Archive for the ‘Tutorials’ Category



10
Aug

Symfony 1.2 redirect specific modules and actions to HTTPS (SSL)

Post Symfony 1.1, the sfSslRequirementPlugin will no longer work.

Having needed a way to force a SSL connection for certain pages, I modified a few scripts that I found online, and created a very simple filter to handle this. This was inspired by this script, and the unacceptably poor example in the Symfony 1.2 book.

To start off with, we need to modify our app.yml file to specify what modules and/or actions need to be secure. Leave the action completely blank if you want the entire module secure. Also change ignore_non_secure to true if you don’t care if non specified pages are server over a ssl connection. Basically, from the app.yml below, setting this to false, will redirect any module/action to the non-secure version if it is not specifically defined under secure_actions. Setting it to true will allow a user to request any page over https, even if it is not listed in app.yml. Let me know if this is confusing in any way.

//app.yml
all:
  ssl:
    ignore_non_secure: false
    secure_actions:
      - { module: shopping_cart}
      - { module: services  action: apply}

Next we add this filter. Save this under MyProject/apps/MyApp/lib/sfSslFilter.php

<?php
 
class sslFilter extends sfFilter
{
    /**
    * Execute filter
    *
    * @param FilterChain $filterChain The symfony filter chain
    */
    public function execute ($filterChain)
    {
 
        $context = $this->getContext();
        $request = $context->getRequest();
 
        $ssl_actions = sfConfig::get('app_ssl_secure_actions');
        $allow_ssl = sfConfig::get('app_ssl_ignore_non_secure');
 
        if (!$request->isSecure())
        {
            //Redirect to the Secure Url
            //If the module and/or action match $ssl_actions set in app.yml
            foreach($ssl_actions as $action)
            {
 
               if($action['module'] == $context->getModuleName() && !$action['action']){
 
                    //The entire module needs to be secure
                    //Redired no matter what the action is.
 
                    $secure_url = str_replace('http', 'https', $request->getUri());
                    return $context->getController()->redirect($secure_url, 0 , 301);
 
 
                } else if($action['module'] == $context->getModuleName() && $action['action'] == $context->getActionName())
                {
 
                    //Redirect if the module and action need to be secure
 
                    $secure_url = str_replace('http', 'https', $request->getUri());
                    return $context->getController()->redirect($secure_url, 0 , 301);
                }
             }
 
        } else if($request->isSecure() && !$allow_ssl)
        {
            $redirect = true;
 
            //Redirect to the Non-Secure Url
            //If the module and/or action are not in $ssl_actions set in app.yml
            foreach($ssl_actions as $action)
            {
                if(($action['module'] == $context->getModuleName() && !$action['action']) || ($action['module'] == $context->getModuleName() && $action['action'] == $context->getActionName()))
                {
                    $redirect = false;
                }
            }
 
            if($redirect)
            {
                 $non_secure_url = str_replace('https', 'http', $request->getUri());
                 return $context->getController()->redirect($non_secure_url, 0 , 301);
            }
        }
 
        $filterChain->execute();
 
    }
}

Finally, add to the MyProject/apps/MyApp/config/filters.yml file:

sslFilter:
  class:  sslFilter

Clear the cache (symfony cc), and there you have it. Let me know if you have a better or different way of dealing with this on a per-module or per-action basis. Hopefully sfSslRequirementPlugin will get ported to work with Symfony 1.2, as the method above will not alter routes on your application.

Additionally, I specifically used 301 redirects to make this more search engine friendly, in case Google or another bot gets on a ssl page. This will help prevent getting duplicate pages indexed due to http and https versions of the same page.

6
Aug

20 Great non-PHP Tools for PHP Developers

By nature I always strive to find more efficient, and better ways to perform tasks. There are a number of development tools that I use that really help me develop better applications in a reduced amount of time. These are the tools I use every day for web development.
Click to continue…

28
Jul

PHP Magic __get, __set Methods, and Retaining Private and Protected Properties

I have been making an integration with a complex API with hundreds of potential user provided variables, necessitating me use of PHP’s Magic __get and __set methods.

Unfortunately, by using these methods, PHP’s restriction on private and protected properties is bypassed, making all properties public. This is completely unacceptable from my coding perspective.

This class model overrides the magic __get and __set’s ability to alter and access private and protected properties. Public properties are unaffected. This script also allows the class to set and access private and protected properties.

<?php
 
class setter_getter_respect 
{
 
    private $current_page;
    private $private_properties = array();
 
    public function __construct()
    {
 
        $class = new ReflectionClass(__CLASS__);
        $this->current_page = $class->getFileName();
 
        $class_properties = get_class_vars(__CLASS__);
 
        foreach($class_properties as $class_property_name => $property_value)
        {
            $prop = new ReflectionProperty(__CLASS__, $class_property_name);
 
            if($prop->isPrivate() || $prop->isProtected())
            {
                $this->private_properties[$prop->getName()] = ($prop->isPrivate()) ? 'private' : 'protected';
            }
        }
    }
 
    public function __set($var, $val)
    {
        $requesting_page = debug_backtrace();
 
        if(($requesting_page[0]['file'] != $this->current_page) && (array_key_exists($var,$this->private_properties)))
        {
 
        	trigger_error("Cannot access ".$this->private_properties[$var]." property ".__CLASS__."::".$var." in ".$requesting_page[0]['file']."on line ". $requesting_page[0]['line'],E_USER_ERROR);
 
        }
 
        $this->$var = $val;
    }
 
    public function __get($var)
    {
 
        $requesting_page = debug_backtrace();
 
        if(isset($this->$var)){
 
            if(($requesting_page[0]['file'] != $this->current_page) && (array_key_exists($var,$this->private_properties)))
			{
 
				trigger_error("Cannot access ".$this->private_properties[$var]." property ".__CLASS__."::".$var." in ".$requesting_page[0]['file']."on line ". $requesting_page[0]['line'],E_USER_ERROR);
 
			}
 
            return $this->$var;
 
        } else {
 
            throw new Exception("Required property [" . $var . "] has not been set!");
 
        }
    }
}
 
?>

Extended classes will not have access to __get or __set protected properties. I will alter this snippet when I find a suitable method of handling extended classes.

I’m hoping that php alters the way it handles private and protected properties through the magic methods but until then, this is a way to semi-preserve private and protected properties.

21
Jul

25 Point Basic MySQL Setup/Optimization Checklist

Daily I run into new web programmers that are using PHP and MySQL to create their blogs and websites. I created this checklist as a guide for new and experienced to make sure they are covering the basics of a MySQL server setup.

This guide is by no means all inclusive, but should help to cover some of the major gaps in knowledge and commonly overlooked fundamentals that I run into on a daily basis.

The checklist is separated into 5 equal sections: Server Setup, Schema Design, Table Design, Index Optimization, Query Optimization, and a 6th Bonus Tips section.

Click to continue…

30
Jun

Symfony and Modalbox

ModalBox is a cool inline-popup script that can be used to create interactive Web 2.0 dialogs. Modalbox uses the Prototype javascript framework, which is coincidentally the same that Symfony uses for its included Javascript and Ajax functions.

model-ex

Unfortunately Modalbox uses a more recent version of Prototype, and there is no track on when we can expect Symfony to upgrade it’s included version of Prototype. However, this doesn’t prevent us from using Modalbox in a Symfony development. We do have to trick symfony into using the correct Propel version for us. Once Symfony updates their Prototype version, using modalbox should become substantially easier.

To start out we need to download modalbox, and upload the newer prototype, scriptaculous, and modalbox.js scripts to our web/js directory.

Click to continue…

Copyright © 2017 SayNoToFlash, Jamie Estep, All Rights Reserved · Theme design by Themes Boutique