Through Agile Toolkit I’m sharing with the world my improved vision for a better Active Record Implementation. I believe that the widely popular Active Record implementations are examples of a bad software design. Here is the reason.

What is Active Record?

Active Record pattern have been hugely popular due to adoption in Ruby on Rails and in other frameworks. (Active Record explained on wikipedia). Typically a class is generated based on the database table schema. All the fields of the database are reflected as properties of the model. Class has several constructors allowing to load model directly by ID or search for records. Only one record can be loaded at a time.

Why Classic Active Record is Broken?

No Testability

When the object is created, constructors does not accept reference to the database engine. Instead, they manage to pull it from some global namespace. That makes it very difficult to use Active Record with multiple database configuration or for testing.

Static methods / Constructors

A static method of a class which creates new instance of that class is called “constructor”. With Active Record there are multiple constructors present which can load record in a different ways. Number of constructors depend on the table structure in some implementation such as loadByCode() would only be applicable if “code” field exists.

Abusive properties

Potentially table can contain any field therefore model may have no “reserved” properties. That makes it virtually impossible to build any decent logic in the abstract model class.

Code generation = duplication

I am always amazed how same people preach about code re-use and how awful it is to copy-paste your code and then use code generators which effectively build thousands of lines of code for them. It might look good in your versioning system, but it is a very bad development practice.

One table = one class

While frameworks typically allow you to specify “parent class” in the YAML definition, in practice it is rarely used. We know that sometimes one table may contain different entity types, but Active Record implementations does not help in separating them into different classes.

Operations with multiple records

By definition Active Record object can hold one record only. If you need to iterate through multiple records you will end up creating and destroying objects, which introduces performance overheads.

Lack of conditioning

Active Record typically allow to load ANY record present in the table. It’s virtually impossible in many implementation of Active Record to restrict loading to certain types of data. That is, for example, implementation of soft-deletion. Implementing it often is a major effort.

Recipe for an Improved Active Record

Dependency Injection

There might be many variables model may require. Database driver object is one thing, but it might also require some other information. Specifying multiple objects for constructor is troublesome and inconsistent. My suggestion is to specify just one object which contains links to other necessary resources.

This object can be passed through the factory class. I have solved this problem having each object carry reference to such an object and whenever new object is created, it also receives that reference. That is a “api” class which can be used to reference database connection: $this->api->db. In practice, there may be multiple API classes, which makes it possible to inject dependency into any object.

Avoiding Constructors

If a model object could have a state where it is not associated with the database record, then the same object could be reused multiple times. If object is created first and then load() method is used to load new record from database then it can be subsequently called to add more records without the need to create model instance every time.

That means other methods can be used for loading data. As developer you may define new methods for data loading in your model classes which would override default methods.

Avoiding using properties for fields

In a database one field usually is a primary key. In most cases it’s called “id” but not always. If we want to introduce a property in our model, which will always refer to this primary key it may clash with non-primary key in a classic implementation of Active Record.

Fortunately PHP objects can also act as arrays. By using $model['name']=’John’ the requests can be easily routed and saved inside internal array w

Truncated by Planet PHP.ie, read more at the original (another 3527 bytes)

Have you seen some potential in Agile Toolkit? If you are still unsure if you should adopt it in your critical product, read the following introduction to Agile Toolkit. This introduction is oriented at senior software engineers and describe some of the problems Agile Toolkit will help you solve in the long run.

Read More…

Or

Watch Presentation Slides…

While working with legacy applications and inherently dirty code you have to find creative ways to make things better. Rewriting / major re-factoring are usually not an option as team does not get enough time to do even basic housekeeping, what do you do then?

I have seen sphagetti code way too many times in my life not to call it an anti pattern. One of the main reasons for sphagetti code is allowing any object in the codebase to talk to any other object. In addition it comes hand in hand with usage of global/static scope and leaking information between application layers.

I recently realised that i have been applying the same pattern for a while now. The pattern i propose is an effort to cluster ugliness and relief rest of the code-base from exploding dependencies.

read more

Agile Toolkit 4.2 is now available to download from http://agiletoolkit.org/.

This release is the result of a half year effort and is based on the feedback we have received on 4.1 version. It brings a lot of improvements and enhancements but the primary goal is to create a fully transparent and fully-documented underlying architecture and promote extensibility through add-ons. The syntax of a new version is compatible with 4.1 with some exceptions outlined in our upgrade notes.

If you are new to Agile Toolkit — follow to our interactive introduction.

New Data Model

Agile Toolkit have always had a powerful ORM manager, but the Active Record support was lacking. With 4.2 the base classes for Models and Relational Models are completely rewritten. The new structure is much more extensible and efficient. The syntax has been simplified considerably.

The Agile Toolkit have been well received in the small companies and with new release it now targets medium companies. Support for variety of relational databases now includes SQLite, PostgreSQL and can be extended very easily for any database supported by underlying PDO architecture. Agile Toolkit now also have a set of models which can be used with no-SQL databases, caches and transparent APIs.

Support for additional databases, techniques and protocols will be coming through add-ons.

New CSS Framework

Although the interface retains the similar look, the underlying CSS framework is now much more powerful. It’s been re-writen using lessCSS and is based on 12-column grid system. CSS classes are much easier to use and build your interface with. The alteration of the look can also be easily achieved, things like line radius, spacings, number of columns, footer behavior can be very easily changed through a very simple CSS configuration file.

New Add-on architecture

With the version of 4.2 minimum requirement for PHP is now 5.3. That enables the use of namespaces. With namespaces developing add-ons for Agile Toolkit is pure enjoyment. You will find a add-on developer guide on our documentation site, but what’s really important is that your add-on can rely on core user interface, other addons and contain both the library and UI elements. This makes it possible for addons to be quite awesome. Developer of payment gateway can now provide developers with the actual payment form instead of set of functions written in the low-level PHP.

Fully Documented

Agile Toolkit is coming from a closed-source environment. It was initially designed to be used within our web development company: Agile Technologies. We have open-sourced our Agile Toolkit in early 2011 but it is only now that the documentation have matured enough for wide adoption.

Become Agile!!

For all web developers either freelancers or working for the companies there are many reasons for using Agile Toolkit in your next project or in your company. If you need to look at some project examples, here are some example sites launched recently and built completely in Agile Toolkit. If your project has already started why not:

• develop Administrative Back-end using Agile Toolkit to save time.
• re-build your model structure on Agile Toolkit ORM and improve security.
• use Agile Toolkit for serving static pages and improve speed.

If you are in the need of custom web development using Agile Toolkit, consultancy, training or add-on development — our experienced team can offer you great solution (we are now based in London, UK)

We are hiring!

Are you looking to join a great team to join which values great software design and your artistic programming skills? Would you want to collaborate as a part-time freelancer or a full-time employee? We have some great employment offers and real projects you can join. Contact jobs at agiletoolkit.org.

This is a train of thought article (i.e. it may make sense…or not). You’ve been warned in advance. The CL;DR will be posted to Twitter when Hell freezes over, pigs fly, and Hollywood makes an ensemble casted DC Universe movie. This is what happens when you have a laptop, an editor, a train ride home, and have just realised that the wifi connection is not working.

In PHP, we’re well insulated from what happens in other programming languages. This is not by accident – mentioning PHP while among a crowd of Java, Ruby, Python or Perl programmers is liable to result in a heated argument, several fistfights and one dead PHP programmer. Death by mobbing is not a pretty way to go. I’m sure a few of us have been there – at a web conference where people dismiss PHP out of hand as a kiddie toy for the weak minded and demented. When everyone around you starts nodding, remember to make yourself as inconspicuous as possible and request armed backup from the local PUG.

Of course, PHP programmers all know that the other programming languages are just jealous – PHP has no true OOP model, it’s ugly as sin, can’t figure out which parameter order is right, and is several years behind the curve in adopting best practices but the damn thing remains extremely popular, keeps getting faster, has the best reference manual ever invented, more frameworks than grains of sand on a beach, and in recent years has become a hotbed of innovative libraries now that PEAR and its messy aftermath have been displaced by Github. It’s sickening.

I often wonder why that is. I could go with the usual arguments – PHP is easy to learn, very effective, yada yada yada. Those are the boring reasons we try very hard to believe in. Ruby is easy to learn, very effective, and has even more yadas to go around. It’s still sitting at 11 on the Tiobe Index to PHP’s 6.

What’s fascinating about some programming languages is their reaction to and life after maturity. PHP is an immature programming language which pretends to be mature (to earn Enterprise cookies) but otherwise couldn’t give a toss. I don’t mean that in a bad sense. PHP continues to exude a sense of adventure as it playfully steals ideas left, right and center from its peers. Most of our foremost advances are “borrowed” years after their adoption elsewhere. What PHP excels at is tireless consumption. Marathon races make one hungry and we can’t help but notice the feasts being exposed by Rubyland or Pythonville as they do their best to sprint past us. Without that thieving spirit, PHP would long since have entered obscurity as a quaint HTML oriented scripting language used by college students to build cheap websites with flashing text and under construction GIFs.

To me, PHP is a rogue. If we were playing an RPG, PHP would have pointy ears, a cloak, a couple of daggers and as many lockpicks as it could fit in its inventory (leaving sufficient room for liberated loot, of course). Ruby will never see us coming…our sneak skill is epic. PHP figured out how to keep the W key depressed while crouched in a corner in Elder Scrolls: Morrowind before the game was even designed.

I’m sure this comes across as being a bit humourous, but is it? Sometimes when I hear about PHP being innovative I almost crack up on the spot from disbelief. As PHP developers we’re not often (as in never) in the limelight generating new programming paradigms and practices – we’re most likely to be found connecting the dots between PHP and some novel idea we stumbled across elsewhere. Our strength lies in our ability to connect the dots sever

Truncated by Planet PHP.ie, read more at the original (another 3941 bytes)

I have looked at the state of different messaging backends recently and i ran a little benchmark to see what is the rough comparison of message publishing throughput. Results that i got are quite surprising.

UPDATE 2012.04

What i wanted to achieve was some sort of reassurance before choosing a messaging bus for my PHP project. PHP is usually a bit special as it's runtime environment is different than java / .net. I wanted to use rabbitmq because of it's routing flexibility and implementation of AMQP. After the simple benchmark i am not convinced any more if that is the best way to go for me right now.

read more

I don't know if everyone will agree and notice the significance of this event but for me this is a MAJOR milestone in PHP community evolution. Drupal 8 will integrate with Symfony2. THIS IS GREAT NEWS!

I always liked Drupal. It is amazing! Community is huge and provides thousands of modules to solve almost any web-related needs you may have. To make it really embarrassing for the enterprise-level CMS solutions, Drupal often beats them in terms of features and quality. I have seen enterprise-level CMSes and they were just a legacy JUNK! There is no question about it, Drupal is awesome! Symfony2 is the sweetest PHP framework there is. Great architecture, patterns, cleanness, consistency, interfaces, testability, dependency container - basically all you need.

read more

One of my clients has his own fork of WebME that he keeps current with the SVN version.

He mentioned a collision recently, where a hack he had written into the online store plugin was overwritten by updates.

So, in this post, I’ll demonstrate how to add a plugin that uses a trigger to run some code.

First, we define what needs to be done.

The client wants that when an order in an online store has been processed, an email is sent out to that client.

This immediately points out where the trigger point goes. The processing of orders is done in the file ww.plugins/online-store/verify/process-order.php, so we need to put the trigger in there as well, at the end of the OnlineStore_processOrder() function:

  Core_trigger('after-order-processed', array($order));

What happens at that point is that the CMS will check all plugins to see if there are any that have a trigger of the name “after-order-processed”, and if there are, then that trigger will be fired.

So, next we need to create the plugin. In fact, it’s so easy I’ll just write it straight out. I’m calling this one “DemoPlugin”, so we start by creating the directory /ww.plugins/demo-plugin”, and placing the file plugin.php in it:

<?php
$plugin=array(
  'name' => 'DemoPlugin',
  'triggers'      => array(
    'after-order-processed'=>'DemoPlugin_afterOrderProcessed',
  ),
  'description' => 'Sends an email after an order is processed',
);

function DemoPlugin_afterOrderProcessed($PAGEDATA, $order) {
  mail('kae.verens@gmail.com', 'subject line', print_r($order, true));
}

Simple!

Now, in order to do this, I edited one file which is part of the “official” WebME package, to add the trigger. If you find you need to do this, please contact me and tell me what you’re trying to do, and what you edited, so I can add it to the SVN version and not break your code in future releases.

(Photo credit: bertboerland)

In recent weeks, I consulted with the second most intelligent species on the planet: Dolphins. Dolphins are renowned across the known Universe for their awesome programming skills. After all, it was they who developed such insightful works as “Evolution By Example”, “Dude! We Wrote The Laws Of Physics!”, and “How Many Humans Does It Take To Screw Up A Planet?”. The answer to the last will be published on 01/01/2013 after the experiment is shut down and sent to a landfill site assuming the Supreme Spaghetti Monster signs off on the permit.

Dolphins think we are really dumb and theorise that this level of stupidity has one obvious cause: self-imposed ignorance. We are, after all, only the third most intelligent species on Earth and appear to have aspirations to lower our IQ just a bit more.

While it’s no harm poking fun at ourselves, in PHP we do have a serious problem. Cross-Site Scripting (XSS) remains one of the most significant classes of security problems afflicting PHP applications. Despite years of education, community awareness and the development of frameworks which can offer a huge boost in consistent practices – things are not getting any better.

So, I finally figured out what the core problem is: PHP programmers are completely clueless about XSS. It’s that simple. Instead of going out and studying the topic, we blindly follow some preferred herd of people offering advice with heartfelt conviction despite the fact that they are probably just as ignorant as the rest of us. Does that sound like the behaviour of something which allegedly evolved into an intelligent species? The result is a mix of ignorance and stagnant knowledge that leaves PHP in an unenviable position beset by wrongheaded zealots.

To get the ball rolling, this two-part article series is a tour of how NOT to use the htmlspecialchars() function that is typically pressed ganged into service as PHP’s universal output escaper. By offering an example based guide, I hope it will illustrate just how many ways a prospective attacker using XSS can exploit this function’s misuse to pull off a successful attack. The examples were written for PHP 5.3, so 5.4 users may need to imagine they still have 5.3 installed and/or lodge an official complaint with somebody who looks like they keep a complaints box handy (your local fast food restaurant is a good start).

This example led approach has another motive. Simple examples can be translated into unit tests. Ideally, many of the current crop of frameworks can use this article as a guide to what their unit tests should be looking for. This also makes it far easier for everyday programmers to consume the article and run around the place, drunk with ungodly power, identifying issues in the libraries, frameworks and other projects that they rely on.

To help us on the path of enlightenment before it’s too late (I’d lodge an appeal with the Supreme Spaghetti Monster but apparently the Mayans already tried and failed), I also invite other PHP programmers to blog about a security topic over the next month or two. Give programmers one last chance to get it right before the Planet is demolished by the Vogon destructor fleet. Just pick a topic that drives you up the walls in defiance of gravity and spend an hour writing something useful and (optionally) expletive filled. Every little bit helps.

What Is Htmlspecialchars()?

According to

Truncated by Planet PHP.ie, read more at the original (another 75321 bytes)

Regardless of many fundamental changes in 4.2, we managed to achieve close compatibility between upcoming versions of Agile Toolkit 4.1.4 and 4.2.  Some changes may be required in your code, but you will be able to switch between major versions without changing your code in most cases.

Your code also must not use any features which were obsolete in 4.1.3.