Search Results For "authorization"

In Part 3 of my “[intlink id=”1578″ type=”page”]Effortless E-Commerce with PHP and MySQL[/intlink]” book, I use to process payments for a site that sells physical goods. accepts credit cards and can be directly integrated into your site, so that the customer never leaves (unlike, for example, PayPal’s Website Payments Standard, used in Part 2 of the book, which goes through PayPal’s site). The code in the book was written in a very modular style, with the intent that you can use the components you need, and swap others in and out. A reader specifically wanted to know how you would use PayPal’s Website Payments Pro instead of, and that’s what I’ll explain here. Continue Reading…

In this edition…

About This Newsletter

So it’s been about six weeks since my last newsletter, or roughly twice as long as I normally hope I get these things out. The cause for the delay is simple: I’ve been working night and day on my forthcoming “Effortless E-Commerce with PHP and MySQL” book, trying to make the end-of-this-month deadline. I don’t think I will, but it’ll be close. Anyway, this newsletter has some stuff about that book that you may be interested in, along with a couple of other notable things I’ve found online. I went looking for some good questions to answer in this newsletter, but didn’t have any set aside, so if you’ve got a question you’d like me to answer in a future newsletter, including one you’ve previously submitted but I apparently ignored, please send it along. As always, thanks for reading and for your interest in my work!

On the Web => First Example Site for “Effortless E-Commerce with PHP and MySQL”

My “Effortless E-Commerce with PHP and MySQL” book has four parts to it. In the first part, there are two chapters of general information: one on the process and another on security. In the second part, I develop an entire e-commerce site. In the third, I develop a second e-commerce site. In the fourth, I discuss and demonstrate additions you could make to both sites. My original intention was to get all the code done (at least for Parts 2 & 3), and then start writing. As with all good plans, this is not how things went. But I’m happy to say that the first example site is complete, as are the first six chapters of the book (the first draft of those chapter, that is).

If you’re interested in the example I came up with, you can check it out online at This is a fully functioning, live version of the site, complete with registration, login, password management, content managment, and PayPal integration. The PayPal integration is currently done using PayPal’s Sandbox (i.e., their test system), so you can even pretend to pay for site access.You can also download the source code for the site, if you’d like to get a look at what the book will discuss. The source code is fairly well documented, so you should be able to get a sense of what I’m thinking through that.

On each page of the online site (this isn’t in the book) is a comments form for you to raise questions, make suggestions, and so forth. I would love to get as much feedback and as many points of view as possible. I’ll also give away a few copies of the book specifically to people who’ve submitted commments.

I’m working on the second site example now (well, as soon as I send this newsletter out) and will make that available when it’s ready.

On the Web => Rasmus Lerdorf’s No-Framework PHP MVC Framework

Some years ago, Rasmus Lerdorf, original creator of PHP, posted on his personal Web site a discussion of what he would look for in a framework for the MVC architecture. It’s an interesting read, from the master’s voice. He specifically talks about how to properly use MVC, how to guarantee performance and security, and how to design with scalability and flexibility in mind. Although the post is a few years old, most of it is still valid, with only little changes such as the fact that the PECL/Filter extension is now part of PHP proper.

On the Web => ServInt: Customer Service Done Right!

I’ve been using ServInt for my Web hosting for some time now (three years, I think) and could not be happier. In the past eleven years, I’ve probably had five hosts, ranging from the really cheap and totally awful to the not-that-cheap but still rather awful. For me, finding a Web host that I can rely on has been a huge weight off my shoulders. One thing ServInt does right is that they only do high-end hosting, starting with VPS (Virtual Private Server) and going up to dedicated hosting. What they don’t do is put 50 clients and hundreds of domains on a single server, which is what the cheap hosts do. Don’t get me wrong: cheap hosting is fine for many people, especially with small projects and new ones, and in many cases spending only a few dollars a month makes sense. If you’re just learning Web development today, you should probably start with a cheap host.

By comparison, I’m using the most basic ServInt plan and it’s running me $50/month (US). But, again, that peace of mind… The other thing that ServInt does right, which is the bigger deal, is their customer service. They respond immediately to concerns of mine and often help out on things that aren’t really their problem (i.e., when I screw up). Moreover, ServInt has just, for at least the second or third time since I’ve been with them, opted to provide more services at no additional cost. I received an email a few weeks back indicating that my basic account has been upgraded from 30GB of storage to 50GB (which, frankly, I needed, as I was at about 28GB and thinking I’d need to start weeding through my drives). ServInt has previously upgraded the storage before, as well as the RAM and bandwidth allotments, so this isn’t entirely surprising but is still a fantastic thing to see.

I’m not writing this in order to sell you on ServInt (although I can definitely recommend them in good conscience) but rather to highlight an example of excellent customer service. Good customer service properly fixes problems when they arise. Great customer service does so nicely, promptly, and with a little extra. Excellent customer service prevents problems from happening in the first place and provides extra services at no additional cost. I’m not a marketing guy by nature, but I know that ServInt has my business for the long run because of things like this. And just as I’m writing this, I’m thinking that if times were tight financially, if I had a little extra free time, and if I was looking to improve my business, I might go back to some of my clients and offer something for free, too, such as doing a bit of software upgrading or adding a feature they wanted but couldn’t afford. I’m sure that’d make an impression and generate more business in the long run. Once they accepted that you weren’t trying to scam them, that is!

On the Web => Geek Humor

I came across this cartoon, which is funny in a geek-y way, and thought I’d share:

On the Blog => Yii-related How-To’s

I wrapped up my fourth Yii-based site a couple weeks back (although I’m still making minor tweaks per the client’s requests) and I’ve been doing some consulting for a client that’s learning to use Yii for his projects, so a number of my blog posts as of late have been about Yii. If you look under the Yii tag at my blog, you’ll see articles on:

  • Handling Related Models in Yii Forms
  • Handling Checkboxes in Yii with non-Boolean Values
  • Forcing Login for All Pages in Yii
  • Caching the Database Schema using MemCached with Yii

These are just the most recent articles I’ve written on Yii. There are some older ones about authorization and authentication, plus my original eight-part series on learning Yii. Perhaps next year, depending upon how my experience in self-publishing a JavaScript book goes, I’ll self-publish a guide to Yii, as I’ll have informally written a book on the subject by then!

On the Blog => “Effortless E-Commerce with PHP and MySQL” Updates

I recently published an update on my “Effortless E-Commerce with PHP and MySQL” book. The update reflects the actual Table of Contents for the first five chapters of the book, based upon the rough draft of them. You can also learn a bit about the content of each. I’ll probably post another update in about two weeks.

What is Larry Thinking? => Teaching, Not Selling

My blog has gotten a lot of attention over the past several months because of my series on the Yii-framework (on the Yii’s documentation page, the first link for learning Yii is to my series). I’m glad people like what I’ve written and feel like it’s a good way to learn, as it makes the work I put into the blog meaningful. However, I’ve been surprised to get a percentage of questions along the lines of “Why should I use Yii?”, even though that is a resonable question. But I also get the less reasonable “Why should I switch to Yii from XXX framework?” or just “I can already do these things much more easily using XXX.”

Asking about the benefits, which is also to say the strengths, of any new technology is natural. As a person writing about certain technologies, I feel that it’s part of my job to cover this side of things. But there’s a line between teaching and selling that I don’t cross: it’s never my goal to talk someone into using X or Y; my only aim is, if you want to learn X or Y, to make that learning process smoother. I have opinions about Yii and jQuery and Ruby/Flex/AIR/Mac OS X/PHP/MySQL/just-about-everything but I don’t care whether people do or do not use any particular technology (and I don’t mean that to sound harsh). What I do care about is, if they are trying to learn X using my writing, that my writing is helpful in that regard. In short, there’s a large part of who I am that’s a teacher, but I don’t have a selling bone in my body.

So the answer to a question about using Yii, or using Yii instead of, say, Zend, is that I think Yii’s approach makes sense to me, I like that it autogenerates code for you, jQuery is built-in, and that Yii is easily extendible. My answer to a question about why someone should switch to Yii is I don’t know and/or maybe you shouldn’t. I think people in this industry get hung up on what’s best or, even worse, what’s hip or new (“Web 2.0”? Ugh!). Or they feel like the announcement of or praise for something different is in some way an affront to what they’re currently doing. This is all immaterial. At the end of the day, the only question that really matters is: does this work for you? And that’s a question I can never answer, except to say “Maybe give it a whirl and see for yourself.”

Book Giveaway=> “Effortless Flex 4 Development” Update

There was a great response to my “Effortless Flex 4 Development” giveaway and I think I made many people happy with the free copies they got. Everyone should have received their book by now (actually, a couple of weeks ago), so let me know if you didn’t get yours. I have a couple more copies left that I’ll give away in a future newsletter.

Larry Ullman’s Book News => “Effortless E-Commerce with PHP and MySQL”

As you can tell, pretty much all of my time these days is being spent on the “Effortless E-Commerce with PHP and MySQL” book, which is coming along nicely. After doing recent books on Flex, Ruby, and Adobe AIR, it’s nice to get back to my programming roots. And as people have been requesting this book for years, and as I should have written it last year, it’s great to get this done. My hope is to wrap up the rough draft in very early September, meaning the book should be out in October. The book will also be put online via Peachpit’s Rough Cuts series, and I’ll post that URL once I know it.

I received a lot of interest, in response to my previous newsletter, about my planned self-published JavaScript book. I’m happy to see such interest, because it’s going to be a lot of work! Many people also volunteered to help proofread the text and test the code, which is wonderful and extremely generous. One thing I’ve learned writing books all these years is that having more people look at the book makes it better. It’s not a case of “too many cooks spoil the broth”, it’s more a matter of lots of tasters provide great feedback!

I’m also talking to Peachpit Press about doing the fourth editions of my “Dynamic Web Sites with PHP and MySQL: Visual QuickStart Guide” and “PHP for the Web: Visual QuickStart Guide” books. Both will be published in 2011, updated for the latest versions of PHP and MySQL (and dropping the PHP 6 moniker, which is thoroughly dead in the water). Per repeated requests, I’m also going to integrate a page or two of questions, suggestions, and exercises at the end of each chapter. Right now, it looks like I’ll write the fourth edition of “PHP for the Web: Visual QuickStart Guide” this fall, so that it’s published in early 2011.

Forcing Login for All Pages in Yii

July 20, 2010
The Yii Book If you like my writing on the Yii framework, you'll love "The Yii Book"!

Some time back, I had written a couple of blog posts on authentication and authorization in Yii. As a comment to one of those posts, someone shared some code (also posted in the Yii forums) that requires a login to access any page. The interesting thing about this code is that it’s placed in the primary application configuration file, not within individual Controllers. The benefit to this approach is that a little bit of code can add authorization to your entire site, no matter how many Controllers you have. I’ll explain how to use this approach in this post, although keep in mind that it’s really best for situations where users must be logged in to access almost all of the site’s content. Continue Reading…

In this edition…

About This Newsletter

Not much to say as an introduction: it’s another newsletter, without a cohesive plan. Although it did cross my mind that I could come up with a more clever title than “Larry Ullman’s Newsletter” (or my blog, “Larry Ullman’s Blog”). My thanks to everyone for their nice words on these newsletters and please keep those comments and questions coming!

On the Blog => Access Control and Authentication in Yii

A couple of weeks back I completed a three-part series on authentication and authorization using the Yii framework. If you’re curious about this aspect of the framework, start with the first post on Simple Authentication. Also, it looks like the blog is on a restricted diet (fewer posts) while I continue working on my next book.

On the Web => HTML Purifier

Some time back I came across HTML Purifier. Written in PHP (it requires PHP 5), HTML Purifier is a standards-compliant HTML filter. It can be used to prevent Cross-Site Scripting attacks (XSS), improve the compliance of HTML entered by a user, and even convert deprecated tags into more-appropriate ones. To see it in action before installing it yourself, check out the online demo.

Q&A => How do I go about learning Ajax?

It seems like what is expected of Web developers has changed significantly over the past couple of years. Maybe it’s the economy, maybe it’s the changing technologies and the demands created by that stupid “Web 2.0” buzzword. In any case, where you used to have Web designers that created HTML and JavaScript (or it was created for them by Dreamweaver) and Web programmers that used PHP to add server-side functionality, Web programmers are now expected to be more familiar with the client-side of things. Part of the cause is the rise of Ajax, which marries client-side JavaScript with server-side functionality. Also, it’s a lot easier for a Web programmer to learn JavaScript than it is for a Web designer to learn PHP (and SQL and MySQL). So how do server-side people go about learning Ajax?

To start off in a totally self-serving manner, I’ve written a chapter on Ajax in my “PHP 5 Advanced” book as well as written an entirely separate book on Ajax: “Building a Web Site with Ajax: Visual QuickProject Guide”. Both cover the theory and just enough JavaScript (a new acronym: JEJ) to create smart cross-browser Ajax applications. The dedicated book has more examples and gives a fuller sense of Ajax’s possibilities, of course. Another way I’d recommend learning Ajax would be to just start with a framework like jQuery (in my books I write Ajax code from scratch). The learning curve is a lot more approachable this way, you just need to accept that you won’t be truly learning Ajax or JavaScript, but sometimes that’s okay and having something that just works is most important.

Q&A => PHP vs ASP.NET vs ???

I just recently received a question about choosing PHP over ASP.NET, or whether there’s a value in knowing both, or something else, for dynamic Web development. I’ve covered this before in my newsletters but it’s worth revisiting. I’m of the opinion that it’s best to be fairly strong with one thing than mediocre with several (I mean that with respect to competing technologies like PHP and ASP.NET, not companion technologies like PHP and MySQL). I’ve developed most of my Web applications using PHP, I’ve done a couple with ASP.NET, a couple with Ruby on Rails, and a few pages here and there using JavaServer Pages (JSP), so I have a fairly decent understanding of the available tools (I’ve never used ColdFusion, however).

The problem with ASP.NET, in my opinion, is that it only runs on Windows and can only be developed on Windows (this is more functionally true than actually true as there are ways to force ASP.NET onto other platforms). This is a show-stopper for me. But if you’re dedicated to only using Windows for development and for hosting, ASP.NET is pretty powerful and easy enough to learn. You’ll spend more money going this route, though: the serious tools, like Microsoft’s Visual Studio, are very expensive, as are add-ons you might want to use in a site. For example, one ASP.NET project I did required a forum. Instead of creating my own, I thought I’d use a standalone product that could be integrated (as I would do in a PHP site). The only available third-party products were all commercial; there was nothing freely available like Phorum or phpBB. Conversely, PHP can be run on most operating systems and there are tons of free add-ons available. Personally, I don’t see a justification to learn ASP.NET if you’re already doing PHP development. (And, if you’re curious, I learned ASP.NET because: A) I like learning new things; B) Microsoft had me up to their headquarters to show it to me; and, C) there were a couple of jobs that I wanted to do that required ASP.NET).

If you’re already primarily an ASP.NET developer (you’re probably not subscribed to this list but…) there may be a value in learning PHP so that you can develop on other platforms. But you’re likely to find PHP to be harder and more time consuming, as it’s not really comparable to ASP.NET. The latter is actually a framework, and C# or Visual Basic is used for the programming.

All that being said, the hardest part of Web development is understanding the theories and best practices. From there, switching from one technology to another is largely about syntax. So I’m not inclined to recommend learning multiple Web development technologies, but if you want to try, it’s not that hard as they’re functionally similar.

Q&A => Do you do any social networking?

I am occasionally asked if I use any of the social networking sites: Twitter, Facebook, MySpace, etc. I’m not personally inclined to do these kinds of things, although I understand there could be a marketing benefit to doing so (but, then again, marketing isn’t my strong suit). Twitter is out for me because I’m not a cell phone person, so the idea of sending and receiving updates through Twitter is beyond me (I know Twitter isn’t just for cell phones but…). I do own a cell phone, but only one person has the number, so that probably tells you what kind of mobile user I am, or am not. But really, with Twitter, the fact is that my life is extremely mundane, so the idea of tweeting updates like “Trying to get through another chapter” and “Have to hit the grocery store before picking up the kids” doesn’t make much sense. If I traveled more, or did anything that interesting, maybe I’d feel differently. Also, to be frank, I have this (arguably unreasonable) dislike for fashionable things, so every time I hear about Twitter, I’m that much less likely to use it myself!

Still I have been a member of LinkedIn, however, for a couple of years. I’m not terribly active with it and it largely strikes me as Facebook for professionals but if you want to connect with me there, you’re more than welcome.

What is Larry Thinking? => Starting a New Business

In my first newsletter, I address a subject that’s come up a lot, both with me and in the industry as a whole: creating new Web sites and businesses. One time in 2002, I was part of a team that tried to create a new venture and failed. In my opinion, it failed not because of a lack of a good idea or resources, but mismanagement. I certainly don’t regret being part of the venture–it cost me nothing but some time, and I made a lot of great connections, but it made me leery when I encounter others trying to make it big. Which I do a lot, as many who read my books have similarly large dreams. I don’t begrudge people their hopes and aspirations, of course, I just want to caution everyone against putting themselves too far out on a ledge because the statistics say that most ventures won’t succeed. It just troubles me greatly when I get people asking about spending thousands of dollars on a server when they haven’t created a line of code or even purchased a domain name.

My point in revisiting this topic is that the most brilliant writer Malcolm Gladwell in his “The Sure Thing” article published in the January 18, 2010 issue of “The New Yorker” talks about business success in an enlightening way (pretty much everything you read by Gladwell will enlighten you). A paragraph about new businesses really struck a chord with me. In it, Gladwell documents the certain qualities that successful new businesses clearly have. For example, the more initial capitalization (i.e., money), the better. Taking over an existing business is more likely to succeed. Selling to other businesses is easier than selling directly to consumers. And it’s better to go after missed consumers than those already being served. Most new businesses don’t do these things (not that they’re necessarily possible for all new businesses anyway), and they also undervalue marketing and finance. In short, many new businesses fail because they don’t have a full, working plan established. And my point, which I’ve said before, is that just having a good idea does not equal success. Adding X feature to a YouTube copy won’t make you rich (and, frankly, by the time you implement that new feature, one of the hundreds of smart people at YouTube will likely have thought of it and implemented it themselves).

Again, I’m not trying to dissuade anyone or rain on their parades, but if you’re asking me for business advice, which people often do, my suggestions are: plan way ahead, spend money wisely, and try to have realistic expectations.

Book Giveaway => PHP for the Web: Visual QuickStart Guide and Translations

I had a strong response to the PHP for the Web: Visual QuickStart Guide giveaway. My thanks to everyone for their interest and my apologies if you did not get picked to receive a book. I haven’t yet sent out the books (been working too much) but really hope to this Friday. All I have left to giveaway are some translations, so my next official giveaway will be the Effortless Flex 4 Development book later this Spring. (Please don’t ask now, or ahead of time, for a free copy.)

Larry Ullman’s Book News => Effortless Flex 4 Development

I’ve finished up the rough table of contents for my next book, tentatively titled Effortless Flex 4 Development (I forgot to add the “4” in the previous newsletter). My approach is this: when talking about Rich Internet Application’s (RIAs), a lot of focus is given to the User Interface(UI) because RIAs provide a user experience closer to what they come to expect from their desktop applications. However, I would argue that data is just as important. So the book does cover Flex 4 for those unfamiliar with it (whether new to Flex or just to Flex 4) but the meat of the book will be on using data. Specifically, I’ll be using PHP as the server-side agent, and a combination of data formats (JSON, XML, and AMFPHP). The data and PHP emphasis is one way in which the book will differ from existing ones; plus, PHP support is a promoted feature in Flex 4.

I’ve also written the first two chapters of the book, about 60 pages. Apparently I’ve forgotten how hard it is to write a book, or maybe I’m just rusty. I’ll continue to post updates on the book as it progresses.

Later this year I’m still planning on writing my E-Commerce with PHP and MySQL book, and hopefully even my self-published JavaScript book. If I get my act together, my site for selling PDF copies of the JavaScript book will make for a good code example in my e-commerce text.

Yii Framework Access Control Lists

January 14, 2010
The Yii Book If you like my writing on the Yii framework, you'll love "The Yii Book"!

In my series Learning the Yii Framework, I discuss the individual parts of the MVC (Model, View, Controller) architecture in some detail, from a Yii perspective. In the post on [intlink id=”659″ type=”post”]Controllers[/intlink], I introduce Access Control Lists (ACLs), Yii’s default way of restricting who can take what actions. This is a key part of the security of any Web application. For example, a site’s content can often be read by anyone at all, registered or non-registered users alike (like the text you’re reading now). Some content may only be viewable by registered users and some by registered users of a certain type (e.g., paid members). Finally, some content may only be viewable by administrators. In this post, I detail how to completely control access to your Web application using Yii’s Access Control Lists. Continue Reading…