DaveDevelopment::Dave Marshall

Sometime last year, I, along with quite a few others, was asked to review one of
Packt Publishing’s new books, Zend Framework 1.8 Web Application Development, written by Keith Pope. They sent me a copy, which was very good of them and although it’s taken me ages to finish and get round to writing this review, that’s not a true reflection of how good the book was, I’m just a very busy/lazy person! So lazy, that I did in fact say I’d have it done in two weeks, which turned into 4 months.

Packt asked if I’d be interested in reviewing the book, so watch this space, I’ll be back in a couple of weeks with a review.

My Post dated 15/10/2009

Introduction

Design, develop, and deploy feature-rich PHP web applications with this MVC framework

That is the books strap line, and it does exactly what it says on the tin. The bulk of the book actually takes you through the design, development, testing and deployment of a real world example application, called the Storefront. The book claims that it is written for PHP web developers that are either using or looking to start using the Zend Framework and that a basic knowledge of Object Oriented design would be helpful. While you might be able to manage without any OOD experience, I’d say you definitely need some to get the most out of this book, as the second chapter digs right under the hood of the Frameworks MVC architecture. My personal experience was that I got to learn all the things I haven’t had time to learn, I’ve been using the Framework for a couple of years now, always appreciating, but not always understanding what it was doing for me.

MVC Architecture

The first chapter gives you a brief overview of creating an MVC application in the Zend Framework, experienced users of the Framework will probably want to gloss over this part, whereas people looking to start using the framework should take their time and take things in. The next chapter is when I really started to enjoy the book. Each component of the MVC architecture is presented as it’s own topic, with each component getting a breakdown of Design Patterns/theory, default settings/configuration, usage and finally customisation.

The chapter is well put together and considering the amount of information portrayed, is not overwhelming.

Storefront Application

The rest of the book provides the information you need about the framework around a real world example application, called StoreFront, which is a basic e-commerce application. I should point out that I didn’t code the application as I went, if I’m reading I like to read, but where appropriate I have used the book as a reference when updating my existing Zend Framework applications.

The best thing about these chapters though, is some of the design theory you pick up on the way, that isn’t directly relevant to the Zend Framework, but can be applied to any framework out there. Best practices such as Fat Models, Composition, Fluent interfaces are all explained in detail, along with relevant and realistic examples. Further more, the applications MVC separation is excellent, taken in context (it might be a little overkill for the example application, but is there to show you the methods).

After taking you through the creation of the application, the book then takes you into optimisation and testing. The optimisation takes you though some general PHP optimisation techniques, but then ploughs into techniques like a transparent abstract cache that is applied to the models. Testing is carried out with the trusty PHPUnit, along with the frameworks extension of the library Zend_Test and the book goes on to integrate the test suites with apache ant (why not phing) and phpundercontrol.

Conclusion

In conclusion, I thought this book was an excellent read and I plan to follow it through again when I build my next ZF app (I have two good ideas in the pipeline). Find out more or and buy it!. Thanks to Packt for sending me a copy!

Packt Publishing have recently contacted me letting me know about one of their new books, Zend Framework 1.8 Web Application Development. It looks reasonably priced, and if you fancy having a quick look before you by, the author Keith Pope has a free chapter to download. Packt asked if I’d be interested in reviewing the book, so watch this space, I’ll be back in a couple of weeks with a review.

After stumbling across an offer for a free Zend Framework Poster some time ago, I quickly dropped Mayflower an email.

Some time passed, and now it’s here at work, placed next to our all important tea, coffee and biscuits station.

It’s A0, covers nearly all of the major components and is well worth having! Top props to guys over there for pushing the Zend Framework like this. Cheers!

I saw this post via SlashDot and can’t help but think it’s a little overkill?

Content Security Policy is intended to mitigate a large class of Web Application Vulnerabilities: Cross Site Scripting. Cross Site Request Forgery has also become a large scale problem in Web Application Security, though it is not a primary focus of Content Security Policy.

In an ideal world, this would be great, but getting all the browsers on board and implemented may take a while. I was thinking about this the other day and I don’t see why the browsers/w3c can’t standardise on some sort of tag or conditional comments that says don’t execute any script in here. This would be simple to use and surely simple to implement. Browsers already know what to do with <noscript>

For Example:

<dontexecutescript>
    <?php echo $this->escape($userProvidedContent);?>
</dontexecutescript>

Or:

<!--[dontexecutescript] -->
    <?php echo $this->escape($userProvidedContent);?>
<!--[dontexecutescript]-->

I’m no expert on XSS, but I’m pretty sure this would solve most of the issues encountered.

Update:

Okay, so one obvious problem might be that the $userProvidedContent contains a closing </dontexecutescript> tag, but that’s just semantics. Unique identifiers for each block, ignoring tags that don’t match up, these browser developers are clever, they could come up with something.

A major part of the application I develop on my day job is a big DMS, part of which is the ability to distribute documents to staff and external parties. The distribution system works in such a way that, if sending a document to 300 people, there will actually be 300 individual emails created, rather than one email with a list of recipients. This is desired behavior. My problem is, sending 300 emails at the click of a button can take a little time, degrading the experience for the users. This portion of the call graph shows sending to just five people was taking 1+ seconds.

To solve this, I started out to implement a simple queuing system, whereby the distribution requests are added to a queue, before being sent out by a scheduled task.

Rather than refactor a lot of code and do this some fancy way, I quickly put in a solution that proved the concept and seems to work pretty well for now, with minimal effort. As an example (our code’s slightly more complex, I don’t get paid for nothing), here’s what I started with:

< ?php
class EmailSender {
    /**
     * Takes an array of addresses and sends an email to each one.
     *
     * @param array $address
     */
    public static function sendEmails($address) {
        /**
         * Code in here
         */
    }
}

The idea was fairly simple and I'm sure it's been done many times before. First step was to rename the existing method and make it private. I then wrote a new method, that checked to see if there was a queue available, if so adds the request to the queue, otherwise calls the old method. Then all I had to do was write a method that checks the queue, running any requests it finds through the original method. We've recently adopted the Zend Framework, so checking out Zend_Queue from the incubator, reading some documentation with my docbook goggles on (couldn't be bothered to build it) and it was pretty much in place.

< ?php
/**
 * Zend_Queue offline processing hack example
 *
 * @author      Dave Marshall
 * @version     $Rev: $
 * @since       $Date: $
 * @link        $URL: $
 */
class EmailSender {

    private static $queue = null;

    /**
     * Set Queue
     *
     * @param Zend_Queue $queue
     */
    public static function setQueue($queue)
    {
        self::$queue = $queue;
    }

    /**
     * Takes an array of addresses and sends an email to each one.
     *
     * @see reallySendEmail
     * @see sendQueuedEmails
     * @param array $address
     */
    public static function sendEmail($address)
    {
        if (self::$queue === null) {
            return self::reallySendEmail($address);
        }

        self::$queue->send(serialize(func_get_args()));
    }

    /**
     * Takes an array of addresses and sends an email to each one.
     *
     * @see sendEmail
     * @param array $address
     */
    private static function reallySendEmail($address)
    {
        /**
         * Code in here
         */
        echo 'Sending email to ' . implode(', ', $address) . PHP_EOL;
    }

    /**
     * Reads emails from the queue and sends them
     *
     * @param int $count - The number of queued items to process
     */
    public static function sendQueuedEmails($count)
    {
        /**
         * Should really check the queue is good here
         */

        $messages = self::$queue->receive(intval($count));
        foreach($messages as $msg) {
            $args = unserialize($msg->body);
            call_user_func_array(array(__CLASS__, 'reallySendEmail'), $args);
            self::$queue->deleteMessage($msg);
        }
    }
}

set_include_path(
    dirname(__FILE__) . '/src/Zend_Framework/library' . PATH_SEPARATOR
    . dirname(__FILE__) . '/src/ZendI/library' . PATH_SEPARATOR
    . get_include_path()
);

require_once "Zend/Loader.php";
Zend_Loader::registerAutoload();

define('DB_SERVER', 'localhost');
define('DB_PORT', 3306);
define('DB_USER', 'root');
define('DB_PASS', 'password');
define('DB_NAME', 'queue_example');

/**
 * Transmittal Queue
 *
 */
$config = array(
    'name' => 'transmittal',
    'driverOptions' => array(
        'host'     => DB_SERVER,
        'port'     => DB_PORT,
        'username' => DB_USER,
        'password' => DB_PASS,
        'dbname'   => DB_NAME,
        'type'     => 'pdo_mysql'
    )
);

// Create a database queue
$queue = new Zend_Queue('Db', $config);
$queue->createQueue('myqueue'); // called for good measure

EmailSender::setQueue($queue);

/**
 * Usage for adding to the queue
 */
EmailSender::sendEmail(array('davemastergeneral@gmail.com'));

/**
 * Usage for scheduled task
 */
EmailSender::sendQueuedEmails(5);

This may not be the best practice in the world, but it got the job done. Check it out at ZFSnippets.com.