Scribd
Upload
178 views34 pages

ZendFramework Tutorial

Uploaded by

dkarteek
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
178 views34 pages

ZendFramework Tutorial

Uploaded by

dkarteek
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

I 3YSTEMS AND )NTERNET

I
)NFRASTRUCTURE 3ECURITY
.ETWORK AND 3ECURITY 2ESEARCH #ENTER
$EPARTMENT OF #OMPUTER 3CIENCE AND %NGINEERING
0ENNSYLVANIA 3TATE 5NIVERSITY 5NIVERSITY 0ARK 0!

CSE598i - Web 2.0 Security


Zend Framework Tutorial
Thomas Moyer
Spring 2010

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1


Wednesday, January 27, 2010
Tutorial Source Code

The tutorial source code is available at


[Link]

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 2


Wednesday, January 27, 2010
What is the Zend Framework
• A web application framework written in PHP5
• Loosely coupled set of modules that perform various
tasks
‣ Database access (Zend_DB)
‣ Google Data API’s (Zend_Gdata)
‣ OpenID (Zend_OpenId)
‣ many, many others...

• Easy to implement MVC model

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 3


Wednesday, January 27, 2010
What is MVC?
• MVC stands for Model-View-Controller
‣ Code is divided into three distinct groups
• Model -- Internal representation of data, interface to backend
storage (i.e. database), and “business logic”
• View -- Code that represents the application’s UI
• Controller -- Code that generates output to populate the view
using the model

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 4


Wednesday, January 27, 2010
Installing in your VM
• Login in to your VM
• As root run
sudo apt-get install zend-framework
• This will install the PHP files for the framework
• Configure PHP to access the Zend Framework files
‣ Modify /etc/php5/apache2/[Link] (be sure to use sudo to
edit the file)
‣ Change line
‘; include_path = “.:/usr/share/php”’
to
‘include_path = “/usr/share/php”’
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 5
Wednesday, January 27, 2010
Configuring PHP...
• Now modify the file
/etc/php5/conf.d/[Link]
• Uncomment line regarding include_path
• Restart Apache
sudo /etc/init.d/apache2 restart

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 6


Wednesday, January 27, 2010
Your first project...
• Part of the Zend Framework is a project
management tool
‣ This tool ‘zf’, can handle creating new projects as well as
creating the various files for your application
• Create a basic project
zf create project <path>
• This will create the basic project in ‘<path>’ which
should be someplace you can easily edit
‣ I put mine in /home/tmmoyer/tutorial

• Make <path>/public readable by Apache


sudo chgrp www-data <path>/public
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 7
Wednesday, January 27, 2010
Zend Framework
• What this creates
‣ <path>/application
• Core application code

‣ <path>/library
• Auxillary code

‣ <path>/public
• Code that is directly accessible to the web server ([Link])

‣ <path>/tests
• Directory for test code

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 8


Wednesday, January 27, 2010
Zend Project Skeleton
• application/[Link]
‣ Application bootstrap code

• application/configs
‣ Configuration files

• application/controllers
‣ Backend controller code

• application/models
‣ Code mapping from domain data to storage data (PHP interface to DB
for example)
• application/views/scripts
‣ User interface code
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 9
Wednesday, January 27, 2010
Zend Project Skeleton
• application/configs/[Link]
‣ Main configuration file

• application/controllers/
‣ [Link]
• Default controller called when an error occurs

‣ [Link]
• Default controller when no controller is specified

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 10


Wednesday, January 27, 2010
Setting up Apache
• Apache’s configuration must be tweaked to host
your Zend Framework project
• Modify the file ‘/etc/apache2/sites-available/default’
• Change /var/www to <path>/public
• Set AllowOverides to All
• Set Options to All
• Enable mod_rewrite
sudo a2enmod rewrite
• Restart Apache
sudo /etc/init.d/apache2 restart
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 11
Wednesday, January 27, 2010
Checking Site
• Once you have created the basic site, you should be
able to see it by going to:
[Link] VM>/

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 12


Wednesday, January 27, 2010
Hosting Static Content
• The Zend project has a public folder
‣ This folder has an .htaccess file that contains some Apache
URL rewriting rules
‣ These rules ensure that requests for static content will be
served before redirecting to the Zend application
• Example: Paper summaries page
‣ In public directory I place my [Link] file
‣ When I surf to [Link]
[Link], that static [Link] file will be
served

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 13


Wednesday, January 27, 2010
Mapping URLs to Code
• Zend maps URLs to specific files
‣ [Link]
• First directory in URL indicates the controller to use
(news in this example)
‣ Zend will (by default) look for application/controllers/
[Link]

• Zend then calls the correct action (viewall in this example) to


handle the request inside the correct controller
‣ The action corresponds to a function in the controller
public function viewallAction()

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 14


Wednesday, January 27, 2010
Zend Request Processing
• Zend maps URLs to
application code
‣ First part of URL maps to
the specific controller
‣ Second part maps to the
action function within the
chosen controller
• All requests start in
public/[Link]

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 15


Wednesday, January 27, 2010
Basic application outline
• Build a simple comment system
‣ Takes user’s name and comment

• Displays all comments ever entered


‣ Need to be careful with user input

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 16


Wednesday, January 27, 2010
Comment Application

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 17


Wednesday, January 27, 2010
Comment Application (2)

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 18


Wednesday, January 27, 2010
Comment Application (3)

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 19


Wednesday, January 27, 2010
Setting up Autoloading
• When using PHP, it is necessary to specify what files
to load
‣ Typically using the functions require() and require_once()

• This gets to be a pain


‣ Zend provides an Autoloading module that will handle
loading modules on demand
‣ It is necessary to setup the autoloading, typically in the
application bootstrapping phase

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 20


Wednesday, January 27, 2010
Autoloading Code
• Insert the following code in application/[Link]
protected function _initAutoload()
{
$autoloader = new Zend_Application_Module_Autoloader(array(
'namespace' => 'Default_',
'basePath' => dirname(__FILE__),
));
return $autoloader;
}
• The namespace means any classes that need loaded
starting with ‘Default_’ will take advantage of the
autoloader
• The autoloader will start the search at the level of
the [Link] file

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 21


Wednesday, January 27, 2010
Mapping Classes to Files
• The autoloader will try to map a class name to a file
name using the following convention
Class Name: Default_Form_Comment
File Name: application/forms/[Link]
• Another example
Class Name: Default_Model_User_Prefs
File Name: application/models/User/[Link]
• ‘_’ maps to ‘/’ which is the directory separator

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 22


Wednesday, January 27, 2010
Create Form
• First part of application: the form
• Zend provides some convenience classes for
handling forms
‣ Zend_Form

• This class can also double as a filter/validator for


input

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 23


Wednesday, January 27, 2010
Zend_Form Example
<?php
class Default_Form_Comment extends Zend_Form
{
public function init()
{
// Set the method for the display form to POST
$this->setMethod('post');
$this->setAction('/index/processform');

// Add an email element


$this->addElement('text', 'name', array(
'label' => 'Your Name:',
'required' => true,
'filters' => array('StringTrim'),
'validators' => array(array('validator' => 'StringLength', 'options' => array(0, 20)))));

// Add the comment element


$this->addElement('textarea', 'comment', array(
'label' => 'Please Comment:',
'required' => true,
'validators' => array(array('validator' => 'StringLength', 'options' => array(0, 100)))));

// Add the submit button


$this->addElement('submit', 'submit', array('ignore' => true, 'label' => 'Sign Guestbook', ));
}
}
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 24
Wednesday, January 27, 2010
Include Form
• Once we have the form class, we can create
instances of the form in the PHP code
$form = new Default_Form_Comment();
• This object can be used for multiple purposes
‣ Creating HTML markup
echo $form
‣ Validating user input
$form->isValid($formData)
‣ $formData is an array of input values
• e.g. $formData[‘name’] = ‘Thomas Moyer’
• ‘name’ is the name of an element in the form
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 25
Wednesday, January 27, 2010
Adding a New Action
• When forms are submitted, there is some backend
code that processes the input
‣ We will handle this in a new action within the Index
controller
‣ We use the ‘zf’ tool to create the relevant code stubs
zf create action processform index

Action Name Controller Name


• This creates the function processformAction() in
application/controllers/[Link]

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 26


Wednesday, January 27, 2010
Processing Form Inputs
public function processformAction()
{
$request = $this->getRequest();
$form = new Default_Form_Comment();

if ($this->getRequest()->isPost()) {
if ($form->isValid($request->getPost())) {
// Write the name and comment to the text file.
$formData = $this->getRequest()->getPost();
$fp = fopen('comments/[Link]', 'a');
fwrite($fp, "<p>" . htmlspecialchars($formData['name']) .
" said " . htmlspecialchars($formData['comment']) .
"</p>\n");
fclose($fp);
return $this->_helper->redirector('index');
}
}
return $this->_helper->redirector('index');
}

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 27


Wednesday, January 27, 2010
Displaying Comments

public function indexAction()


{
$this->view->comments = "<p>No comments yet!</p>";
// Read all the comments to date and put them here.
if(file_exists("comments/[Link]")) {
$handle = fopen("comments/[Link]", "rb");
$contents = '';
while (!feof($handle)) {
$contents .= fread($handle, 8192);
}
fclose($handle);
$this->view->comments = $contents;
}
$this->view->commentForm = new Default_Form_Comment();
}

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 28


Wednesday, January 27, 2010
Directory for comments
• Apache needs someplace to store files it writes
• Create a directory in <path>/public/ called
comments

• Change the group to www-data*


sudo chgrp www-data comments
• Make it writeable by the group*
sudo chmod g+w comments

*Only need sudo if you are not a member of the www-data group
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 29
Wednesday, January 27, 2010
Displaying Comments (2)

<html>
! <head>
! ! <title>Comments</title>
! </head>
! <body>
! ! <?php echo $this->comments;?>
! ! <?php echo $this->commentForm; ?>
! </body>
</html>

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 30


Wednesday, January 27, 2010
Debugging
• Debugging a web application can be somewhat
difficult
‣ Part of the code runs on the server and part on the client

• There are modules for PHP that aid in debugging


‣ XDebug and Zend Debugger
‣ Easy to install XDebug on your VM
sudo apt-get install php5-xdebug
‣ PHP debuggers allow external debuggers to interact with
the running PHP code (similar to GDB)
‣ Need a client to use the debugger
(see [Link]
Systems and Internet Infrastructure Security Laboratory (SIIS) Page 31
Wednesday, January 27, 2010
Using an IDE
• Several popular IDE’s exist for PHP development
• My personal choice is Eclipse
‣ With the PHP Development Toolkit (PDT)

• Others that I have worked with


‣ NetBeans
‣ Vim (requires a fair bit of work to use as an IDE)

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 32


Wednesday, January 27, 2010
More Information
• Zend Homepage
‣ [Link]

• Zend Quickstart Guide


‣ [Link]

• Zend Reference Guide


‣ [Link]

• Zend API Documentation


‣ [Link]

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 33


Wednesday, January 27, 2010
More Information (2)
• Eclipse Homepage
‣ [Link]

• NetBeans
‣ [Link]

• XDebug
‣ [Link]

Systems and Internet Infrastructure Security Laboratory (SIIS) Page 34


Wednesday, January 27, 2010

You might also like