
 }

 # resolve Authentication Assertion
 $this->token = $this->josso->resolveAuthenticationAssertion($this->assertion);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->session = $this->josso->getSession($this->token);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->user = $this->josso->findUserInSession($this->token);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->cleanUpUser();

 $this->roles = $this->josso->findRolesByUsername($this->username);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->cleanUpRoles();

 $this->user->sosPermissions =& $this->roles;
 }

 public function createLoginFromToken($token){

 $this->user = $this->josso->findUserInSession($token);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->cleanUpUser();

 $this->roles = $this->josso->findRolesByUsername($this->user->name);
 if($this->josso->error){
 throw new LoginException('Interal Error [Login]: '. __LINE__);
 }

 $this->cleanUpRoles();

 $this->user->sosPermissions =& $this->roles;
 }

 # get a Josso hashed version of a password
 public function getPassHash($password){
 $passhash = $this->josso->getPassHash($password);
 return $passhash;
 }

 # acquire roles for the user from josso
 public function getUserRoles(){
 return $this->roles;
 }

 # send the signal to Josso to signoff (closes all sessions)
 public function signoff($session_id = null){
 if( ! $session_id && ! $this->session->id){
 return false;
 }

 if(!$session_id){
 if(!empty($this->session)){
 if($this->josso->globalSignoff($this->session->id)){
 return true;
 }
 } else {
 return false;
 }
 } else {
 if($this->josso->globalSignoff($session_id)){
 return true;
 }
 }
 return false;
 }

 private function cleanUpUser(){
 if(!empty($this->user)){
 foreach($this->user->properties as $prop => $details){
 $name = $details->name;
 if($pos = strpos($name, '.')){
 $name = explode('.',$name);
 $name = $name[0] . ucwords($name[1]);
 }
 $this->user->$name = $details->value;
 }
 unset($this->user->properties);
 }
 }

 private function cleanUpRoles(){
 if(!empty($this->roles)){
 foreach($this->roles as $key => $details){
 $tmpRoles[$key] = $details->name;
 }
 $this->roles = $tmpRoles;
 }
 }
}
?>

Josso Class

<pre>class Josso {

 var $SSOIdentityManager;
 var $SSOSessionManager;
 var $SSOIdentityProvider;
 var $JossoPashHash;
 var $error;

 function Josso(){

 // create the soapclients
 $this->SSOIdentityManager = new Soapclient(JOSSO_SERVER .'/josso/services/SSOIdentityManager?wsdl', array('Trace' => 1));
 $this->SSOSessionManager = new Soapclient(JOSSO_SERVER .'/josso/services/SSOSessionManager?wsdl', array('trace' => 1));
 $this->SSOIdentityProvider = new Soapclient(JOSSO_SERVER .'/josso/services/SSOIdentityProvider?wsdl', array('trace' => 1));
 }

 function accessSession($session_id){
 try{
 $accessSession = $this->SSOSessionManager->accessSession($session_id);
 // we expect a null
 return $accessSession;
 } catch(Exception $e){
 $this->error = $e;
 return false;
 }
 }

 // check if a user exists
 function userExists($username){
 try {
 $userExists = $this->SSOIdentityManager->userExists($username);
 return true;
 } catch (Exception $e){
 $this->error = $e;
 return false;
 }
 }

 // assert a login
 function assertIdentityWithSimpleAuthentication($username, $password){
 try{
 $loginAssertion = $this->SSOIdentityProvider->assertIdentityWithSimpleAuthentication($username, $password);
 return $loginAssertion;
 } catch (Exception $e){
 $this->error = $e;
 return false;
 }
 }

 // check assertion and get session
 function resolveAuthenticationAssertion($loginAssertion){
 try{
 $session = $this->SSOIdentityProvider->resolveAuthenticationAssertion($loginAssertion);
 return $session;
 } catch (Exception $e){
 $this->error = $e;
 return false;
 }
 }

 // get session details
 function getSession($session){
 try {
 $sessionDetails = $this->SSOSessionManager->getSession($session);
 return $sessionDetails;
 } catch (Exception $e){
 $this->error = $e;
 return false;
 }
 }

 // make sure the session we found belongs to our user
 function findUserInSession($session){
 try {
 $userInSession = $this->SSOIdentityManager->findUserInSession($session);
 return $userInSession;
 } catch (Exception $e){
 return false;
 }
 }

 // not used
 function findUser($username){
 try{
 $userDetails = $this->SSOIdentityManager->findUser($username);
 return $userDetails;
 } catch (Exception $e){
 return $e;
 }
 }

 // get a users roles
 function findRolesByUsername($username){
 try {
 $userRoles = $this->SSOIdentityManager->findRolesByUsername($username);
 return $userRoles;
 } catch (Exception $e){
 $this->error = $e;
 return false;
 }
 }

 function globalSignoff($session){
 try {
 $signoff = $this->SSOIdentityProvider->globalSignoff($session);
 } catch (Exception $e){
 $signoff = $e;
 }
 unset($_SESSION['josso']);
 return $signoff;
 }

 function getPassHash($password){
 try{
 $result = $this->JossoPashHash->hash($password);
 return $result;
 } catch (Exception $e){
 return $e;
 }
 }

}

That’s It!

I hope I have at least in part helped with your quest to make logging people in through JOSSO more bearable.

Chrome OS Zero

Looks like Hexxeh has been hard at work getting a cleaned up version of Chrome OS called Chrome OS Zero out to the masses. Reading through the Wiki and FAQ things look pretty nice and clean. I may take a stab at playing with this in the next week or so. Thanks Hexxeh!

Droids

Tim at CTRL-ALT-DEL Comic has this silly for us today:

Thanks Tim!

Nexus One

We all know about Google’s latest move in the Android field by now, right? Well it looks like the Nexus One is selling well, and people are having problems with the 3G service that T-mobile is offering on the Nexus One. Being a T-mobile customer myself I can tell you the problems are not limited to the Nexus One. My phone refused to stay on 3G this weekend too, oh well.

PHP

References

Johannes Schluter discusses how references in PHP work, and suggests that maybe we should not use them anymore.

Last year I spoke at eight conferences and attended a few more multiple times at most of them I found myself in discussions about references and PHP as many users seem to have wrong understandings about them. Before going to deep into the subject let’s start with a quick reminder what references are and clear some confusion about objects which are “passed by reference.”

Patterns

Giorgio Sironi has two new blog posts about patterns in PHP. The first is on Abstract Factory patterns:

The major problem that creational patterns try to solve is that objects need collaborators: we often pass them in the constructor of a Client class to aid decoupling, as every class should know only what it really needs to get its job done. With the verb know I mean that they just know that the other part exist at all.

The second is on Builder patterns:

The Builder pattern’s intent is to encapsulate the details (the new operators and other wiring) of the object creation process under a common interface. Though, the Builder can actually change the internal representation of an object, as it is not a black box.

Both blog posts were great reads, and I suggest all my UPHPU buddies hit them up.

Pro PHP: Patterns, Frameworks, Testing and More

Kevin McArthur is a self-taught entreperneur and opensource developer from Edmonton Alberta. Kevin has been running a very successful PHP application development studio for over 7 years. Additionally Kevin took time to write Pro PHP: Patterns, Frameworks, Testing and More, published by Apress.

The book really lives up to the name. It disucsses in great details the framworks that are most popular including Zend Framework. Kevin has what seems an infinite amount of knowledge on Zend Framework, and a quick Google search will reveal he is quite active is sharing that information.

I was a little let down on the Testing and Code Control sections of the book. I felt like Kevin mearly skimmed, and could have really dug into more detail, espeically about testing.

In talking about patterns for PHP Kevin reinforces some of the basics of good programming, and explains the pros and cons of each style of framework. You can tell he has spent his fair share of time in each of the patterns discussed.

Overall if you are thinking about playing with patterns and frameworks this is the book for you. Don’t look for any golden knowledge about testing, but the rest is gold!

This weekend I had the opportunity to read RESTful PHP, by Samisa Abeysinghe, published by Packt Publishing. The book is short, about 200 pages, but full of great information about what REST is, how it is used, how it is supposed to be used and how to use it with PHP.

The book assumes you have a working knowledge of PHP, and how to install extensions (or use existing ones). The concepts are clear and concise. Samisa is direct, but explains the reasons for why code is the way it is, or explains what can be done different.

The books runs through many examples using Yahoo! and Amazon APIs. Most of the book could be called a manual for use of CURL and SimpleXML, as well as some DOM work. Although you will not need to know any of those things before picking up this book.

In a short seven chapters Samisa explains what rest is, who uses it, why it is used, and what you can do with it. Samisa walks you through consuming (or using) REST APIs and also how to setup your own APIs using the REST style and architecture.

I would recommend this book to any beginning and middle tiers PHP developer as it is a quick reference to REST and APIs that you know you already want to be working with.