With PHP's widespread adoption, it's almost too easy to find a script or snippet to do exactly what you need. Unfortunately, there's no filter as to what is a "good practice" and what's, well... not so good when writing a PHP script. We need trustworthy sources, who have proven they have a solid grasp on the best practices of PHP.
We need PHP masters to show us the best principles to follow for high-grade PHP programming.
There's no better resource than PHP's creator for knowing what PHP is capable of. Rasmus Lerdorf created PHP in 1995, and since then the language has spread like wildfire through the developer community, changing the face of the Internet. However, Rasmus didn't create PHP with that intent. PHP was created out of a need to solve web development problems.
And as with many open source projects that have gone on to become popular, the motivation was never philosophical or even narcissistic. It was purely a case of needing a tool to solve real-world Web-related problems. In 1994 the options were fairly limited when it came to Web development tools.
However, you can't use PHP for everything. Lerdorf is the first to admit that PHP is really just a tool in your toolbox, and that even PHP has limitations.
Use the right tool for the job. I have run across companies that have completely bought into PHP, deploying it absolutely everywhere, but it was never meant to be a general-purpose language appropriate for every problem. It is most at home as the front-end scripting language for the Web.
Trying to use PHP for everything isn't efficient, and it certainly isn't the best use of your time as a web developer. Don't be afraid to to use other languages if PHP isn't working out for your project.
Nobody needs to question Matt Mullenweg's authority with PHP. He has, (alongside a rabid community), developed the most popular blogging system on the planet: Wordpress. After creating Wordpress, Matt and company launched the stellar Wordpress.com, a free blogging site based on the Wordpress MU code base blogging software for multiple blogs. At the time of this writing, Wordpress.com hosts over 4 million blogs, and their users have written over 140,000 posts today. (You can see more interesting stats about Wordpress.com usage here.)
If anybody knows how to scale a website, it's Matt Mullenweg. In 2006 Matt gave some insight into Wordpress' database structure and explained why Wordpress MU uses a separate MySQL table for each blog, as opposed to using one giant "monolithic" table for all of the blogs.
We tested this approach for MU, but found it was too expensive to scale past a certain point. With monolithic structures you hit a wall based on your hardware. In MU users are divided and can be partitioned easily, for example on WordPress.com we have the users partitioned between 4096 databases, which allows you to scale very cheaply and efficiently to hundreds of thousands and even millions of users and extremely high levels of traffic.
Being able migrate the tables allows the code and ultimately the blogs to run much faster and scale easier. Alongside some heavy caching, and smart database usage, Matt has shown that extremely popular sites like Facebook and Wordpress.com can run off of PHP and handle the incredible traffic load.
Dave Child is the brainchild (teehee) behind the recently renamed Added Bytes (previously ilovejackdaniels.com) website that featured Dave's excellent cheat sheets for many programming languages. Dave's worked for many development companies in the UK and has established himself as an authority in the programming world.
Dave offers some sage advice when it comes to writing secure code in PHP: Don't trust your users. They just might hurt you.
So the cardinal rule of all web development, and I can't stress it enough, is: Never, Ever, Trust Your Users. Assume every single piece of data your site collects from a user contains malicious code. Always. That includes data you think you have checked with client-side validation, for example using JavaScript. If you can manage that, you'll be off to a good start. If PHP security is important to you, this single point is the most important to learn.
Dave goes on to give specific examples of secure practices in parts one, two and three of his 'Writing Secure PHP' series. But his ultimate takeaway is this:
Finally, be completely and utterly paranoid. If you assume your site will never come under attack, or face any problems of any sort, then when something eventually does go wrong, you will be in massive amounts of trouble. If, on the other hand, you assume every single visitor to your site is out to get you and you are permanently at war, you will help yourself to keep your site secure, and be prepared in case things should go wrong.
Ben Balbo has been writing for Site Point, a very well respected tutorial site for the likes of developers and designers. He's on the committee for both the Melbourne PHP User Group and Open Source Developers' Club, so he knows a thing or two about the language. It's no surprise with Ben's background as a PHP developer and trainer that he recommends putting a little more thought and preparation into PHP caching.
If you have a busy and predominantly static web site--such as a blog--that's managed through a content management system, it will likely require little alteration, yet may benefit from huge performance improvements resulting from a small investment of your time. Setting up caching for a more complex site that generates content on a per-user basis, such as a portal or shopping cart system, will prove a little more tricky and time consuming, but the benefits are still clear.
There are many different techniques for caching in PHP, and Ben touches on a few of the bigger ones in the article, like:
* cached function calls
* setting expiry headers
* caching file downloads in IE
* template caching
* Cache_Lite
and many others. Because of the nature of dynamic languages like PHP, caching is critical to store those parts of the page that are accessed frequently and don't change often.
When Chad Kieffer isn't busy rocking user interfaces and administering databases, he's giving expertise advice from his blog 2 tablespoons. Because of Chad's wide field of expertise, he's often able to see the big picture that other programmers might not, specifically when it comes to the holistic approach that Chad takes to developing a website. He specializes in all aspects of the development process, so any insights he can provide with putting together an entire project is going to be useful.
Chad believes that using an IDE like Eclipse PDT (Eclipse's PHP development package) with a mixture of templates and snippets can really speed up the turnaround time on a project.
Busy schedules, long to do lists, and deadlines make it tough for developers to get familiar with some of the advanced features their tools provide. This is a shame, because some features, like Eclipse Templates, can really reduce coding time and errors.
Common sense says that any time you can automate a task, the quicker you'll get the project done. The same holds true with Dan's theory. By taking the time to create templates that you'll use over and over, you'll save tons of time automating the repetitive parts of coding.
By using an IDE like Eclipse and the PDT package, you'll find that your development time will incrementally speed up. The IDE will auto-close brackets, add those missing semicolons and even allow you to debug within the editor, without having to upload to the server. (Chad has a nifty tutorial on getting started with Eclipse PDT and the benefits of an IDE in general, if you're interested.)
While Joey Sochacki may not be as big of a name as Matt Mullenweg in the PHP community, he's a seasoned web developer and shares tips that he's picked up along the way at his blog Devolio.
Joey has found that even though there is a ton of filtering that has to happen when writing PHP code, not many programmers make use of PHP's filter functions.
Filtering data. We all have to do it. Most, if not all of us, despise doing it. However, unbeknown to most are PHP's filter_* functions, that allow us to do all sorts of filtering and validation. Using PHP's filter_* functions, we can validate and sanitize data types, URLs, e-mail addresses, IP addresses, strip bad characters, and more, all with relative ease.
Filtering can be tricky, but this guide can help immensely. With Joey's help you'll learn how to install the filters and and filter nearly anything, taking advantage of the filtering power of PHP.
There has always been a debate as to whether to use a PHP framework like Zend, CakePHP, Code Igniter, or any other framework. There are upsides and downsides to using one, and many developers have their own opinions about whether or not to go down this road.
Josh Sharp is a web developer who makes his bread and butter creating websites for clients. This is why you should trust him when he says it's a good idea to use a PHP framework to save time and eliminate mistakes when programming. Why? Josh believes it's because PHP is too easy to learn.
But PHP's ease of use is also its downfall. Because there are less restrictions on the structure of the code you write, it's much easier to write bad code. But there is a solution: use a framework.
PHP frameworks help standardize how you program, and can save lots of time in the development process. You can read more about the benefit of using a PHP framework at Josh's blog.
Contrary to Josh's belief that one should use a PHP framework, Rasmus Lerdorf, the Godfather of PHP himself, believes that frameworks aren't that great. Why? Because they perform much slower than simple PHP.
During Rasmus' presentation at Drupalcon 2008, Rasmus compared the response times to a PHP page with a simple "Hello World" example, and compared it to a few PHP frameworks (slides 24-32), and showed that PHP frameworks are much slower than straight PHP.
You can listen or watch the entire presentation where Rasmus shows the performance losses with PHP frameworks. In short, Rasmus shows that performance takes a major hit when you use a PHP framework as opposed to using pure PHP.
[Note: If you have to use a PHP framework, Rasmus likes Code Igniter the best, as it is "least like a framework"]
Jack Herrington is no stranger to PHP and the development world. On top of writing over 30 articles for the prestigious IBM developerWorks, Jack has also published programming books like PHP Hacks. Jack is a bona fide expert.
Herrington recommends using batch processing and cron to tackle those tasks that can process in the background. Web users don't want to wait long for tasks to complete on the web. There are some jobs that take longer that are much more suited to being done in the background.
Certainly, in some small cases, it's a bit easier to fire off of a helper thread to handle small jobs. But it's easy to see that with the use of conventional tools -- cron, MySQL, standard object-oriented PHP, and Pear::DB -- creating batch jobs in PHP applications is easy to do, easy to deploy, and easy to maintain.
Jack believes in simplicity, and instead of using threading on servers, he uses the simple combination of cron, PHP and MySQL to process tasks in the background.
I've done both, and I think cron has the advantage of the "Keep It Simple, Stupid" (KISS) principle. It keeps the background processing simple. Instead of having a multithreaded job-processing application that runs forever and, thus, can never leak memory, you have a simple batch script that cron starts. The script determines whether there's anything to do, does it, then exits. No need to worry about memory leaks. No need to worry about a thread stalling or getting caught in an infinite loop.
David Cummings runs his own software company that specializes in content management systems, and has won several awards. If anyone knows how to develop a PHP application efficiently, it's Dave.
David wrote in a SitePoint article about the two PHP tips he wished he'd learned in the beginning. One of the tips: Turn on error reporting immediately. It'll save a great deal of time in the long run.
The single most important thing I tell people who use PHP is to turn error reporting to its maximum level. Why would I want to do this? Generally the error reporting is set at a level that will hide many little things like:
* declaring a variable ahead of time,
* referencing a variable that isn't available in that segment of code, or
* using a define that isn't set.
These factors might not seem like that big a deal -- until you develop structured or object oriented programs with functions and classes. Too often, writing code without error reporting turned up high would cost you hours as you scoured long functions that didn't work because a variable was misspelled or not accessible.
Error reporting can make finding the reason for an error much easier. A tiny bug in the code can be quickly identified if PHP's error reporting is turned on high. Save yourself some time and hair pulling by letting PHP find your bugs for you.
[Taken from Nettuts.com In Articles, PHP by Glen Stansberry]
This is basicly a really simple script which allows you to login as admin and write articles. Then the visitors can comment on your articles. You can edit/delete
articles and delete comments through the admin system.
Features (Version 1.1) :
The Article Script is released for free and made by Johan Hörnquist
Download Article Script 1.1
This script (along with 'ari-config.php') will import items from various RSS feeds containing specified keywords into WordPress entries at a specified time interval automatically when included at the top of your wordpress 'index.php' as detailed in 'readme.txt'.
In short, set it up once and it will keep your WordPress site updated with fresh content. Most of the RSS parsing code is based on the original WordPress RSS import code. Those WordPress guys/girls have written a great application (http://wordpress.org).
Installing is very easy, just follow the commenting in the script. Note that this script does require WordPress 2.0 or higher.
Download RSS Auto Importer v1.1
Visit author's website
Seymour is a library that provides Atom/RSS feed fetching and parsing from your PHP code. Currently it supports Atom 1.0, 0.3, RSS 2.0, 1.0, 0.9x
The main advantage this has over similar libraries is that it maps the source feed to a consistent object model, based on Atom 1.0. This means that regardless of the format of the incoming feed, your code uses the same names to reference the same data. For example an RSS 'item' is mapped to an Atom 'entry', and the item 'description' becomes the entry 'summary'. This can save you a lot of work in your own code, and makes dealing with feeds in several different formats much simpler.
The mapping process has been designed to be as future-proof as possible. It provides a framework that allows new feed formats to be added easily, with minimal or no changes needed to your code that uses the library.
The other benefit of Seymour over similar libraries is that it is LGPL, meaning you can use it in projects that are not open-source.
IMPORTANT!:
Seymour is currently alpha, and is NOT recommended for production environments.
Please let us know about any problems you find on the forums at Sourceforge, and hopefully soon we'll have a robust and consistent product. Patches, contributions, feature requests and suggestions for improvement are also warmly welcomed! See the bottom of this file for contact info.
Download Seymour v1.0a
Introduction
LeafRSS is a learning filtered RSS aggregator. It is designed to filter out unwanted aricles from several feeds and display them through a web interface. It also caches the feeds in a user-defined database. Currently only MySQL is supported.
LeafRSS has been tested using PHP 4.x, but should work without incident in PHP 5, as an effort has been made to make this as non-version-specific as possible.
LeafRSS makes extensive use of LastRSS for feed parsing. The latest copy of LastRSS can be found at http://lastrss.oslab.net/. They also provide documentation for LastRSS. LeafRSS currently uses LastRSS version 0.9.1, and has not been tested with any other versions. A copy of LastRSS v0.9.1 is included with LeafRSS.
Getting Started
Extract the downloaded file into the desired web directory. In order for LeafRSS to run properly, the user account that runs your web server (i.e. www-data) must have write access to this directory. You must also either have an available database already created for the install script to create tables in, or create a new database manually. LeafRSS will not create databases on its own to prevent permission problems on public servers.
Be sure that whichever database user you are using for LeafRSS has SELECT, INSERT, UPDATE, CREATE, and ALTER permissions for the selected database or the install script will not run correctly.
Once all this is set, run install.php in the root of the install folder. This will create the configuration file, the required tables in the database, and set some default values for some of the global variables stored in the database.
Using CRON Updates
As of version 0.4, you can now either use an internal update timer or cron (or similar scheduler) to update the feeds. This option is selectable at install, and can be changed via the global settings editor. NOTE THAT TURNING ON CRON IN THE SETTINGS WILL NOT CREATE A CRON JOB FOR YOU, IT WILL SIMPLY DISABLE THE INTERNAL TIMER! To create a cron job, add something like the following line to your crontab:
@hourly php4 /path/to/leafrss/update.php
For more information on cron and crontab, check the man pages for cron.
Authentication Issues
As of 0.7 you now have the option to select the method for authenticating to access the administration area. The system defaults to session-based login, as there were some issues discovered using the 0.6 and earlier method of browser- based authentication (via WWW-Authenticate headers).
You can switch between the two methods now, but be warned that changing this setting may require you to log in again.
TimeZone Setting
As of 0.8 there is the option in the global settings to set your time difference from GMT, which will alter the publish date shown on the front end to match your time zone. It defaults to 0 (which is GMT), and can be set from -12 to 12 (i.e. PST is GMT -7, so set to -7 if in Pacific Standard Time)
Smarty Templates
As of 0.9 we have integrated Smarty template capabilities into LeafRSS to allow greater ease of layout customization without the worry of breaking the functionality of the filter. We have included a copy of Smarty 2.6.16 with this release, and the defaults within the config file point to the included copy of Smarty.
If you already have Smarty installed on your server, then simply update the Smarty variables in your config.inc file to point to your installed copy.
Note that we have not tested LeafRSS with versions earlier than 2.6.16, so we cannot guarantee that your copy of Smarty will be fully compatible if you are using an earlier version.
LeafRSS will attempt to create the Smarty compile directory specified in the config.inc file. If your server does not give the web user the permissions required to create the smarty compile directory, the script will not run. If this occurs, you will need to create the directory manually and give the user that the web server runs under write permissions to that directory.
For more information on Smarty, please visit http://smarty.php.net/. Special thanks to all the folks at Smarty for their hard work!
Patching Old Version
Starting with version 0.6, there will be a patch file available to upgrade from the previous version. Please read the PATCH file for details.
Download LeafRSS v1.1
COPYRIGHT: Copyright(c) 2008 Grant Electronics. All rights reserved. This software is released under the GNU General Public License. A copy of the GNU General Public License can be found in the LICENSE file, or at http://www.gnu.org/copyleft/gpl.html
Anti-Bot Form Mailer [ABFM] is a php script that help webmasters reducing spam received via their contact or support form.
Spammers usually use a program called "BOT" which automatically fill in forms and click on sending button many times in a shot period.
As a solution, each time you try to send an email using ABFM you will be asked an easy security question, you must answer it correctly otherwise your message won't be send.
For example: "4+6=?" or "What is the color of tomatoes"...
Security questions are managed by the admin. He can add or remove questions any time he want.
Login information in Database are encrypted in order to protect your data in case of an exploit.
Download ABM v1.01b
Author Website
Form Tools is a GNU licensed, open source project for web developers who work on online registration sites, or sites that require any form of information gathering from their online visitors. Put simply, it is a form processor, storage and data access script written in PHP and MySQL, designed to work with any existing web form. With a few minor changes to your form, you can stop using old-fashioned form-mail scripts and instead store form submissions in a database, instantly providing your clients with options such as mass data export via excel, printer-friendly pages, data sorting, form submission editing, file uploads and optional email of form submissions.
Form Tools started from a body of scripts to provide data storage and client access through a simple web interface. Aside from the data stored and minor differences in the interfaces. Form Tools is a generic solution to a common problem.
Key Features:
Download Form Tools
Form Tools is available under the GNU General Public License, free for anyone to download and modify.
A single installation can handle as many forms as you wish - even from different websites. You can set up as many user accounts as needed, enabling other people to log in and view their data online.
Very little modification to your web form is needed to allow Form Tools to store its content.
With version 1.5.0 (currently in Beta), Form Tools provides full internationalization and localization support. If needed, each user account may view the interface in its own language. Click here for a list of currently available translations.
Form Tools has a simple, intuitive web interface which you and your clients will appreciate. Every aspect of the client's user interface, from colours, fonts and the logo itself may be customized, allowing you to adapt the application for each client.
By simply designing a default image and changing a few default values in the Setup Options, you may customize Form Tools as belonging to your own company.
Form Tools was designed to be used in conjunction with other software, such as online credit card payment processing. And since the code is downloadable for free under the GNU General Public License, you may choose to extend it in any way you wish.
Visit Publisher website for documentation
The Flash image scroller is a simple, free (GNU-licenced), highly configurable Flash script that you can add to your webpages to provide an intuitive "window" to scroll through a series of thumbnail images. Currently it only allows for horizontal scrolling.
It is compatible with any server side language like PHP, ASP, JSP, ColdFusion etc.
The configurable options include:
Included in the download package is Geoff Stearns' excellent SWFObject (formerly FlashObject). This is a Flash detection and embed script, which does all the nitty gritty of determining whether or not a person's browser is capable of running the script. SWFObject greatly simplifies your job of adding the image scroller to your website in a cross-browser friendly manner. It's available for download and use under the MIT license. Also, the Flash / JavaScript Integration Kit written by Christian Cantrell and Mike Chambers from Adobe. This script allows us to send information from Flash to JavaScript.
Download Flash Image Scroller 1.6
Author: Benjaminkeen
Dragonfly CMS is a powerful, feature-rich, Open Source content management system which was based on PHP-Nuke 6.5 in the "CPG-Nuke CMS" days. We have spent over a year developing Dragonfly CMS, paying close attention to security and reliability. The release of Dragonfly marks yet another exciting milestone in our history.
Unlike other content management systems on the net, we maintain a high level of security, so that you spend time managing your site, not patching it. Managing your site is easy with our powerful line of tools which include a debugging system, BBCode support in many areas, a built-in photo gallery, and a derivative of phpBB 2.0.x.
Download Dragonfly 9.2.1
Visit Official website
Web File Manager, as its name implies, a file manager Web, designed to be integrated into any web development need to work with files.
This done in PHP, using AJAX (with the library xajax) and is very easy to configure and use. Developed by freelancesoft.
Download Web File manager 1.0
Visit Developer website
Kaltura’s open-source online video platform for video management, creation, remix and collaboration. Download our MediaWiki video extension and WordPress plugin and contribute for more.
Kaltura version 1.8 is released, This version includes performance optimization for general extension loading time, and special pages lazy loading time.
Download Kaltura MediaWiki Extention
Download Kaltura Wordpress Plugin
Visit Publisher's website
