The PHP TestFest is on!

The PHP Usergroup Köln/Bonn will be taking part in the PHP TestFest!

At our monthly meeting on May 2nd 2008, I will present an introduction on how you can assist the PHP development community by writing PHPT tests.

They're two little extension for very distinctive purposes. VLD is a tool for hard core PHP hackers that want to figure out what is going on in PHP's engine. This would be an extremely useful tool for students that want to work on the Google Summer of Code project to implement and finish "Ilia's" Optimizer.

The translit extension focuses on transliterating scripts into different representations. It contains many filters for different tasks. For example the "normalize_numbers" filter can convert "１２３４５６７８９０" into "1234567890" with the following script:

<?php $input = "１２３４５６７８９０"; var_dump(transliterate( $input, array('normalize_numbers'), 'utf-8', 'ascii')); ?>

But many other filters exist, such as converting Chinese text (大平矿难死者增至66人) to pinyin (dapingkuangnansǐzhezengzhi66ren) or stripping out accents (á -> a )and converting ligatures (© -> (c), æ -> ae) etc. The translit extension is also used on this website to create "nice" urls with the following code:

$blurp['url'] = transliterate($blurp['title'], array( 'cyrillic_transliterate', 'lowercase_latin', 'normalize_ligature', 'diacritical_remove', 'normalize_punctuation', 'remove_punctuation', 'spaces_to_underscore', 'compact_underscores'), 'utf8', 'us-ascii');

Both extensions are available through PECL and installable like:

pecl install vld pecl install translit

Anyone who gets me liquored up knows that I’m not a fan of Wordpress. I think it’s great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don’t believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption. From the WP blog:

Salted passwords — we now use the phpass library to stretch and salt all passwords stored in the database, which makes brute-forcing them impractical. If you use something like mod_auth_mysql we’ve created a plugin that will allow you to use legacy MD5 hashing. (The hashing is completely pluggable.) Users will automatically switch to the more secure passwords next time they log in.

Secure cookies — cookies are now encrypted based on the protocol described in this PDF paper. which is something like user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key, which you can define in your config.

These are good steps, and while I think they took way too long to happen, I’m glad they finally did. I do still feel that WP suffers from an architecture that makes it too easy to make input filtering mistakes, and I would strongly recommend a tool like WPIDS for all self-hosting Wordpress users.

At 1:30pm EST today, I am giving my much-anticipated talk on Using Open Source Projects for Personal Profit at the first annual HabariCon, which is a celebration of uniting the user and developer communities in friendship and collaboration. I am expecting 80-120 people to show up for my talk, which focuses on how you can contribute a bit of code early on in an open source project's life and claim to be a valuable member of the committer society, thus increasing your overall karma in the open source community and landing you a higher-paying job. It's must-see learning for anyone interested in the economics of Cabal-coding. See you there!

Feel free to join the Habari Cabal and others on Freenode #habari and learn invaluable tips from some of the best open source community leaders in the world!

Welcome to The ZendCon Sessions. This episode of The ZendCon Sessions was recorded live at ZendCon 2007 in Burlingame, CA. We hope you enjoy today’s session as we listen to Brian DeShong present “The Grown-Up Company’s Guide to Development”.

I'm in the process of creating (or at least, thinking of creating) an XMLRPC interface to an existing (third party) application at work.

As with 'normal' web applications, I need to use HTTP sessions to support some form of persistence (e.g. to tell who a callee is) across requests.

My fictional API would ideally look something like the following :

Where getStuff() may return different stuff based on who the user is authenticated as.

Searching the web seemed to produce a total lack of relevant results (the only hits I did find were examples of people using Http Authentication, but this isn't sufficient for me) and I was beginning to wonder if XMLRPC (or REST or SOAP) support cookies (and thereby Http sessions) (as my initial quick demos with the Zend Framework didn't work).

Anyway, using the Zend_XmlRpc libraries it is possible.... In the below code, there is a single "server" script which exposes a single function 'increment' which should increment a number which is stored in the $_SESSION variable each time it's called.

server.php :

The client connects to the server (change the URL as appropriate for you) and calls the 'increment' method 10 times.

client.php:

Which gives :

The important bits are the lines involving the Zend_Http_Client, and the turning on of the cookie jar.

Annoyingly, I haven't found any good articles suggesting why I should use Soap or XmlRpc or REST (or something else). I think I'll stick with XmlRpc (possibly out of ignorance).

April Fools` has just now swept over the Eastern coast of North America and already hoaxes and jokes are spread thick and heavy across the web. Of course, it makes sense that European websites are already posting April Fools' jokes, but I'm not sure if what seems early to me is just an indication that people are thinking more globally or if the competition in jokes means that people want to get an early start.

I just chatted with Manuel Lemos of phpclasses.org fame.  He’s recently launched a new PHP professionals center aimed at matching up PHP developers with people looking for specific skills.  The premise is simple - sign up, add your skill history (easier to do than I’ve seen with other systems) and you’re done.  The idea is that employers will search for, say, PHP developers with at least 2 years with Symfony and 4 years of Javascript.  This is still a new service and Manuel is looking for feedback to improve the service.  My only real suggestion for the service right now is to add more non-PHP technologies in the list to give employers a way to search for, for example, people with 3 years of PHP and at least 2 years of .NET, or ColdFusion, or whatever.  Already sent that feedback to Manuel directly, but maybe that’ll give you some ideas as well.

Check out the service at http://phpclasses.org/professionals

I just chatted with Manuel Lemos of phpclasses.org fame.  He’s recently launched a new PHP professionals center aimed at matching up PHP developers with people looking for specific skills.  The premise is simple - sign up, add your skill history (easier to do than I’ve seen with other systems) and you’re done.  The idea is that employers will search for, say, PHP developers with at least 2 years with Symfony and 4 years of Javascript.  This is still a new service and Manuel is looking for feedback to improve the service.  My only real suggestion for the service right now is to add more non-PHP technologies in the list to give employers a way to search for, for example, people with 3 years of PHP and at least 2 years of .NET, or ColdFusion, or whatever.  Already sent that feedback to Manuel directly, but maybe that’ll give you some ideas as well.

Check out the service at http://phpclasses.org/professionals

Since I posted my Zend_Log_Writer_Mail proposal and asked for feedback on fw-core, it’s gotten a bit of traction in the comments.

Perhaps it will be officially reviewed and placed into the incubator before php|tek 2008 in May because it’s part of my “Robust Batch Processing with PHP” talk.

Special thanks to Thomas Fritz, Lars Strojny, Tomas Markauskas, Apaella, and Vincent de Lau for the feedback and “+1″s thus far.

Yesterday, php.net announced TestFest 2008!

The PHP-QA team would like to announce the TestFest for the month of May 2008. The TestFest is an event that aims at improving the code coverage of the test suite for the PHP language itself. As part of this event, local User Groups (UG) are invited to join the TestFest. These UGs can meet physically or come together virtually. The point however is that people network to learn together. Aside from being an opportunity for all of you to make friends with like minded people in your (virtual) community, it also will hopefully reduce the work load for the PHP.net mentors.

All it takes is someone to organize a UG to spearhead the event and to get others involved in writing phpt tests. The submissions will then be reviewed by members of php.net before getting included in the official test suite. Please visit the TestFest homepage to get additional details on the TestFest on how to get involved, either as a UG or by setting up the necessary infrastructure.

Atlanta PHP will be taking part in TestFest 2008! As a preview for our May 1st meeting, we will have a workshop format catering to two different groups of developers. For beginning PHP developers, we will help you get started developing PHP applications by helping to set up your environment and teaching a few of the basics. For intermediate-to-advanced developers, we will discuss how you can assist the PHP development community by writing phpt tests. More details to come in the future.

Tell your PHP user group organizer about TestFest 2008 and get your members started writing PHP tests today!

When it comes to playing nice with data in different formats, PHP’s pedigree is hard to beat. Not only does the language make it a breeze to deal with SQL resultsets and XML files, but it comes with extensions to deal with formats as diverse as Ogg/Vorbis audio files, ZIP archives and EXIF headers. So it should come as no surprise that PHP can also read and write Microsoft Excel spreadsheets, albeit with a little help from PEAR. In this article, I’ll introduce you to two packages that make it surprisingly easy to hook your PHP scripts up to a Microsoft Excel spreadsheet and extract the data contained therein. I’ll also show you how to dynamically create a new spreadsheet from scratch, complete with formulae and formatting, and import data from a spreadsheet into a database. So come on it, and let’s get started!

You may have been in holidays in the past two weeks and have missed that PHP is again part of the Google Summer of Code . Check out our wiki, the PHP ideas page contains some good ideas. If you are a student, we’d welcome your application!

(You can join us on #php.pecl on EFNet, on our Internals mailing lists or in Freenode’s #gsoc for more general question about the eligibility, application, etc.)

I’ve updated the source and it now includes friendly variable/function creation so they are easier to read than pure random data. Thanks to Agente Naranja for the suggestion! I’ve fixed plenty of bugs and included many customisation options, each site using should change the configuration of the CAPTCHA to make it easy or harder to solve depending on the technical skill of the visitor. Enjoy!

Codetcha demo

Codetcha source

At our giftsforengineers.com site, we use ZenCart for the front end, but 100% of our backend was written by me. In the course of working through some personnel changes here, it's forced me to take on additional responsibilities which have also caused me to take a closer look at my own code. The majority of my code was written some 6 years ago, with some additional modules added on as needed as the years went by. It's clear to me that our whole system could use some major reworking, if not a complete rewrite.

I know how I personally tackle a project like this but I am looking for helpful resources and some different perspectives before I jump in. I considered purchasing Martin Fowler's "Refactoring" book, and I already have "Code Complete" -- but I'm really looking for new-ish articles from other people. I think my database is fine, so I don't see this as an issue... what I'm really looking for are good articles on refactoring code. I've googled and found a few things, but I'd like to get an opinion from the peanut gallery. Feel free to comment here, or you can send me a tweet to @ElizabethN.