Greg's blog

06/Feb By Greg

New documentation page: ldap

I've just added a new page in the documentation: LDAP (a.k.a Active Directory). More to come...

18/Aug By Greg

Fields and accessors

Starting with 3.0.5, PHPDS_dependant offers a little new trick: read-only fields.

The problem is, when in a class you have a field which should be readable but not writable, you are often lead to make it protected and write an accessor. The resulting code is, well, not really smart:

class service extends PHPDS_dependant
{
	protected $quality = 'great';

	public function quality()
	{
		return $this->quality;
	}
}

From now on, just add the field, it will be read-only by default.

Read more...
    

  


 



  

		  

	    08/Jun
	    By Greg
	  

    	
    

      Plugin layout (and security)
    

    
    

      	      
	 
    

      
Over the years the folder of each plugin has receive more and more structured stuffs. It's becoming quite cluttered and I feel it need some cleanup. Here is my proposition on a structure we could use:





Folder
/plugins/my-plugins/...		
Usage
Note




...config/
holds the plugin.config.xml file, used by the Plugin Admin, and host-related config files.

Read more...
    

  


 



  

		  

	    30/May
	    By Greg
	  

    	
    

      Forms
    

    
    

      	      
	 
    

      
(this will be part of the documentation, one day, but currently it's a work in progress so the APIs are not stable)


PHPDevShell provides a simple forms module. That means it helps you create simple forms easily. That also means if you need complex forms, you probably need more than this plugin.


There are two goals aimed with this plugins:

- it should be possible to create forms in basic html (for non-php fluent designers)

- it should provide data checking, specified only once (for both JS dynamic check and PHP post check)


Read more...
    

  


 



  

		  

	    26/May
	    By Greg
	  

    	
    

      Return values for controllers
    

    
    

      	      
	 
    

      
If you're using the controller class, you're writing the content of a method. Although you can just write your logic and not return anything, you can also return some values to instruct the framework of some special cases.


(this is experimental for 3.0.4 and currently only for the viaAJAX() method)


There are basically 4 regular cases and a special case :


- if you return nothing (i.e. null), the output is handled the usual way, in other words the whole page is built from the current theme template (it's the common case for direct requests or ajax request who expect a complete page).


Read more...
    

  


 



  

		  

	    20/May
	    By Greg
	  

    	
    

      Auto protecting queries
    

    
    

      	      
	 
    

      
I'm working on the new Forms system and I realized something: by default, query parameters are NOT protected. I will not debate on SQL injection (consult the Oracle), but I want to stress out that you SHOULD ALWAYS protect the parameters, the easy way is to use the "autoProtect" field:


class HTVP_filmUpdate extends PHPDS_query

{

	protected $sql = 'UPDATE `table` SET `field` = "%(parameter)s" WHERE `id` = %(id)d';

	protected $autoProtect = true;

}


(of course it's not necessary if you deal only with %d parameters)

    

  


 

            


		              
 
		  
                       
          		

	  
	     
	  

	
 

	
    



    

    	

      
PHPDevShell © 2010 - All rights reserved.