katsande.com

From CMStr.com there's a new tutorial showing you how to set up Joomla manually just in case something happens with the install and you need to change things yourself.

Why would I want to do a manual install when my web host has this Fantastico thingy that will install Joomla for me? Good question. [...] If you are building websites for a living, and or plan on using Joomla a lot, then you really need to start doing your own installs. [...] If you are an experienced parachute jumper, you would pack your own chute right? This is no different.

Screenshots are included to help make the process easier as they walk you through setting up the basics like language settings and database information. They also touch on the FTP setting (off for security) and removing the admin user's information to help make things a bit more secure. It's not a comprehensive list of the things you'd need to do to get it 100% configured for just what you need, but it's a start.

On Kavoir.com there's a new post that reminds you that hashing isn't enough anymore to protect your users and their passwords. They offer a suggestion or two of what you can do to help lock things down a bit more.

The common practice is to hash the user password and store the hash string of the password in the database. When the user tries to log in and supplies his password, it is used to generate a hash string to be compared to the one stored in the database. [...] This approach may be secure in the 70s of the last century, but barely any more.

Computing has evolved enough to where hashed can be matched, sometimes in less than two or three minutes. Their answer to the problem? Generate a random salt each time you create the hash with a constant being used as a base. A code snippet calling a user-defined function and the sha1 function are included.

Brandon Savage has posted his own response to the "don't be afraid of the upgrade" thread that's been going around concerning updating to PHP 5.3. He takes a different approach to the matter, though - one of a bit more caution.

When it comes to open source projects endorsing PHP 5.3 as their one and only PHP platform, I encourage caution. When it comes to open source projects that use PHP, there are three main issues that I believe should be considered before making the leap to PHP 5.3 (or any new release of any new software).

He sees three considerations projects and companies should consider before making the upgrade on their servers - the amount of control you have over the environment, deciding if the upgrade is worth possible backwards compatibility breaks and how much support you want to still provide for the pre-5.3 version(s).

New on the PHPClasses.org blog there's an article on neural networks written up by Louis Stowasser looking specifically at creating a neural mesh with PHP.

Neural networks are a relatively new technology that aims to reverse engineer the functionality of the brain within a mathematics model. This may sound daunting and complex but the underlying concepts are very simple and Neural Mesh does the hard work for you. In a Web environment NNs (neural networks) are considered too slow and complex to warrant effort on what might even be a trivial task. To solve this, Neural Mesh has been heavily optimized. It uses caching to speed up running and training of networks.

He explains what a neural network is on a base level and talks about it's ability to learn from the training its given (supervised or unsupervised). He also talks about how the networks can be useful and how to use the framework (found here) to create a simple network.

A new tutorial has been posted to the Zend Developer Zone today looking at making scalable vector graphics with PHP and the hep of one of two charting packages - ezcGraph or SVGGraph (examples are provided for both).

Programmatically generating graphs and charts using SVG requires a deep understanding of the SVG specification and the various SVG primitives, as well as a fair amount of time for research, experimentation and debugging. Or, in other words, that's your entire weekend shot! Fortunately, help is at hand. There are a number of open-source PHP libraries that support SVG chart generation, and using them can significantly reduce the amount of work involved in adding this feature to a Web application.

He shows how to create simple images like bar, line and pie charts as well as adding in other things like a legend, custom titles and a sample where the user can define the sizes of a pie chart via some form input fields. Screenshots are included for all code examples to give you a better idea of the end result.

On the php|architect site there's a recent post that splits apart the singletons versus static methods debate that seems to com up every once and a while with a better suggestion - dependency injection.

Much more important than performance is the fact that both static methods and singletons suffer from major drawbacks. When it comes to deciding between the two, you might forgo the benchmark comparison and choose the third-party candidate: dependency injection.

He mentions the "dark side" of both static methods and singletons and how dependency injection can help rid your code of both. Instead of focusing just on the benchmark numbers, DI helps you keep your code more well-structured and "smarter" by scoping things to where they need to be and making them easier to test.

On DZone.com today there's a new interview by Lyndsey Clevesy with Jason Gilmore looking at the Zend Framework and some of the general things to expect in coming versions.

This week's DZone Refcard is about Getting Started with the Zend Framework. The card introduces you to the basics of the Zend Framework and sets you on the path to creating your first project. I met the author, Jason Gilmore, to find out more about the topic.

They talk about some of what the framework currently has to offer developers, what kind of involvement he's had with it, who it supports as far as advanced PHP features and what's to come in version 2.0. The Zend Framework RefCard mentioned can be viewed or downloaded here - a six-page quick reference for some of the more common Zend Framework tasks.

Latest PECL Releases:

• WinCache 1.1.0
• timezonedb 2010.5

Alvaro Videla has submitted a new post he's written up combining PHP and Erlang yet again, but this time he's using it to just store key/value pairs rather than for session data.

In this post I want to show you some of the neat things that can be done with the PHP-Erlang Bridge extension: A Key Value Store. Erlang comes packed with a Key Value store in the form of the ETS module. This is database is pretty fast and efficient for storing the Erlang terms in memory.

He tried a proof of concept to see how well the system would respond and was able to push over 150k items into the storage in one second. Sample code and instructions on getting the bridge working are included in the post.

On the Template Monster blog there's a recent post looking at some of the upcoming features in WordPress 3.0 that many WordPress site owners have eagerly been waiting for.

Alright bloggers, web surfers and simple web enthusiasts, we've got some fascinating news for you all. Yes, Internet community can't stop buzzing about the forthcoming release of the new version of #1 blogging software '" WordPress 3.0. [...] The official release is scheduled for May 2010 but now we have opportunity to mark the major advantages that this release will bring.

They list a few of the major enhancements that'll happen in the new release including:

• a built-in multi-user option
• custom post types
• a new default design/theme
• and changes related to security concerns

You can find out more about this upcoming release from this post to the man WordPress blog.

Job postings for the past week:

• Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)
• Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

A fun bit of trivia for the Joomla users out there from Brian Teeman's blog today - why the default user ID is 62 and how it could effect your site's security.

Andrew attempted to give the most complete answer but the truth is the answer is lost in the dim and distant past. There is nothing you can do about it. On every install a superadmin user is created with username "admin" and userid "62".

Since this is a common "feature" of the older Joomla installs, it could potentially be used in a sort of attack on the site. Fortunately, as of the Joomla 1.6 release, the installation allows you to select a username of your own (while still suggesting "admin") with a new change to the user's ID - 42 instead of 61.

Brian Swan has a new post today looking at one way you can protect your web application from potential attack - preventing SQL injection by filtering input.

How to prevent SQL injection in PHP scripts is probably a topic that doesn't need anything more written about it. [...] However, it is important to have fresh information for new Web developers and I don't necessarily agree with some of the most common suggestions for preventing SQL injection. [...] So, this will be yet another post about preventing SQL injection, but I will offer my 2 cents about what I think is the right way to prevent it.

He explains SQL injections for those that are unsure on the concept with a basic form example and what he thinks is a better way to prevent it than just trying to escape the SQL - bound parameters. These allow you to both filter and protect your application from any would-be attacks that might come your way. He is, of course, using SQL Server so the parameter binding is included in the database functionality. Other databases might have to use something like PDO to accomplish the same kind of thing.

Continuing on from his previous articles on working with REST in Zend Framework applications (and making the endpoints for a web service) Matthew Weier O'Phinney has a new tutorial with the next logical step in the series, automatically responding to different content types in your application based on the content-type the client sends.

There's no reason you can't re-use your RESTful web service to support multiple formats. Zend Framework and PHP have plenty of tools to assist you in responding to different format requests, so don't limit yourself. With a small amount of work, you can make your controllers format agnostic, and ensure that you respond appropriately to different requests.

He talks about concerns you'll have to worry about when developing your service - grabbing teh raw input instead of the POST values (since most requests will be rawly POSTed) and what to pass that message to to decode it properly. In his example the Zend_Json and Zend_Config_Xml components make it simpler to handle the info and some code to get the results back into your script.

There's also some code for the other side of things - building the response and pushing it out to the correct views depending on the request content type, action and information.

Don Raman has a new post to his IIS blog today with a quick bit of information that Joomla users could use to get better performance with WinCache, integrated directly into the CMS's caching system.

Now that we have WINCACHE 1.1 Beta released which has got implementation for both user and session cache, one can easily take advantage of WINCACHE user cache and increase performance of Joomla. In this post I am going to tell you steps to use WINCACHE user cache with Joomla.

There's a class you'll need to copy and paste to create a new Joomla caching component, but after that it's as easy as having the WinCache tool installed and changing your configuration options to use the new wincache connector class for the CMS's caching.

Here's a direct link to grab this latest version of WinCache since it only works with version 1.1.0 and higher - WinCache.zip.

On the Zend Developer Zone there's a new tutorial for those using the Zend Framework (and more specifically the Zend_Auth component) on a way that you can prevent identity theft in validating your users.

As I am building my applications, I always try to improve the code I write in some way. Today I thought about the security issues of any PHP application that uses an authenticating system. [...] There is one particular issue that bugged me for some time. The Identity theft - Broken account and session management issue. Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application?

He shares a class he's developed as a guideline to help your application automatically test to ensure that the information being given by the user is valid. It checks a security level and validates against the user agent and remote IP of the user to ensure they match. These two criteria might not always be the best choices, but it gives you a push in the right direction.

Code is also included to show how to integrate it into your Zend Framework application by loading it into your base controller and using the "hasIdentity" and "hasSecureIdentity" methods to check the user's credentials.

From CatsWhoCode.com there's a new tutorial looking at some of the basics of using CouchDB with PHP (the popular NoSQL database). They don't cover the install of CouchDB, so you'll need to have that up and running to follow along.

Have you ever dreamt about a powerful database that you can access easily, without using the SQL language? That what Apache CouchDB is all about. In this tutorial, I'm going to show you how to get started with this document-riented database and how you can use it with PHP.

They briefly cover what CouchDB (and NoSQL databases) are and how their records are stored - document based rather than row/column based like standard RDBMS. They use the PHPillow library to connect to their database and include the code to do an insert and pull that same data back out.

The PHP.net site has posted the release announcement for the latest PHP version in the PHP 5.3.x series - 5.3.2:

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. [...] For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.

Security/bug fixes included in this release take care of things like:

• Safe_mode validation inside tempnam
• A possible open_basedir/safe_mode bypass in sessions
• Added support for SHA-256 and SHA-512 to php's crypt.
• Fixed a bug in the garbage collector that could cause a crash
• Crashing when using ldap_next_reference

For more information on the release and what was fixed see the Changelog. You can download this release immediately - source code or Windows package.

Popular posts from PHPDeveloper.org for the past week:

• Doru Moisa's Blog: Static call versus Singleton call in PHP
• php|architect: TEK-X Webcast Series
• Lukas Smith's Blog: Stop building gold on top of crap
• Lorna Mitchell's Blog: Simple Database Patching Strategy
• Nefarious Designs Blog: Website builds using Make
• LifeHacker.com: Synchronize Google Voice with Your GPS Location
• DevSnippets.com: Getting Started with CodeIgniter and How to Create All Those Great Apps
• Joomla Blog: Joomla Performance Basics
• PHP.net: PHP 5.2.13 Released!
• Brian Swan's Blog: How to Run PHP in Windows Azure

Jeremy Cook has put together a quick guide for something that can be tricky when using PDO in PHP - handling binary data in the return from your queries.

I like the fact that if I needed to use MS SQL Server, Oracle or any of the other big RDBMS's I could use the same PDO syntax to access them rather than learning a new database access library. However, there do seem to be some bugs in PDO according to what I've read on the web. While I haven't encountered most of them and can't comment on them I'd like to write about one that I ran into the other day and how I worked around it.

He was storing images in the database and pushing the information into the database was working fine. When he tried to pull the contents back out, however, the information wasn't being handled correctly (according to the example in the PHP manual) because of a differing return value for the fetch call - sometimes it's a string but, in this case, it's binary data so it needs to just be passed on through.