HirdWeb

I did not post on Monday, which I really wanted to do. I am studying for the Zend Certification, but may have to put it off based on work load, and family obligations. Do I think I can just take the exam and pass it? Well, I am not that conceited, but I am sure I may be able to pass it on a good day. However, test taking is not one of my strengths, so even if I knew everything on the test, I may still fail the test. So studying really helps me go through the exam work, and then helps me to get through the anxiety of tests.

And there is also new work things I am doing on the side. Most involve CakePHP, some involve just doing some very basic PHP work. So I am doing those and having less time to actually blog. And let’s not forget football season is now in full swing, so I spend a good portion of my Saturday afternoons watching college football and doing some studying.

Hopefully next week I can make a couple of posts, and hopefully I will make a couple of posts per week.

The next post will probably deal with more of the CakePHP work I am doing. (Working on a “social” calendar, like there isn’t already 2000 of them already).

Another quick post this week, as I am bogged down in work and preparing for a Zend Certification Exam. I am going to be taking the exam for Zend Certified Engineer (ZCE). While I do not expect it to be much problem, these types of exams are usually worded in a way that may not give you all the basics.

I do highly recommend to visit the Zend site, download the exam prep book, and then also get a 5 pack of the test exams. The Zend store has the book and you can add on the practice exams for $17 (for 5 exams). The book explains the basics on the exam, things like network programming, XML and web services, and other items that will appear on the exam. Then if you get the 5 pack for the exam, you can take a practice test 5 times, and be able to get an idea of what the exam will be like.

Some of the questions seem like no brainers, but then there are times when the question has a key word, that makes the question mean something completely different than first appearances. One of the things I learned a long time ago, is that with these types of exams, the multiple choice has four to five questions that can be peared down quickly. Usually one is not going to be correct because of absurdity, one is going to sound like it is right, but for obvious reasons it is incorrect. Then there are the final 2 questions that can both be correct, but there is one answer they are looking for.

Sounds easy right? Would be if it was just like college, where you get to take a test, if you do not get a “pass” grade, then there are other things you can do to make up the score. With these exams, and this one in particular, it is $125 for one certification exam. You do not pass, not only are you out $125, you do not get anything, no certification of any kind. You need to pay again for another shot at the exam. So no matter how much you know a language, no matter how much you think you may know, always study and prepare. It never hurts and in the process, you may get to know more about the language than you did before.

Today is just going to be a quick post. It is Labor Day here in the States and that means a whole heap of people are not going to be working, including me. So I am just messing around with some stuff in CakePHP as I am doing a side project for a local church to put up a calendar. Most of it is complete, but there was one thing that I wanted to change.

I am using the Auth component in my User model. I have allowed register, resetpass, and index. So when I go to view a user’s detailed profile, there is that message: “You are not authorized to access that location.” Which is a fine message and all, but I want it to be site specific, and also controller specific. So the Users controller will have a separate Auth error message than the Calendars controller. So here is what I did.

In the Users controller, I built a beforeFilter function. I set my authorized actions, set redirect to false. I also set a session level variable with the Auth, then I set the error message. There are a couple of messages you can set for the Users controller. You can set the loginError and the authError. The loginError will be the error when the user logs in and is unable to for whatever reason. The authError is what the user will see when they try to perform an action that is not allowed by them, whether it is because they are not logged in (as in my case) or you are using Auth to “authorize” an action.

So here is what it would look like:

function beforeFilter() {
	parent::beforeFilter();

	$this->Auth->allow('register', 'index', 'resetpass');
	$this->Auth->autoRedirect = false;
	$this->Auth->authorize = 'controller';
	$this->set('my_id', $this->Auth->user('user_id'));
	$this->Auth->authError = "Please log in first in order to preform that action.";
}

So when you want to change the standard Auth error message, just remember to set the “authError” to whatever message you would like. Happy Labor Day!

In the first part, the idea and theory behind an ACL was discussed. In part 2, the set up of AROs, ACOs, and ACLs via the command line was shown. Now in part three, we look at why this is so important. Because an interactive site with memberships should never be static, what happens when a new member signs up? What happens when a member is promoted to an “admin” level? And what happens when users change? This can all be happened via ACLs.

In part 2, existing member were set up as AROs. And with user accounts, we also have to set those up as ACOs. Then those AROs (people) need to have permissions set for the CRUD actions. (Create, Read, Update, Delete). These actions are specific to the ACO, or object they are trying to manipulate. So if a user wants to edit their own account, do they have permission? If a user wants to delete another person’s account, do they have permissions to? With setting up ACLs, this can be checked. But what do we do when a new person signs up for an account? We need to create the code to do this.

In the Users Controller, we need to make sure we use the ACL component is included. So include this in the controller:

class UsersController extends AppController {
	var $name = 'Users';
	var $components = array('Acl');

Also remember that the Auth and Security components are also very powerful components and should be included as well, but the above only shows where to include the components. Now with this in place, we can no address the add (or register) function of the controller.

Continue reading…

In my last post, I covered a little bit about what an Access Control List (ACL) was. The Cookbook provides a great more detail.

To go along with the idea of the last post, the application has a few different areas: Users who are members of groups, Groups which have users as members, and Events that belong to either the user or the group. Since the creation of ACOs and AROs are basically the same for each area (Users, Groups, Events), I will detail some code for the Users area making use of ACLs.

The first thing we need to do is create an ARO grouping and an ACO grouping. Remember that AROs are the requester of an object. In this example, we can think of them as people. And people have different types of roles, which is what we need to create for the people. In this example application, there will be site admins (Admins), group leaders (Leaders) and regular members (Members). So we need to create this type of ARO. We can do this in a controller, and a page, or we can do this via the command line.

Continue reading…

Access Control Lists, or ACLs, provide a good level of access control on any site. Code bases and platforms may use a different method of instituting ACLs and I am going to go through how CakePHP 1.2.x is handling them.

First is to understand what an ACL really is. The Cookbook has a good page explaining this type of concept. I highly recommend reading through this page. The whole concept behind this ACL can be divided in three parts:

• ACO – Access Control Object, object that is being requested
• ARO – Access Request Object, object that is putting in the request
• ACL – Access Control List, determines if an ARO can access an ACO.

In the Cookbook, they have a very good call out about the ACL, it is not authentication. No matter what code base, or platform you are on, never mistake this. The ACL verification only happens after the person logs in. They can be very powerful together, but authentication must happen first.

The next thing to understand is the way an ACL would look in a matrix. Again, the Cookbook provides a great example of this. The one thing that I would rather prefer, but understand why they do this, is the use of the example. Sure, we all like movies, and the Lord of the Rings is a great way to really explain different things, but it may be hard to switch that over to the real world of coding. So for this entry, I am going to use as an example, and Event Calendar.

Continue reading…

CakePHP now has deprecated some queries. The findALL, findCount, etc etc etc. This now uses the find() method for all of these, and has a basic syntax for this. If it is basic, why blog about it then? Good question. The documentation is there in the API, and is there in the Cookbook, it took me some time to really get a good idea on an applicable example and took many times of “trial and error” to help me get along. Because finding is good, and will give you all the information you need, if it is a simple, 1 table find. If you need to query two or three tables, how does this work. So this will go into those as well.

The basic idea of find, as listed by the API is this:

find(
	array $conditions,
	array $fields,
	string $order,
	int $recursive
);

This will find one record based on conditions, return the desired fields (or all of them if nothing is specified), order the results, and go so many levels deep (-1 for just the current table).
Continue reading…

I redid the theme for the site, and moved it to 2.6.1. I am not going to even remotely claim that this is a visually pleasing site, nor will I ever claim it will win for the best site design. However, what made me change it was that I was not exactly enamored by any of the themes, and decided to do one myself. I looked for how to do this, as I have messed around with Photoshop before, and have become brilliant at hacking things around in Photoshop. But I took a few tutorials on how to do some stuff. This design is based from those tutorials. For those who would like to know, I went to these sites:

• Sleek Footer from PSDTUTS
• Royal Interface – gave me ideas and help how to do things
• Vista styled reflections and menues
• Header and background ideas, new brushes, etc
• 40 Great PSD tutorials

That was just some of them. I may do more, but I am also teaching myself Objective-C/Cocoafor the Apple/iPod/iPhone. But if there are any good links out there for Apple tutorials, let me know, because I may just be Googling the wrong phrases.

With the sensationalized aura surrounding this “web 2.0″ myth, there is more and more of a call for AJAX enabled sites. This demand gets higher due to sites like Facebook, MySpace, Twitter, and so forth. So when going forward with a design to implement AJAX libraries, which one is the best. The answer: Whichever one fits the job at hand. There are good points to Scriptaculous, jQuery DoJo and others. There is a good list of some of these with pros and cons at The Chandler Project, and a further list of other libraries at eDevil’s Weblog.

The one I am going to cover is a newer one, and one that is hosted elsewhere, which has its own pros and cons, and that is the Yahoo User Interface, or YUI. The documentation, the downloads (if you desire), tutorials and other information is located at http://developer.yahoo.com/yui/ and is very extensive for the different aspects it can do. What I am going to cover is something useful for long pages of content on the web, Tabbed Viewing.

Continue reading…

To continue on last weeks thought of a “lite” forum, I needed 2 tables (Forums, Posts). Since this is a “lite” forum, I did not want to create a mid-table labeled topics, so I incorporated that in the Posts table. The other reasoning behind this, is that to create a hybrid forum/blog, the topic is really just a beginning post in the thread, so keep those in the Posts table, just mark it as a topic to differentiate this from the other posts.

I created two controllers, forums_controller.php and posts_controller.php. All of the links on the application will point to the forums_controller.php file. The models need to be created, forum.php and post.php, with the relationships.

The file user.php (User model) needs to have a “hasMany” relationship with Posts.

var $hasMany = array(
	'Post' => array('className' => 'Post',
		'foreignKey' => 'post_id',
		'dependent' => false,
	)
);

The Forum model needs a “hasMany” relationship with the Post model

var $hasMany = array(
	'Post' => array('className' => 'Post',
		'foreignKey' => 'forum_id',
		'dependent' => false,
	)
);

The Post model needs a “belongsTo relationship with both the Forum and User models.

var $belongsTo = array(
    'Forum' => array('className' => 'Forum',
        'foreignKey' => 'forum_id',
        'conditions' => '',
        'fields' => '',
        'order' => ''
    ),
    'User' => array('className' => 'User',
        'foreignKey' => 'user_id',
        'conditions' => '',
        'fields' => '',
        'order' => ''
)
);

Continue reading…