October 26th, 2010

On extensions.joomla.org a lot of extensions are offered worthwhile using. Most of them are released under the GNU/GPL and free to use, others are offered under a commercial license – I don’t have a problem with this, because for me the functionality is more important than the amount of money I have to pay.

Open source or not

But one thing which I find very important is the openess of the PHP-code. If an extension is GPL-ed, the code is open source which enables me as programmer to fix problems myself instead of relying on other people to fix it for me. It allows me to solve problems much quicker.

With commercial extensions however there are two variations: Extensions which are both commercial as open source and extensions which are both commercial as closed source. I prefer the open source extensions, but sometimes you’re just stuck with closed source because of the functionality it sometimes offers. I always cross my fingers and hope that I don’t bump into a problem that makes me call some helpdesk-guy that doesn’t understand a bit of the problem.
The website is down

Now something happened which made me reconsider my point on closed source extensions (for the worse): The website was down. I have full access to the webserver, so I logged in through SSH to have a look at the Apache error-log. There I quickly discovered the problem. Some kind of Joomla! plugin gave a huge timeout.

The Joomla! plugin in question was a system plugin and depended on a helper-file. Somehow this helper-file tried to reach another remote site. And because this other remote site was down as well, the Joomla! plugin was waiting indefinitely for a response and so did my website. No timeout was being given.

I quickly logged into the Joomla! Administrator, navigated to the Plugin Manager and disabled the plugin. Hmm, the website was still down. Appearently disabling the plugin from within the Joomla! backend did not actually disable the plugin itself. With a steady hand I removed the plugin-files. The website was up again.

Next, I deciced to do a full audit on this plugin. What was causing the problem? And more importantly, why did it not give a timeout when trying to reach the remote site – for a proper PHP-script it seemed to be the most responsible thing to do.
A first glance at the evil Joomla! plugin

At a first glance the plugin looked very cool. The backend did not have any parameters, it showed an HTML description which was displayed just as plain text and not as HTML, and the plugin title did not follow the plugin naming conventions (“System – My Plugin”). But sometimes I’m just too picky about these things. Instead of becoming to frustrated I had a look at the code instead.

The main PHP-script is written following the JPlugin-class standard, which is a clear way of writing your own plugin. However the main file included a helper file, even when the plugin itself was disabled. That was a big mistake: The helper tried to fetch content from a remote site, which was down. But it tried to do this, regardless of the state of the plugin. If the plugin would be disabled, there was no need for this action anyway.

…
include_once( dirname( __FILE__ ) . ‘/evil.helper.php’ );
…
class plgSystemEvilplugin extends JPlugin
…

License and reverse engineering

The Joomla! plugin was mentioning (in the source code) a copyright but not a license. On the website I could not find any word of the license under which the source code was distributed. Now, Joomla! is released under the GNU/GPL and officially all extensions that extend Joomla! should fall under the GPL as well, and thus make it open source. I took the liberty to assume that the GPL was applied to this plugin as well and began reading the code.

The main plugin-file did not do much, except include a helper-file and call a function within this helper-file. So I opened up the helper-file to discover that it did not contain readable code but something encrypted instead. Looking at the GPL it is absolutely legal to decrypt this encrypted code, so I started decoding it.

BFkWUEZsfUtbXj9YS1gqIC47dzdzUBpQLQlaBQ9KUxgPA1g4XBZdGxwHUzZXVBYyFl1LZ
wkRSRlHDgddQx8KHQEODRUNGA4dXwRXBgBDGR9jF10UcgATSRxaVR1HS11BAVphQh0Wa2
lfFhgKHzxEAB0cTw0aBgMKFg1vHxYLHxcSRlxHTgBUEAJjQhocGgA7BFQCR1IKRwAH

Decrypting the base64 file

The file was encoded with base64 encryption, and any PHP-programmer should know that there is a PHP-function “base64_decode()” to help you with this. The difficult part was that after base64-decryption I ended up with again a base64 encryption. So again I decrypted it, but now I ended up with a base64-encryption locked with a specific encoding key.

$codelock_decrypter["t"] = base64_decode(“LlJpagxUIiZLXmc3Ijk5PzUaMCM
pKStbKikEHm48W0FZISlwKSQiVz8jLidnTz8jXxdqGExfWTExNTg+NF4MdzstNRRtHUFe
LSJWTl0NYSYrOWY …
…
$codelock_decrypter["z"] = substr($codelock_decrypter["license"], $codelock_decrypter["x"] % strlen($codelock_decrypter["license"]), 1);

This CodeLock-encryption is however not impossible to crack. Still this is not real closed source like ionCube or Zend Encryptor – it just takes some good knowledge of PHP to turn the base64-encryption into regular PHP-code. After 15 minutes of good hacking I succeeded in breaking the full encryption and store the PHP-code as a readable content.

There I found the root of the whole problem: The PHP-scripts themselves did not contain any logic by themselves. Instead the PHP-script was encrypted with CodeLock but still able to decrypt itself. After this a request was made to the remote site to get again encryted text which was then decrypted and then executed as PHP. And what was all the fuzz about? About 400 lines of code that I could write easily in one evening.
So what’s bad about this Joomla! plugin

Though the functionality of the plugin was very useful, the downtime of the remote site brought a very weak architecture into the light. This is the list:

* The plugin is not clear on the license needed to redistribute the PHP-code. I assumed the code to be GPL, which is probably legally the right assumption.
* The plugin called a helper-file even when the plugin was disabled, which shows that the manufacturor did not actually test things properly.
* The code is encrypted with encryption software written in a manner, which I have seen only with script-kiddies. It contained PHP Notices and even PHP Warnings which were manually oppressed, which is a bad habit.
* The whole functionality depends fully on a remote site. If this site is down, the plugin doesn’t work.
* They ask money for this type of software.

How could you know?

You don’t, unless you are an experienced PHP-programmer like me. It takes a lot of knowledge to find out what an extension is doing exactly and things get even more complicated with things like base64-encryption. But you can now for sure that with closed source less people are making sure that the PHP-code is of a high quality.

You can find the original post here : http://blog.opensourcenetwork.eu/blog/programming/reverse-engineering-an-qencryptedq-joomla-plugin

Tags: encrypted joomla plugin, joomla plugin
Posted in joomla | Comments Off

October 25th, 2010

One interesting topic on web development is webservice development. There are several techniques to implement a webservice out there, and today I’ll talk about one technique that I worked in the recent past that I really like: SOAP. As per wikipedia:

SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. It relies on Extensible Markup Language (XML) as its message format and usually relies on other Application Layer protocols, most notably Remote Procedure Call (RPC) and HTTP for message negotiation and transmission. SOAP forms the foundation layer of the web services protocol stack providing a basic messaging framework upon which abstract layers can be built.

The plan for this tutorial is to build a complete set of webservice methods to interact with the citypicker, built in a previous post. For this, I’ll use a great symfony plugin called ckWebService. This plugin enables the developer to expose your actions as a SOAP webservices. Another great functionality is the built-in WSDL generator, that parses module’s doc comment in order to identify which actions should be exposed and it’s input/output parameters.

Let’s start by installing ckWebService plugin in our symfony project. I’ll not install the latest release, instead I’ll checkout from trunk svn, as it contains some nice improvements if compared to latest release:

info@amphee.com [~/symfony/blog]# cd plugins/
barrosws@barros.ws [~/symfony/blog/plugins]# svn co http://svn.symfony-project.com/plugins/ckWebServicePlugin/trunk ckWebServicePlugin

OBSERVATION: Current trunk version has a small bug (actually a wrong variable name) that must be fixed before continuing:

public function getResultProperty()
{
- return $this->resultMember;
+ return $this->resultProperty;
}

Now we need to configure the plugin in order to make it work. The read-me located at plugin page provides a complete guide to configure it. For this project we use a basic configuration:

apps/frontend/config/app.yml:

soap:
enable_soap_parameter: on
ck_web_service_plugin:
wsdl: soap.wsdl
handler: ckSoapHandler
persist: %SOAP_PERSISTENCE_SESSION%
render: off
result_callback: getSoapResult
soap_options:
encoding: utf-8
soap_version: %SOAP_1_2%

apps/frontend/config/filters.yml:

soap_parameter:
class: ckSoapParameterFilter
param:
condition: %APP_ENABLE_SOAP_PARAMETER%

apps/frondend/config/factories.yml:

soap:
controller:
class: ckWebServiceController

Done! That’s all we need to start exposing actions as SOAP webservices. For now on we can expose any of our previously created action by adding a special tag to the doc comment, like this:

/**
* Action description
* @ws-enable
*
* @param string $name
* @return boolean
*/
public function executeSomeAction($request)
{
/* action here */
}

This doc comment will expose the action and instruct the WSDL generator that this action expects a string input parameter, called $name and that it will return a boolean value. An interesting thing about this plugin is that it will place all input parameters in the $request object, so the action can access it as if it was called from a browser, passing name as a query string or a post value:

…
$name = $request->getParameter(‘name’);
…

Also, notice that $request parameter was removed from the doc comment. This is necessary because if we keep it, the WSDL generator will add $request as a parameter to the webservice, what is not the case here.

Let’s start the implementation for this project. We have three actions that will be exposed:

* executeIndex: to list users;
* executeEdit: to insert/edit users;
* executeDel: to delete users.

One might think that we will need to add @ws-enable to these actions doc comment… well, yes, that’s the original idea, but I prefer using a different approach. My approach is to create a new module, called soap (or whatever you want) and create wrappers to actual actions. This will reduce the number changes needed to be done in the actual actions (sometimes it won’t require any change at all) and will make it possible for the developer to code the entire system without even caring about webservice, all adjustments can be easily made only when actually implementing the webservice. This is not the best way to achieve this result. The correct way to do this is to create a custom SoapHandler, but this will kill WSDL generator, so I’ll stick to my way by now (trunk version has all the necessary changes to make this possible – it’s not the case with latest release).

So, let’s create our new module:

info@amphee.com [~/symfony/blog]# symfony generate:module frontend soap
>> dir+ /home/amphee/symfony/blog/apps/frontend/modules/soap/templates
>> file+ /home/amphee/symfony/blog/app…soap/templates/indexSuccess.php
>> dir+ /home/amphee/symfony/blog/apps/frontend/modules/soap/actions
>> file+ /home/amphee/symfony/blog/app…/soap/actions/actions.class.php
>> file+ /home/amphee/symfony/blog/tes…al/frontend/soapActionsTest.php
>> tokens /home/amphee/symfony/blog/tes…al/frontend/soapActionsTest.php
>> tokens /home/amphee/symfony/blog/app…soap/templates/indexSuccess.php
>> tokens /home/amphee/symfony/blog/app…/soap/actions/actions.class.php

The first action will expose is executeIndex, that will return a list of all users registered in the system. This is the simplest one and I’ll use to explain some important points:

apps/frontend/modules/soap/actions/actions.class.php:

/**
* Get users
*
* @ws-enable
*
* @return SoapUser[]
*/
public function executeGetUsers($request)
{
// call actual action
$this->getController()->forward(‘citypicker’,'index’);

// set result
$actionInstance = $this->getLastActionInstance();
$actionInstance->result = $actionInstance->users;
}

As I said before, we will create wrappers to actual actions. For this action, we don’t have any input parameter, so we don’t need any extra processing. First thing the action does is a forward to actual action. Note that I use the forward method from the controller instead of forward method from sfAction. This is necessary because we need continue our execution flow AFTER actual action returns (sfAction’s forward won’t return control to us). Return value is expected to be located in the deepest action instance, in our case, citypicker/index action, in a property called result (in our case, we store the result of a UserPeer::doSelect() call – made in citypicker/index action and stored in users property). In order to do this we need to get this action’s instance and that’s what getLastActionInstance method do:

apps/frontend/modules/soap/actions/actions.class.php:

/**
* Get last action instance
*
* @return sfActionInstance
*/
private function getLastActionInstance()
{
return $this->getController()->getActionStack()->getLastEntry()->getActionInstance();
}

This method will simply return last actions instance from the action stack, and we will use it in all of our wrappers. If you look at doc comments, you will notice return value is declared as an array of SoapUser objects. SoapUser class is defined as follows:

lib/soap/SoapUser.class.php

class SoapUser
{
/**
* User name
*
* @var string
*/
public $name;

/**
* Country ID
*
* @var integer
*/
public $country_id;

/**
* State ID
*
* @var integer
*/
public $state_id;

/**
* City ID
*
* @var integer
*/
public $city_id;
}
?>

Doc comments are REQUIRED here too, because WSDL generator will use it to build the object definition. When sending result back, our result (array of User objects) will be converted into SoapUser objects, making these properties available.

Our first method is complete. In order to start using it, we need to generate the WSDL definition, using the built-in WSDL generator. The generator will also create the frontend dispatcher, in web/ directory:

info@amphee.com [~/symfony/blog]# symfony webservice:generate-wsdl frontend soap http://blog.barros.ws/symfony
>> file- /home/amphee/symfony/blog/web/soap.php
>> file+ /home/amphee/symfony/blog/web/soap.php
>> tokens /home/amphee/symfony/blog/web/soap.php
>> file+ /home/amphee/symfony/blog/web/soap.wsdl

In order to test it we can use a nice piece of software called SoapUI. This software will read soap.wsdl and build the request, all using a nice GUI. I recommend downloading the trial of PRO version, as it is capable of generating forms (web like) where you can input parameters:

executeDel actions is similar to executeIndex:

apps/frontend/modules/soap/actions/actions.class.php:

/**
* Deletes an user
*
* @ws-enable
* @param integer $id
*
* @return boolean
*/
public function executeDelUser($request)
{
// call actual action
$this->getController()->forward(‘citypicker’,'del’);

// set result
$actionInstance = $this->getLastActionInstance();
$actionInstance->result = true;
}

Now, executeEdit (executeNewUser in our wrapper) is a bit trickier:

apps/frontend/modules/soap/actions/actions.class.php:

/**
* Creates a new user in the system
*
* @ws-enable
* @param SoapUser $user
*
* @return boolean
*/
public function executeNewUser($request)
{
// convert input param from OBJECT to ARRAY
$request->setParameter(‘user’,get_object_vars($request->getParameter(‘user’)));

// call actual action
$this->getController()->forward(‘citypicker’,'edit’);

// check errors
$actionInstance = $this->getLastActionInstance();
if(!$actionInstance->form->isValid()) $this->throwSoapFormException($actionInstance->form);

$actionInstance->result = true;
}

First difference we can note is the fact this action requires one input parameters. In doc comment we declare that this action expects an SoapUser object as input, but the actual action expects an simple array. The first step then is to convert received object into an array. For this we use get_object_vars and after conversion, we set it back to the $request object. Finally we call actual action, that will act as if the user had submitted the form. Next difference is that we need to check if there was any error processing input data. We do this by checking if form, in actual action instance, is valid, and if not return an error message. In order to throw an exception with detailed errors, I created an small method called throwSoapFormException, that will iterate through all errors in the form and build single string, with one error per line:

apps/frontend/modules/soap/actions/actions.class.php:

/**
* Throw a SoapFault error based on form errors
*
* @param sfForm $form
*/
public function throwSoapFormException($form)
{
foreach($form->getFormFieldSchema()->getError() as $e)
$errors[] = $e;

throw new SoapFault(‘ERROR’,implode(“n”,$errors));
}

And that’s it, we can now create new users using the new SOAP interface:

Well, actually one small thing is missing to make it really work… Did u notice that I didn’t touch actual actions yet? Sometimes we don’t need to touch it, but that’s not our case. If you look at citypicker post you will notice that both “del” and “edit” actions redirect the user back to index page on success. We can’t do this when running on soap mode, or we will lose control and we won’t be able to send correct result back to the client. To fix this, we just need to make an small change:

if(!$this->isSoapRequest()) return $this->redirect(‘citypicker/index’);

isSoapRequest is a new method added by ckWebservicePlugin and it will return true when executing the actions via SOAP. Adding this check we just perform the redirect when NOT in SOAP mode.

That’s all we need to talk about how to expose your actions via SOAP, but in order to complete our example, we need to create some methods to fetch countries/states/cities informations. For this we create 6 new actions:

/**
* Get countries list
* @ws-enable
*
* @return SoapGeo[]
*/
public function executeGetCountries($request)
{
$this->result = CountryPeer::doSelect(new Criteria());
}

/**
* Get a country
*
* @ws-enable
* @param integer $id
*
* @return SoapGeo
*/
public function executeGetCountry($request)
{
$this->result = CountryPeer::retrieveByPK($request->getParameter(‘id’));
}

/**
* Get states list
*
* @ws-enable
* @param integer $country_id
*
* @return SoapGeo[]
*/
public function executeGetStates($request)
{
$country = CountryPeer::retrieveByPK($request->getParameter(‘country_id’));
if(!$country) throw new SoapFault(‘ERROR’,'Invalid country’);

$this->result = $country->getStates();
}

/**
* Get a state
*
* @ws-enable
* @param integer $id
*
* @return SoapGeo
*/
public function executeGetState($request)
{
$this->result = StatePeer::retrieveByPK($request->getParameter(‘id’));
}

/**
* Get cities list
*
* @ws-enable
* @param integer $state_id
*
* @return SoapGeo[]
*/
public function executeGetCities($request)
{
$state = StatePeer::retrieveByPK($request->getParameter(’state_id’));
if(!$state) throw new SoapFault(‘ERROR’,'Invalid state’);

$this->result = $state->getCitys();
}

/**
* Get a city
*
* @ws-enable
* @param integer $id
*
* @return SoapGeo
*/
public function executeGetCity($request)
{
$this->result = CityPeer::retrieveByPK($request->getParameter(‘id’));
}

And to finish, we need to create the SoapGeo class, that will store country name and id:

lib/soap/SoapGeo.class.php:

class SoapGeo
{
/**
* ID
*
* @var integer
*/
public $id;

/**
* Name
*
* @var string
*/
public $name;
}

And we’re done. With this we can now build an external app to create/edit/delete users in the database. I spent several days working with the plugin before coming up with this solution and I hope this will save other developers some time dealing with SOAP implementations.

You can find original post here : http://blog.barros.ws/2008/11/16/soap-webservice-in-symfony/

Tags: webservices in symfony
Posted in symfony | 27 Comments »

September 17th, 2010

HTML5  features which are useful right now include:

• Web Workers: Certain web applications use heavy scripts to perform functions. Web Workers use separate background threads for processing and it does not effect the performance of a web page.
• Video: You can embed video without third-party proprietary plug-ins or codec. Video becomes as easy as embedding an image.
• Canvas: This feature allows a web developer to render graphics on the fly. As with video, there is no need for a plug in.
• Application caches: Web pages will start storing more and more information locally on the visitor’s computer. It works like cookies, but where cookies are small, the new feature allows for much larger files. Google Gears is an excellent example of this in action.
• Geolocation: Best known for use on mobile devices, geolocation is coming with HTML5.

The <video> is new in html5. The <video> tag defines video, such as a movie clip or other video.

Tip:You can write text between the start and end tags, to show older browser that they do not support this tag.

Optional Attributes

Video Formats

Currently, there are 2 supported video formats for the video element:

• Ogg = Ogg files with Thedora video codec and Vorbis audio codec
• MPEG4 = MPEG 4 files with H.264 video codec and AAC audio codec

<html>
<body>

<video width=”320″ height=”240″ controls=”controls”>
<source src=”movie.ogg” type=”video/ogg” />
<source src=”movie.mp4″ type=”video/mp4″ />
Your browser does not support the video tag.
</video>

</body>
</html>

from:
Jalpesh Makadia

Posted in web development | Comments Off

August 17th, 2010

Follow under given steps for best way of running multiple versions of Symfony apps together on the one environment…

Step 1 – Un-install Symfony via PEAR
If you have Symfony installed via PEAR, get rid of it, it will only confuse you with what we are about to do.

express@express-dev:~$ sudo pear uninstall symfony/symfony
uninstall ok: channel://pear.symfony-project.com/symfony-1.1.0

Step 2 – Setup a structure for Symfony
In our case, I still want to install symfony in /usr/share/php/symfony, so lets set that up:

express@express-dev:~$ cd /usr/share/php
express@express-dev:/usr/share/php$ sudo mkdir symfony

Step 3 – Checkout each Symfony version you need
Now lets use SVN checkout to grab each Symfony version we are after, lets put these in a different folder under the base Symfony directory. Note: If you are behind a proxy, change your SVN settings first to go through your proxy. To change your proxy settings:

express@express-dev:/usr/share/php/symfony$ sudo nano /etc/subversion/servers

Now lets checkout each symfony version:
express@express-dev:/usr/share/php$ cd symfony/
express@express-dev:/usr/share/php/symfony$ sudo svn co http://svn.symfony-project.com/branches/1.0 symfony10
…
express@express-dev:/usr/share/php/symfony$ sudo svn co http://svn.symfony-project.com/branches/1.1 symfony11
…
express@express-dev:/usr/share/php/symfony$ sudo svn co http://svn.symfony-project.com/branches/1.2 symfony12
…

We now have created three installations of Symfony.

Step 4 – Create symbolic links for each version
The next step is for us to create symlinks for each version of Symfony. Lets place these in the standard bin directory:

sudo ln -s /usr/share/php/symfony/symfony10/data/bin/symfony /usr/bin/symfony10
sudo ln -s /usr/share/php/symfony/symfony11/data/bin/symfony /usr/bin/symfony11
sudo ln -s /usr/share/php/symfony/symfony12/data/bin/symfony /usr/bin/symfony12

Now lets test the sym links:

express@express-dev:~$ symfony10 -V
symfony version 1.0.19-PRE
express@express-dev:~$ symfony11 -V
symfony version 1.1.5-DEV (/usr/share/php/symfony/symfony11/lib)
express@express-dev:~$ symfony12 -V
symfony version 1.2.0-DEV (/usr/share/php/symfony/symfony12/lib)

What next? – Creating a new project
So to create a new project, you will need to use the relevant Symfony command. For example, to create a Symfony 1.0 project:

sudo symfony10 init-project test1

or to create a Symfony 1.1 or Symfony 1.2 Project:

sudo symfony11 generate:project test11
sudo symfony12 generate:project test12

Once you create a new project, check in the project Config to ensure its picked up the right version. For Symfony 1.0:

express@express-dev:/usr/local/express/projects/$ sudo symfony10 init-project test10
express@express-dev:/usr/local/express/projects/$ cat config/config.php

// symfony directories
$sf_symfony_lib_dir = ‘/usr/share/php/symfony/symfony10/lib’;
$sf_symfony_data_dir = ‘/usr/share/php/symfony/symfony10/data’;

for Symfony 1.1:
express@express-dev:/usr/local/express/projects/test$ cat config/ProjectConfiguration.class.php

require_once ‘/usr/share/php/symfony/symfony11/lib/autoload/sfCoreAutoload.class.php’;
sfCoreAutoload::register();
class ProjectConfiguration extends sfProjectConfiguration
{
public function setup()
{
}
}

and for Symfony 1.2, its the same, just make sure its including the right 1.2 files. Thats it! Hope this helps!

Tags: Symfony 1.0, Symfony 1.1, Symfony 1.2, Symfony multiple versions on the same environment
Posted in web development | 1 Comment »

July 16th, 2010

<script>
    /**
    * This function is the callback which is passed the result from the .getCurrentPosition()
    * function. The pos argument can contain more information than just the latitude/longitude,
    * such as altitude, accuracy and speed information.
    *
    * @param object pos The result from the getCurrentPosition() call
    */
    function myCallback(pos)
    {
        var myLatitude  = pos.latitude;
        var myLongitude = pos.longitude;
    }

    /**
    * Test for GeoLocation support and make the call
    */
    if (navigator.geolocation) {
        navigator.geolocation.getCurrentPosition(myCallback);
    } else {
        alert("Sorry, your browser doesn't appear to support GeoLocation");
    }

</script>

Tags: amphee, html5, symfony development india, symfony web devleopment india, web development
Posted in HTML 5, web design, web development | Comments Off

June 21st, 2010

With the amount of plugins published in the symfony site, many great plugins get lost in the maze. With this series of posts, we would like to bring some attention to plugins we use every day or that we think are essential for any symfony developer.

sfSyncContentPlugin

Deploying symfony applications is always a key part of developing and maintaining websites that run on symfony. It is always a recommended practice to do development on a local environment or dedicated development server. It is also recommended to have a QA/staging server that is as close as possible to your production server. Using this well proven method you can spot problems and bugs before everybody else sees or experiences them, you know, those bugs that “only” happen in production, don’t tell me that it never happened to you, I won’t believe you.

Anyway, making changes in a live site is not only not recommended, it should never be done!

When developing and testing symfony applications, a lot of times you need to have a copy of the live data. Or you may have a staging server where you make changes before pushing them to a live site in a production server. symfony already provides a way to deploy code changes to a remote server, but what about uploaded and data files? And database content?

Since we discovered and started using it, we can’t live without thesfSyncContentPlugin plugin by Tom Boutell and Alex Gilbert, also developers ofApostrophe CMS. This plugin helps with all the tasks and needs described above. Using it is quite simple. All you need to do is define your servers in config/properties.ini like this:

[qa]
  host=qa.example.com
  port=22
  user=user
  dir=/var/www/mysite

[prod]
  host=www.example.com
  port=22
  user=user
  dir=/var/www/mysite

[staging]
  host=staging.example.com
  port=22
  user=user
  dir=/var/www/mysite

Make sure to use SSH keys to authenticate to your remote servers, so you don’t get asked again and again for passwords. Then just run the following symfony tasks:

# Migrate files and DB from development to qa
./symfony project:sync-content frontend dev to qa@qa

# Migrate files and DB to production (always make a backup of production before doing this!)
./symfony project:sync-content frontend dev to prod@prod

# Migrate files and DB from QA into development
./symfony project:sync-content frontend dev from prod@prod

Files and DB content are copied accordingly, almost magically. It saves so much time, but please make sure you understand and check the order that you apply in the symfony task. With the power this plugin provides, is very easy, by mistake, to overwrite production data, so again, always make a backup!

Tags: plugins, symfony, symfony development, symfony plugins
Posted in symfony, web development | Comments Off

December 31st, 2009

OPEN SOURCE
GetSimple is The Simplest Content Management System EVER.
GetSimple has everything your client needs, and nothing a CMS doesn’t

GetSimple is an open-source project licensed under the GNU GENERAL PUBLIC LICENSE.

GetSimple don’t use mySQL to store information, but instead depend the simplicity of XML. By utilizing XML, able stay away from introducing an extra layer of slowness and complexity associated with connecting to a mySQL database. Because GetSimple was built specifically for the small-site market, feel this is the absolutely best option for data storage.

GetSimple CMS Home Page
About GetSimple CMS
Demo
Documentation

REQUIREMENTS

• UNIX/Linux host
• PHP 5.1.3+
• Apache
• No Database
• 6 minutes to spare

FEATURE LIST

• XML based data storage
• Best-in-Class User Interface
• ‘Undo’ protection & backups
• Easy to theme
• Great documentation
• Growing community

Tags: CMS, PHP, web development, XML
Posted in php development, web development | 5 Comments »

October 31st, 2009

Symfony Components are stand alone php libraries that can be handy in the development of php. Those are earlier coupled with the symfony and now available separately from the symfony package.

Just have look at those
YAML : PHP library that speaks yaml. YAML framework is the php library which take yaml as string and convert in to php array. All in all it is great product if you want to use it in any of your php project.
it is open source and available at YAML Component of Symfony

Templating : Which is templating engine, that you can use in any of your php project. It is the templating tool which you can use in any kind of templating system. Available at Templating System

And some other components available like EVENT DISPATCHER, DEPENDENCY INJECTION

And Request Handler The flexible micro-kernel for fast frameworks is coming sooner. have a look at
Symfony Components

All in all if you are now interested in symfony’s some of the features to implement only. THIS IS THE BEST OF COMPONENTS YOU CAN TRUST. AND YET NOT REQUIRED TO USE THE SYMFONY. It shows the robustness of symfony projects.

Posted in symfony, web design, web development | 1 Comment »

October 24th, 2009

Here are some of the advantages of SYMFONY Framework..

* Compatible with as many environments as possible
* Easy to install and configure
* Simple to learn
* Enterprise ready
* Convention rather than configuration, supporting fallback calls
* Simple in most cases, but still flexible enough to adapt to complex cases
* Most common web features included
* Compliant with most of the web “bests pratices” and with web “design patterns”
* Very readable code with easy maintenance
* Open-Source

Check it out the new Alpha Symfony 1.3 with new features… SYMFONY 1.3

• WHAT’S NEW IN SYMFONY 1.3

This alpha version will be the next stable release, is not suitable for production use. You can follow its development use by having a look at the Whats new in Symfony 1.3 even if you are willing to explore the .pdf then please click here.

• Upgrading projects from Symfony 1.2 to Symfony 1.3

To upgrade your 1.2 project to a newer version of Symfony 1.3, you will find all the steps and other information through this.. please   Click here This document describes the changes made in symfony 1.3 and what need to be done to upgrade your symfony 1.2 projects. And If you want more detailed information on what has been changed/added in symfony 1.3, you can read the What’s new? tutorial.

• Deprecations and removals in 1.3

Here are some of the deprecations and removals in newer version of symfony 1.3.To find the lists of all settings, classes, methods, functions, and tasks that have been deprecated or removed in symfony 1.3 please Click here

You can find the installation for the symfony 1.3 here Installation

And for the first time user don’t bother here you can have basic installation Getting Started

Here are some of the important links through which you can direct download the source for Symfony 1.3

• sf_sandbox_1_3.tgz
• sf_sandbox_1_3.zip

Posted in php development, symfony, web development | 2 Comments »

September 9th, 2009

hi, today i m going to write about CMS(content management system). hersi the list of some useful CMS

1. Drupal:

Drupal gets the top nod because of its ease of use, vast number of modules, great user, developer, and support community.
License: GPL
Programming Language: PHP
Main advantages: core CMS, Views, CCK, Organic Groups, & huge library of contributed modules.
Disadvantages: complex, needs more top quality themes, frequent security upgrades.
Outlook: Huge potential to continue growth and expansion on this platform over time.
Website: http://www.drupal.org/

2. WordPress:

WordPress is a simple and elegant CMS, perfect for single user blogs, with a large number of themes and modules available online.
License: GPL
Programming Language: PHP
Main advantages: Easiest CMS to use, customize, and extend.
Disadvantages: Lacks many of the social networking functions, ecommerce, forums, wikis, etc. used on more expansive sites.
Outlook: Best for personal publishing, huge user community, will continue to be the preferred choice of bloggers for years.
Website: http://www.wordpress.org/

3. Joomla:

Joomla has one of the largest user communities of any CMS, everything you need and more to develop social networks, ecommerce, & archive sites.
License: GPL
Programming Language: PHP
Main advantages: Professional standards, internationalization, customization.
Disadvantages: too many commercial products for Open Source development, difficult to learn.
Outlook: Strong challenger for the top CMS spot, commercialization of extensions should continue to provide many income opportunities for 3rd party developers.
Website: http://www.joomla.org/

4. Media Wiki:

Media Wiki invented a whole new way of working on the web, and is a CMS for collective authoring of documents, used to power the one of the largest and most popular sites on the internet, Wikipedia.
License: GPL
Programming Language: PHP
Main advantages: If you need a wiki, it is the best.
Disadvantages: Does not include many other functions / extensions of other CMS platforms, doesn’t theme well, most sites look the same.
Outlook: Follows the model to success of doing one thing extremely well, has the support of the Wikipedia Foundation, very popular authoring model.
Website: http://www.mediawiki.org/

5. Liferay:

Liferay is a popular new CMS that is great for building portals, and offers a professional look and feel that sets it apart from the other platforms.
License: MIT
Programming Language: Java, PHP, Ruby
Main advantages: collaboration, calendars, internationalization, design.
Disadvantages: More closely tied to a commercial outlook / corporate structure than most Open Source projects.
Outlook: Not as well known or implemented as some of the other CMS platforms, but nice design & features to set your sites apart from the crowd.
Website: http://www.liferay.com/

6. TYPO3:

One of the most complex and professional CMS platforms out of the box, TYPO3 is popular for business websites, especially with European companies.
License: GNU
Programming Language: PHP
Main advantages: design, extensions, customizations, flexibility, professionalism.
Disadvantages: too difficult to learn for most, too many proprietary conventions.
Outlook: Strong CMS for web development, sure to continue with a core of specialized developers and corporate clients, but loosing support and market share to other platforms.
Website: http://www.typo3.com/

7. Moodle:

Moodle is one of the most unique CMS platforms on this list, designed specifically for Course Management and Education, and used for online learning platforms.
License: GNU
Programming Language: PHP
Main advantages: Huge user and development community, online education, no real competitors or similar products, extremely powerful.
Disadvantages: not really applicable for most web design purposes.
Outlook: Look for this “Modular Object-Oriented Dynamic Learning Environment” to continue to be the standard online operating system for education and spawn many interesting mashups with other CMS platforms as well as many more modules & extensions.
Website: http://www.moodle.org/

8. Dolphin:

Boonex Dolphin is popular among web designers who want the latest in social networking, with an industry standard look and all of the features of the popular online communities out of the box.
License: Creative Commons
Programming Language: PHP
Main advantages: Plug-n-Play user community with all the bells & whistles.
Disadvantages: not really Open Source, must pay to remove ads, requires specific hosting requirements, difficult to install, buggy.
Outlook: Look for Dolphin to continue to be a popular choice for social networking, though its “cookie cutter” design runs the risk of becoming stale with too many sites implementing the same design.
Website: http://www.boonex.com/products/dolphin/

9. Pligg:

Pligg is a Digg clone that provides social bookmarking functionality for websites, allowing users to post links, vote them up or down, and leave comments.
License: GPL
Programming Language: PHP
Main advantages: Best for Social Bookmarking, can be themed and extended to build top quality sites like Mixx, Redditt, Del.icio.us, etc.
Disadvantages: difficult to install, mod rewrite problems, poor support on community boards, questionable Open Source future.
Outlook: With the 1.0 release of Pligg upcoming within a couple of months, look for a big surge of use back to this platform but watch out for increased commercialization.
Website: http://www.pligg.com/

10. Movable Type:

Movable Type is the main challenger to WordPress for a personal blog platform, and supports multiple users, Themes, and Tags.
License: GNU
Programming Language: Perl
Main advantages: Blogs
Disadvantages: Too closely tied to commercial products and services compared to most Open Source communities, Perl.
Outlook: Look for MT to fall off the list as other of the blogging platforms below increase in popularity, but sustain development as PR for the company’s commercial offerings.
Website: http://movabletype.org/

i hope you like this details content originaly by http://webdevnews.net/2008/09/the-top-10-open-source-content-management-systems/

from,

kiran vadariya

Tags: CMS, content management system, useful cms
Posted in drupal, joomla, magento, php development, web development, wordpress | 1 Comment »