My RSS » Planet PHP » December 14, 2011

Feeds

100800 items (193 unread) in 22 feeds

CNN (2 unread)

• CNN.com - U.S. (2 unread)
• CNN.com - Technology
• CNN.com - Science & Space

MSNBC (6 unread)

• MSNBC.com: U.S. News (4 unread)
• MSNBC.com: Business
• MSNBC.com: Technology & Science (2 unread)

PHP (62 unread)

• Planet PHP (1 unread)
• Nettuts+ (61 unread)

Deals (86 unread)

• Techbargains.com (24 unread)
• dealnews - 20 most recent deals. (34 unread)
• xpBargains.com (12 unread)
• GottaDeal.com - Why Pay Retail? (16 unread)

Tech

• broadbandreports.com
• BetaNews.Com

Web Development (35 unread)

• Dev Shed - The Open Source Web Development Site
• Dev Articles - Programming Help and Tutorials for all development technologies (35 unread)
• developer.com

CNN Money (1 unread)

• CNNMoney.com (1 unread)
• CNNMoney.com - Economy News
• CNNMoney.com - Personal Finance

Frugal Blogs (1 unread)

• Frugal Dad
• The Simple Dollar (1 unread)

Planet PHP

• 

  Cross-Origin Ajax with CORS

  Posted: December 14th, 2011, 10:00pm MST by PHP Advent

  There’s no doubt that Ajax is one of the most exciting, useful, and necessary web technologies available to front-end developers. Unfortunately, it’s also one of the most restrictive — especially when it comes to gathering content from other domains. Web developers are nothing if not persistent, so we’ve come up with a variety of ways to get around cross-origin restrictions, including JSONP, server-side proxies made with PHP, ProxyPass proxying, Flash transports, creative iFrame uses, and more. What many developers don’t know is that there’s a W3C specification called Cross-Origin Resource Sharing, or CORS, which provides a standard for cross-origin Ajax requests with minimal hassle.

  Since the Ajax API is different across browsers, and most developers use a JavaScript toolkit, examples within this post will use the MooTools JavaScript framework. CORS will work with any JavaScript framework, since the core philosophy and code is configured on the server, not the client side. Due to its popularity, Apache will be used in server-side configuration examples.

  Basic Ajax Requests

  Each of the JavaScript frameworks abstracts XM [HttpRequest] objects (or in the case of Internet Explorer, ActiveXObject or Microsoft.XMLHttp) to make Ajax requests. These requests feature a URL and may contain extra headers, data, different request types (GET, POST, PUT, or DELETE), and much more. A basic Ajax request would look something like this:

  // Create a new Ajax request
  var request = new Request.JSON({
  	// The URL to get content from
  	url: "/countries.json",
  	// The success callback
  	onSuccess: function(countries) {
  		// Log out the content
  		console.log("The countries are: ", countries);
  	}
  }).send(); // Send the request

  The URL within the request above is local; countries.json is located within the same origin. What if we try to get tweets from Twitter, though?

  // Create a new Ajax request
  var request = new Request.JSON({
  	// The URL to get content from
  	url: "http://twitter.com/statuses/user_timeline/davidwalshblog.json",
  	// The success callback
  	onSuccess: function(tweets) {
  		// Log out the content
  		console.log("The tweets are: ", content);
  	}
  }).send(); // Send the request
  

  The request to Twitter will fail because the request destination, twitter.com, is not the same as the origin. Each browser provides its own error message; Chrome will warn you with: XM [HttpRequest] cannot load [twitter.com] Origin [davidwalsh.name] is not allowed by Access-Control-Allow-Origin.

  In the case of Twitter, we could use a JSONP request instead, but the problem with JSONP is that the destination server must support it. Even if the destination supports JSONP, you cannot POST to the URL or send specified request headers. How do we fix this conundrum? CORS, of course.

  Implementing CORS

  CORS allows for cross-origin requests with little fuss. Since the destination server is the entity in control and “at risk,” it must be configured with the proper headers and security settings. A few of the key headers include:

  Access-Control-Allow-Origin A specific URI or * which identifies what domain(s) may make cross-origin requests to this (destination) server. (* is an undesirable configuration value, since it allows any and all origins to make requests to your server.) Access-Control-Allow-Methods A comma-separated list of allowed request methods. Access-Control-Allow-Headers A comma-separated list of allowed request headers.

  Assuming that a web site is hosted on an Apache server, the virtual host could be configured as follows:

  <VirtualHost *:80>
  	DocumentRoot "/path/to/website/root"
  	ServerName domain.tld
  	Header set Access-Control-Allow-Origin [example.com] 	Header set Access-Control-Allow-Methods POST,GET
  	Header set Access-Control-Allow-Headers X-Authorization,X-Requested-With
  </VirtualHost>

  The configuration above only allows remote requests from http://example.com, the request type may only be POST or GET, and allowed headers are X-Authorization and X-Requested-With.

  If you want to allow anyone to make Ajax requests to your domain and with any request type, you could opt for this configuration:

  <VirtualHost *:80>
  	Docu

  Truncated by Planet PHP, read more at the original (another 1795 bytes)

• 

  Deleting the View and Controller..

  Posted: December 14th, 2011, 4:00pm MST by Alan Knowles

  Article originally from rooJSolutions blog
  This is NOT a post for people who do not use MVC, Please delete your code, and write it properly.. Anyway, as anybody who has used or written a reasonable framework in PHP knows, MVC is pretty much the golden rule for implementation. There are a dozen frameworks out their based around the principles, with different levels of complexity.
  My own framework was designed around those principles, and for many years worked perfectly for those classic display a crap load of html pages using information from a database. The Model (DB_DataObject's), View (html_Template_Flexy) and Controller (classes that extend html_FlexyFramework_Page) delivered pages. Designing sites basically involved gluing all these pieces together. As the sites grew over time, shared code usually ended up in the Models, and each page had a controller which might render the share templates. All was well, and code was reasonably easy to maintain and extend.
  Now however almost all the projects I've worked on in the last few years use the Roo Javascript library (the ExtJS fork), and are built ontop of the Pman components (originally a project management tool, that grew into a whole kit of parts).  One of the key changes in the way the code is written, is how little code is now done to get the information from the database to the end user.
  Obviously the whole html templating is been thrown out the window, (other than the first primary html page), the whole user interface is built with Javascript, and generated by User interface builder tools. The interaction of the interface is handled by signals (listeners) on the Roo Javascript components. These in turn call the Back end (PHP code) and almost always retrieve JSON encoded data, and that is rendered using the UI toolkit.
  When I first started moving to this development model, I tended to retain the previous idea of having multiple controllers to handle the Select/Create/Update/Delete  actions, as time went rather than have multiple controllers for each of those actions, I would use a single controller to manage a single Model entity (like Product). POST would always update/modify the model, and GET would always just view and query the data.
  Eventually I realized that since all these controllers where essentially doing the same thing, a single generic controller should be able to do everything that all these single controllers where doing. And so was born the Pman_Roo class.
  So Basically {index.php}/Roo/{TableName} provides generic database access, for the whole application. Most code development on the PHP side is now contained within the DataObject Models. This greatly enhances code reuse as similar code ends up closer together, Unlike before where shared code was moved from the controllers to the model when necessary, now most of the code starts off in the model. This speed project development up considerably not to mention the huge savings of not having to try and manipulate data into html.
  How does it work.
  A GET or POST request is recieved by the server either from Roo's Form/Grid/Tree or directly by Pman.Request(), a handy wrapper arround Roo.Ajax, that handles error messages nicely.
  The  request {index.php}/Roo/{TableName} checks that the tablename is valid, then goes on to do the following actions depending on the params supplied. The documentation in the Pman_Roo class is the most up-to-date documentation. and details what calls are made (if available) on the relivant dataobject.
  Using the class, it is now possible to handle pretty much any Database related query without implement any controller, and easily managing data permissions.
  Snapshot of current documentation is in the extended view.. (latest will be in the source)