book

Building PHP Applications with Symfony™, CakePHP, and Zend® Framework

Name: Building PHP Applications with Symfony™, CakePHP, and Zend® Framework
ISBN: 9780470887349

by Bartosz Porebski, Karol Przystalski, Leszek Nowak

March 2011

Intermediate to advanced

561 pages

13h 50m

English

Wrox

Read now

Unlock full access

Copyright
Credits
ABOUT THE AUTHORS
ACKNOWLEDGMENTS
Introduction
WHO SHOULD READ THIS BOOK?COMPARATIVE APPROACHSTRUCTURE OF THIS BOOKBasicsCommon TasksAdvanced FeaturesComparisonAppendicesSOURCE CODECONVENTIONSCONTACT USERRATAP2P.WROX.COM
1. Introducing Symfony, CakePHP, and Zend Framework
1.1. WHAT ARE WEB APPLICATION FRAMEWORKS AND HOW ARE THEY USED?1.1.1. Framework versus Library1.1.2. When You Should Use a Framework and When You Should Not1.1.2.1. Advantages1.1.2.2. Disadvantages1.1.3. PHP versus Other Programming Languages1.2. OPEN SOURCE PHP WEB FRAMEWORKS1.2.1. Comparison of Popular Interest1.2.2. The First Look1.2.2.1. Symfony1.2.2.2. CakePHP1.2.2.3. Zend Framework1.2.3. Other Frameworks1.2.3.1. CodeIgniter1.2.3.2. Lithium1.2.3.3. Agavi1.2.3.4. Kohana1.2.3.5. Prado1.2.3.6. Yii1.2.3.7. Akelos1.2.3.8. Seagull1.2.3.9. Qcodo1.2.3.10. Solar1.2.3.11. PHP On Trax1.3. DESIGN PATTERNS IN WEB FRAMEWORKS1.3.1. What Is a Design Pattern?1.3.2. Model-View-Controller as the Main Structural Design Pattern1.3.2.1. MVC versus MVP1.3.3. Overview of Other Design Patterns1.3.3.1. Singleton1.3.3.2. Prototype1.3.3.3. Decorator1.3.3.4. Chain of Responsibility1.3.3.5. State1.3.3.6. Iterator
2. Getting Started
2.1. REQUIREMENTS2.2. XAMPP2.2.1. XAMPP for Windows2.2.2. XAMPP for Linux2.2.3. XAMPP for Mac OS2.2.4. Apache2.2.4.1. Windows Installation2.2.4.2. Linux Installation2.2.4.3. MacOS Installation2.2.5. Database2.2.5.1. MySQL2.2.5.2. SQLite2.2.5.3. phpMyAdmin — Linux2.3. PEAR2.3.1.2.3.1.1. Windows2.3.1.2. Linux2.3.1.3. Mac OS2.3.2. Subversion (SVN)2.3.3. Installation Overview2.4. INSTALLATION2.4.1. Symfony2.4.1.1. Sandbox2.4.1.2. PEAR2.4.2. CakePHP2.4.3. Zend Framework2.4.3.1. PEAR2.4.3.2. Archive2.5. CONFIGURATION2.5.1. Symfony2.5.2. CakePHP2.5.3. Zend Framework2.6. HELLO WORLD!2.6.1. Symfony2.6.2. CakePHP2.6.3. Zend Framework2.7. STRUCTURE2.7.1. Symfony2.7.2. CakePHP2.7.3. Zend Framework2.8. IDE SUPPORT2.8.1. NetBeans2.8.2. Eclipse2.8.3. Zend Studio
3. Working with Databases
3.1. OBJECT-RELATIONAL MAPPING3.1.1. Object-Relational Impedance Mismatch3.1.2. Propel3.1.3. Doctrine3.1.4. CakePHP's ORM3.1.5. Zend_Db3.1.6. Other ORM Solutions3.2. DATABASE CONFIGURATION3.2.1. Open Database Connectivity (ODBC)3.2.2. SQLite3.2.2.1. Propel3.2.2.2. Doctrine3.2.2.3. CakePHP3.2.2.4. Zend_Db3.2.3. PostgreSQL3.2.3.1. Propel3.2.3.2. Doctrine3.2.3.3. CakePHP3.2.3.4. Zend_Db3.2.4. MySQL3.2.4.1. Propel3.2.4.2. Doctrine3.2.4.3. CakePHP3.2.4.4. Zend_Db3.2.5. Microsoft SQL Server3.2.5.1. Propel3.2.5.2. Doctrine3.2.5.3. CakePHP3.2.5.4. Zend_Db3.2.6. Oracle3.2.6.1. Propel3.2.6.2. Doctrine3.2.6.3. CakePHP3.2.6.4. Zend_Db3.2.7. DB23.2.7.1. CakePHP3.2.7.2. Zend_DB3.3. COMMUNICATION WITH A DATABASE3.3.1. Schema3.3.1.1. Propel3.3.1.2. Doctrine3.3.1.3. CakePHP3.3.1.4. Zend Framework3.3.2. Fixtures3.3.2.1. Symfony3.3.2.2. CakePHP3.3.2.3. Zend Framework3.3.3. Command-line Interface3.3.3.1. Symfony — Propel3.3.3.2. Symfony — Doctrine3.3.3.3. CakePHP3.3.3.4. Zend Framework
4. Your First Application in the Three Frameworks
4.1. DESIGN4.1.1. Project Requirements4.2. SYMFONY4.2.1. Project4.2.2. Model4.2.3. Controller4.2.3.1. Address List4.2.3.2. Adding and Editing Entries4.2.3.3. Deleting an Address4.2.4. View4.2.4.1. Editing/Updating Addresses4.2.4.2. Deleting Addresses4.2.4.2.1. Address List4.3. CAKEPHP4.3.1. Project4.3.1.1. Routing4.3.2. Model4.3.2.1. Schema4.3.3. Controller4.3.3.1. List of All Addresses4.3.3.2. Adding a New Address4.3.3.3. Editing an Address4.3.3.4. Deleting a Selected Address4.3.3.5. Viewing a Selected Address4.3.4. View4.3.4.1. Address List4.3.4.2. Forms4.3.4.3. Editing an Address4.3.4.4. Viewing a Selected Address4.3.4.5. Deleting an Entry4.4. ZEND FRAMEWORK4.4.1. Project4.4.1.1. Routing4.4.2. Model4.4.2.1. Model Class4.4.2.2. Mapper4.4.2.3. Db_Table Model4.4.3. Controller4.4.3.1. List of All Addresses4.4.3.2. Adding a New Address4.4.3.3. Editing an Entry4.4.3.4. Delete4.4.3.5. Forms4.4.4. View4.4.4.1. List of All Addresses4.4.4.2. Adding an Entry Page4.4.4.3. Editing an Address Entry4.4.4.4. Deleting an Entry
5. Forms
5.1. FIELD VALIDATION5.1.1. How Does Form Validation Work?5.1.2. Symfony5.1.2.1. Plug-ins5.1.3. CakePHP5.1.4. Zend Framework5.2. CUSTOMIZING FORMS5.2.1. Symfony5.2.1.1. Widgets5.2.1.2. Plug-ins5.2.1.2.1. sfFormExtraPlugin5.2.2. CakePHP5.2.2.1. Customizing Generated HTML5.2.3. Zend Framework5.2.3.1. Decorators5.3. USING CAPTCHA AS SPAM PROTECTION5.3.1. Problem5.3.1.1. Why Should I Use Captcha?5.3.1.2. Various Implementations of Captcha5.3.1.3. Writing Your Own Captcha5.3.2. Solution5.3.2.1. Symfony5.3.2.1.1. sfWidgetFormReCaptcha5.3.2.2. CakePHP5.3.2.2.1. OpenCaptcha5.3.2.2.2. reCaptcha5.3.2.3. Zend Framework

6. Mailing
6.1. CREATING MAILING APPLICATIONS6.1.1. Mailing Approaches and Web Servers6.1.2. PHP Configuration6.1.3. SMTP Server Configuration6.1.3.1. UNIX6.1.3.2. Windows6.2. SWIFTMAILER6.2.1. Symfony6.2.1.1. Sending Simple E-mail6.2.1.2. Sending HTML E-mail6.2.1.3. Adding Attachments6.2.1.4. Carbon Copy6.2.1.5. Remote SMTP Servers6.2.1.6. Secure Connections6.2.1.7. All in One6.2.2. CakePHP6.2.2.1. Sending Simple E-mail6.2.2.2. Sending HTML E-mail6.2.2.3. Adding Attachments, Carbon Copy, and SMTP Connection6.2.2.4. All in One6.2.3. Zend Framework6.2.3.1. Sending Simple E-mail6.2.3.2. Sending HTML E-mail6.2.3.3. All in One6.3. CAKEPHP'S MAILING COMPONENT6.3.1. Sending Simple E-mail6.3.2. Sending HTML E-mail6.3.3. Adding Attachments6.3.4. Carbon Copy6.3.5. Remote SMTP Servers6.3.6. Secure Connections6.3.7. All in One6.4. ZEND MAILER6.4.1. Sending Simple E-mail6.4.2. Sending HTML E-mail6.4.3. Adding Attachments6.4.4. Carbon Copy6.4.5. Remote SMTP Servers6.4.6. Secure Connection6.4.7. All in One6.5. PHPMAILER6.5.1. Symfony6.5.2. CakePHP6.5.2.1. All in One6.5.3. Zend Framework6.5.3.1. Sending Simple E-mail6.5.3.2. Sending HTML E-mail6.5.3.3. Adding Attachments6.5.3.4. Carbon Copy6.5.3.5. Remote SMTP Servers6.5.3.6. Secure Connection6.5.3.7. All in One
7. Searching
7.1. PROBLEM7.1.1. Full Text Searching7.1.2. Indexing7.1.3. Search Query7.2. SOLUTIONS7.2.1. Sphinx7.2.1.1. Installing Sphinx7.2.1.2. Symfony7.2.1.3. Controller7.2.1.4. Displaying Results7.2.1.5. Pagination7.2.1.6. Testing7.2.1.7. CakePHP and Zend Framework7.2.2. Lucene7.2.2.1. Zend Framework7.2.2.2. Creating an Index7.2.2.3. Searching7.2.2.4. Displaying Results7.2.2.5. Pagination7.2.2.6. Symfony and CakePHP7.2.3. Google Custom Search7.2.3.1. Setting up Google Custom Search7.2.3.2. CakePHP7.2.3.3. Symfony and Zend Framework
8. Security
8.1. SETTING SECURE CONNECTIONS8.1.1. Problem8.1.2. Configuring the Web Server8.1.3. Symfony8.1.4. CakePHP8.1.5. Zend Framework8.2. SECURING A PROFILE FORM AGAINST XSS AND INJECTION ATTACKS8.2.1. Problem8.2.1.1. What Is XSS?8.2.1.2. Why SQL Injections Are So Dangerous8.2.1.3. How Do Other Injection Attacks Work?8.2.2. Solution8.2.2.1. Symfony8.2.2.2. CakePHP8.2.2.3. Zend Framework8.3. CSRF8.3.1. Problem8.3.1.1. What Is CSRF?8.3.2. Solution8.3.2.1. Symfony8.3.2.2. CakePHP8.3.2.3. Zend Framework
9. Templates
9.1. CREATING A SIMPLE IMAGE GALLERY BY USING HELPERS AND LIGHTBOX9.1.1. Presentation Layer Helpers9.1.2. Lightbox9.1.3. Symfony9.1.3.1. sfJQueryLightBoxPlugin9.1.3.2. sfLightboxPlugin9.1.3.3. sfMediaBrowserPlugin9.1.4. CakePHP9.1.5. Zend Framework9.2. USING TEMPLATE ENGINES WITHIN WEB FRAMEWORKS9.2.1. Smarty9.2.1.1. Smarty for Zend Framework9.2.1.2. Smarty for Symfony and CakePHP9.2.2. Dwoo9.2.2.1. CakePHP9.2.2.2. Dwoo for Symfony and Zend Framework9.2.3. Twig9.3. OVERVIEW OF OTHER ADD-ON TEMPLATE ENGINES9.3.1. Template Blocks9.3.2. Open Power Template (OPT)9.3.3. TinyButStrong9.3.4. Rain TPL9.3.5. Savant
10. AJAX
10.1. INTRODUCING AJAX10.2. AUTOCOMPLETE10.2.1. Symfony10.2.2. CakePHP10.2.3. Zend Framework10.3. DYNAMIC POPUP WINDOWS10.3.1. Symfony10.3.1.1. sfFlashMessagePlugin10.3.1.2. Lytebox10.3.2. CakePHP10.3.3. Zend Framework10.4. AJAX USER CHAT10.4.1. Symfony10.4.2. CakePHP10.4.3. Zend Framework
11. Making Plug-ins
11.1. SYMFONY11.1.1. Plug-in Structure11.1.2. Developing the Plug-in11.1.3. Testing Your Plug-in11.2. CAKEPHP11.2.1. Plug-in Structure11.2.2. Developing the Plug-in11.2.3. Testing Your Plug-in11.3. ZEND FRAMEWORK
12. Web Services
12.1. RESTFUL NEWS READING12.1.1. How Does REST Work?12.1.1.1. What is cURL?12.1.2. Symfony12.1.2.1. Getting a List of News12.1.2.2. Adding a News Item12.1.2.3. Updating News12.1.2.4. Deleting News12.1.3. CakePHP12.1.3.1. Getting a List of News12.1.3.2. Creating New Entries12.1.3.3. Updating News12.1.3.4. Deleting News12.1.4. Zend Framework12.1.4.1. Getting a List of News12.1.4.2. Create News12.1.4.3. Updating News12.1.4.4. Deleting News12.2. PROVIDING SOAP WEB SERVICES IN E-COMMERCE APPLICATIONS12.2.1. Installing the SOAP Extension for PHP12.2.2. Testing with soapUI12.2.3. What is the Difference Between SOAP and REST?12.2.4. Symfony12.2.5. CakePHP12.2.6. Zend Framework
13. Back End
13.1. SYMFONY13.1.1. Doctrine admin Modules13.1.2. Apostrophe13.1.3. Diem13.2. CAKEPHP13.2.1. Croogo13.2.2. Wildflower13.3. ZEND FRAMEWORK13.3.1. TomatoCMS13.3.2. Pimcore13.3.3. Digitalus CMS13.4. FEATURE SUMMARY
14. Internationalization
14.1. INTERNATIONALIZATION DEFINED14.2. SYMFONY14.2.1. Configuration14.2.2. Templates14.2.3. Forms14.2.4. Using a Database for i18n14.2.5. Add-ons14.3. CAKEPHP14.3.1. Configuration14.3.2. Templates14.3.3. Forms14.3.4. Using a Database for i18n14.3.5. Add-ons14.4. ZEND FRAMEWORK14.4.1. Configuration14.4.1.1. Zend_Translate14.4.1.2. Zend_Locale14.4.2. Translation14.4.3. Forms14.4.4. Using a Database for i18n14.4.5. Add-ons
15. Testing
15.1. INTRODUCING TESTING15.1.1. How to Begin Testing15.1.2. Test Cases, Test Suites, and Test Coverage15.1.2.1. Test Case15.1.2.2. Test Suite15.1.2.3. Test Coverage15.1.3. Categories of Tests15.1.3.1. Black-box Tests15.1.3.2. White-box Tests15.1.3.3. Grey-box Tests15.1.3.4. Smoke Tests15.1.3.5. Performance, Load, and Stress Tests15.1.3.6. Regression Tests15.1.4. When to Finish Testing15.1.5. Bugs Are Your Friends15.1.6. Fixtures15.1.7. Mocks15.1.8. Test-Driven Development15.1.9. Test Frameworks15.1.9.1. PHPUnit15.1.9.1.1. Symfony15.1.9.2. SimpleTest15.1.9.3. Zend Framework15.1.9.4. Lime15.2. BLACK-BOX REGISTRATION FORM TESTING USING FUNCTIONAL TESTS15.2.1. Problem15.2.2. Solution15.2.2.1. Symfony15.2.2.2. CakePHP15.2.2.2.1. Command-line Test Execution15.2.2.2.2. Web-based Test Execution15.2.2.3. Zend Framework15.3. CMS TESTS AUTOMATION USING SELENIUM15.3.1. Selenium IDE Installation15.3.2. Selenium Remote Control Installation15.3.3. Problem15.3.4. Solution15.3.4.1. Symfony15.3.4.2. CakePHP15.3.4.3. Zend Framework15.4. MAILING UNIT TESTING15.4.1. Problem15.4.1.1. Symfony15.4.1.2. CakePHP15.4.1.3. Zend Framework15.4.2. Solution15.4.2.1. Symfony15.4.2.2. CakePHP15.4.2.3. Zend Framework
16. User Management
16.1. BASIC USER MANAGEMENT16.1.1. RBAC versus ACL16.1.2. Symfony16.1.2.1. Basic Security16.1.2.2. Dynamic Access16.1.3. CakePHP16.1.3.1. Defining ACL Entries16.1.3.2. Accessing Resources16.1.3.3. Dynamic ACL Creation16.1.4. Zend Framework16.1.4.1. Authentication16.1.4.2. Authorization16.2. IDENTIFYING USERS USING LDAP IMPLEMENTATION16.2.1. Requirements16.2.2. How Does LDAP Work?16.2.3. Preparing LDAP16.2.3.1. ADAM Installation16.2.3.2. OpenLDAP Installation16.2.3.2.1. Ubuntu16.2.3.2.2. FreeBSD16.2.3.2.3. Gentoo16.2.3.2.4. Other16.2.4. LDAP Configuration16.2.4.1. ADAM Configuration16.2.4.1.1. Adding New Users16.2.4.1.2. Uninstalling ADAM16.2.4.2. OpenLDAP Configuration16.2.4.2.1. Securing OpenLDAP16.2.4.2.2. Adding New Users16.2.4.2.3. LDAP Browsers16.2.5. Solution16.2.5.1. Symfony16.2.5.1.1. Active Directory16.2.5.2. CakePHP16.2.5.2.1. Model16.2.5.2.2. Controller16.2.5.2.3. View16.2.5.3. Zend Framework16.2.5.3.1. Adapter16.2.5.3.2. Refactoring16.2.5.3.3. Active Directory
17. Performance
17.1. USING JMETER FOR STRESS, LOAD, AND PERFORMANCE TESTS17.2. BENCHMARKING17.2.1. Hello World17.2.2. Simple CRUD Application17.3. DEVELOPMENT SPEED
18. Summary
18.1. FEATURES18.1.1. Symfony18.1.1.1. Advantages18.1.1.2. Disadvantages18.1.2. CakePHP18.1.2.1. Advantages18.1.2.2. Disadvantages18.1.3. Zend Framework18.1.3.1. Advantages18.1.3.2. Disadvantages18.1.4. Table of Features18.2. AND THE WINNER IS...
A. Web Resources
A.1. GENERALA.2. SYMFONYA.3. CAKEPHPA.4. ZEND FRAMEWORKA.5. DESIGN PATTERNSA.6. ORMA.7. DATABASESA.8. LDAPA.9. SEARCHINGA.10. TESTINGA.11. SECURITYA.12. PDFA.13. WEB SERVICESA.14. MAILINGA.15. TEMPLATESA.16. IDEA.17. JAVASCRIPTA.18. AJAXA.19. CMSA.20. CODEIGNITERA.21. LITHIUMA.22. AGAVI
B. CodeIgniter, Lithium, and Agavi with Code Examples
B.1. CODEIGNITERB.1.1. InstallationB.1.2. Setting Up the DatabaseB.1.3. ConfigurationB.1.4. Your First ApplicationB.1.5. Adding EntriesB.2. LITHIUMB.2.1. InstallationB.3. CLIB.3.1. Setting Up the DatabaseB.3.2. ConfigurationB.3.3. Your First ApplicationB.3.4. Adding EntriesB.3.5. Changing TemplatesB.4. AGAVIB.4.1. InstallationB.4.2. Creating the ProjectB.4.3. ConfigurationB.4.4. First ApplicationB.4.5. Adding EntriesB.4.6. You Should Be Going on a Date
GLOSSARY OF ACRONYMS AND TECHNICAL TERMS

Content preview from Building PHP Applications with Symfony™, CakePHP, and Zend® Framework

Chapter 16. User Management

The world will look up and shout 'save us' and I will look down and whisper 'no.'

—Rorschach, The Watchmen

WHAT'S IN THIS CHAPTER?

RBAC and ACL as basic user management methods.
Setting up LDAP.
Advanced user management with LDAP.

How should a web application be secured against unprivileged access? We want to explore this topic as deeply as possible in this chapter because of its significance and the severe consequences of neglecting security. The first major section of this chapter, "Basic User Management," covers not only the basic security issues, but also dynamic access control and features of specific frameworks.

The second major section of this chapter, "Identifying Users Using LDAP Implementation," is focused on implementing user authorization with LDAP within the frameworks. This is an alternative industry-scale solution, so you can skip this section if you don't need it. However, this knowledge will be invaluable for more advanced users, because it is not easily accessible on the Internet, and it is highly valued among big companies and corporations.

BASIC USER MANAGEMENT

There are many ways to manage user authorization. In the frameworks featured in this book, there are two main user management approaches, RBAC and ACL. They are quite similar, but have some important differences that are described and explained in the following section.

RBAC versus ACL

RBAC, which stands for Role-based Access Control, is more role oriented (roles, not specific users, are ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780470887349Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design