1. The database & the database config

Before we start, lets create a database with a table called users.

The table users should contain 3 columns :

• id – primary key, auto increment, not null, unsigned int
• username – varchar(128), not null
• password – varchar(32), not null

Now, in your application.ini, go to your resources.multidb.front_db and change the values to your connection string, as an example:

...
resources.multidb.front_db.adapter  = "pdo_mysql"
resources.multidb.front_db.host     = localhost
resources.multidb.front_db.username = MyDatabaseUsername
resources.multidb.front_db.password = MyDatabasePassword
resources.multidb.front_db.dbname   = MyDatabaseName
resources.multidb.front_db.default  = true
...

2. The layouts

We want to have a separate layout for the logged in users and another layout for guests.

To achieve this, in your /app_root/modules/frontoffice/layouts/ make sure you have 2 files called: “public.phtml” and “layout.phtml” with the following contents:

layout.phtml

	< ?php echo $this->doctype(); ?>
	< html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
	< head>
		< ?php echo $this->headMeta(); ?>
		< ?php echo $this->headTitle(); ?>
		< ?php echo $this->headStyle(); ?>
		< ?php echo $this->headLink(); ?>
		< script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js">< /script>
		< ?php echo $this->headScript(); ?>
	< /head>
	< body>
		< div class="container">
		< ?php foreach ($this->messages['error'] as $message):?>
			< div style="color:red;">< ?php echo $message?>< /div>
		< ?php endforeach;?>
		< ?php foreach ($this->messages['success'] as $message):?>
			< div style="color:green;">< ?php echo $message?>< /div>
		< ?php endforeach;?>
		< br />
		< br />
		< p>You are now logged in!< /p>
		< ?php echo $this -> layout () -> content; ?>
		< /div>
	< /body>
	< /html>

and in your public.phtml

	< ?php echo $this->doctype(); ?>
	< html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
	< head>
		< ?php echo $this->headMeta(); ?>
		< ?php echo $this->headTitle(); ?>
		< ?php echo $this->headStyle(); ?>
		< ?php echo $this->headLink(); ?>
		< script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js">< /script>
		< ?php echo $this->headScript(); ?>
	< /head>
	< body>
		< div class="container">
		< ?php foreach ($this->messages['error'] as $message):?>
			< div style="color:red;">< /div>
		< ?php endforeach;?>
		< ?php foreach ($this->messages['success'] as $message):?>
			< div style="color:green;">< /div>
		< ?php endforeach;?>
		< br />
		< br />

		< ?php echo $this -> layout () -> content; ?>
		< /div>
	< /body>
	< /html>

This way, we can show a custom UI for the logged in users and another UI for the guests.

3. The Auth Controller Plugin

We now want to make sure that guests are redirected to the users/login page (we will talk about that controller/action in a moment).

Also, if the user is already authenticated, we do not want to allow him on the users/login page and he should be redirected to the index/index page

To achieve this, we will create a controller plugin in the /app_root/library/Custom/Controller/Plugin called Auth.php with the following contents:

class Custom_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
{
	/**
	 * @var Zend_Auth
	 */
	protected $_auth;	

	public function __construct(Zend_Auth $auth)
	{
		$this->_auth = $auth;
	}

	public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
	{
		//Check if the user is not logged in
		if (!$this->_auth->hasIdentity())
		{
			return $this->_redirect($request, 'users', 'login', 'frontoffice');
		}

		//The user is logged in
		//Check if the authenticated user tries to access the users/login path
		if ('frontoffice' == $request->getModuleName()
			&& 'users' 		 == $request->getControllerName()
			&& 'login'		 == $request->getActionName())
		{
			return $this->_redirect($request, 'index', 'index', 'frontoffice');
		}
	}

	protected function _redirect($request, $controller, $action, $module)
	{
		if ($request->getControllerName() == $controller
			&& $request->getActionName()  == $action
			&& $request->getModuleName()  == $module)
		{
			return TRUE;
		}

		$url = Zend_Controller_Front::getInstance()->getBaseUrl();
		$url .= '/'   . $module
			 . '/' . $controller
			 . '/' . $action;

	   if (DEBUG)
	   {
	       debug_redirect($url);
	   }

	   return $this->_response->setRedirect($url);
	}
}

To run this plugin we need to go to the Application Bootstrap (the one from the app_root) and add the following function :

//init Auth Plugin
protected function _initAuthPlugin()
{
	Zend_Controller_Front::getInstance()->registerPlugin(
		new Custom_Controller_Plugin_Auth(Zend_Auth::getInstance()));
}

Now this basically tells our application to redirect to the /frontoffice/users/login in case we are not logged in (and it will avoid a redirect loop also if we are already there)

4. The Users Controller

The users controller will allows us to manage a signup and a login action for our guests. The controller will only handle the request and will communicate with the view to render the form and error messages. It will also communicate with the User Repository for user actions (to find out if the user already exists or if the form is valid or not).

Thus, in your /app_root/modules/frontoffice/controllers/ create the file UsersController with the following contents:

class UsersController extends Frontoffice_Library_Controller_Action_Abstract
{
	public function indexAction()
	{
		return $this->redirect('users', 'login');
	}

	public function loginAction()
	{
		Zend_Layout::getMvcInstance()->setLayout('public');

		$form = new Frontoffice_Form_Login(
			array('userRepository' => Frontoffice_Model_Repositories_UsersFactory::factory()));

		if ($this->_request->isPost())
		{
			$data = $this->_request->getPost();
			if ($form->isValid($data))
			{
				return $this->redirect('index', 'index');
			}
			$form->setDefaults($data);
		}

		$this->view->form = $form;
	}

	public function logoutAction()
	{
		Zend_Auth::getInstance()->clearIdentity();
		return $this->redirect('users', 'login');
	}
}

This tells our application to redirect to the users/login in case we are trying to access the users/index path. If we are already on the login action, it simply instantiates a new form and injects the Users Repository.

If the request is actually a post and the form is valid with the data provided via the POST method, then it redirects the user to the index/index

Also, the action sets the layout to the public layout since the guest is not allowed to see our logged in UI.

You may ask yourself where are the errors treated. These are set in the form directly (either from form or model validation) and will be displayed in the view from the form so the controller is not aware of them

Also, if we go to users/logout we will be redirected to the users/login and our identity will be deleted

5. The Login View

Lets create the login.phtml view now in your /app_root/modules/frontoffice/views/scripts/users/ with the following contents:

< div style="width:960px; margin:100px auto;">
	< h2>Login header

	< div style="width:500px; margin:5px; padding:0px 20px; float:left">
		< h3>Please login< /h3>

		< ?php if ($this->form->isErrors()):?>
			< ?php foreach ($this->form->getErrors() as $errors):?>
				< ?php foreach ($errors as $message):?>
					< div style="color:red">< /div>
				< ?php endforeach;?>
			< ?php endforeach;?>

			< ?php foreach ($this->form->getErrorMessages() as $error):?>
					< div style="color:red">< /div>
			< ?php endforeach;?>

		< ?php endif; ?>

		< form id="login" action="< ?php echo $this->escape($this->form->getAction()); ?>" method="< ?php echo $this->escape($this->form->getMethod());?>">

			Username: < ?php echo $this->form->username;?>< br />< br />

			Password: < ?php echo $this->form->password;?>< br />< br />

			< ?php echo $this->form->captcha;?>

			< input type="submit" value="Login" /> or < a  href="< ?php echo $this->url(array('controller' => 'users', 'action' => 'signup'), null, true);?>">Sign up< /a>
			< ?php echo $this->form->___h;?>

			< br />
			< br />

		< /form>
	< /div>
< /div>

It is a simple view which renders some form elements and the captcha (the form takes care to enable it or not)

6. The Login Form

The login form will allow us to define the elements we want to show; it will also be injected with the user repository so it can query it for an existent username and fail if it finds one but also user the repository to do the validation. I am not using form validation for elements that contain business logic. As an example, the “Not Empty” validation is done by the form while the requirements for the elements is done by the user repository.

The error messages are set in the form, by both the form and the repository, based on the source of it.

If the form contains errors (either from the element validators or from the business logic validators), they will be shown via the view.

If you the form gives an error 3 times, the captcha will be enabled and will now allow you to pass the form validation until you enter the right captcha code (note here that if you are behind a proxy, the captcha validation will not work)

Now lets create the form class. In your /app_root/modules/frontoffice/forms/ create a file called Login.php with the following contents:

class Frontoffice_Form_Login extends Custom_Form
{
	/**
	 * @var Admin_Model_Repositories_Users
	 */
	protected $_user_repository;

	public function setUserRepository( $user_repository)
	{
		$this->_user_repository = $user_repository;
	}

    public function __construct($options = null)
    {
    	parent::__construct($options);

        $this->setName('login');

        $element = new Zend_Form_Element_Text('username', array('disableLoadDefaultDecorators' => true));
        $element->addDecorator('ViewHelper')
	            ->setRequired(true)
	            ->addErrorMessage('The username is required.');
		 $this->addElement($element);

        $element = new Zend_Form_Element_Password('password', array('disableLoadDefaultDecorators' => true));
        $element->addDecorator('ViewHelper')
                ->setRequired(true)
                ->addErrorMessage('The password is required.');
		$this->addElement($element);

        $element = new Zend_Form_Element_Hash('___h', array('disableLoadDefaultDecorators' => true));
        $element->setSalt('unique')
        		->addDecorator('ViewHelper')
        		->addErrorMessage('Form must not be resubmitted');
        $this->addElement($element);

        $captcha_session = new Zend_Session_Namespace('captcha');

        if ($captcha_session->tries > 999)
        {
	        $recaptcha = new Zend_Service_ReCaptcha('API_KEY_HERE',
	        									    'API_KEY_HERE');
	        $recaptcha->setOption('theme', 'clean');
	        $element = new Zend_Form_Element_Captcha('captcha',
													 array('disableLoadDefaultDecorators' => true,
													 	   'captcha'        => 'ReCaptcha',
														   'captchaOptions' => array('captcha' => 'ReCaptcha',
														   							 'service' => $recaptcha)));
			$element->addErrorMessage('Invalid security captcha code');
			$this->addElement($element);
        }

        $this->clearDecorators();
		$this->addDecorator('FormElements')
	         ->addDecorator('Form');
    }

    public function isValid($data)
    {
    	if (parent::isValid($data))
    	{
    		if ($this->_user_repository->authenticate($data['username'], $data['password']))
    		{
    			Zend_Session::namespaceUnset('captcha');
    			return TRUE;
    		}
    		else
    		{
    			$this->setErrors(array('Invalid username or password'));
    		}
    	}

    	$captcha_session = new Zend_Session_Namespace('captcha');
		if (empty($captcha_session->tries))
		{
			$captcha_session->tries = 0;
		}
		$captcha_session->tries = $captcha_session->tries + 1;
    	return FALSE;
    }
}

7. The Users Repository (Model)

Now lets see what the authenticate method does:

Go into your /app_root/modules/frontoffice/models/Repositories/ and create the file Users.php with the following contents:

class Frontoffice_Model_Repositories_Users
{
	/**
	 * @var Admin_Model_Entities_User
	 */
	protected $_user_entity;

	/**
	 *
	 * @param Admin_Model_Entities_User $user_entity
	 */
	public function __construct($user_entity)
	{
		$this->_user_entity = $user_entity;
	}

	/**
	 * var array
	 */
	protected $_messages = array();

	/**
	 * Sets an error message
	 *
	 * @param string $name
	 * @param string $message
	 *
	 * @return bool
	 */
	public function setMessage($name, $message)
	{
		$this->_messages[$name] = $message;
		return TRUE;
	}

	/**
	 * Returns a list of all error messages
	 *
	 * @return array
	 */
	public function getMessages()
	{
		return $this->_messages;
	}

	/**
	 * Authenticates a user based on the username and password
	 *
	 * @param string $username
	 * @param string $password
	 *
	 * @return boolean
	 */
	public function authenticate($username, $password)
	{
		$filter = new Zend_Validate_StringLength(array('min' => 5, 'max' => 25));
		if (!empty($password) && !$filter->isValid($password))
		{
			$this->setMessage('password', 'Invalid password. Length must be between 5 and 25 characters');
			return FALSE;
		}

    	if (TRUE === $this->_user_entity->loginByUsernameAndPassword($username, $password))
    	{
    		$storage = $this->_user_entity->getResultRowObject(array(
    						'id',
    						'username'));
    		$storage->name = $storage->username;

    		Zend_Session::rememberMe(60 * 60 * 24 * 7 * 2);
    		Zend_Auth::getInstance()->getStorage()->write($storage);

    		return TRUE;
    	}

    	return FALSE;
	}

The Repository uses composition and gets injected with the user entity object which provides the interface to communicate with the database.

The Repository holds the validation of the parameters and manages the relationship between the controller and the database model.

We will have one method called authenticate will use basically run the validation code of the parameters and if it passes the validation, it reaches the User Entity and tries to query it there. It always returns a boolean based on the status.

To call the repository, we will use the factory (below) to get the object. Create a new file in your /app_root/modules/frontoffice/models/Repositories/ named UsersFactory.php with the following contents:

class Frontoffice_Model_Repositories_UsersFactory
{
	/**
	 * @var Frontoffice_Model_Repositories_Users
	 */
	protected static $_repository;

	public static function setRepository($repository)
	{
		self::$_repository = $repository;
	}

	/**
	 * @return Frontoffice_Model_Repositories_Users
	 */
	public static function factory()
	{
		if (null !== self::$_repository)
		{
			return self::$_repository;
		}

		$user_entity = new Frontoffice_Model_Entities_User();

		return new Frontoffice_Model_Repositories_Users($user_entity);
	}
}

8. The User Entity

Now we will see the actual User Entity which provides the interface which communicates with the database itself:

Create a file in your /app_root/modules/frontoffice/models/Entities/ with the name User.php with the following contents:

class Frontoffice_Model_Entities_User extends Custom_Db_Table_Abstract
{
	protected $_name = 'users';
	protected $_use_adapter = 'front_db';

	protected $_auth_adapter;

	const PASSWORD_HASH = 'MY_PASSWORD_HASH_WHICH_SHOULD_BE_SOMETHING_SECURE';

	/**
	 * Logins a user based on his username and password
	 *
	 * @param string $username
	 * @param string $password
	 *
	 * @return Zend_Auth_Result
	 */
	public function loginByUsernameAndPassword($username, $password)
	{
		$password = $this->_encryptPassword($password);

		$this->_auth_adapter = new Zend_Auth_Adapter_DbTable( $this->getAdapter() );
		$this->_auth_adapter->setTableName('users')
						    ->setIdentityColumn('username')
						    ->setCredentialColumn('password');

		$this->_auth_adapter->setIdentity($username)
		    			    ->setCredential($password);
    	$result = Zend_Auth::getInstance()->authenticate($this->_auth_adapter);
    	return $result->isValid();
	}

	/**
     * Returns the result row as a stdClass object
     *
     * @param  string|array $returnColumns
     * @param  string|array $omitColumns
     * @return stdClass|boolean
     */
	public function getResultRowObject($returnColumns, $omitColumns = array())
	{
		return $this->_auth_adapter->getResultRowObject($returnColumns, $omitColumns);
	}

	/**
	 * Encrypts a value by md5 + static token
	 * 10 times
	 *
	 * @param string $value
	 *
	 * @return string $value
	 */
	protected function _encryptPassword($value)
	{
		for ($i = 0; $i < 10; $i++)
		{
			$value = md5($value . self::PASSWORD_HASH);
		}

		return $value;
	}

The User Entity provides methods to C.R.U.D. the database via the Repository.

In our case, we want to be able to run the Zend_Auth_Adapter_DbTable on our database and retrieve our needed information in order to write them in the Auth Storage.

Also we will use a method to encrypt our password va multi md5, in a secure way.

Now if you run the application you should get 5 types of error messages:

• Username empty
• Password empty
• Form cannot be resubmitted
• Invalid captcha code
• Invalid username or password (this is due to the fact that a hacker should not know what went wrong with his u/p combination.

To test that the form works correctly check ZFDebug queries and see what it tried to search in the database (the username and password combination - the password will be encrypted. Copy paste that password and add it manually to the database, to your username. Now retry and you should get redirected to the index/index and be logged in)

9. The Sign Up action

Now that we have the login done, lets go to the UsersController and create our signup method:

Add the following code to your UsersController.php

//...
//previous code here
//...
public function signupAction()
{
	Zend_Layout::getMvcInstance()->setLayout('public');

		$user_repository = Frontoffice_Model_Repositories_UsersFactory::factory();
		$form = new Frontoffice_Form_Signup(array('userRepository' => $user_repository));

		if ($this->_request->isPost())
		{
			$data = $this->_request->getPost();
			if ($id = $form->isValid($data))
			{
				$user_repository->authenticate($data['username'], $data['password']);
				return $this->redirect('index','index');
			}
			$form->setDefaults($data);
		}

		$this->view->form = $form;
}

Basically, the code is almost identical (at this level of simplicity atleast) with the login action.

If the form subbmision is correct, make sure to authenticate the user and redirect him to the index/index page.

10. The Sign Up View

Now lets see the View for the Sign Up action:

Go into your app_root/modules/frontoffice/views/scripts/users and create a file called login.phtml with the following contents:

< div style="width:950px; margin:5px; padding:0px 20px; float:left">
	< h2>Create account:< /h2>

	< ?php if ($this->form->isErrors()):?>
		< ?php foreach ($this->form->getErrors() as $errors):?>
			< ?php foreach ($errors as $message):?>
				< div style="color:red">< ?php echo $message;?>< /div>
			< ?php endforeach;?>
		< ?php endforeach;?>

		< ?php foreach ($this->form->getErrorMessages() as $error):?>
				< div style="color:red">< ?php echo $error;?>< /div>
		< ?php endforeach;?>
	< ?php endif; ?>

	< form id="login" action="< ?php echo $this->escape($this->form->getAction()); ?>" method="< ?php echo $this->escape($this->form->getMethod());?>">

	Username: < br />< ?php echo $this->form->username;?>< br />< br />

	Password: < ?php echo $this->form->password;?> < br />< br />

	Confirm Password: < ?php echo $this->form->confirm_password;?>< br />< br />

	< ?php echo $this->form->captcha;?>

	< input type="submit" value="Create account" /> or < a href="< ?php echo $this->url(array('controller' => 'users', 'action' => 'login'), null, true);?>">Login
	< ?php echo $this->form->___h;?>

	< /form>
< /div>

11. The Auth Plugin

Currently, if we try to signup we will always get redirected to the login page. In order to allows us to view the signup page, we must go to the app_root/library/Custom/Controller/Plugin/Auth.php and there we should add the following condition in the dispatchLoopStartup :

	//Check if the user is not logged in
	if (!$this->_auth->hasIdentity())
	{
		return $this->_redirect($request, 'users', 'login', 'frontoffice');
	}

becomes

	//Check if the user is not logged in
	if (!$this->_auth->hasIdentity()
		&& FALSE === (   'frontoffice' == $request->getModuleName()
					  && 'users' 		 == $request->getControllerName()
					  && 'signup'		 == $request->getActionName()))
	{
		return $this->_redirect($request, 'users', 'login', 'frontoffice');
	}

This gives us permissions to view the users/signup page

12. The Users Repository (again)

//previous code here
//...
	/**
	 * Creates a new user
	 *
	 * @param $username
	 * @param $password
	 *
	 * @return bool|int
	 */
	public function createUser($username, $password)
	{
		$filter = new Zend_Validate_StringLength(array('min' => 5, 'max' => 25));
		if (!$filter->isValid($password))
		{
			$this->setMessage('password', 'The password must be between 5 and 25 characters length');
			return FALSE;
		}

		if (FALSE !== $this->_user_entity->findByUsername($username))
		{
			$this->setMessage('username', 'Username already exists');
			return FALSE;
		}

		if (!$id = $this->_user_entity->create($username, $password))
		{
			$this->setMessage(null, 'An uknown error occured. Please contact the support team');
			return FALSE;
		}

		return $id;
	}

This allows us to call the createUser with the username and password and the system checks if the values are correct. We have the logic validation on the repository side while the passowrd/confirm password will be kept on the form side

If the validation passses, we then check to see if we don't already have another user with the same username.

If we don't, we try to create the user with the username and password and if this works we return back the new user id

13. The Users Entity (again)

Go to the /app_root/modules/frontoffice/models/Entities/User.php and add the following code after the previously added one:

	//previous code here
	//...

	/**
	 * Retrieves an User Object by its ID
	 *
	 * @param integer $user_id
	 *
	 * @return Zend_Db_Table_Row_Abstract|bool
	 */
	public function findByUsername($username)
	{
		$result = $this->fetchRow($this->getAdapter()->quoteInto('email = ?', $username));
		if (!empty($result))
		{
			return $result;
		}

		return FALSE;
	}

	/**
	 * Creates a new user object in the database with the specified
	 * column values
	 *
	 * @param string $username
	 * @param string $password
	 *
	 * return bool|integer
	 */
	public function create($username, $password)
	{
		$user = $this->createRow();

		$user->email              = $username;
		$user->password           = $this->_encryptPassword($password);

		try
		{
			$user->save();
			return $user->id;
		}
		catch (Exception $e)
		{
			debug($e);
			return FALSE;
		}
	}

These two methods provide the interface to the Database Object for the Repository via the Entity.

14. Last but not least, The Sign Up Form

The sign up form will be injected with the user repository, will create the username,password/confirm password elemenets, will provide validation for the empty state of the fields + check to see if the 2 password fields are identical and will enable the captcha if the form fails 3 times.

If the form validation is valid, it runs the repository createUser() method. If this validation fails, it will set the form error messages based on the repository messages

If it passes, then it will return the $id of the newly created user

Once the user is created, the controller will just authenticate the user via the standard authenticate() method from the repository with the provided userame and password from the create form.

In your app_path/modules/frontoffice/forms create the file Signup.php with the following contents:

class Frontoffice_Form_Signup extends Custom_Form
{
	/**
	 * @var Frontoffice_Model_Repositories_Users
	 */
	protected $_user_repository;

	/**
	 * Sets the user repository
	 *
	 * @param Frontoffice_Model_Repositories_Users $repository
	 */
	public function setUserRepository($repository)
	{
		$this->_user_repository = $repository;
	}

    public function __construct($options = null)
    {
    	parent::__construct($options);

        $this->setName('create_account');

        $element = new Zend_Form_Element_Text('username', array('disableLoadDefaultDecorators' => true));
        $element->addDecorator('ViewHelper')
	            ->setRequired(true)
	            ->addErrorMessage('Please provide an username value');
		$this->addElement($element);

        $element = new Zend_Form_Element_Password('password', array('disableLoadDefaultDecorators' => true));
        $element->addDecorator('ViewHelper')
                ->setRequired(true)
                ->setAttrib('autocomplete', 'off')
                ->addErrorMessage('Please enter a password');
		$this->addElement($element);

        $element = new Zend_Form_Element_Password('confirm_password', array('disableLoadDefaultDecorators' => true));
        $element->addDecorator('ViewHelper')
                ->setRequired(true)
                ->addValidator(new Frontoffice_Form_Validate_IdenticalFormValues('password'), true)
                ->addErrorMessage('The two passwords do not match');
			$this->addElement($element);

        $element = new Zend_Form_Element_Hash('___h', array('disableLoadDefaultDecorators' => true));
        $element->setSalt('unique')
        		->addDecorator('ViewHelper')
        		->addErrorMessage('Form must not be resubmitted');
        $this->addElement($element);

   		$captcha_session = new Zend_Session_Namespace('captcha');
        if ($captcha_session->tries > 3)
        {
	        $recaptcha = new Zend_Service_ReCaptcha('6LeDkroSAAAAAHAe8FnYK2e9-jbLdAbk8XXn_0UK',
	        									    '6LeDkroSAAAAACLmAdTSdM9sifKJWERFDRUSB0So');
	        $recaptcha->setOption('theme', 'clean');
	        $element = new Zend_Form_Element_Captcha('captcha',
													 array('disableLoadDefaultDecorators' => true,
													 	   'captcha'        => 'ReCaptcha',
														   'captchaOptions' => array('captcha' => 'ReCaptcha',
														   							 'service' => $recaptcha)));
			$element->addErrorMessage('Invalid security captcha code');
			$this->addElement($element);
        }

        $this->clearDecorators();
		$this->addDecorator('FormElements')
	         ->addDecorator('Form');
    }

    public function isValid($data)
    {
    	if (!parent::isValid($data))
    	{
    		$this->_incrementCaptcha();
    		return FALSE;
    	}

    	if (!$id = $this->_user_repository->createUser($data['username'],
    												   $data['password']))
		{
			foreach ($this->_user_repository->getMessages() as $element_name => $message)
			{
				$this->addErrors(array($message));
			}
			$this->_incrementCaptcha();
			return FALSE;
		}

    	return $id;
    }

    protected function _incrementCaptcha()
    {
    	$captcha_session = new Zend_Session_Namespace('captcha');
		if (empty($captcha_session->tries))
		{
			$captcha_session->tries = 0;
		}
		$captcha_session->tries = $captcha_session->tries + 1;
    }
}

However, we are not done yet, since we have a custom validator that check if 2 fields are identical. Thus, lets create, in the path /app_path/modules/frontoffice/forms/Validate the file called IdenticalFormValues.php with the following contents:

class Frontoffice_Form_Validate_IdenticalFormValues extends Zend_Validate_Abstract
{
	const NOT_MATCH = 'notMatch';

	protected $_messageTemplates = array(
    	self::NOT_MATCH => 'Values don\'t match'
	);

	protected $_token_key;

	public function __construct($token_key = 'confirm_password')
	{
		$this->_token_key = $token_key;
	}

	public function isValid($value, $context = null)
	{
    	$value = (string) $value;
    	$this->_setValue($value);

    	if (is_array($context))
    	{
        	if (isset($context[$this->_token_key]) && ($value == $context[$this->_token_key]))
        	{
            	return true;
        	}
    	}
    	elseif ($value == $context)
    	{
        	return true;
    	}

	    $this->_error(self::NOT_MATCH);
	    return false;
	}
}

15. Finale

This was a big tutorial but should pretty much cover everything in order to build a secure signup/login system

See you until next time for the next tutorial!

1. Utils.php

In your WWW-ROOT, in your index.php, add the following line after the require_once ‘Zend/Application.php’ :

...
// Custom functions to help development
require_once ( APP_LIBRARY_PATH . DS . 'Utils.php');
...

Create a file called Utils.php in your application_root/library with the following contents:

function debug ($object, $label = '')
{
	Custom_Controller_Plugin_Debug::debug($object, $label);
}

function logger($message, $type = Zend_Log::INFO)
{
	Custom_Controller_Plugin_Debug::logger($message, $type);
}

function array_key_exists_recursive($needle,$haystack)
{
	foreach($haystack as $key=>$val)
	{
		if(is_array($val))
		{
			if ( array_key_exists_recursive($needle,$val))
			{
				return TRUE;
			}
		}
   		elseif ($val == $needle)
   		{
   			return TRUE;
   		}
	}
	return FALSE;
}

function is_multidimensional_array($a)
{
    $rv = array_filter($a,'is_array');
    if (count($rv)>0)
    {
    	return TRUE;
    }
    else
    {
    	return FALSE;
    }
}

function array_equal($a, $b)
{
    return (is_array($a) && is_array($b) && array_diff($a, $b) === array_diff($b, $a));
}

function array_identical($a, $b)
{
    return (is_array($a) && is_array($b) && array_diff_assoc($a, $b) === array_diff_assoc($b, $a));
}

function pr($val)
{
	$debug_backtrace = debug_backtrace();

	echo 'Debug called from ' . $debug_backtrace[1]['file'] . ' (line ' . $debug_backtrace[1]['line'] . ')';
	echo "< pre>";
	print_r($val);
	echo "< /pre>";
}

function debug_redirect($url)
{
	$debug_backtrace = debug_backtrace();
	$file = '< strong> ' . $debug_backtrace[0]['file'] . '< /strong>';
	$line = '< strong>' . $debug_backtrace[0]['line'] . '< /strong>';

	echo '< div style="padding:15px 30px; margin:0px; text-align:center; font-size:16px; background-color:#ccc; ">Should redirect to: < a href="'. $url . '">' . $url . '< /a>< /div>';
	echo '< div style="padding:15px 30px; margin:0px; text-align:center; font-size:16px; background-color:#ccc; ">Called from ' . $file . ', line ' . $line . '< /div>';

	echo '< div style="background-color:yellow; border:1px solid red; padding:5px 10px; margin:20px 0px">';
	echo '< pre>COOKIES:';
	print_r($_COOKIES);
	echo '< /pre>';

	echo '< pre>SESSION:';
	print_r($_SESSION);
	echo '< /pre>';

	echo '< pre>SERVER:';
	print_r($_SERVER);
	echo '< /pre>';

	echo '< /div>';
	exit();
}

Let us examine a bit what these functions do:

We will skip the debug and logger for the moment.

The function array_key_exists_recursive is a convenience method i had to write in order to check if a key exists in a multidimensional array.

The function is_multidimensional_array is a method to check if an array is uni dimensional or not.

The function pr is a short way to call print_r but without minding of the < pre> < /pre> tags and also points out where did you call the function from (remember those days where you had 99999 lines of debug on your screen and you were asking yourself were did you put all those echos/print_r’s ?)

The function debug_redirect takes an url as an argument, and simulates a redirect. By simulates I mean that, it doesn’t really redirect rather than print on the screen that in production mode, it would redirect and you can see where it would redirect. Moreover, it tells you all the information from your current session so that you can view exactly what happens just before the redirect was called. It also tells you where you called the redirect method.

3. The Bootstrap

In order to continue, we will need a way to tell the application we want the debugging to be enabled or not. But how do we do this?
Easiest way is to have a DEBUG constant set to TRUE or FALSE (or different levels if you wish). But what about in production mode? How can we debug there?

One way is to have an IP enabled DEBUG constant. An easier method is to enable DEBUG if you have a certain cookie with a VERY secret hash key.

Of course, the best practice is to not have debug enabled at all in production ENV, but if you really need it, then having at least the cookie is required. You can make it more secure by adding the IP check also.

Here is how this would look like in your Bootstrap.php

...
	#initializes the DEBUG constant to true or false based on config. settings and/or cookie
    #and stores a copy of the Zend_Logger in the Registry for future references
 	protected function _initDebug()
    {
    	$config = Zend_Registry::get('config');

    	if (isset($config->settings->debug->enabled))
    	{
    		if ($config->settings->debug->enabled == TRUE)
    		{
    			define('DEBUG', TRUE);
    		}
    		else
    		{
    			if (isset($config->settings->debug->cookie))
    			{
    				$debug_cookie = $config->settings->debug->cookie;

    				if (array_key_exists($debug_cookie,$_COOKIE))
    				{
    					define('DEBUG', TRUE);
    				}
    			}
    		}
    	}

    	if (FALSE === defined('DEBUG'))
    	{
    		define('DEBUG', FALSE);
    	}

    	$logger = new Zend_Log();
		$writer = new Zend_Log_Writer_Firebug();
		$logger->addWriter($writer);

		Zend_Registry::set('logger', $logger);
    }
...

4. The application.ini

In order to use the method from the bootstrap, we need to do the required changes in the application.ini :

[bootstrap]
	...
	settings.debug.cookie = "some_very_very_secret_hash_key_here_that_will_be_very_hard_to_add_in_the_cookie"
	...

[production : bootstrap]
	phpSettings.display_startup_errors = 0
	phpSettings.display_errors         = 0
	settings.debug.enabled             = false
	...

[development : testing]
	phpSettings.display_startup_errors = 1
	phpSettings.display_errors         = 1
	settings.debug.enabled             = true

And that is about it.

5. Controller Plugins

In order for the debug_redirect function to work, you will need the following code. Remember the redirect helper method that was available to all your controllers (from the file Utils.php) ?

Here is a new code for it:

	/**
	 * Helper method to redirect to a specific action or controller or url
	 *
	 * @param string $controller / $url which contains http in its composition
	 * @param string $action
	 * @param array  $params
	 */
	public function redirect($controller = 'index', $action = 'index', $module = 'frontoffice', $params = array(), $route = null, $reset = true )
    {
    	$this->_redirect = $this->_helper->getHelper('Redirector');

    	$current_controller = $this->_getParam('controller');
    	$current_action     = $this->_getParam('action');
    	$current_module     = $this->_getParam('module');

    	if (strstr($controller, 'http'))
    	{
    		if (DEBUG && (!$this->_request->isXmlHttpRequest() && !isset($_GET['ajax'])))
    		{
				debug_redirect($controller);
    		}
    		else
    		{
	    		return $this->_redirect($controller, array('code' => 301));
    		}
    	}

    	if (DEBUG && (!$this->_request->isXmlHttpRequest() && !isset($_GET['ajax'])))
    	{
    		if ($route !== null)
    		{
	    		$url = 'http://' . $_SERVER['HTTP_HOST']
	    			   . $this->view->url(array_merge(array('controller' => $controller, 'action' => $action, 'module' => $module), $params), $route, $reset);
    		}
    		else
    		{
    			$url = 'http://' . $_SERVER['HTTP_HOST']
	    			   . $this->view->url(array_merge(array('controller' => $controller, 'action' => $action, 'module' => $module), $params));
    		}
    		debug_redirect($url);
    	}
    	else
    	{
    		if ($route !== null)
    		{
    			$params = array_merge(array('action'     => $action,
								    	    'controller' => $controller,
                                   			'module'     => null), $params);

    			return $this->_redirect->setCode(301)
    			                       ->setExit(true)
    			                       ->gotoRoute($params, $route, $reset);
    		}

	    	return $this->_redirect->setCode(301)
	    				    	   ->setExit(true)
	                      		   ->gotoSimpleAndExit($action,
	                                             	   $controller,
	                                             	   $module,
	                                             	   $params);
    	}
    }

Basically, if you have DEBUG enabled and you are not requesting the page via AJAX (either real AJAX or fake via $_GET of “ajax”) then it will use the debug_redirect function rather than the Zend Redirect. Mind you that when doing Unit Testing, you should *not* have DEBUG enabled or at least not use use this function at all for obvious reasons.

6. ZFDebug

The biggest addition to our debugging arsenal now comes with ZFDebug (which you can download here: http://code.google.com/p/zfdebug/).

ZFDebug is a Symfony like debug toolbar which can be configured very easily and provides handy information’s about your application. You can read more about it on the code.google.com. But in the meantime, let us see how we can include it:

Firsts things are first: Add your ZFDebug in your library folder like this:

/library/Custom
/Library/ZFDebug

In your application.ini, add the following namespace to the autoloader:

...
Autoloadernamespaces[] = "Custom_"
Autoloadernamespaces[] = "ZFDebug_"

Finally, in your Bootstrap.php add the following method:

	...
	#initializses the ZFDebug if DEBUG is ON
	protected function _initZFDebug()
	{
		if (!DEBUG)
		{
			return FALSE;
		}

	    $options = array(
	        'plugins' => array('Variables',
	    					   'ZFDebug_Controller_Plugin_Debug_Plugin_Debug' => array('tab'   => 'Debug',
	    					   													       'panel' => ''),
	    					   'ZFDebug_Controller_Plugin_Debug_Plugin_Auth',
							   'Database',
	                           'Registry',
	                           'Exception')
	    );

	    # Setup the cache plugin
	    if (Zend_Registry::isRegistered('cache'))
	    {
	        $cache = Zend_Registry::get('cache');
	        $options['plugins']['Cache']['backend'] = $cache->getBackend();
	    }

	    # Setup the databases
	    $resource = $this->getPluginResource('multidb');
	    $databases = Zend_Registry::get('config')->resources->multidb;
	    foreach ($databases as $name => $adapter)
	    {
	    	$db_adapter = $resource->getDb($name);
	    	$options['plugins']['Database']['adapter'][$name]= $db_adapter;
	    }

	    # Init the ZF Debug Plugin
	    $debug = new ZFDebug_Controller_Plugin_Debug($options);
	    $this->bootstrap('frontController');
	    $frontController = $this->getResource('frontController');
	    $frontController->registerPlugin($debug);
	}
	...
	

7. Plugins for ZFDebug

We added a custom tab to the ZFDebug. In order to make it work, go to the Debug.php from ZFDebug/Controller/Plugin/

and replace your dispatchLoopShutdown() method with the following:

	/**
     * Defined by Zend_Controller_Plugin_Abstract
     */
    public function dispatchLoopShutdown()
    {
        $html = '';

        if ($this->getRequest()->isXmlHttpRequest())
            return;

        /**
         * Creating menu tab for all registered plugins
         */
        foreach ($this->_plugins as $plugin)
        {
      	  	if (strtolower($plugin->getTab()) == 'debug')
        	{
        		$debug_session = new Zend_Session_Namespace(Custom_Controller_Plugin_Debug::DEBUG_NAMESPACE);
				if (isset($debug_session->debug))
				{
					$plugin->setPanel( $debug_session->debug);
				}
        	}

            $panel = $plugin->getPanel();
            if ($panel == '') {
                continue;
            }

            /* @var $plugin ZFDebug_Controller_Plugin_Debug_Plugin_Interface */
            $html .= '< div id="ZFDebug_' . $plugin->getIdentifier()
                  . '" class="ZFDebug_panel">' . $panel . '< /div>';
        }

        $html .= '< div id="ZFDebug_info">';

        /**
         * Creating panel content for all registered plugins
         */
        foreach ($this->_plugins as $plugin)
        {
            $tab = $plugin->getTab();
            if ($tab == '') {
                continue;
            }
        	if (strtolower($plugin->getTab()) == 'debug' && $plugin->getPanel() != '')
            {
            	$style = 'style="background-color:yellow; font-weight:bold;"';
            	Zend_Session::namespaceUnset(Custom_Controller_Plugin_Debug::DEBUG_NAMESPACE);
            }
            else
            {
            	$style = '';
            }

            /* @var $plugin ZFDebug_Controller_Plugin_Debug_Plugin_Interface */
            $html .= '< span ' .$style .' class="ZFDebug_span clickable" onclick="ZFDebugPanel(\'ZFDebug_' . $plugin->getIdentifier() . '\');">';
            $html .= '< mg src="' . $this->_icon($plugin->getIdentifier()) . '" style="vertical-align:middle" alt="' . $plugin->getIdentifier() . '" title="' . $plugin->getIdentifier() . '" /> ';
            $html .= $tab . '< /span>';
        }

        $html .= '< span class="ZFDebug_span ZFDebug_last clickable" id="ZFDebug_toggler" onclick="ZFDebugSlideBar()">«< /span>';

        $html .= '< /div>';
        $this->_output($html);
    }
	

Go into your /ZFDebug/Controller/Plugin/Debug/Plugin/Auth.php and at replace the getTab() method with the following:

 /**
     * Gets menu tab for the Debugbar
     *
     * @return string
     */
    public function getTab()
    {
    	$username = 'Not Authed';
    	$role = 'Unknown Role';

    	if(!$this->_auth->hasIdentity())
		{
    	    return 'Not authorized';
    	}
    	$identity = $this->_auth->getIdentity();
	    if (is_object($identity))
		{
    		$username = $identity->name;
    	}
    	else
		{
    	    $username = $identity['name'];
    	}

    	return ' ' . $username;
    }

Create a new file called Debug.php in your /ZFDebug/Controller/Plugin/Debug/Plugin/ with the following contents:

class ZFDebug_Controller_Plugin_Debug_Plugin_Debug implements ZFDebug_Controller_Plugin_Debug_Plugin_Interface
{
    /**
     * @var string
     */
    protected $_tab = '';

    /**
     * @var string
     */
    protected $_panel = '';

    /**
     * Contains plugin identifier name
     *
     * @var string
     */
    protected $_identifier = 'text';

    /**
     * Create ZFDebug_Controller_Plugin_Debug_Plugin_Debug
     *
     * @paran array $options
     * @return void
     */
    public function __construct(array $options = array())
    {
        if (isset($options['tab'])) {
            $this->setTab($options['tab']);
        }
        if (isset($options['panel'])) {
            $this->setPanel($options['panel']);
        }
    }

    /**
     * Gets identifier for this plugin
     *
     * @return string
     */
    public function getIdentifier()
    {
        return $this->_identifier;
    }

    /**
     * Sets identifier for this plugin
     *
     * @param string $name
     * @return ZFDebug_Controller_Plugin_Debug_Plugin_Debug Provides a fluent interface
     */
    public function setIdentifier($name)
    {
        $this->_identifier = $name;
        return $this;
    }

    /**
     * Gets menu tab for the Debugbar
     *
     * @return string
     */
    public function getTab()
    {
        return $this->_tab;
    }

    /**
     * Gets content panel for the Debugbar
     *
     * @return string
     */
    public function getPanel()
    {
        return $this->_panel;
    }

    /**
     * Sets tab content
     *
     * @param string $tab
     * @return ZFDebug_Controller_Plugin_Debug_Plugin_Debug Provides a fluent interface
     */
    public function setTab($tab)
    {
        $this->_tab = $tab;
        return $this;
    }

    /**
     * Sets panel content
     *
     * @param string $panel
     * @return ZFDebug_Controller_Plugin_Debug_Plugin_Debug Provides a fluent interface
     */
    public function setPanel($panel)
    {
        $this->_panel = $panel;
        return $this;
    }
}

However, this will not work until we create the debug controller plugin:

Go into your application_root/library/Custom/Controller/Plugin/ and create the file Debug.php with the following contents:

final class Custom_Controller_Plugin_Debug extends Zend_Controller_Plugin_Abstract
{
	const DEBUG_NAMESPACE = 'DEBUG_Plugin';

    public static function debug($object, $label = '')
	{
		if (FALSE === DEBUG)
		{
			return FALSE;
		}

		if (FALSE === Zend_Session::isStarted())
		{
			Zend_Session::start();
		}
		$debug_session = new Zend_Session_Namespace(self::DEBUG_NAMESPACE);

		$debug_backtrace = debug_backtrace();

		if ($object === FALSE) $object = 'FALSE';
		if ($object === TRUE) $object = 'TRUE';

		if ($label == '') $label = 'DEBUG';

	    $debug  = '< div id="debug_wrapper" style="clear: both; text-align: left; width: 98%; margin:10px auto; background: #FFFFD7; border: 1px dotted #008200; font-family: Tahoma;  font-size: 12px;">'; // Start of debug_wrapper
	    $debug .= '< div id="debug_content" style="padding: 10px 10px 0px 10px;">'; 

		$debug .= '< div id="debug_location" style="font-weight: bold; color: #008200; border-bottom: 1px dotted #008200; padding-bottom: 10px;">'; // Start of debug_location
	    $debug .= '< span style="color:#FFF; background-color:green;padding:0px 10px;margin:0px 10px 0px 0px; border:1px solid green; -moz-border-radius: 5px; -webkit-border-radius: 5px;">'.strtoupper($label).'< /span>Debug called from ' . $debug_backtrace[1]['file'] . ' (line ' . $debug_backtrace[1]['line'] . ')';
	    $debug .= '< /div>'; // End of debug_location

	    $debug .= '< pre>';
	    $debug .= print_r($object, true);
	    $debug .= '< /pre>';

	    $debug .= '< /div>'; // End of debug_content
	    $debug .= '< /div>'; // End of debug_wrapper

	    Custom_Controller_Plugin_Debug::logger($object, null);
    	$debug_session->debug = isset($debug_session->debug) ? $debug_session->debug . $debug : $debug;
	}

	public static function logger($message, $type = Zend_Log::INFO, $extras = array())
	{
		if (Zend_Registry::isRegistered('logger') === TRUE && DEBUG === TRUE)
		{
			Zend_Registry::get('logger')->log($message, Zend_Log::INFO, $extras);
		}
	}
}

What does this method exactly do ?

Well, several things:

It provides 2 public static methods that can be called from anywhere in your application to debug or log to firebug a message.

These 2 public static methods are used in Utils.php for an easier way to access them:

debug() runs the Custom_Controller_Plugin_Debug::debug() and logger() runs Custom_Controller_Plugin_Debug::logger()

The debug method itself takes a message and/or an optional label, wraps it nicely in a colored DIV and puts it in the SESSION.

Once the ZFDebug output is shown on the screen, it removes the debug from the SESSION storage.

Why so complicated you may ask? The obvious reason is that, when you are doing redirects or errors happen (and you get redirected to the error controller) you would still want to get your debug information in order to find out what the heck happens. This way, you could go through an unlimited number of redirects and at the end, the debug would just contain your full debug gathered on the way to the render.

Try it our yourself!

8. Error controller

Let’s see now how can our Error Controller be extended to manage more advanced issues.
We want it to display all sorts of errors if we are in DEBUG mode or else, in case of 500 internal server errors, mail us the error stack trace and details.

In your ErrorController.php put the following content:

/**
 * @name ErrorController
 * @desc The controller to serve 404 and 500 errors and debugging stacktrace on DEV ENV
 *           or mail with the stacktrage on 500 errors in anything else than DEV ENV;
 *
 * @author Andrei
 * @filesource application/module_name/controllers/ErrorController.php
 * @version 1.0.0
 */
Class ErrorController extends Frontoffice_Library_Controller_Action_Abstract
{
    private $_notifier;
    private $_error;
    private $_environment;

    public function init()
    {
        parent::init();

        $bootstrap = $this->getInvokeArg('bootstrap');

        $environment = $bootstrap->getEnvironment();
        $error = $this->_getParam('error_handler');
        $mailer = new Zend_Mail();
        $session = new Zend_Session_Namespace();
        $cookies = $_COOKIE;

        $this->_notifier = new Custom_Service_Notifier_Error(
            $environment,
            $error,
            $mailer,
            $session,
            $cookies,
            $_SERVER
        );

        $this->_error = $error;
        $this->_environment = $environment;
   }

    public function errorAction()
    {
        switch ($this->_error->type) {
            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_CONTROLLER:
            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION:
                $this->getResponse()->setHttpResponseCode(404);
                $this->view->message = 'Uh oh, we can\'t seem to find that page you wanted!';
                $this->_applicationError();
                break;

            default:
                $this->getResponse()->setHttpResponseCode(500);
                $this->view->message = 'Looks like something\'s gone wrong! Please refresh the page - if the problem persists please report the error';
                $this->_applicationError();
                break;
        }

        $this->view->headTitle()->prepend(  $this->view->code . ' Error' );
    }

    private function _applicationError()
    {
        $fullMessage = $this->_notifier->getFullErrorMessage();
		$this->view->stack = nl2br($fullMessage);
        $this->_notifier->notify();
    }
}

Go into your application root/library/Custom/Service/Notifier (create it if you don’t have it) and creae a new file called Error.php with the following contents:

Class Custom_Service_Notifier_Error
{
	protected $_environment;
    protected $_mailer;
    protected $_session;
    protected $_cookies;
    protected $_error;
    protected $_profilers;

    public function __construct(
        $environment,
        ArrayObject $error,
        Zend_Mail $mailer,
        Zend_Session_Namespace $session,
        Array $cookies,
        Array $server)
    {
        $this->_environment = $environment;
        $this->_mailer = $mailer;
        $this->_error = $error;
        $this->_session = $session;
        $this->_cookies = $cookies;
        $this->_server = $server;
    }

    public function getFullErrorMessage()
    {
        $message = '';

        if (!empty($this->_server['SERVER_ADDR'])) {
            $message .= "Server IP: " . $this->_server['SERVER_ADDR'] . "\n";
        }

        if (!empty($this->_server['HTTP_USER_AGENT'])) {
            $message .= "User agent: " . $this->_server['HTTP_USER_AGENT'] . "\n";
        }

        if (!empty($this->_server['HTTP_X_REQUESTED_WITH'])) {
            $message .= "Request type: " . $this->_server['HTTP_X_REQUESTED_WITH'] . "\n";
        }

        $message .= "Server time: " . date("Y-m-d H:i:s") . "\n";
        $message .= "RequestURI: " . $this->_error->request->getRequestUri() . "\n";

        if (!empty($this->_server['HTTP_REFERER'])) {
            $message .= "Referer: " . $this->_server['HTTP_REFERER'] . "\n";
        }

        $message .= "Message: " . $this->_error->exception->getMessage() . "\n\n";
        $message .= "Trace:\n" . $this->_error->exception->getTraceAsString() . "\n\n";
        $message .= "Request data: " . var_export($this->_error->request->getParams(), true) . "\n\n";

        $it = $this->_session->getIterator();

        $message .= "Session data:\n\n";
        foreach ($it as $key => $value) {
            $message .= $key . ": " . var_export($value, true) . "\n";
        }
        $message .= "\n";

        $message .= "Cookie data:\n\n";
        foreach ($this->_cookies as $key => $value) {
            $message .= $key . ": " . var_export($value, true) . "\n";
        }
        $message .= "\n";

        return $message;
    }

    public function notify()
    {
        if (!in_array($this->_environment, array('production', 'testing'))) {
            return false;
        }

        $this->_mailer->setFrom('do-not-reply@YUUR_APP_DOMAIN');
        $this->_mailer->setSubject("Exception on Zend Application Implementation");
        $this->_mailer->setBodyText($this->getFullErrorMessage());
        $this->_mailer->addTo('YOUR_SUPPORT_EMAIL_ADDRESS');

        return $this->_mailer->send();
    }
}

9. View Helpers

Here are some view helpers that will aid your development:

Go into your modules/MODULE_NAME/views/helpers and create the following file with the following contents:

//Xml.php
class Zend_View_Helper_ArrayToXml implements Zend_View_Helper_Interface
{
	public $view;

	public function setView(Zend_View_Interface $view)
	{
		$this->view = $view;
	}

	public function direct() {}

    public function arrayToXml($value)
    {
    	$response = $this->_convertValueToXml($value);
    	return $response;
    }

    protected function _convertValueToXml($value)
    {
    	$str = '';
    	if (!is_array($value))
    	{
    		$str .= $value;
    	}
    	else
    	{
    		foreach ($value as $tag => $tag_value)
    		{
    			$str .= '<' . $tag . '>';
    			$str .= $this->_convertValueToXml($tag_value);
    			$str .= '';
    		}
    	}
    	return $str;
    }
}

This helper plugin helps you convert an array to an xml as following:

If you have an array like this :

test => array(test2 => array( test3))

then you the helper would convert it to something like:

< test>< test2>test3< /test2>< /test>

10. Conclusion

The basic module setup and this debugging system should help you manage any application for any difficulty level.
The next tutorial will consist of creating a login page and signup page and protecting them with ReCaptcha.

Until next time,
Happy Coding!

In this first article of the series, we will discuss about the best way (in my oppinion) to structure your Zend Application in order to have maximum flexibility but also a good defined structure of the classes/files.

These are a series of tutorials which are meant to show you or guide you through developing a complex application with Zend Framework 1.10.

The series consists of the following parts:
a) Setting up a module based application
b) Setting up helper plugins, methods & debugging with ZFDebug
c) Setting up a login page and signup page with captcha
d) Setting up OpenID to login/create account
e) Setting up an API to create/login an account
f) Improving performance implementing Zend Cache

2. The WWW-ROOT

The first thing you need to do is get the Zend Library. I used Zend 1.10.4 for this tutorial.

It is security wise to have your public www-root somewhere else than your Zend library/Application files. Thus, I have the following structure for all my applications:

a) Path to the www-root : ex: /var/www/my_zend_example_application/
b) Path to the application: ex: /var/applications/my_zend_example_application/
c) Path to the Zend library: ex: /var/library/Zend/1.10.4/

Based on this list, create an index.php in your www-root folder with the following contents:

/**
 * Put errors on ON for debugging this file
 */
//ini_set('display_errors',1);
//error_reporting(E_ALL ^ E_DEPRECATED);

/*
 * Define the application environment
 */
define('APPLICATION_ENV', 'development');

/*
 * Defines the directory separator for windows or unix env
 */
define('DS', DIRECTORY_SEPARATOR);

/**
 * Define the absolute/relative paths to the library path, the app library path,
 * app path and the database configuration path
 */
define('ZEND_LIBRARY_PATH', realpath('/var/library/Zend/1.10.4'));
define('APPLICATION_PATH', '/var/applications/my_zend_example_application' );
define('APP_LIBRARY_PATH', APPLICATION_PATH . '/library');

$paths = array(
	ZEND_LIBRARY_PATH,
	APP_LIBRARY_PATH,
	get_include_path()
);

/**
 * Set the include paths to point to the new defined paths
 */
set_include_path(implode(PATH_SEPARATOR, $paths));

/** Zend_Application */
require_once 'Zend/Application.php';

// Create application, bootstrap, and run
$application = new Zend_Application(
    APPLICATION_ENV,
    APPLICATION_PATH . DS .  'config' . DS . 'application.ini'
);

//Start
$application->bootstrap();
$application->run();

Also, make sure you have the following .htaccess file in the same place as your index.php (in the www-root):

RewriteEngine On
RewriteRule !.(js|css|ico|gif|jpg|png)$ index.php
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

This custom .htaccess will tell your http server to bypass Zend’s index.php for all requests for static files.

3. The Directory Structure

Once you have the library and the www-root defined, we will start setting up our application. Create the following directory structure in your application path (see above):

• /config/
• /library/
  • /Custom/
    • /Controller/
      • /Action/
        • /Helper/
      • /Plugin/
• /modules/
  • /frontoffice/
    • /controllers/
    • /library/
      • /Controller/
        • /Action/
    • /layouts/
    • /models/
      • /Entities/
      • /Repositories/
    • /views/
      • /scripts/

Perhaps you are a bit confused now with the directory structure. But lets see exactly what happens:

We will have a common library for all our files named “Custom” which you can just reuse in any project you develop. This Custom library will hold some basic files which will be used by all modules. These files will do some auto magical logic to simplify your development.

We also have a module (only 1 for now) which will be defined as the default module. All modules will be found in the “modules” directory. Each module will use its own library. This way, all modules are 100% independent from each other.

The logic is the following:

A module controller extends the module’s library parent controller which also extends the Custom library controller.

Example:

class IndexController extends Frontoffice_Library_Controller_Action_Abstract { ... }

and

abstract class Frontoffice_Library_Controller_Action_Abstract extends Custom_Controller_Action_Abstract { ... }

This way, you can have logic applied to:
a) a particular controller
b) all module controllers
c) all application controllers

4. The Application.ini

Create a file named application.ini in your config folder from your application root with the following contents:

[bootstrap]
	Autoloadernamespaces[] = "Zend_"
	Autoloadernamespaces[] = "Custom_"

	resources.frontController.moduleDirectory = APPLICATION_PATH"/modules"
	resources.frontController.defaultModule = "frontoffice"
	resources.modules[] = ""
	resources.layout.layout = "layout"
	resources.layout.pluginClass = "Custom_Controller_Plugin_ModuleBasedLayout"
	resources.view.encoding = "UTF-8"
	resources.view.basePath = APPLICATION_PATH "/views/"

	bootstrap.path = APPLICATION_PATH "/Bootstrap.php"
	bootstrap.class = "Bootstrap"

	;Database settings
	resources.multidb.front_db.adapter  = "pdo_mysql"
	resources.multidb.front_db.host     = CHANGE_ME
	resources.multidb.front_db.username = CHANGE_ME
	resources.multidb.front_db.password = CHANGE_ME
	resources.multidb.front_db.dbname   = CHANGE_ME
	resources.multidb.front_db.default  = true

[production : bootstrap]

	resources.multidb.front_db.profiler.enabled = false
	resources.multidb.front_db.profiler.class   = "Zend_Db_Profiler_Firebug"

	phpSettings.display_startup_errors = 0
	phpSettings.display_errors         = 0
	settings.debug.enabled             = false

	settings.application.datetime = "Etc/GMT-8"

[qa : production]

	resources.multidb.front_db.profiler.enabled = false
	resources.multidb.front_db.profiler.class   = "Zend_Db_Profiler_Firebug"

	phpSettings.display_startup_errors = 0
	phpSettings.display_errors         = 0
	settings.debug.enabled             = false

	settings.application.datetime = "Etc/GMT-8"

[testing : qa]

	phpSettings.display_startup_errors = 0
	phpSettings.display_errors         = 0
	settings.debug.enabled = false

	settings.application.datetime = "Etc/GMT-8"

	resources.multidb.front_db.profiler.enabled = true
	resources.multidb.front_db.profiler.class   = "Zend_Db_Profiler_Firebug"

[development : testing]

	phpSettings.display_startup_errors = 1
	phpSettings.display_errors         = 1

	settings.application.datetime = "Europe/Bucharest"

	resources.multidb.front_db.profiler.enabled = true
	resources.multidb.front_db.profiler.class   = "Zend_Db_Profiler_Firebug"

The Database connection string is a global environment parameter (the host/dbname/user/password) which are constants defined in a separate DB.php file included from the index.php but is not in the scope of the article.

DEPRECATED: Moreover, we tell Zend to allow us to access our modules library via namespaces like “Frontoffice_Cool_Class”.

5. The Bootstrap.php and its module childs

In your application root, create a file called Bootstrap.php with the following contents:

class Bootstrap extends Zend_Application_Bootstrap_Bootstrap
{
	#stores a copy of the config object in the Registry for future references
	#!IMPORTANT: Must be runed before any other inits
	protected function _initConfig()
    {
    	Zend_Registry::set('config', new Zend_Config($this->getOptions()));
    }

	#Initializes the default timezone for the php ENV
	protected function _initDate()
    {
    	date_default_timezone_set(Zend_Registry::get('config')->settings
    														  ->application
    														  ->datetime);
    }

    #stores a copy of all the database adapters in the Registry for future references
	protected function _initDatabases()
    {
		$this->bootstrap('multidb');
		$resource = $this->getPluginResource('multidb');
    	$databases = Zend_Registry::get('config')->resources->multidb;
	    foreach ($databases as $name => $adapter)
	    {
	    	$db_adapter = $resource->getDb($name);
	    	Zend_Registry::set($name, $db_adapter);
	    }
    }
}

In your /modules/frontoffice/ create also a Bootstrap.php like this:

class Frontoffice_Bootstrap extends Zend_Application_Module_Bootstrap
{
        protected function _initLibraryAutoloader()
	{
		return $this->getResourceLoader()
					->addResourceType('library',
							 	   'library',
								   'library');
	}
}

You may ask yourself why have an empty module bootstrap (not empty anymore but the logic still remains) or if you will ever put code in your Module Bootstrap file:

The answer is no. Currently, Zend Framework loads ALL your bootstrap files, regardless of the module you are in. It is a complicated issue but in the end, it really doesn’t matter if you have code in your main bootstrap class or your module bootstrap class (actually, your module bootstrap class doesn’t have access to all items your main bootstrap class has). Moreover, for example, if you ignore the fact that zend loads all your bootstrap files, you might end up like me, having routes defined per module and then realizing that your routes for module A are being activated from module B resulting in a epic scale disaster .

It is true you can just put something like “if module name is “frontoffice” then run this bootstrap method else don’t” but what if you change the module name? It is an issue that I fixed having NO code in the module bootstrap class.

6. The Controller Plugins

In order to have a 100% no-dependency between modules (well 99% since modules are linked to the Custom library in the end – but you can just remove that link in less than 1 minute) you will need to have an individual module error controller and layouts path/files.

In order to do this, you will need to create the following 2 classes:

In your Application Root, in the /library/Custom/Controller/Plugin/ create the following file, ModuleBasedLayout.php with the following contents:

class Custom_Controller_Plugin_ModuleBasedLayout
	extends Zend_Layout_Controller_Plugin_Layout
{
	public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
		$this->getLayout()->setLayoutPath(
			Zend_Registry::get('config')->resources->frontController->moduleDirectory
			. DS . $request->getModuleName() . DS . 'layouts' );
    }
}

It is very important, in order for this to work to NOT initialize your Layout Plugin in the bootstrap file rather then in your application.ini or else, your layout object won’tbe available and thus, will fail with a fatal error.

7. The Base Controller, the Module Base Controller and the Base Controller Action “Helper”

So, now we have almost everything ready. Let’s create our first controller: The IndexController.

In your application root, in the /modules/frontoffice/controllers create your IndexController.php file with the following contents:

class IndexController extends Frontoffice_Library_Controller_Action_Abstract
{
	public function indexAction()
	{
	}
}

Also, lets create the ErrorController also:

Class ErrorController extends Frontoffice_Library_Controller_Action_Abstract
{
	public function errorAction()
    {
		$error = $this->_getParam('error_handler');
        switch ($error->type) {
            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_CONTROLLER:
            case Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ACTION:
                $this->getResponse()->setHttpResponseCode(404);
                $this->view->message = 'Uh oh, we can\'t seem to find that page you wanted!';
                $this->view->stack_trace = $this->_getFullErrorMessage($error);
				$this->view->code = 404;
                break;

            default:
                $this->getResponse()->setHttpResponseCode(500);
                $this->view->message = 'Looks like something\'s gone wrong! Please refresh the page - if the problem persists please report the error';
                $this->view->stack_trace = $this->_getFullErrorMessage($error);
				$this->view->code = 500;
                break;
        }

        $this->view->headTitle()->prepend( $this->view->code .  ' Error' );
    }

	protected function _getFullErrorMessage($error)
    {
		if (APPLICATION_ENV != 'development')
		{
			return '';
		}

        $message = '';

        if (!empty($_SERVER['SERVER_ADDR'])) {
            $message .= "Server IP: " . $_SERVER['SERVER_ADDR'] . "\n";
        }

        if (!empty($_SERVER['HTTP_USER_AGENT'])) {
            $message .= "User agent: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
        }

        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH'])) {
            $message .= "Request type: " . $_SERVER['HTTP_X_REQUESTED_WITH'] . "\n";
        }

        $message .= "Server time: " . date("Y-m-d H:i:s") . "\n";
        $message .= "RequestURI: " . $error->request->getRequestUri() . "\n";

        if (!empty($_SERVER['HTTP_REFERER'])) {
            $message .= "Referer: " . $_SERVER['HTTP_REFERER'] . "\n";
        }

        $message .= "Message: " . $error->exception->getMessage() . "\n\n";
        $message .= "Trace:\n" . $error->exception->getTraceAsString() . "\n\n";
        $message .= "Request data: " . var_export($error->request->getParams(), true) . "\n\n";

        $it = $_SESSION;

        $message .= "Session data:\n\n";
        foreach ($it as $key => $value) {
            $message .= $key . ": " . var_export($value, true) . "\n";
        }
        $message .= "\n";

        $message .= "Cookie data:\n\n";
        foreach ($_COOKIES as $key => $value) {
            $message .= $key . ": " . var_export($value, true) . "\n";
        }
        $message .= "\n";

        return '< pre>' . $message . '< / pre>';
    }
}

This error controller will basically allow you see a simple nice looking error message in your live/production environment but in development, lets you see full information about your active session (or the users one).

This can be extended to mail you the error details, get database query profiles and so on and so on.

Now, that we have these controllers, lets see what do they extend: The Module Base Controller:

In your application root, in the modules/frontoffice/library/Controller/Action/ create a file called Abstract.php with the following contents:

abstract class Frontoffice_Library_Controller_Action_Abstract
	extends Custom_Controller_Action_Abstract
{
	public function init()
	{
		$this->_initView();
	}

	/**
	 * Before dispatching the requested controller/action
	 * check to see if teh request is an AJAX request (via XMLHTTPREQUEST or $_GET['ajax']
	 *
	 * If it is an ajax request, remove the layout
	 *
	 * If it is not, setup the FlashMessenger
	 */
	public function preDispatch()
	{
		//if  its an AJAX request stop here - can be simulated via ?ajax GET parameter sent in the request
		if ($this->_request->isXmlHttpRequest() || isset($_GET['ajax']))
		{
			Zend_Controller_Action_HelperBroker::removeHelper('Layout');
		}

		if (!$this->getRequest()->isXmlHttpRequest())
		{
			$messages = array();
			$messages['error']   = $this->_helper->FlashMessenger->setNamespace('error')->getMessages();
			$messages['success'] = $this->_helper->FlashMessenger->setNamespace('success')->getMessages();
			$this->view->messages = $messages;
		}

		//Sets the base url to the javascripts of the application
		$script = '
			var base_url = "' . $this->view->baseUrl() . '";
		';
		$this->view->headScript()->prependScript($script, $type = 'text/javascript', $attrs = array());
	}

    protected function _initView()
    {
    	$view = new Custom_Controller_Action_Helper_View($this->view);
		$this->view = $view->init();
    }
}

The Init View method instantiates and runs the following class/object:

In your application root, /library/Custom/Controller/Action/Helper create a View.php with the following contents:

class Custom_Controller_Action_Helper_View
{
	public $view;

	public function __construct($view)
	{
		$this->view = $view;
	}

	public function init()
	{
    	// set encoding and doctype
		$this->view->setEncoding('UTF-8');

		$this->view->doctype('XHTML1_STRICT');

		// set the content type and language
		$this->view->headMeta()
			       ->appendHttpEquiv('Content-Type', 'text/html; charset=UTF-8');

		$this->view->headMeta()
				   ->appendHttpEquiv('Content-Language', 'en-US');

		// setting the site in the title
		$this->view->headTitle('My Cool Application');
		//	setting a separator string for segments:
		$this->view->headTitle()->setSeparator(' - ');

		return $this->view;
	}
}

Lastly, lets see the Global Base Controller. In your application root, in /library/Custom/Controller/Action/ create a file called Abstract.php with the following contents:

abstract class Custom_Controller_Action_Abstract extends Zend_Controller_Action
{
	/**
	 * Helper method to redirect to a specific action or controller from a
	 * specific module, via a specified route(or not) with specified parameters
	 *
	 * @param string $controller / $url which contains http in its composition
	 * @param string $action
	 * @param string $module
	 * @param array  $params
	 * @param string $route
	 * @param boolean $reset
	 */
	public function redirect($controller = 'index', $action = 'index', $module = 'frontoffice', $params = array(), $route = null, $reset = true )
    {
        $this->_redirect = $this->_helper->getHelper('Redirector');

    	$current_controller = $this->_getParam('controller');
    	$current_action     = $this->_getParam('action');
    	$current_module     = $this->_getParam('module');

    	if ($current_controller == $controller &&
    		$current_action == $action &&
    		$current_module == $module)
    	{
    		return TRUE;
    	}

    	if (strstr($controller, 'http'))
    	{
    		return $this->_redirect($controller, array('code' => 301));
    	}

    	if ($route !== null)
    	{
    		$params = array_merge(array('action'     => $action,
							    	    'controller' => $controller,
                               			'module'     => null), $params);

    		return $this->_redirect->setCode(301)
    		                       ->setExit(true)
    		                       ->gotoRoute($params, $route, $reset);
    	}

	    return $this->_redirect->setCode(301)
	    			    	   ->setExit(true)
	                   		   ->gotoSimpleAndExit($action,
	                                           	   $controller,
	                                           	   $module,
	                                           	   $params);
    }
}

You can use the method “redirect” anywhere in your controller to redirect either to a module/controller/action with params and with a route or without a route OR to a certain url :

Example:

...
return $this->redirect('http://google.com');

or

return $this->redirect('controller', 'action', 'module', arrary('param1' => 'value'), 'my-cool-route');

8. The Layout & Views

The last thing before testing that everything works is to create a view and layout for your applicatio module:

Create in your application root /modules/frontoffice/layouts a file called layout.phtml with the following contents:

< ? php echo $this->doctype(); ? >
< html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
< head>
	< ? php echo $this->headMeta(); ?>
	< ? php echo $this->headTitle(); ?>
	< ? php echo $this->headStyle(); ?>
	< ? php echo $this->headLink(); ?>
	< script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js">
	< ? php echo $this->headScript(); ?>

< body>
	< div class="container">
	< ? php echo $this -> layout () -> content; ?>
	< /div>
< /body>
< /html>

Create in your application root /modules/frontoffice/views/scripts/index a file called index.phtml with the following contents:

Hello Frontoffice Index Controller World!

Now you can test your application by going to your www-root.

9. Module Models

Create in your application root /modules/frontoffice/models/Entities/ a file called Test.php – singular since it is an entity of the Test object – with the following contents:

class Frontoffice_Model_Entities_Test
	//extends Zend_Db_Table_Abstract
{
	public function test($message)
	{
		return 'Hello ' . $message;
	}
}

Create in your application root /modules/frontoffice/models/Repositories/ a file called Tests.php – plural since its a repository of the Tests object – with the following contents:

class Frontoffice_Model_Repositories_Tests
{
	public function test($message)
	{
		if (TRUE === empty($message))
		{
			throw new Zend_Exception('Invalid Message Provided to the Test Object');
		}

		$test_entity = new Frontoffice_Model_Entities_Test();
		return $test_entity->test($message);
	}
}

Now in your IndexController use the following code to test your model:

...
$tests_repository = new Frontoffice_Model_Repositories_Tests();
$this->view->message = $tests_repository->test('Andrew');

In your index.phtml use the following code to display your Model result:

...
echo $this->message;

If everything is setup correctly, you should see a message like “Hello Andrew” on your screen.

10. Adding more modules

The basic ideea of adding more modules to the application at this point is by adding 1 directory per module in your application root, in the /modules directory, using the same directory structure as the frontoffice module but with the following mandatory rule:

All modules that are NOT your default module, need to have the following namespace in their controllers: Modulename_ControllerName

Example: For an Admin module, you would have Admin_IndexController, Admin_UsersController and so on.

DEPRECATED: You will need to have a library for each module, in your library folder, just like the Frontoffice library and that is about it.

11. Conclusion

This basic setup should get you started in our tutorials series with our complex application.
Next tutorial will consist of adding a complex debugging tool via ZFDebug customized + other helper methods.

You can download the example application here.

See you next time!

Web application security issues

The major issues with security within web application are the following:

• Cross-site Scripting (see Wikipedia – Cross-site scripting )
• Unvalidated parameters
• Broken access control
• Error-handling problems
• Insecure use of cryptography
• Web and application server misconfiguration
• Broken account and session management

While all are major issues, there is one particular issue that bugged me for some time. The Identity theft – Broken account and session management issue.

Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application? I know it its rather impossible to make this 100% hack-proof but I strongly believe that the system should be improved as much as possible.

In the following few lines, I will show you how you can just do that.

Our goal

Our goal is to implement a Zend Auth extension that adds a new level of security to the previously mentioned class.

This extension – let’s call it Project_Application_Auth – would check the Zend Auth storage for the IP and/or User Agent.

In order to do so, these should be set in the login process in the storage.

If the IP is different then the initial IP from the login process and / or the User Agent is not the same as the initial User Agent from the login process, then our extension would tell us that it is not a secure identity (aka it is safe to assume it has been stolen) and thus we should disconnect the user.

Reasons to use these methods

I came up with this idea since I asked myself: Is there really a case where i would actually end up with the same session ID but different IP or different browser?

The answer is: yes. There is a chance with the first-one-mentioned. If i have a dynamic IP, this could change without me knowing, which would result in me being unauthenticated.

But the fact is, this happens rarely (even if you IP changes, it won’t change more then once per week, right?).

You might ask why should the extension that I am about to show you, check the IP also when we can just check the User Agent (since this definitely cannot be the same on a different IP since the session id cookie would exist in only one browser, not any other ).

The answer is: because any hacker that stole your identity might just use the same browser as you did and thus bypass our checks completely.

And as a final reason, yes, if the hacker has the same IP as yours, steals your identity (session cookie id) and uses the same browser, then he will bypass the system. But hey, at least we can make it harder for him!

The Project Application Auth extension

The following class should go into your /path/to/the/project/……./library/Project/Application/Auth.php

class Project_Application_Auth extends Zend_Auth
{
    /**
     * Singleton instance
     *
     * @var Project_Application_Auth
     */
    protected static $_instance = null;

    /**
     * Defines how much time to wait until
     * to reinitialize the session id
     */
    protected static $_session_exp_time = 5;

    /**
     * Defines if to validate a secure identity
     */
    protected static $_secure = TRUE;

    /**
     * Defines secure identity check level
     *
     * 1 - Check only IP
     * 2 - Check only UserAgent
     * 3 - Check IP & UserAgent
     */
    protected static $_secure_level = 3;

    /**
     * Returns an instance of Project_Application_Auth
     *
     * Singleton pattern implementation
     *
     * @return Project_Application_Auth Provides a fluent interface
     */
    public static function getInstance()
    {
        if (null === self::$_instance) {
            self::$_instance = new self();
        }

        return self::$_instance;
    }

    /**
     * Sets wheter the method @see hasSecureIdentity
     * to work or not. If set to FALSE then this extension will work
     * as the normal Zend_Auth class
     *
     * @param boolean true
     */
    public function setSecure($status = TRUE)
    {
    	if ($status === TRUE)
    	{
    		self::$_secure = TRUE;
    	}

    	if ($status === FALSE)
    	{
    		self::$_secure = FALSE;
    	}

    	return TRUE;
    }

    /**
     * Sets the level of security for the @see hasSecureIdentity method
     *
     * @param integer $level (can be 1 or 2 or 3)
     */
	public function setSecureLevel($level)
    {
    	if (in_array($level, array(1, 2, 3)))
    	{
    		self::$_secure_level = $level;
    	}

    	return TRUE;
    }

    /**
     * Returns true if and only if an identity is not stolen
     *
     * Checks if IP and/or User Agent (@see $_secure_level)
     * match the initial authentication data
     *
     * @return boolean
     */
    public function hasSecureIdentity()
    {
    	if (self::$_secure === FALSE)
    	{
    		return TRUE;
    	}

    	if (FALSE == $this->getStorage()->isEmpty())
    	{
	    	$storage = $this->getStorage()->read();

	    	if (self::$_secure_level == 3)
	    	{
		    	return $storage->ip == $_SERVER['REMOTE_ADDR']
		    		&& $storage->user_agent == $_SERVER['HTTP_USER_AGENT'];
	    	}
	    	elseif (self::$_secure_level == 2)
	    	{
	    		return $storage->user_agent == $_SERVER['HTTP_USER_AGENT'];
	    	}
	    	elseif (self::$_secure_level == 1)
	    	{
	    		return $storage->ip == $_SERVER['REMOTE_ADDR'];
	    	}
	    	else
	    	{
	    		return FALSE;
	    	}
    	}
    	else
    	{
    		return FALSE;
    	}
    }

    /**
     * If the Zend Auth Storage
     * has been initialized and is a Session Storage
     * and the last time it has been reinitialized is bigger then
     * the @see $session_exp_time then reinitialize the session id
     *
     * @return boolean
     */
    public function reinitSecurity()
    {
    	if (isset($_SESSION['Zend_Auth']))
    	{
	   		$zend_auth_session_namespace = new Zend_Session_Namespace('Zend_Auth');
			if (!isset($zend_auth_session_namespace->initialized)
				|| $zend_auth_session_namespace->initialized + self::$session_exp_time < time() ) {
				Zend_Session::regenerateId();
				$zend_auth_session_namespace->initialized = time();
			}
    	}

    	return TRUE;
    }
}

Now, let’s stop for a second and understand what all these spooky lines do:
First of all, the extension implements the singleton pattern. Then, we got 3 properties:

The first one -is_secure – allows us to turn on and off the whole class, leaving us with the usual Zend Auth system.

The second one, secure level, defines what to check for: either just IP or just User Agent or both.

The third one, session_exp_time defines when to reinitialize the Zend Auth Session Storage Id (aka PHPSESSID id) if the method reinitSecurity is called.

How to use the class

In your base controller – let’s call it Project_Application_Controller (which all controllers should extend) – you should have the following code :

abstract Class Project_Application_Controller extends Zend_Controller_Action
    /**
     * Initialize the application controller
     */
	public function init()
	{
		parent::init();
		$this->_initSession();
		debug($_SESSION);
	}

	/**
	 * Inits the User Session
	 * and refresh the session id
	 */
	protected function _initSession()
	{
		Project_Application_Auth::getInstance()->reinitSecurity();
	}

This basically just allows us to run the method reinitSecurity with each run of the application, while still allowing us to initialize the whole Front Controller.

Now, in your preDispatch() method you might have something like this:

if ( FALSE === Project_Application_Auth::getInstance()->hasIdentity() { //do stuff here } else { //other stuff here }

This basically just checks if the user has been authenticated previously. Exactly underneath this, add the following code:

if ( FALSE === Project_Application_Auth::getInstance()->hasSecureIdentity()
    && 'users' !== $this->getRequest()->getControllerName()
    && 'login' !== $this->getRequest()->getActionName()
    && 'error' !== $this->getRequest()->getControllerName())
{
    Zend_Auth::getInstance()->clearIdentity();
    // redirect to login page
}

I am assuming that you have a controller named users with an action login into it (change as you wish).

Lastly, in your in your login process, wherever you are running your Zend_Auth authenticate() method, add the following code :

$auth = Project_Application_Auth::getInstance();

$result = $auth->authenticate($authAdapter);

if ($result->isValid())
{
    $storage = $authAdapter->getResultRowObject();
    $storage->ip = $_SERVER['REMOTE_ADDR'];
    $storage->user_agent = $_SERVER['HTTP_USER_AGENT'];

    $storage = $auth->getStorage()->write($storage);
    return TRUE;
}
else
{
    return FALSE;
}

This will put your user object in your Zend Auth Storage along side the IP and User Agent.

Conclusion

Hope you liked it. I am very interested in hearing your thoughts about this system so you’re invited to leave your comments below and I will respond as quick as possible.

See you!

The Application Controller

In order to have our application clean constructed, all our controllers will extend one Application Controller (I named it Project_Application_Controller ).

Like this:

//This class goes into a folder like
//root/library/Project/Application/Controller.php
//where root is your application root.

abstract Class Project_Application_Controller extends Zend_Controller_Action
{
//code goes here
}

and

Class IndexController extends Project_Application_Controller
{
//code goes here
}

Why is this good? Because you can now add any method you want to be widely available to all controllers, which we are about to use.

The AJAX Request

In your Project Application Controller add the following code:

protected $_ajax_view = 'ajax.phtml';
//Thanks Andrei Simion for giving me this ideea

public function preDispatch()
{
    //if  its an AJAX request stop here
    if ($this->_request->isXmlHttpRequest() || isset($_GET['ajax']))
    {
        Zend_Controller_Action_HelperBroker::removeHelper('Layout');
	$this->getHelper('ViewRenderer')->setNoRender();
	return TRUE;
    }
}

public function postDispatch()
{
    if ($this->_request->isXmlHttpRequest() || isset($_GET['ajax']))
    {
        $this->renderScript( $this->_getAjaxView() );
    }

    return TRUE;
}

protected function _setAjaxView($view)
{
    $this->_ajax_view = $view;
    return TRUE;
}
protected function _getAjaxView()
{
    return $this->_ajax_view;
}

Basically what we are doing here is to have 1 setter and 1 getter for the ajax view. If Zend determines that the current request is an AJAX request (or the parameter ‘ajax’ from the GET params exists) it will not render the layout at all and it will render an ajax view as determined by you. You can have one ajax view by default and then add more views per your needs.

Then all you have to do in order to use this system is to call the functions as this:

//Controller code is here
$this->view->message = json_encode('my_cool_data');

//View code here from root/layouts/ajax.phtml
echo $this->message;

//Or if you want to have a custom ajax view
$this->_setAjaxView('my_cool_ajax_view.phtml');
$this->view->other_message = array('test');

//and in your root/layouts/my_cool_ajax_view.phtml
if ( TRUE === is_array($this->other_message))
{
    echo 'it is array';
}
else
{
    echo 'it is not an array';
}

Hope you liked it!

Implement a Rest API with the Zend Framework

Implement a Rest API with the Zend Framework is a great article posted on the “Realm of Zod” blog by Brandon, which shows you how to build your own Rest Server and Rest Client with Zend Framework. It gives you all the details required to get you started on the RESTful path of WebServices.

Font type tester (includes font-face tests for CSS3)

Typetester – Compare fonts for the screen is a very very useful site for both designers and developers who want to give a nice artistic touch to their website without having to research countless hours for an appropriate font that might work or not for their needs.

960 Grid System – CSS Framework

960.gs is the leading CSS framework on the market. Even if you don’t like to use CSS Frameworks or didn’t know they existed, 960gs will provide you with core elements that will help you speed up your design2html process. For all of you who didn’t try it yet, you should definitely give it a shot. You won’t regret it.

High Resolution Bokeh Texture

High Resolution Bokeh Texture is part of the freebies category. It includes a pack of bokeh textures to share & use in your design projects. The package contains 5 textures with high resolution (240 dpi) 3456 x 2304.

Out of focus 30 free bokeh textures

Out of focus 30 free bokeh textures is part of the freebies category again, this time with more textures for your design needs. The package contains 30 textures for your free use.

Getting Started with XSL(T)

Getting Started with XSL(T) is the final interesting link of the month. It is an article written by Chad Hietala for Net Tuts Plus where he explains how to get started with the XLS(T) which is an alternative to the HTML design we all have used so far. If you are curios why even bother looking this up, you might need to know that Blizzard World of Warcraft armory is purely made on XLS(T)

If you haven’t already started using Zend_Cache, you should definitely try it out. There is no need to explain the benefits of using it but these include an increased page load speed since the requests are balanced for all page views. If you wish to find out more about Zend_Cache, you can go to the manual and read more there since the Zend team provides excellent documentation.

However, sometimes, the backends (File, SQLite, memcache, apc) provided by Zend are not enough to satisfy our needs.
In my case, I wanted to use Zend_Cache, but did not have at my disposal any type of backend that the Cache object supported. So I decided to write my own.

Thus, I have created the adapter MyApp_Cache_Backend_PDOMysql which is a backend for Zend_Cache. It does exactly what SQLite does and has some improvements over it: it is highly customizable via the constructor. You are not required to have a certain table called somehow you do not like and your table structure can be however you wanted it to be, keeping in mind you need the following in order for it to work:

• A text column where the serialized cache will be stored
• A 32 char column where the signature of the cache will be stored
• An integer column, unsigned, where the expiry time stamp will be held

Theory of Operation

The Cache object, when initialized and started, checks to see if the current request signature (page load, method load, function load or any other) exists in the backend, in our case if it exists in the cache table. If it does exist and it is not expired, it fetches & deserializeses the data column of that row and the requested method / page now holds this data, instead of querying / fetching the data from the server again.

If the signature does not exist in the Database or it has expired, it simply deletes it, waits for the method / page to load, serializes the response and saves it in the cache for later use.

The PDOMysql adapter only sets up the option it needs to have in order to load and save cached data from the Mysql database.

Using the PDOMysql adapter

Once you have the database table setup, you can start using it as following:

a) Put the class file inside your Application/library/path/MyApp/Cache/Backend/PDOMysql.php file (or change the class name to reflect your directory structure)

b) Put the following code in your initCache(){ … } method from your bootstrap file:

//...
//Front End options go here, see documentation for more information about this

//Example FrontEnd Option:
$frontend= array(
		    'lifetime' => 3600,  //nb seconds to hold the cache
		    'automatic_serialization' => true
	    );

$backend = new MyApp_Cache_Backend_PDOMysql(
    array(
        'table_name' => 'My_Cache_Table_Name',
        'signature_column' => 'My_Signature_Column',
        'data_column' => 'My_Data_Column',
        'expiry_column' => 'My_Expiry_Column'
    )
);

$cache = Zend_Cache::factory(
        	'core',
   	        $backend,
        	$frontend,
        	array()
	    );
 Zend_Registry::set('cache',$cache);

//Other code you may have
//...

Note: i have added all the options to the constructor even though you may not pass them at all since you can just use the defaults (cache/signature/expiry/data)

Once you have these things done, you can just get the cache object from the registry wherever you want, before running a method which you want to get it from cache, (ex: $cache = Zend_Registry::get(‘cache’); ) and then just run

• $cache->load( md5($method.serialize($params)) ); – to test & load a cached data object
• $cache->save($data, md5($method.serialize($params)) ); – to save a cached data object

Download & Conclusion

You can download the class file here .

This Class does only what it was meant to do (what I need it to do) so if you have any ideas of how to improve it or perhaps just thoughts/suggestions of what you might want it to do in order to help you, please comment below and I will do my best to update the package so that everybody can benefit out of it.

Why use Unit Testing

However, all that changed when I developed a very big application. From a points on, bugs started rolling out from everywhere. And while I was fixing them, almost every time I added a new feature, something else broke in the application. Before you start shouting that I just did a bad job at coding the whole application, I want to tell you that I DO agree with you from the start. But on a large scale application, you can easily start adding bugs without even knowing, and sometimes even while following best practices so this doesn’t change the fact that all those bugs could have been so easily spotted while developing (fixing bugs while writing the code is always MUCH faster then fixing them after a release). From that moment on I asked myself if I should use Unit Testing in the future. So I started reading about SimpleTest and PHPUnit .

In not to many words, I choose to use Unit Testing from now on because of the simple common myth that I realized is fake: You spend much more time writing in a TTD way than you would do otherwise. This myth assumes that, if you write tests for your application, you will ultimately write the code 2 times thus you spend 2 x more time coding. This is NOT true. You don’t write the code 2 times and you don’t spend 2 x more time writing the tests + application. Here is why.

You can run tests with the actual application files, and just validate the outcome. Once the test is passed, you already have written your application test file. All you have to do to achieve this is to make sure your application files use a Test Environment with fake data you can control. This changes everything since, once you have written the test and it passes, you are done with that feature. No more things to do, no more coding. You are completely done!

Also, I choose SimpleTest because it has a web based interface and you only need to copy paste its core files in order to install it (and of course because I was unable to make PHPUnit work with WAMP).

Disclaimer: I have used SimpleTest before for 1 day and i liked it. I am an amateur in terms of Unit Testing, so i would appreciate any tips or feedback you may leave in the comments below

Setting up SimpleTest

In order to write tests you will need 2 things: a working ZF project and the SimpleTest library. Once you have downloaded SimpleTest, move it in your public root directory of your ZF project like this:

Inside the simpletest directory, you should have the contents of the SimpleTest library.

Once you have done that, create a directory named tests in the same place as the SimpleTest library. Inside of it, create two files named Bootstrap.php and Index.php. Also create 1 directory named “Models” like this:

Now, go to the index.php file and add the following piece of code

< h1 >Tests to run
< br />
< h3 >Models
< ul >
< ? php
$dirHandle = opendir('Models/');

while (false !== ($file = readdir($dirHandle))) {
    if ($file != '.' && $file != '..')
    {
    	echo '< li >< a href="Models/'.$file.'">'. $file . '< /a >< /li >';
    }
}
?>

This basically will just show us when navigating to the tests directory, each individual test case we have coded.

Now if you go view you project in your browser and navigate to the tests directory (ex: http://localhost/myZfproject/tests/) you should see an almost empty file (except for a h1 and h2)

Setting up a Bootstrap File

In your bootstrap.php file (this file is different then your ZF project bootstrap file) add the following lines of code:

< ?php
ini_set('display_errors',1);
error_reporting(E_ALL ^ E_DEPRECATED);

define('DS',DIRECTORY_SEPARATOR);
define('LIBRARY_PATH',realpath(dirname(__FILE__)
	. DS . '..'
	. DS . '..'
	. DS . '..'
	. DS . 'library'
	. DS . '1.10')
);
define('APPLICATION_PATH',realpath(dirname(__FILE__)
	. DS . '..'
	. DS . '..'
	. DS . '..'
	. DS . 'MyProj' )
);
define('APPLICATION_ENV','testing');

$paths = array(
	LIBRARY_PATH,
	APP_LIBRARY_PATH,
	get_include_path()
);

set_include_path(implode(PATH_SEPARATOR, $paths));

/** Zend_Loader */
require_once 'Zend/Loader/Autoloader.php';
$autoloader = Zend_Loader_Autoloader::getInstance();

// Custom functions to help development
require_once (
	dirname(dirname(APPLICATION_PATH))
	. DS . 'configs'
	. DS . 'MyProj'
	. DS . 'db.php' );

$config = new Zend_Config_Ini(
	dirname(dirname(APPLICATION_PATH))
	. DS . 'configs'
	. DS . 'MyProj'
	. DS . 'application.ini',
	APPLICATION_ENV );

$dbAdapter = Zend_Db::factory($config->resources->db);
Zend_Db_Table_Abstract::setDefaultAdapter($dbAdapter);

//Tests start here
require_once('../../simpletest/autorun.php');

Notice that I set error reporting NOT to show me deprecated errors (since SimpleTest is using some old functions that PHP considers deprecated).
In the bootstrap file we have just configured where the Zend Libary is located, where our application is located and what environment to use for testing.

We also loaded the autoloader since we want Zend to load classes for us automatically. We also setup how to connect to the database (based on the environment above selected).

The last thing I did was that I loaded the autorun library of SimpleTest, which allows me to run the actual test cases I will write.

Nothing fancy so far, but lets see the next step…

Writing your first test

I’ll assume you have a model named User.php . Based on this, create a file named User.php in your tests/Models directory, with the following contents

< ?php
require_once '../Bootstrap.php';
require_once '/var/www/applications/MyProj/models/Db/User.php';

class TestDefault_Model_Db_User extends UnitTestCase
{
	public function Test_getUserId()
	{
		$user = new Default_Model_Db_User();
		$this->assertEqual($user->getUserId('andrei'), 5);

//We know that the user with the username 'andrei' has the id 5
//We know this because the TESTING database contains this row
	}
}
?>

With this simple piece of code, all I’ve done is to include the bootstrap file that assures the test will run and included the actual model i have in the ZF Project.

Then, I just created a test class (it is mandatory it starts with Test) and I have ran a simple assertion to check that the method getUserId will return the correct id based on an username. Simple right?

Now, if I want to add a new feature to the getUserId method, I just edit my application model and run the test again. If it fails, its clear I added a feature with at least one bug that I need to fix.

Running your first test

To run a test, simply call your test case file from the browser and watch the awesomeness happen on the screen . (ex: http://localhost/myZfProject/tests/Models/User.php )

From here to…

Of course, now you can add more test cases (or even test suites) and also extend the functionality to basically test anything you want. Yes, even controllers, plugins, helpers and so on and forth! All you have to do is make sure you develop your code in TTD manner and make sure you don’t use global variables at all (or use them as little as possible) but that is another story, for another blog post. If you want to learn more about a specific issue in TTD, you can check this video out .

Let the tests begin!

Application folders & the public files

First of all, you will need to download the Zend Framework. You can download it from the Zend site here. In this tutorial, i will work with the 1.9.6 version of the framework.

We will now create our directory structure for the framework.

• Create a folder in /var/www/public_html/uploadify/ named public.
• Create two folders in /var/www/ named application and library.
• Inside the library folder, create a new folder named 1.9.6. Inside this folder, add your Zend library folder, so you would have /var/www/library/1.9.6/Zend.

In your public folder add a file named index.php with the following contents:

define('DS',DIRECTORY_SEPARATOR);

/**
* If you followed the tutorial example paths then the following paths
* would be like : /var/www/public_html/uploadify/../../
*/
define('LIBRARY_PATH',
	realpath(dirname(__FILE__) .
	'..' . DS . '..' . DS .
	'library' . DS . '1.9.6')
);
define('APPLICATION_PATH',
	realpath(dirname(__FILE__) .
	'..' . DS . '..' . DS .
	'application' ));

define('APPLICATION_ENV','production');

$paths = array(
	LIBRARY_PATH,
	get_include_path()
);

set_include_path(implode(PATH_SEPARATOR, $paths));

/** Zend_Application */
require_once 'Zend/Application.php';

$application = new Zend_Application(
	APPLICATION_ENV,
	APPLICATION_PATH . '/configs/application.ini'
);
$application->bootstrap();
$application->run();

Add a new file called .htaccess here with the following contents:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

Create a folder named scripts and a folder named images. Inside the scripts put the jQuery library, the jQuery.uploadify.v2.1.0.min.js, the swfobject.js and create a new file named scripts.js.

Inside the scripts.js add the following lines.

$(document).ready(function() {
	$('#upload_container').uploadify({
		'uploader' : uploadify_swf_file,
		'script'   : upload_php_file,
		'folder'   : upload_folder,
		'cancelImg': upload_cancel_img,
		'auto'     : true
	});
});

Inside the public folder put the uploadify.swf .

Inside the images folder put the cancel.png .

Now you are done with the public folder. On to the application..

The application config

The config file ( /configs/application.ini ) can have the default values.

[production]
phpSettings.display_startup_errors = 0
phpSettings.display_errors = 0

bootstrap.path = APPLICATION_PATH "/Bootstrap.php";
bootstrap.class = "Bootstrap";

resources.frontController.controllerDirectory = APPLICATION_PATH
"/controllers";

resources.layout.layout = "layout";
resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts";

resources.view.encoding = "UTF-8";
resources.view.basePath = APPLICATION_PATH "/views/";

[testing : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1

[development : production]
phpSettings.display_startup_errors = 1
phpSettings.display_errors = 1

The application controller

Create a new file in your controllers folder named UploadifyController.php with the following contents:

/**
 * @name UploadifyController
 * @desc The controller to serve the main page for our upload example.
 *
 * @author Andrei
 * @filesource application/controllers/UploadifyController.php
 * @version 1.0.0
 */

Class UploadifyController extends Zend_Controller_Action
{

	public function indexAction(){}

	public function uploadAction()
	{
		if (! empty ( $_FILES ))
		{
			$tempFile = $_FILES ['Filedata'] ['tmp_name'];
			$targetFile = APPLICATION_PATH . DS . 'uploads'
			. DS . $_FILES ['Filedata'] ['name'];

			move_uploaded_file ( $tempFile, $targetFile );
			echo "1";
		}
		else
		{
			echo 'No files sent';
		}
	}
}

Create a folder in your APPLICATION_PATH named uploads and make it writable by PHP (ex: chmod 0777).

What have we done so far?
Now, we basically have an application that displays a nice empty page with the uploadify script included, have all the JS code in external files and JS variables that contain dynamic data (aka PHP variables) in our main layout.

The application views

Make sure you have the folder uploadify in your /views/scripts/ folder and inside it the files index.phtml and upload.phtml .

Inside the index.phtml make sure you have the following line somewhere (where you want to have the uploadify generated) :

< div id = "upload_container" >< /div >

Inside your layout.phtml make sure you have the following code (stripped so it can be displayed properly):

< script
	type="text/javascript"
	src="< ?php
		echo $this->baseUrl('/js/swfobject.js');
		?>">

< script
	type="text/javascript"
	src="< ?php
		echo $this->baseUrl('/js/jquery.uploadify.v2.1.0.min.js');
		?>">

< script type="text/javascript">
	var uploadify_swf_file = '
		< ?php
			echo $this->baseUrl(
				'/uploadify_files/uploadify.swf'
			);
		?>
	';
	var upload_php_file    = '
		< ?php
			echo $this->url(
					array(
						'controller' => 'uploadify',
						'action' => 'upload'
					)
			);
		?>
	';
	var upload_folder      = '
		< ?php
			echo $this->baseUrl(
				'/uploads/'
			);
		?>';
	var upload_cancel_img  = '
		< ?php
			echo $this->baseUrl(
				'/uploadify_files/cancel.png'
			);
		?>';
< /script>
< script
	type="text/javascript"
	src="< ?php echo $this->baseUrl('/js/script.js'); ?>">

Conclusion

Now, everything should work. If you browse your application at example.com/uploadify/ you should see the uploadify button here.

If you have any problems implementing the tutorial, feel free to contact me via comments below and I’ll try to help you fix them.

1. Creating a basic NuSoap client

First of all, lets create our workspace.

Create a folder named NuSoap_Sample. Inside of it put your copy of nusoap.php (download link here)

Create a file in your favorite PHP editor named myClient.php inside the “NuSoap_Sample” folder . Add the following lines inside of it:

<?php

class SampleObject {

public $name = '';

}

require_once('nusoap.php');
$wsdl = 'My Sample WSDL';
$client = new nusoap_client($wsdl , true);
$proxy   = $client->getProxy();

$obj = new SampleObject;
$obj->name = 'Andrew';

$result = $proxy->whatIsMyName($obj);
echo "<pre>";
print_r($result);
echo "</pre>";

?>

Ok so lets talk about what this script does:

1. We include the nusoap library
2. We assign the WSDL URL to the variable $wsdl (you need to get this from your service provider. An example is here)
3. We make a new NuSoap client with the $wsdl file from above.
4. In order for our script to work on all environments, we force it to use a proxy via the getProxy method.
5. We want to send an object via the Web Service so we create a new object of our SampleObject and set our name to the $name attribute of this object.
6. Lastly, we make the request and print our the result (in a pretty string)




This is very nice but…Lets see the downside of this example: If we want to send a complex object via the Web Service, we need to provide each parent attribute with a child class and create an object of each one. This will lead to a lot of files and a lot of code to be written.  Furthermore, we need these classes defined which again puts us in trouble if we don’t know these and thus we cannot code them.

Can there be no other way to resolve this?!

2. Getting our hands dirty



Let’s imagine a hypothetical case where we want to make a service that sends SOAP requests via a request from a user. Lets focus on this and explain in more detail what we want to achieve:  We want ANY user to be able to make requests without us caring about what the content is or where the user wants to send his request.

This being said, the above example would obviously fail since we won’t know what classes to define or what objects to create. Also, we won’t know what attributes to assign to each class/object. We might as well ask each client to wait 24 hours and start adding their classes in a file and then when they want to modify, they need to contact us via mail or phone and we can change their class files. Or wait…

Lets assume we present the user a form where they can input the WSDL address and method to use in the Web Service, and allow them to add any number of fields for the request. So we would have something like this:

$wsdl = 'user_inputed_WSDL';
$method = 'user_inputed_METHOD';
$params  = array('field1 => 'value1', 'field2' => 'value2');

We would now need to make a new object of the $method string. We would need to have a class named as $method says so, and that class to have attributes as $params says. Furthermore, if the service provider wants us to send complex data, and we need to encode the field1 and field2 into a <paramaters> tag then we are really in a bad situation.

But what happens if we do the following?

(to fulfill both of the cases explained above, we will assume we have a $encode variable with the value set by the user (example ‘<parameters>’ and we want our parameters to be wrapped in this variable) :

<?php

$wsdl = 'user_inputed_WSDL';
$method = 'user_inputed_METHOD';
$params = array('field1 => 'value1', 'field2' => 'value2');
$encode = '<parameters>';

require_once('nusoap.php');
$client = new nusoap_client($wsdl , true);
$proxy   = $client->getProxy();

$params = !empty($encode) ? array( $encode => $params); : $params;

$obj = (object) $params;

$result = $proxy->$method($obj);
echo "<pre>";
print_r($result);
echo "</pre>";

?>

Wow! It sent our request exactly how we want it! Field1 and field2 were encoded in a <parameters> tag and the script did not fail since we did not create a new object.

Let me explain what we did here:

1. We setup our known parameters (the WSDL url, the method to use, the parameters to send and the encode tag to use.
2. We make a new NuSoap client based on the WSDL provided
3. We setup or parameters to become a nested array where the primary key is the encoded tag and its value are the fields we want to send (if we have an encode parameter)
4. We fake create an object based on the resulting $params array.
5. We make the request via the method provided sending our fake object to the service provider.

3. Conclusion



Although the service providers usually expect an object to be sent via their Web Services, remember that the definition of Web Service tells us that the server needs not to care about the programming language the requests are coming from and needs to respond in the same manner (thus the hard to understand XML RPC system). What does this mean? It means that, if we send a request that contains an object then the whole system will work. It DOESN’T matter how we accomplish this as long as the request is good. If we want to send arrays or pure objects, its on our side to care not on the Web Service server side.
So from writing TONS of complex code just to make an ordinary request to a web service provider, you can now just use this method in an easier way  (arrays are the good thing our programming heaven gave us) and much easier to debug.

Now go and test it yourself and try to variate your tests in order to fully understand the system.

]]> http://phpdev.ro/sending-complex-unknown-object-types-via-webservices-in-nusoap.html/feed 2