Posted by nick on January 12, 2012 at 2:31 pm
I was pleasantly surprised at how simple it was to integrate a good captcha solution with Zend_Form. Your form doesn’t have to extended a special object or anything; you just need to add a “captcha” element like so:
$this->addElement('captcha', 'captcha', array(
'label' => 'Please Type:',
'required' => true,
'captcha' => array(
'pubkey' => RECAPTCHA_PUBLIC_KEY,
'privkey' => RECAPTCHA_PRIVATE_KEY,
'captcha' => 'reCaptcha'
)
));Be sure to change or set the defined variables for public and private keys provided to you with your recaptcha account. You don’t have to do anything to validate if the user entered the correct letters in your controller as Zend has already taken care of that part for you. As long as you’re using Zend’s isValid() method like so:
if ($form->isValid($request->getPost())) {
Posted by nick on July 2, 2011 at 1:26 pm
I got to thinking that it didn’t make sense to have a common /forms directory that would share forms between two modules when the forms would not be shared. A /forms directory within the specific module directory seemed more appropriate. The documentation on this isn’t very clear, but after some digging and trial and error I figured it out.
First, the directory structure. Notice the location of the forms directories.
/Application
/modules
/default
/controllers
/forms
/views
/admin
/controllers
/forms
/views
First, add the two below lines to your application.ini file.
resources.frontController.moduleDirectory = APPLICATION_PATH "/modules"
resources.modules[] = ""
Second, create a boostrap file for each module. The file, named Bootstrap.php, should be placed in the root of the module directory and the class name should be {module name}_Boostrap. This bootstrap file will cause zend framework to automatically add the new forms directory to the autoloader.
class Admin_Bootstrap extends Zend_Application_Module_Bootstrap {}Third, add for form class to the /forms directory. A login form would have a filename of Login.php and a class name of {module name}_Form_Login.
class Admin_Form_Login extends Zend_Form
Lastly, call your form from a controller file from within the same module.
$form = new Admin_Form_Login();
Be careful if you’re adding a Bootstrap.php file to the default module! From Zend:
The reason that the default module is skipped is because the documented use case – particularly how we setup an application in Zend_Tool – is that the default module is directly beneath application/ and contains the application bootstrap. If we then allow loading the default module’s bootstrap… we get into a recursive loop.
Continue Reading
Posted by nick on June 11, 2011 at 4:10 pm
I’m using Zend_Auth on a Zend Framework project and while working through an example where an object was written to the session using Zend_Auth ‘s getStorage()->write() method, I was given the following error:
“You cannot serialize or unserialize PDO instances”
Zend_Auth serializes arrays and objects when writing them to storage. Many built in PHP objects cannot be serialized, such as PDO. PHP’s serialize() method will call the __sleep method of the object you’re serializing prior to serialization, giving you the ability to clean up anything in the object that may cause problems (such as an object of PDO).
The solution was to implement the magic method __sleep in my object and return an array of the properties I wanted it to serialize like
public function __sleep() {
return array('id', 'name');
}
Posted by nick on May 8, 2011 at 3:05 pm
I was in need of a source containing all cities in the united states for my new personal web project. I found this source http://www.populardata.com/zipcode_database.html , but quickly found that it was missing many entries (it has 43,000 cities). However, after more searching I came across this source http://www.maxmind.com/app/worldcities that has call cities in the world listed by country and state. They have 142,000 cities listed for the United States and is much more complete.
Continue Reading
Posted by nick on March 22, 2011 at 8:29 am
I’ve spent more time than probably necessary lately to find the best solution to escaping inputs and filtering outputs from your PHP script. I made the mistake of “over sanitizing” user inputs by first running them through PHP’s filter_var function immediately when capturing the request, then running the data through mysql_real_escape_string(), and then passed it off to PDO, which automatically escapes the bound parameters for you. I ran into problems with special characters, namely single and double quotes because filter_var would convert them to their html_entities or ascii equivalents and store them in the database as such while other data in the application escaped the quotes with a backslash. Rather than go through all the tests I ran, I’ll provide the solution I found that handles inputs best.
- Do not convert quotes or any special characters to their ascii equivalents by using htmlspecialchars() or filter_var($var, FILTER_SANITIZE_STRING)
- Use PDO or mysql_real_scape_string prior to inserting into the database
- When outputting the data, use stripslashes() and htmlentities().
The htmlentities() is important so characters such as a double quote followed by a greater than sign won’t break your html input. If they’re converted to their ascii character, they’ll still print properly and won’t break your html. Also, it’s worth noting that if you enter the value “nick\s” in an input field and save it to the database, the value will be stored as “nick\\s” and when you use stripslashes() on this, only one of the two backslashes will be removed, which is the desired behavior.
Continue Reading
Hi I'm Nick Bartlett and thanks for visiting my blog. I'm not much of a writer; many of my posts are short and to the point while others are meant to be a reference for myself and other web developers.