PHP 5 CMS Framework Development potx

PHP 5 CMS

Framework Development

Second Edition

Expert insight and practical guidance to create

an efficient, flexible, and robust web-oriented

PHP 5 framework

Martin Brampton

BIRMINGHAM - MUMBAI

Download from Wow! eBook <www.wowebook.com>

PHP 5 CMS Framework Development

Second Edition

Copyright © 2010 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval

system, or transmitted in any form or by any means, without the prior written

permission of the publisher, except in the case of brief quotations embedded in

critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy

of the information presented. However, the information contained in this book

is sold without warranty, either express or implied. Neither the author nor Packt

Publishing, and its dealers and distributors will be held liable for any damages

caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the

companies and products mentioned in this book by the appropriate use of capitals.

However, Packt Publishing cannot guarantee the accuracy of this information.

First published: October 2007

Second Edition: August 2010

Production Reference: 1120810

Published by Packt Publishing Ltd.

32 Lincoln Road

Olton

Birmingham, B27 6PA, UK.

ISBN 978-1-849511-34-6

www.packtpub.com

Cover Image by Vinayak Chittar ([email protected])

Credits

Author

Martin Brampton

Reviewers

Deepak Vohra

Hari K.T

Martien de Jong

Acquisition Editor

Douglas Paterson

Development Editor

Swapna V. Verlekar

Technical Editor

Smita Solanki

Indexer

Hemangini Bari

Editorial Team Leader

Aanchal Kumar

Project Team Leader

Priya Mukherji

Project Coordinator

Prasad Rai

Proofreader

Aaron Nash

Production Coordinator

Shantanu Zagade

Cover Work

Shantanu Zagade

About the Author

Martin Brampton is now primarily a software developer and writer, but he

started out studying mathematics at Cambridge University. He then spent a number

of years helping to create the so-called legacy, which remained in use far longer than

he ever expected. He worked on a variety of major systems in areas like banking and

insurance, spiced with occasional forays into technical areas such as cargo ship hull

design and natural gas pipeline telemetry.

After a decade of heading IT for an accountancy firm, a few years as a director

of a leading analyst firm, and an MA degree in Modern European Philosophy,

Martin finally returned to his interest in software, but this time transformed into

web applications. He found PHP5, which fits well with his prejudice in favor of

programming languages that are interpreted and strongly object oriented.

Utilizing PHP, Martin took on development of useful extensions for the Mambo (and

now also Joomla!) systems, and then became leader of the team developing Mambo

itself. More recently, he has written a complete, new generation CMS named Aliro,

many aspects of which are described in this book. He has also created a common API

to enable add-on applications to be written with a single code base for Aliro, Joomla!

(1.0 and 1.5), and Mambo.

All in all, Martin is now interested in many aspects of web development and hosting;

he consequently has little spare time. But his focus remains on object-oriented

software with a web slant, much of which is open source. He runs Black Sheep

Research, which provides software, speaking and writing services, and also

manages web servers for himself and his clients.

Acknowledgement

In some ways it is difficult for me to know who should be given credit for the

valuable work that made this book possible. It is one of the strengths of the open

source movement that good designs and good code take on a life of their own. Aliro,

the CMS framework from which all the examples are taken, has benefited from work

done by the many skilled developers who built the feature rich Mambo system.

Some ideas have been inspired by other contemporary open source systems. And,

of course, Aliro includes in their entirety the fruits of some open source projects,

as is generally encouraged by the open source principle. My work would not have

been possible had it not been able to build on the creations of others. Apart from

remarking on those important antecedents, I would also like to thank my wife and

family for their forbearance, even if they do sometimes ask whether I will ever get

away from a computer screen.

About the Reviewers

Deepak Vohra is a consultant and a principal member of the NuBean.com

software company. Deepak is a Sun Certified Java Programmer and Web Component

Developer, and has worked in the fields of XML and Java programming and J2EE for

over five years. Deepak is the co-author of the Apress book Pro XML Development

with Java Technology and was the technical reviewer for the O'Reilly book

WebLogic: The Definitive Guide. Deepak was also the technical reviewer for the

Course Technology PTR book Ruby Programming for the Absolute Beginner, and the

technical editor for the Manning Publications book Prototype and Scriptaculous in

Action. Deepak is also the author of the Packt Publishing book JDBC 4.0 and Oracle

JDeveloper for J2EE Development, and Processing XML documents with Oracle

JDeveloper 11g.

Hari K. T completed his B.Tech course in Information Technology from Calicut

University in the year 2007. He is an open source lover (LAMP on his head), and

attendee of bar-camp kerala and different tech groups. When he was in the fourth

semester (around 2005) searching for GNU/Linux he saw the blog of an Electrical

student Dileep. From there onwards he started his own research in the web, started

blogging at http://ijust4u.blogspot.com/ (some were his stupid thoughts :) ).

After completing his B.Tech he managed to get a job of his interest as a PHP

Developer. In due course, he recognized the benefits of frameworks, ORM,

and so on and he contributed his experience to others by starting a sample blog

tutorial with zend framework for the PHP community. You can see the post at

www.harikt.com and download the code from github. Worked on different open

source projects such as os-commerce, drupal, and so on. Anybody interested in

building your next web project can get in touch with him through e-mail, twitter,

LinkedIn, or through www.harikt.com. For a more detailed information about

Hari K. T, you can visit www.harikt.com, LinkedIn, Twitter, and so on.

First of all I would like to thank the entire Packt Publishing team

for giving me an opportunity to get involved in this book and also

for giving me various other books for reviewing. It's always great

pleasure to see our friends and family supporting us immensely. The

Internet and technologies have changed me a lot ;-). Thanks to all

who have supported me and still supporting me.

Martien de Jong is a creative, young developer who loves to learn. He has built

and helps build many web applications. Even though he is still young, Martin has

many years of experience as he started programming at a very young age.

His main employer of interest at the moment is iDiDiD, a social network

(www.ididid.eu) focusing on events and sharing experiences. He has developed

many of the core parts of the website.

I want to thank Martin for letting me read and use his work.

Table of Contents

Preface 1

Chapter 1: CMS Architecture 11

The idea of a CMS 11

Critical CMS features 14

Desirable CMS features 16

System management 17

Technology for CMS building 19

Leveraging PHP5 19

Some PHP policies 20

Globalness in PHP 22

Classes and objects 24

Objects, patterns, and refactoring 25

The object-relational compromise 27

Basics of combining PHP and XHTML 28

Model, view, and controller 29

The CMS environment 30

Hosting the CMS 31

Basic browser matters 32

Security of a CMS 33

Some CMS terminology 35

Summary 36

Chapter 2: Organizing Code 37

The problem 37

Discussion and considerations 38

Security 38

Methods of code inclusion 39

Practicality in coding 40

Table of Contents

[ ii

]

Exploring PHP and object design

4

0

Autoloading

4

0

Namespaces and class visibility

4

1

Singletons

4

2

Objections to use of singletons

4

3

Framework solution

4

5

Autoloading

4

5

Finding a path to the class

4

9

Populating the dynamic class map

5

0

Saving map elements

5

1

Obtaining class information

5

1

Summary

5

2

Chapter 3: Database and Data Objects

5

3

The problem

5

3

Discussion and considerations

5

3

Database dependency

5

5

The role of the database

5

6

Level of database abstraction

5

7

Ease of development

5

8

Keeping up with change

5

9

Database security

6

0

Pragmatic error handling

6

1

Exploring PHP—indirect references

6

3

Framework solution

6

4

Class structure

6

4

Connecting to a database

6

5

Handling databases easily

6

6

Prefixing table names in SQL

6

7

Making the database work

6

8

Getting hold of data

6

9

Higherlevel data access

7

2

Assisted update and insert

7

2

What happened?

7

2

Database extended services

7

3

Getting data about data

7

3

Easier data about data

7

5

Aiding maintenance

7

6

Data objects

7

7

Rudimentary data object methods

7

7

Data object input and output

7

8

Setting data in data objects

7

9

Sequencing database rows

8

1

Database maintenance utility

8

2

Summary

8

2

Download from Wow! eBook <www.wowebook.com>

Table of Contents

[ iii ]

Chapter 4: Administrators, Users, and Guests 83

The problem 84

Discussion and considerations 84

Who needs users? 84

Secure authentication 85

Secure storage of passwords 86

Blocking SQL injection 87

Login 88

Managing user data 89

User self service 90

Customizing for users 91

Extended user information 92

Exploring PHP—arrays and SQL 93

Framework solution 94

The user database table 94

Indexes on users 96

Keeping user tables in step 97

Achieving login 98

Administering users 103

Generating passwords 106

Summary 108

Chapter 5: Sessions and Users 109

The problem 109

Discussion and considerations 109

Why sessions? 110

How sessions work 110

Avoiding session vulnerabilities 112

Search engine bots 114

Session data and scalability 114

Exploring PHP—frameworks of classes 115

Framework solution 117

Building a session handler 117

Creating a session 120

Finding the IP address 121

Validating a session 122

Remembering users 123

Completing session handling 125

Session data 125

Session data and bots 126

Retrieving session data 128

Keeping session data tidy 128

Summary 130

Table of Contents

[ iv

]

Chapter 6: Caches and Handlers 13

1

Discussion and considerations 13

2

Why build information handlers? 13

2

The singleton cache 13

4

The disk cache 13

5

Scalability and database cache 13

6

The XHTML cache 13

6

Other caches 13

7

Exploring PHP—static elements and helpers 13

8

Abstract cache class 14

0

Creating the base class cached singleton 14

3

Generalized cache 14

5

Summary 15

0

Chapter 7: Access Control 15

1

The problem 15

1

Discussion and considerations 15

1

Adding hierarchy 15

3

Adding constraints 15

3

Avoiding unnecessary restrictions 15

3

Some special roles 15

4

Implementation efficiency 15

5

Where are the real difficulties? 15

6

Exploring SQL—MySQL and PHP 15

7

Framework solution 15

9

Database for RBAC 15

9

Administering RBAC 16

1

The general RBAC cache 16

6

Asking RBAC questions 16

8

Summary 17

2

Chapter 8: Handling Extensions 17

3

The problem 17

3

Discussion and considerations 17

4

An extension ecosystem 17

5

Templates in the ecosystem 17

5

Modules in the ecosystem 17

6

Components in the ecosystem 17

7

Component templates 17

7

Modules everywhere 17

8

More on extensions 17

8

Templates 17

8

Modules 17

9

Components 18

0

Table of Contents

[

v

]

Plugins 18

3

Extension parameters 18

4

Exploring PHP—XML handling 18

5

Framework solution 18

7

Packaging extensions 18

8

Module interface and structure 18

8

The logic of module activation 19

1

Component interface and structure 19

3

A standardized component structure 19

4

Plugin interface and structure 19

7

Invoking plugins 19

8

Applications 20

1

Installing and managing extensions 20

1

Structuring installer tasks 20

2

Putting extension files in place 20

3

Extensions and the database 20

3

Knowing about extension classes 20

4

Summary 20

4

Chapter 9: Menus 20

5

The problem 20

5

Discussion and considerations 20

6

Page management by URI 20

7

Menu database requirements 20

8

Menu management 20

9

Menu construction 21

1

Menu presentation 21

1

Exploring PHP—array functions 21

2

Framework solution 21

3

Building the menu handler 21

5

Interfacing to components 21

9

The menu creator 22

1

An example of a menu module 22

3

Summary 22

6

Chapter 10: Languages 22

7

The problem 22

7

Discussion and considerations 22

7

Character sets 22

8

UTF-8 and XHTML 22

9

Specifying languages 23

0

Handling multiple languages in code 23

1

Languages in CMS extensions 23

2

Table of Contents

[ vi

]

Handling languages in data 23

3

Exploring PHP—

character sets 23

4

Framework solution 23

5

The gettext implementation 23

5

File formats for gettext 23

6

Functions for gettext 23

7

The PHPgettext classes 23

8

The language class 24

0

Administrator language application 24

2

Handling extensions 24

4

Managing extension translations 24

4

Installing translations with CMS extensions 24

5

Handling multilingual data 24

6

Summary 24

7

Chapter 11: Presentation Services 24

9

The problem 24

9

Discussion and considerations 25

0

Differing points of view 25

0

Model View Controller 25

2

XHTML, CSS, and themes 25

3

PHP for XHTML creation 25

4

GUI widgets and XHTML 25

5

Page control and navigation 25

6

WYSIWYG editors 25

7

XHTML cleaning 25

8

The administrator interface 25

8

Exploring PHP—clarity and succinctness 25

9

Framework solution 26

0

Using "heredoc" to define XHTML 26

1

Using templating engines 26

7

Some widgets 27

0

Building page control 27

3

Supporting editors 27

4

Cleaning up XHTML 27

4

Administrator database management 27

5

Customization through subclassing 27

7

Summary 27

8

Chapter 12: Other Services 27

9

The problem 28

0

Discussion and considerations 28

0

Parsing XML 28

0

Configuration handling 28

1