SSL/HTTPS with Zend Framework

by James on April 11, 2012

I spent a fair amount of time today hunting for a decent way to force Zend Framework 1.11 to use SSL. Sadly, there was no simple answer that completely worked, so after scamming pieces parts from a number of Google searches I came up with my own solution.

The task, to force all HTTP calls to HTTPS, however, I might only want to secure selected modules/controllers in the future. My solution.

In configs/application.ini I added:

ssl.modules.require_ssl = 'all';
ssl.controllers.require_ssl = '';

This could just as easily be:

ssl.modules.require_ssl = 'module1,module2,module3';
ssl.controllers.require_ssl = 'controller11';

Now create a new plugin at plugins/Ssl.php

class Plugin_Ssl extends Zend_Controller_Plugin_Abstract
{

    public function preDispatch($request)
    {

        //get the config settings for SSL
        $options = new Zend_Config_Ini(APPLICATION_PATH.'/configs/application.ini');

        $secure_modules = explode(',',$options->production->ssl->modules->require_ssl);
        $secure_controllers = explode(',',$options->production->ssl->controllers->require_ssl); 

        $front = Zend_Controller_Front::getInstance();
        $request = $front->getRequest();
        $module = $request->getModuleName();
        $controller = $request->getControllerName();

        // Force SSL Only use it production environment
        if ( APPLICATION_ENV == 'production' )
        {
            if ($secure_modules[0] == 'all' || in_array(strtolower($module), $secure_modules) || in_array(strtolower($controller), $secure_controllers)) {
                if (!isset($_SERVER['HTTPS']) && !$_SERVER['HTTPS']) {
                    $url        = 'https://'
                                . $_SERVER['HTTP_HOST']
                                . $request->getRequestUri();

                    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
                    $redirector->gotoUrl($url);
                }
            }
        }
    }
}

Finally in your bootstrap create the following function:

    protected function _initPlugins() {
        $frontController = Zend_Controller_Front::getInstance();
        $frontController->registerPlugin( new Plugin_Ssl());
    }

This will execute the SSL test on every page load without having to add a call to every single controller.

That’s it. Hope it helps somebody.

Wait.. Why not just use Apache or .htaccess you ask? Because Zend’s .htaccess forces everything to index.php and the internal router gets stupid if you try and do it that way.

The Ultimate A-Z Index of Apple OS X/Linux command line commands

by James on December 2, 2011

I’m forever trying to remember command line commands for Linux or Mac OS X. I picked up this list a while ago and keep around in a text file but decided to post it here so I can get to it whenever I don’t have my laptop with me. Some of the commands are bash built-in commands but most will work on either OS. Feel free to add to the list.

A
alias – Create an alias
alloc – List used and free memory
apropos – Search the whatis database for strings
awk – Find and Replace text within file(s)

B
basename – Convert a full pathname to just a filename
bash – Bourne-Again SHell
bg – Send to background
bind – Display readline key and function bindings
bless – Set volume bootability and startup disk options.
break – Exit from a For, While, Until or Select loop
builtin – Execute a shell builtin
bzip – Compress or decompress files
[click to continue…]

Schedule Random Post Time

by James on August 28, 2011


I’ll admit, I’m about as lazy a blogger as they come and when it comes to scheduling posts to be published in the future I really despise having to decide on what day and at what time the post should appear. After hacking a few other scripts to do something very similar I ran across a plugin called Date/Time Now Button created by someone named radiok. After checking it out I found it was pretty close to what I wanted but didn’t perform a random set. Since radiok already had the javascript worked out I just “adapted” that code to work the way I wanted it to.

Schedule Random Post Time adds a button to the post, page and comments that allows you to generate a random publish date. This plugin is useful for us lazy people that would rather not take the time trying to decide what date and time in the future to schedule a post for. Simply click the button and let it decide for you. It’s pretty simple really. Simply set the maximum number of hours into the future you want posts scheduled for in the settings, then just click the button and a random date between current time and your future time will be generated for you. Easy Peasy.

Installation is simple:

  1. Download the plugin from WordPress.org.
  2. Copy it to the wp-content/plugins directory of your blog.
  3. Enable the plugin in your admin panel.
  4. Set the maximum number of hours into the future you want posts scheduled for.
  5. An option for Schedule Random Post Time will appear under Settings.
  6. Enter the verification code for each service you wish to use

Support
If you like this plugin and want to support me, leave a comment or check out my donations and support page!

Webmaster Tools Verification

by James on August 26, 2011

All three of the major search engines offer some kind of website service. The most popular being Google Webmaster Tools. Yahoo offers Site Explorer and Bing has Webmaster Center. All three require that you verify your site and offer various methods to do so. This plugin uses the meta option and inserts a meta tag in your sites section of your site.

If you’ve used WordPress.com then this will look familiar since it’s based on that tool.

Installation is simple:

  1. Download the plugin from WordPress.org.
  2. Copy it to the wp-content/plugins directory of your blog.
  3. Enable the plugin in your admin panel.
  4. An option for Webmaster Tools Verification will appear under Settings.
  5. Enter the verification code for each service you wish to use

FAQ

  • Where do I get the verification code?
    Go to either Google Webmaster Tools, Yahoo Site Explorer, or Bing Webmaster Center, find the option to add/verify a new site then select the meta option. You be provided with a piece of code and instructions to add it to your site.
  • What do I do with the code once I have it?
    All you need is the actual content= code, the plugin will automatically format the meta tag when it inserts it.
    Ex.: Google will give you a piece of code like this: <meta name='google-site-verification' content='dBw5CvburAxi537Rp9qi5uG2174Vb6JwHwIRwPSLIK8'>
    You want to copy the code: dBw5CvburAxi537Rp9qi5uG2174Vb6JwHwIRwPSLIK8 and paste it in the input box for Google.
  • I’m using WPMU but I don’t want the plugin automatically activated for each site. Can I just put it in the wp-content/plugins directory so each blog owner can choose whether or not they want it activated?
    WPMU is no longer supported but the plugin should work fine with WordPress in network mode.

Support
If you like this plugin and want to support me, leave a comment or check out my donations and support page!

Choosing A Commerical PHP Framework

by James on July 11, 2011


One of the primary tasks my new J.O.B. requires is determining the development direction for a new SaaS product. On the surface it’s a relatively simple concept, capture client information send it off to a vendor via EDI formatted message and receive a result via the same. Process that result and do it again. On paper, it sounds simple. Why then has it been made to be so blasted complicated that several developers have worked on it and gotten nowhere?

Now that this puppy is mine to deal with I’m look at starting over from scratch. One thing I detest is picking up where someone else left off. Since we are primarily a PHP shop for our web development I’m comfortable staying in that arena, but like anything else, I don’t want to waste a bunch of time having to create what ultimately amounts to a framework to manage all the tedious things every app has to deal with (user management, security, session management, templating).

So I’ve spent a good deal of time looking at the various PHP frameworks out there but I’ve decided that only two are really worth the effort. Zend or Code Igniter. Zend is the obvious choice, because it’s less a framework than it is a collection of libraries. The major downside to Zend is obviously the learning curve and while CI that’s still an issue with CI, from what I can tell the curve isn’t quite as long as it is with Zend.

That said, Zend is most likely overkill for what I’m looking to build at the moment, but I also foresee a near term future that includes rebuilding some current fat client applications to be more web based thus requiring the need of multiple PHP programmers, as well as, I’m sure some requirement that the app I’m currently working on be able to integrate to some degree with that future.

The whole thought process here is the fact that I really am not a fan of any of the frameworks. However I also despise continually creating functions that do the same things over and over again. I also do not want to have to worry with maintaining a core framework myself. I’d much rather be able to just drop-in a module to update some functionality and not worry about having to build it myself. Plus, I like the idea of having a coding standard enforced on all developers, something else I despised from past endeavors. There’s also some concern over licensing, etc., with Zend there’s a high confidence that we’ll not run into any future legal issues, some of the other frameworks don’t give me that same warm and fuzzy.

So there’s my dilemma. Any thoughts on one vs the other? Rolling your own?

They’re Looking For Me!

by James on March 16, 2011


I’ve seen this one around the net many times but it’s funny every time I read it. Parent’s this is why you get gray hair.

The boss of a big company needed to call one of his employees about an urgent problem with one of the main computers. He dialed the employee’s home phone number and was greeted with a child’s whispered, “Hello?”

Feeling put out at the inconvenience of having to talk to a youngster the boss asked, “Is your Daddy home?”

“Yes”, whispered the small voice.

“May I talk with him?” the man asked.

To the surprise of the boss, the small voice whispered, “No.”

Wanting to talk with an adult, the boss asked, “Is your Mommy there?”

“Yes”, came the answer. “May I talk with her?”

Again the small voice whispered, “No”.

Knowing that it was not likely that a young child would be left home alone, the boss decided he would just leave a message with the person who should be there watching over the child. “Is there anyone there besides you?”, the boss asked the child.

“Yes” whispered the child, “A policeman.”

Wondering what a cop would be doing at his employee’s home, the boss asked, “May I speak with the policeman”?

“No, he’s busy”, whispered the child.

“Busy doing what?, asked the boss.

“Talking to Daddy and Mommy and the Fireman,” came the whispered answer.

Growing concerned and even worried as he heard what sounded like a helicopter through the ear piece on the phone the boss asked, “What is that noise?”

“A hello-copper”, answered the whispering voice.

“What is going on there?”, asked the boss, now alarmed.

In an awed whispering voice the child answered, “The search team just landed the hello-copper.”

Alarmed, concerned and more than just a little frustrated the boss asked, “Why are they there”?

Still whispering, the young voice replied along with a muffled giggle….

“They’re looking for me!”

The Discussion Flow Chart

by James on March 15, 2011


Thank you for requesting to have a discussion with me about this topic. Discussions are a dialog between people in which the participants are willing to alter their position if it makes sense to do so. Sometimes, people confuse “discussion” with “sermon” or “lecture”. These non-discussions are a waste of time since all parties are intractable in the their existing views.

So that our time is not wasted please use this guide to determine whether we can actually have a discussion about this topic.

How To Add An Uninstaller To Your Plugin

by James on March 15, 2011

On of the most annoying things I find about WordPress Plugins is that once you decide you no longer want to use one, simply deactivating the plugin, in most cases, still leaves behind a bunch of garbage in your database. Maybe you like to test a plugin to see what it does or maybe it sounded great but in reality it wasn’t quite what you were after. So you deactivate it and/or delete it thinking it’s gone right? Usually not. You might be left with altered database tables, indexes which now make your database inefficient, various settings and options that are now orphaned.

I recently decided I didn’t want to be part of this crowd. I wanted to give a reasonable option to my plugin users to 100% completely uninstall a plugin if they so chose. After a little research and some tweaking here’s what I came up with. It’s really rather simple.

There are 3 parts.
1. The uninstall form
2. The check for the uninstall submission
3. The uninstall itself

So here we go. First you need to create an uninstall form in your plugin. As you can see in the picture, I include a check box the user must check to confirm they want to uninstall the plugin. The form should look something like:

<form method="post">
<input id="plugin" name="plugin" type="hidden" value="plugin/plugin.php" />

	if ( isset( $_POST['uninstall'] ) && ! isset( $_POST['uninstall_confirm'] ) ) {

You must check the confirm box before continuing.

	}

The options for this plugin are not removed on deactivation to ensure that no data is lost unintentionally.

If you wish to remove all plugin information for your database be sure to run this uninstall utility first.

<input name="uninstall_confirm" type="checkbox" value="1" />Please confirm before proceeding

<input class="button-secondary" name="uninstall" type="submit" value="Uninstall" />
</form>

I like to wrap this in a function called pluginname_form_uninstall() to prevent conflicts then add that to the plugin options screen. Next we need to check to see if the form was submitted.

if ( isset( $_POST['uninstall'], $_POST['uninstall_confirm'] ) ) {
	pluginname_uninstall();
}

Somewhere near the top of the plugin or before execution starts add a check of the $_POST vars to see if our uninstall option was submitted. If it was we call the third piece of this puzzle, the uninstall function itself.

function pluginname_uninstall() {

	delete_option( 'plugin_version' );
	delete_option( 'plugin_options' );

        // This is where you would remove and tables, indexes or fields you added when your plugin was first activated. Also anything else that caused modification to the database should be undone here.

        // Do not change (this deactivates the plugin)
	$current = get_settings('active_plugins');
	array_splice($current, array_search( $_POST['plugin'], $current), 1 ); // Array-function!
	update_option('active_plugins', $current);
	header('Location: plugins.php?deactivate=true');
}

This is pretty simple but it depends on what you’ve added to the database.

  • First use the delete_option function to remove any settings added to the wp_options table.
  • Next undo any SQL modification you made when your plugin was created. Any tables, fields or indexes added need to be removed or changed like your plugin was never there.
  • The final part deactivates the plugin and switches the user to the plugins management screen.

At this point the plugin can be activated again or deleted.

As you can this this really is fairly simple, I’m not why more developers don’t use something similar to this. I for one can’t stand to have a cluttered up database of things I don’t need.

Your XBOX Broke Didn’t It?

by James on March 13, 2011


I can just see this conversation happening in a number of households that I know of. Except for one, where the XBOX, PS3 and Wii would all have to break.

WordPress 3.1 Finally Adds Long Awaited Admin Bar

by James on March 4, 2011


I just got finished updating my blogs to WordPress 3.1, the latest release that’s been out for around two weeks now. The installation was painless and I have no real issues to report yet. The first thing I noticed was the WordPress.com style admin bar which is a feature I think many will really like. Some won’t, but there’s a number of ways to turn it off. The easiest of which is to go into your personal profile options and just turn it off or you can change it display only in the admin section.

This release features a lightning fast redesigned linking workflow which makes it easy to link to your existing posts and pages, an admin bar so you’re never more than a click away from your most-used dashboard pages, a streamlined writing interface that hides many of the seldom-used panels by default to create a simpler and less intimidating writing experience for new bloggers (visit Screen Options in the top right to get old panels back), and a refreshed blue admin scheme available for selection under your personal options.

There’s a bucket of candy for developers as well, including our new Post Formats support which makes it easy for themes to create portable tumblelogs with different styling for different types of posts, new CMS capabilities like archive pages for custom content types, a new Network Admin, an overhaul of the import and export system, and the ability to perform advanced taxonomy and custom fields queries.

As I’m writing this post and getting it ready to publish I can tell there is a definite speed increase in editor interface which is good, it was starting to get bogged down. option panels I rarely use are all minimized and can be turned off via the screen option tab to clean up the editor interface even more.

Most of the other stuff I haven’t looked at yet, but I’m excited to play around with some of the new developer features and I can’t wait to see what the various frameworks can come up with now.

If you haven’t upgraded to WordPress 3.1 yet I certainly recommend you do. As always though, be sure to backup your database first, just in case.

← Previous Entries