Authorization is the process of specifying access to resources to different users based on defined roles. Zend Framework provides Zend_Acl to define and enforce an Access Control List (ACL).

Resources

In Zend Framework context resources are usually actions you want to control access to. Zend provides the Zend_Acl_Resource class to create resources. Each resource should have a unique ID to identify it.

1
new Zend_Acl_Resource('resourceId');

Then you can add the resource to Zend_Acl using Zend_Acl::add:

1
Zend_Acl::add(new Zend_Acl_Resource('resourceId'));

In order to make Vim work the way I like I had to install some plugins:

Pathogen

Makes it easy to manage your plugins. To install:

1
2
3
mkdir -p ~/.vim/autoload ~/.vim/bundle; \
curl -Sso ~/.vim/autoload/pathogen.vim \
    https://raw.githubusercontent.com/tpope/vim-pathogen/master/autoload/pathogen.vim

And add this to your .vimrc:

1
call pathogen#infect()

Why vim?

I have in the past done most of my development in Linux machine using gedit with a series of plugins to help me do stuff faster. Some times out of necessity I found myself developing on a Windows machine in which case Notepad++ helped me not miss Gedit too much. Today I have found myself in the necessity to develop on a Mac computer and I realized that using a different editor each time I change my development machine wasn’t going to be a good solution in the long term.

People have recommended me to use some IDEs and editors that work in most platforms but most of them are really slow and the ones that are not slow require you to buy a license which is something I would rather avoid.

Vim is not a very friendly editor in the beginning but I have heard a lot of people say awesome things about it and it has the advantage of being available for virtually all operating systems out there (comes by default on MAC and most Linux machines), be very lightweight, extendable and most importantly, free.

In linux git doesn’t show colors by default. To make git diff, log, status, etc…, show pretty colors you need to issue this command from a terminal:

1
git config --global color.ui true

PHPCS is a great tool to help you make sure the correct coding style is being followed within a project. The problem is that some times the build in standards don’t cover all your needs so it is necessary to build custom rules. I will walk through the process I followed to create my own coding standard based on the build-in Zend standard.

Creating your work environment

In Ubuntu all PHPCS standards are stored in /usr/share/php/PHP/CodeSniffer/Standards/. There is a folder for each standard named after the standard name. I will call my standard Soonick, so I will create a folder with that name.

Authentication is the process of confirming that a person is who they say they are. In software the most common method of authentication is the use of a password that only the person knows.

Zend_Auth

Zend framework provides Zend_Auth as an interface to authenticate a user against different back-ends (Database, LDAP, etc…). Since all adapters that use Zend_Auth share the same interface you can use any of them with almost no changes in the code.

Authentication is sometimes confused with authorization (the process of verifying if a person has access to a resource), and although they do different things they are related because you have to know the identity of the user before you can check if they have permission to a resource.

Static analysis is the practice of analyzing code without actually executing it. The analysis can do a wide variety of checks with different tools. I will focus my attention on the most common tools available for PHP code analysis.

For installing some of the tools in this article you will need to have these packages installed on your system:

1
2
3
4
5
sudo apt-get install php-pear
sudo apt-get install php5-xsl
sudo apt-get install php5-dev
sudo apt-get install default-jdk
sudo apt-get install ant

PHP Code Sniffer

PHP Code Sniffer is a tool that helps us make sure our coding style standards are being followed. To install you just need to:

1
sudo pear install PHP_CodeSniffer

In my journey to learn python, the next step is to learn Django. Django is a web framework powered by python, so to use it we need to make sure we have python installed:

1
2
adrian@my-xubuntu:~$ python -V
Python 2.7.3

Now we can go ahead and install the Django package

1
sudo apt-get install python-django

That installation makes Django automatically available to python, so you can do something like this:

1
2
3
4
5
6
7
adrian@my-xubuntu:~$ python
Python 2.7.3 (default, Sep 26 2012, 21:51:14)
[GCC 4.7.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import django
>>> django.VERSION
(1, 4, 1, 'final', 0)

Xdebug is a great tool for debugging our PHP code, but another thing it does very well is help us find bottlenecks in our applications. For instructions on installing xDebug you can see my article Debugging PHP code with xDebug.

Enabling the profiler

We can tell xDebug to profile our code by adding this in our php.ini file:

1
2
xdebug.profiler_enable = 1
xdebug.profiler_output_dir = '/path/to/folder/'

xdebug.profiler_output_dir is the folder where xDebug will dump the profile information. Make sure this folder is writable by apache or you won’t see any file generated in that folder.

When you get this error the only thing you need to do is add a line similar to this one to your php.ini file:

1
date.timezone = "America/Mexico_City"

You can get a list of the supported timezones on this URL: http://php.net/manual/en/timezones.php. The error should go away after you restart apache.

For Linux systems there are some times two php.ini files, one for apache and one for CLI. Make sure you add the line to both files.