This post is the next step from my PHP Code Static Analysis post. Once I had a way to run static analysis on my project with just one command, I wanted to make this an automatic check every time something was committed.

This would have been a super simple task except that there was one feature that didn’t come out of the box from my build file. I wanted the build to fail when PHPDoc issues a warning so code is not committed without their respective doc blocks.

Git hooks

Git hooks are really easy to create. You just need to go to .git/hooks/ in your repository and you will find a list of the available hooks followed by the .sample extension. To activate the hook you just need to remove the .sample extension and give the file execution permissions. The content of the hook can be any script that can be executed from a terminal.

JSLint is a Code Static Analysis tool created by Douglas Crockford. JSLint is written in JavaScript so it can easily be run from a browser but since I want to be able to check all my JS files automatically in a CI environment I will use Rhino, a JS engine written in Java that can be run from the command line. To install Rhino in Ubuntu just do:

1
sudo apt-get install rhino

Once installed you can take it out for a ride:

1
2
3
4
5
6
7
8
9
adrian@me:~$ rhino
Rhino 1.7 release 3 2012 05 18
js> var a = 4;
js> a;
4
js> a + 7;
11
js> quit();
adrian@me:~$

Authorization is the process of specifying access to resources to different users based on defined roles. Zend Framework provides Zend_Acl to define and enforce an Access Control List (ACL).

Resources

In Zend Framework context resources are usually actions you want to control access to. Zend provides the Zend_Acl_Resource class to create resources. Each resource should have a unique ID to identify it.

1
new Zend_Acl_Resource('resourceId');

Then you can add the resource to Zend_Acl using Zend_Acl::add:

1
Zend_Acl::add(new Zend_Acl_Resource('resourceId'));

In order to make Vim work the way I like I had to install some plugins:

Pathogen

Makes it easy to manage your plugins. To install:

1
2
3
mkdir -p ~/.vim/autoload ~/.vim/bundle; \
curl -Sso ~/.vim/autoload/pathogen.vim \
    https://raw.githubusercontent.com/tpope/vim-pathogen/master/autoload/pathogen.vim

And add this to your .vimrc:

1
call pathogen#infect()

Why vim?

I have in the past done most of my development in Linux machine using gedit with a series of plugins to help me do stuff faster. Some times out of necessity I found myself developing on a Windows machine in which case Notepad++ helped me not miss Gedit too much. Today I have found myself in the necessity to develop on a Mac computer and I realized that using a different editor each time I change my development machine wasn’t going to be a good solution in the long term.

People have recommended me to use some IDEs and editors that work in most platforms but most of them are really slow and the ones that are not slow require you to buy a license which is something I would rather avoid.

Vim is not a very friendly editor in the beginning but I have heard a lot of people say awesome things about it and it has the advantage of being available for virtually all operating systems out there (comes by default on MAC and most Linux machines), be very lightweight, extendable and most importantly, free.

In linux git doesn’t show colors by default. To make git diff, log, status, etc…, show pretty colors you need to issue this command from a terminal:

1
git config --global color.ui true

PHPCS is a great tool to help you make sure the correct coding style is being followed within a project. The problem is that some times the build in standards don’t cover all your needs so it is necessary to build custom rules. I will walk through the process I followed to create my own coding standard based on the build-in Zend standard.

Creating your work environment

In Ubuntu all PHPCS standards are stored in /usr/share/php/PHP/CodeSniffer/Standards/. There is a folder for each standard named after the standard name. I will call my standard Soonick, so I will create a folder with that name.

Authentication is the process of confirming that a person is who they say they are. In software the most common method of authentication is the use of a password that only the person knows.

Zend_Auth

Zend framework provides Zend_Auth as an interface to authenticate a user against different back-ends (Database, LDAP, etc…). Since all adapters that use Zend_Auth share the same interface you can use any of them with almost no changes in the code.

Authentication is sometimes confused with authorization (the process of verifying if a person has access to a resource), and although they do different things they are related because you have to know the identity of the user before you can check if they have permission to a resource.

Static analysis is the practice of analyzing code without actually executing it. The analysis can do a wide variety of checks with different tools. I will focus my attention on the most common tools available for PHP code analysis.

For installing some of the tools in this article you will need to have these packages installed on your system:

1
2
3
4
5
sudo apt-get install php-pear
sudo apt-get install php5-xsl
sudo apt-get install php5-dev
sudo apt-get install default-jdk
sudo apt-get install ant

PHP Code Sniffer

PHP Code Sniffer is a tool that helps us make sure our coding style standards are being followed. To install you just need to:

1
sudo pear install PHP_CodeSniffer

In my journey to learn python, the next step is to learn Django. Django is a web framework powered by python, so to use it we need to make sure we have python installed:

1
2
adrian@my-xubuntu:~$ python -V
Python 2.7.3

Now we can go ahead and install the Django package

1
sudo apt-get install python-django

That installation makes Django automatically available to python, so you can do something like this:

1
2
3
4
5
6
7
adrian@my-xubuntu:~$ python
Python 2.7.3 (default, Sep 26 2012, 21:51:14)
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import django
>>> django.VERSION
(1, 4, 1, 'final', 0)