Kristian Lunde

Archive for the ‘PHP’ Category

Zend_View and base paths outside the application directory

without comments

I’ve recently been working on a Zend application (v1.11.11) that required several views directories and they had to be located outside the application directory. The documentation says that you can have as many view basePaths as you like, which sounds great. The only problem is that the Zend_Controller_Action_Helper_ViewRenderer checks that the alternative basePaths are located within the default basePath (APPLICATION_PATH “/views/”).

The easiest way of resolving this is to add the full path to the directory like this:

APPLICATION_PATH . '/views/../../themes/my-theme/';

The example below is from my Bootstrap file:

protected function _initView() {
$view = new Zend_View();

$view->setBasePath(APPLICATION_PATH . '/views/../../themes/my-theme/');
$viewRenderer = new Zend_Controller_Action_Helper_ViewRenderer();
return $view;

Written by Kristian Lunde

February 1st, 2012 at 11:57 pm

Review: PHP5 Social Networking

without comments

Packt publishing contacted me couple of months back, asking me if I was interested in reviewing “PHP5 Social Networking” by Michael Peacock. The title intrigued me as I’ve built several social networking applications and I was interested in seeing Michaels approach to this.

The first chapter starts by defining social networking, it looks at the most known social networks out there. It also reviews available social network software out there such as Elgg, drupal and joomla. The approach taken in this book is to roll out an own application from scratch with no base framework. The basics of this framework is described in chapter 2 and 3.

Chapter 4 to 10 deals with the core elements of social networks, such as friends, friend requests, statuses, streams, messaging and events. Each chapter describe how to the functionality should work, a detailed implementation plan is shown and ideas for further development is discussed.

Chapter 11 show the reader how the application easily can support an API, I really like that Michael chose to add this chapter as I think it is a crucial element to any social network that is going to go somewhere.

Maintenance, security and deployment is discussed in chapter 12. I find this chapter a bit odd as it describe very basic steps to get the application up and running on the production server. I would have liked to see more about automated deployment in this chapter.

All social network sites need to get users and hopefully generate some revenue, this is the topic of chapter 13 which describe solutions and approaches to marketing, SEO techniques and monetization.

The last chapter is “Planning for growth” a very important chapter in my mind. It describes approaches for profiling of web applications, server scaling, redundancy and more.

It is a well written book with good examples and it describes the build of the application in detail so the user easily can follow and copy the examples. I would definitely recommend this book to novice developers as it is a good introduction to a lot of good programming practices. It can also be a decent book to read if you are an experienced developer that want to learn more about the core concepts of building a social network.

Written by Kristian Lunde

May 6th, 2011 at 8:34 pm

Reviewing “PHP 5 Social Networking”

without comments

Packt Publishing has asked me to review Michael Peacocks “PHP 5 Social Networking” something I’ve happily agreed to do. I am expecting to receive the book soon and look forward to read it. Social networks and PHP is something I’ve worked quite a bit with and I am interested to see Michaels take on this topic.

I’ll be posting the review as soon as I’ve finished the book.

Written by Kristian Lunde

February 8th, 2011 at 12:51 pm

Zend_Input_Filter and the Alnum Validator

without comments

The Zend_Input_Filter is a very useful tool when you need to validate and filter the input to your application. It allows you to both filter and validate the input without a lot of hassle. One of the cool features it has is that it allows you to add the validators you need and meta commands to each validator. For instance you can set an Alnum validator to allow empty fields, set a default text and so on.

I came over this annoying issue the other day when I tried to setup the Alnum validator to allow white spaces and have a few meta commands attached to the validator chain. The manual says that you can do this:

  1. $validators = array(
  2.     'month'   => array(
  3.         'Digits',                // string
  4.         new Zend_Validate_Int(), // object instance
  5.         array('Between', 1, 12)  // string with constructor arguments
  6.     )
  7. );

Which I assumed would also work like this:

  1. $validators = array(
  2.     'name'   => array(
  3.         'Alnum',                
  4.         new Zend_Validate_Alnum(true), //allow whitespaces
  5.        'default' => '',  //meta command 1
  6.        'presence' => 'required', //meta command 2
  7.     )
  8. );

This does not work though. You need to remove the validator type string and replace it with an instance of the Zend_Validate_Alnum validator to get it to accept whitespaces and meta commands. This is the right way to do it:

  1. $validators = array(
  2.     'name'   => array(            
  3.         new Zend_Validate_Alnum(true), //allow whitespaces
  4.        'default' => '', //meta command 1
  5.        'presence' => 'required', //meta command 2
  6.     )
  7. );

The entire script ends up looking like this:

  2. $filters = array('name' => 'StringTrim');
  3. $validators =  array(
  4.     'name'   => array(            
  5.         new Zend_Validate_Alnum(true), //allow whitespaces
  6.        'default' => '',
  7.        'presence' => 'required',
  8.     )
  9. );
  11. $input = new Zend_Input_Filter($filter, $input, $this->getRequest()->getParams());

Written by Kristian Lunde

July 18th, 2010 at 9:00 pm

Merging code bases

without comments

Yesterday I had the “pleasure” of merging two code bases of the same application. The code bases had been developed in two different parts of the world, but shared a common foundation. I got access to a development version of the code base a few weeks ago, and the final delivery of the application was done late last week. No version control system was shared between myself and the contractor which made the merge a bit more cumbersome. Unfortunately I could not wait for the contractor to finish the development before I started to add features and bug fixes to the application; this eventually resulted in two separate versions of the code base.

I was aware that this merge would going to happen from the very start so some precautions were taken before I started my own branch of the source code.

1. I separated all new features out in separate directories and added symbolic links to these in the existing code base. This worked very well and we had no problem at all adding the new features to the final delivery.

2. I tried to be very careful and keep track of all the bug fixes and changes done to the original code.


I realized that we would have trouble with the final merge not long after I received the first development version, it was cluttered with bugs and issues which made it impossible to even run it in my development version. To get the application up and running I had to make a bunch of changes to the code.

In addition to the initial bugs I soon realized that the front end of the application (read: html and css) was a complete mess. The site was not browser compliant, nothing validated and it was impossible to go through. These issues would not be resolved by the contractor and since the project was on the clock it needed resolving as quickly as possible. This ended up in a complete rebuild of the front end which modified 300+ files.

1st Attempt – Failure

1. Created a git branch of my development code
2. Added the final code from the contractor to the branch

This ended up in a complete mess, nothing working, a complete mess.

2nd Attempt – Success

When the final delivery from the contractor came through the two code bases was in completely different states, most of the bug fixes I had was still needed.

1. Created a git branch of my code base
3. Found the differences from the initial development version we got and the final delivery

  1. diff -qr dev final | grep -v -e 'DS_Store' -e 'Thumbs' | sort > changes.txt

Where dev is the directory of the untouched development version we got access to, and final is the directory of the final delivery. This resulted in a complete list (changes.txt) of files which differed between the two original versions. It also identified files that was obsolete in and new files that was added. An example of the content in the changes.txt can be seen below.

  1. Files dev/view/file-1.php and final/view/file-1.php differ
  2. Files dev/view/file-2.php and final/view/file-2.php differ
  3. Only in dev/css: css-1.css
  4. Only in dev/css: css-2.css
  5. Only in dev/css: css-3.css
  6. Only in final/css: css.css
  7. Only in final/: file-a.php

4. Once I had this overview I added all the new files from the final version into my git branch.
5. Updated all the files I knew had not been changed. I had a list of all the core files which had been changed.
6. I manually had to go through all the core files that had been changed and compare them with the files from the final delivery.
7. Remove all old files which only were present in the development delivery.
8. Manual comparison of all the front end files, updating and merging these files by hand. Diff can not be used here since the entire front end has changed, and it would only result in a complete difference, still there might have been changes that I needed to incorporate with the new front end.

I still have approx 150 front end files to compare, it is time consuming and frustrating labor, but it seems to be the only way to do it. I keep testing the application while doing the update and so far all of the changes and updates has been successful.

The positive flip of this is that I get a good overview of the code and understanding of the application when I have to go through much of the code from the final delivery.

I might not have chosen the best solution and I would love to hear your approach if you have done similar things or have an opinion about it.

Written by Kristian Lunde

September 16th, 2009 at 7:22 am

Getting the default option of a ubercart product attribute

with 2 comments

In Orange Bus we are currently busy building a new web shop for a clothing company. We are building this web shop on Drupal 6 and Ubercart 2. While I was doing some tuning of the product page (built as a node template) on this site I suddenly realized that even though you can get most of the information needed in from the $node object, you are unable to get the default options of each attribute.

In my case this attribute was the sizes of the products (small, medium, large and so on), the node object contained all the attributes but not the default options. It is not at all complicated to get this information but you do need to add some custom code to get a hold of the default options. I would argue that this should be included in the default node object, which really should not be a big deal adding. I guess I should add a patch for this, instead of going around the problem which is what I do and describe here.

To get a hold of this I had to call a ubercart specific function called uc_product_get_attributes function. This function takes a node id as parameter and return all an array of all the attributes related to the node. The array contain a set of attributes objects and these object contain all the information available on each attribute.

My solution was to call the uc_product_get_attributes function and get the default_option variable from the attribute object, see code example below.

  1. //get all attributes related to the node
  2. $attributes = uc_product_get_attributes($node->nid);
  4. //get the id of default size of the product
  5. $default_size = $attributes[1]->default_option;

It is simple, but it took me about an 30 minutes to determine the problem and adding a solution. Hopefully this will save someone the job of solving the same problem.

Written by Kristian Lunde

February 20th, 2009 at 10:02 pm

Posted in Drupal,PHP,Programming,web

Tagged with ,

Coding standard, coding style

without comments

In Orange Bus we have been looking at our coding style lately. We have created our very own coding standard. Since we base most of our applications on the drupal we chose to use the drupal coding standard as our main source of inspiration.
During our process of creating this coding standard we found a few good links I thought we should share.

Mike @ Orange Bus found these two articles about beautiful and practical code, both these are a must read:

Another blog post about line density worth reading is:

Written by Kristian Lunde

November 11th, 2008 at 12:53 am

Posted in Drupal,PHP,Programming

Tagged with ,

Templating with Eclipse

without comments

Today I came over a a post on about Eclipse and templating. It turns out that you can write small templates of code snippets you use a lot and bind them to a keyword. When typing the keyword, press “ctrl” and “space” and a list of possible templates available will appear, select the prefered template, press “enter” and the code snippet is inserted into your working code. I works just the same way code completion. This actually means that you do not have to write the boring “for” loops or “if” tests anymore, just write a template and become a more efficient developer.

The original post explains how to set up templates, so I will not go into that in this post, but since I am primarily a PHP developer and the post describes templating for Java, I’ll just give a description of where to go if you use the PHPEclipse.
To edit and create templates for PHP, HTML or css, even javascript you have to use this path:

window -> preferences -> PHPeclipse Web Development -> PHP -> Templates.

To write and edit the templates, just follow the guidelines from Mr. Graversen, or have a look at the links below.

For further reading have a look these sites.

I guess if I had read the PHPEclipse manual when I first started using Eclipse, I would probably been using it from the start :P

Good luck with your Eclipse templates, I know I will be using them extensively.

Written by Kristian Lunde

August 20th, 2008 at 10:18 pm

The View Helper pattern

with 4 comments

Developing MVC (Model View Controller pattern) applications in PHP or any other language often require a lot from the view tier. The view needs to process data received from the model tier and form it into presentable data, it also has to manage user input and form that into data understandable for the model tier.
This might not be a big issue while working with small application, but when it comes to midscale and large applications the view helper pattern can be of great help. The view helper pattern is one of the J2EE core patterns and the documentation can be found on:

What does the helper pattern do?
First of all the helper pattern adds an extra tier to the system, this tier can be seen as a mid tier which has some understanding of the logic of the system, it knows a little bit about the view and a little bit about the model. Another cool thing is that the view helper pattern makes your code more reusable. When moving complex structures from the view and into a view helper it can with ease be used by other views.


You are writing a web application where the user writes a review of some product, the application should do auto saving of the user input every 20 second using Ajax functionality. The application should of course also save the user input then the user submits the data. The ajax request and the user submit does almost the same thing but the when the user submits the data the view should also store a rating of the product. This require the ajax request and the user submit to be two different views, or one complex view.

In an ordinary MVC system you would have to implement two views with very much of the similar behavior or one complex view. Using the view helper pattern you extract the storage of the user review in a helper which can be reused by both the ajax request view and the user submit view.

I have written a very simple implementation of the example in PHP. The implementation is not complete at all, but it is meant as a proof of concept that the reusability of code in your application can increase using the view helper pattern.

  1. <?php
  3. class ProductReviewHelper
  4. {
  5.  public function __construct(){}
  7.  /**
  8.    * save the review
  9.   **/
  10.  public function save($user_input)
  11.  {
  12.   //validate input
  13.   $input = $this->validate($user_input);
  15.   //saves the review and return the result of the save
  16.   return $review_manager->save($input['product_id'], $input['review']);
  17.  }
  19.  /**
  20.   * validate the input
  21.   **/
  22.  public function validate($user_input)
  23.  {
  24.   $filter_args = array('product_id' => FILTER_VALIDATE_INT,
  25.          'review'   => FILTER_SANITIZE_STRING);
  26.   $input = filter_var_array($user_input, $filter_args);
  28.   //do validation
  29.   return $input;
  30.  }
  31. }
  1. <?php
  3. //Ajax view
  4. $review_helper = new ProductReviewHelper();
  5. $result = $review_helper->save($_POST);
  6. echo $result;
  7. exit();
  8. ?>
  1. <?php
  3. //User submit view
  4. $review_helper = new ProductReviewHelper();
  5. $review_result = $review_helper->save($_POST);
  7. $rating_helper = new ProductRatingHelper();
  8. $rating_result = $rating_helper->save($_POST);
  10. //manage the result from the helpers
  11. ?>

I am sure that the view helper pattern has helped me to write better and more organized code, which is easily understandable and very reusable.

If you do not use the view helper pattern, and still have solved the problem with reusability of code in the view tier please feel free to leave me a comment describing your solution.

Written by Kristian Lunde

July 20th, 2008 at 11:11 pm

Password encryption using PHP

without comments

A recent post on linked to a article about “password encryption using PHP” written by Stefan Ashwell on In this article he illustrate a how to save user passwords and authenticating users using the sha1 hashing algorithm.

First of all lets all agree that hashing passwords are basics requirements for a secure web application, but is a simple hashing of the password enough? I do not think so.

Here is the scenario, Someone breaks into your system (not through the web application, but for instance through an ssh connection), they get access to your user database or file where you store user account information.  The intruder is now in possession of the password and user name of all your users, but still the passwords are hashed with md5, sha1 or an similar hashing method. If the intruder is determined to get into your system and mess up, he may now try to decrypt the passwords using a  dictionary word file and brute force (also known as rainbow tables). This method is quite common and is not advanced at all, all it does is looping through the dictionary file, which contains all words and common password phrases, do a md5 or sha1 hashing of these words and see if it matches up to the hashed password, if it does it has found a match, and the intruder is able to log into the account.

Even though this brute force method might take some time, he will eventually get the passwords and get full access to the users account. There are however methods to complicate this and even make it impossible for the intruder to get the password using brute force method and that is called salting your password.


  2. $salt = '2glkpe895';
  3. $password = $_POST['password'];
  5. $encrypted_password = sha1($salt . $password . $salt);

As you can see the salt is an secret string which is only used by your application, it is prepended and appended to the password. You could of course also go the extra mile and split the password in two and add the salt in the middle of the password, but there might not be any point in doing that.

This makes the word not like any word you will find in an dictionary and therefore the brute force method will not find the password.

The point is that if the intruder get a partial access to some of your system, for instance the user database, it will not be enough to get access to the total system because the security system is layered, one layer in your code, and one layer in your user database.

I do not say that this method is a 100 percent secure but it is is way more secure than not using a salted password.

Written by Kristian Lunde

July 10th, 2008 at 10:28 am

Get Adobe Flash player