This article presents a reflection about why this growth happened just in the latest years, as well what it means for the PHP world.

Click here to read the full post…

• Firmware: It is the software / OS of your iPhone. This hack is for 2.2 version.
• Jailbreak: It simply means that to enable your iPhone to be able to install third party applications. In laymans terms it makes your iPhone to install application which are not form the Application store.
• Unlock: It means that your iPhone can accept SIM from any mobile provider.

PS: Please note, this hack will only work on iPhone 3G with firmware version 2.2. If you don’t have the latest firmware then upgrade it using iTunes. The catch with this hack is that you can only use one unlocked SIM card. In other words, if you ever want to use another SIM, you have to do the entire process again.

1. Upgrade your iTunes to 8.0.2 by launching it and clicking “Download iTunes” below. Or download it and install it manually.
   
2. Allow iTunes to upgrade your iPhone to the latest 2.2 firmware. Don’t worry about the implications (losing jailbreak, unlock) as QuickPwn will take care of this for your. This step is necessary because QuickPwn doesn’t actually upgrade your iPhone. Instead, QuickPwn expects to be pwning the same firmware that your iPhone is on. If you don’t know anything about baseband versions, you can ignore this message. Otherwise, make sure you’ve updated your iPhone to be running on 02.28.00 baseband firmware, which should have been included in the 2.2 firmware update.
3. Download QuickPwn 2.2 for Windows or Mac. Extract the file and launch the QuickPwn 2.2 application. Then follow the prompt and connect your iPhone to your computer via the USB cable. When the blue arrow button lights up, click it.
   
4. QuickPwn is smart enough to detect the firmware ipsw file you downloaded via iTunes (something like C:\Documents and Settings\coderetard\Application Data\Apple Computer\iTunes\iPhone Software Updates\ on Windows XP). If it can’t find it for whatever reason, download the 2.2 restore firmware ipsw file for 3G iPhone1,2_2.2_5G77_Restore.ipsw directly from Apple’s servers. Then browse to the or restore firmware ipsw file you downloaded. After the green checkmark appears, click the blue arrow button.
   
5. On the next page, make sure you select the “Cydia” checkbox. You can check “Installer” and replace logo as desired. Click the arrow button after making your selections.
   
6. Now get ready to rumble…
   
7. READ THIS STEP THROUGH COMPLETELY FIRST, lest you be caught off guard: Click on the Blue arrow button which will bring up a screen with some instructions (below). Follow them exactly to a tee. Just to prepare, here are the directions: 1) Hold Home for 5 seconds, 2) Hold Home and Power together for 10 seconds, 3) Release Power but continue to hold Home for 30 seconds. Throughout the process these three steps, you DO NOT LET GO OF THE HOME BUTTON until after the third step. I didn’t have to hold it anymore after it counted down to 21 seconds left.
   
8. Then sit back and relax while QuickPwn does all the hard work for you, you’ll see some activity on your iPhone screen and hear your computer beep a few times, but when it restarts finally and says it’s waiting for activation, it’s ready to use. Now you can close QuickPwn.
   
9. It’s now a good time to set up your wireless network settings on your iPhone 3G so you will be able to connect to the software repositories in Cydia.
10. Now Launch the Cydia app, which will reorganize then restart. You’ll need to launch it again afterwards.
11. When prompted at the “Who Are You” screen, just choose the first option “User (Graphical Only).”
    
12. Click on the Manage tab on the bottom menu bar. In the Manage tab, click on the Sources button in the middle. You will need to add the source to the yellowsn0w repo to utilize the soft unlock.
    
13. Click on “Edit” on the top right, then “Add” on the top left. In the URL, type: http://apt9.yellowsn0w.com/ as shown below. When you are done click “Done” and then “Browser.”
    
14. Now click on the “Search” tab and type “yellowsn0w” and install the app “yellowsn0w.”
    
    
15. For US T-Mobile users, you will need to disable the “Enable 3G” setting in your network settings.
16. Now restart your iPhone 3G with your SIM card inserted. Wait for the slide to unlock screen and then wait 15 seconds more. If you don’t see the SIM card working, reinsert the SIM and wait another 10 seconds. Now try and make some calls with your newly unlocked iPhone 3G!
17. For T-Mobile users, continue reading if you have problems:
18. Download and install BossPrefs and via Cydia
19. Disable all functions with BossPrefs (don’t worry if you can’t disable EDGE)
20. Reboot your Phone with BossPrefs (not the normal manual way – this is important!)
21. Wait a minute and a half when you see the slick to unlock screen
22. Take out your T-Mobile SIM card and insert it again
23. Wait for 10 seconds
24. Go to Settings and turn on Airplane mode, then turn it off again
25. Take out your T-Mobile SIM card and put in any AT&T SIM card and wait for a minute. Ignore the “Waiting to activate” prompt
26. Now take out the AT&T SIM card and put in your T-Mobile SIM card again
27. After a moment you will see the activation succeeded prompt. Now you should be able to pick up a T-Mobile signal

Find Original Post at:  http://www.coderetard.com/2009/01/01/how-to-fully-soft-unlock-iphone-3g-22-firmware-yellowsn0w/

While investigating the recent bomb blasts in India, it was uncovered that terrorists of “Indian Mujahideen” used unsecured Wi-Fi networks to communicate with each other and planning there bomb blasts. Its very easy to blame Police and Government for their lack of vigilance, but it take character to acknowledge the fact even we are responsible for it. You, me and everyone who has an unsecured wifi network is or could be responsible for the blasts. So as one my duties as a citizen of India, I am explaining what is wifi network and how to make secure.

What is a Wi-Fi network?

Any computer network, which connects two more more wifi devices via a wifi router is termed as wifi network. In simple words, if you connect to internet via wifi router, then it simple means you are connected via a wifi network. It can be home, work or even a coffee shop.

How to make your Wi-Fi network secured?

1. Password protect your Wi-Fi Router Setup Wizard:
   • All router comes with an inbuilt setup wizard. All you have to do is type the Router IP in your browser. Commonly used IP by Routers is: http://192.168.8.1 You will see all sorts of settings and options in this wizard. However, you may be asked to authenticate via a username and password. Chances are by default there would be no password or a default (admin/admin) password setup by the manufacturer. So the very first step is to make sure this Router setup wizard or interface is password protected with a strong password. You can use strongpasswordgenerator or goodpassword to get yourself a very strong password.
2. Disable SSID broadcasting.
   • SSID or Service Set IDentifier, is responsible to display the name of your wifi network when ever a device scans for available networks. I would recommend you disable this feature after you are connected to all your wifi devices, or else you will go in the hidden mode and even your own devices will fail to connect to your router.
3. Enable WPA or WEP encryption.
   • In order to enable it, login to your router setup wizard. You can find this option user “Security” or “WAN Setup”. They both have same basic role, that is to authenticate every device when it tries to connect to the wifi router. However there is a functional difference between WPA and WEP security algorithm.
     • WEP (Wired Equivalent Privacy): It would generate 4 password, and your devices needs to enter anyone of those during handshake. It is recommended for your normal office or work security.
       
     • WPA-PSK (Wi-Fi Protected Access Pre-Shared Key): It would generate a single password, which can be configured to expire after some predefined duration. It is good option for people who use internet for short periods only.
       
4. Define maximum number of devices:
   • This options comes into play when you know how many devices normally connect to the router. You can set the maximum limit, so that once all of the devices are connected and operational, no one else can connect to the wifi network.
5. Unshare the shared folder/drives:
   • When not is use, it is recommended that you unshare all the folder/shared whenever not in use. Otherwise, they may be used to store and run Trojan / Virus.
6. Turn off the router when not in use:
   • This will not only save you power, but make it virtually impossible for a hacker to use your internet conenction.

Please note, a serious hacker would not actually be deterred by all these measures, but it will make it hard for a novice hacker. If you have any query or need any consultancy to secure your wifi network secure, feel free to contact me via email or IM.

1. Uninstall all the unused/unwanted programs.
   • Reason: Windows OS is based on the registry system. In simple words, what ever you install or any changes you make are stored in the Windows Registry and each time you start using your windows, it has to check the registry for installed programs and/or settings. So the more programs and software you install, the slower your PC (Computer System) will become.
   • Solution: Install only the programs/software which you frequently use. You can install software which you use once in a blue moon. Trust me, this will make a significant difference in the PC’s performance. Go ahead and uninstall all the programs you don’t use or use seldom. You can use a free third party utility CCleaner to clean unwanted cookies, broken registry entries, tempary files.
2. Disable the visual effects (eye candy).
   • Reason: Windows Xp onwards, Microsoft has implemented some need visual effect to take the user experience closed to that of a Mac. In the process, they made it very taxing on RAM and Processor. In Simple words, the more visual effects you enable, the slower your PC (Computer System) will become.
   • Solution: If you are willing to compromise the eye candy effects for performance then this is what you do:
     • Right Click “My Computer” icon and click on properties.
     • Go to Advanced Tab and click on Setting button of “Performance”
     • Select the tab “Select for best performance” and press “apply”
3. Scan for Virus, Spywares and Trojans.
   • Reason: Most of the time, an infected system is the reason of a painfully slow or crashing system, Make sure you have a lightweight Antivirus and Antispyware software installed. Not to mention, that software should be updated regularly too.
   • Solution: Please view “How to clean an infected PC” for more details.
4. Defrag your hard drive .
   • Reason: Fragmentation is caused when an operating system breaks a file into pieces because there is not enough space on the storage device where the file was originally saved.  Hence, defragmentation can be defines as the process of scanning the file system and rejoining the split files back into consecutive pieces. Windows OS comes with an inbuilt utility, but if you want you could use third party software to defrag for hard drives.
   • Solution: This is you to use the inbuilt defag utility:
     • Open “My Computers”. Right click any hard drive icon and go to properties.
     • Now under “Tools” tab, click “Defragment now” button.
     • Make sure you do NOT use your computer which the defragment process is in progress.
5. Remove unwanted start up programs:
   • Reason: As soon as you start your Windows, there are many programs and background processes which turns on automatically. Most of them are unwanted and makes the PC slow. Simple words you should have minimum amount of icons in the bottom right corner of your PC.
   • Solution: Please disable only those programs or services which you are sure of. This step is not for novice users. This is how you disable unwanted start up programs:
     • Go to “Start” and click on “Run”
     • Type “msconfig” and press OK button.
     • From the popup window, select “start up” tab.
     • Now you will have a list of all the programs which starts automatically with Windows. Just uncheck the items to disable them. You need not to worry no much, you can always “undo” this step by re checking the items again.
     • You are also use an addition utility “Autoruns” by Windows to do the same.

In my opinion followings are the most common errors/mistakes made during JavaScript implementation.

1. Calling JavaScript Code without any event:This is the first error any JavaScript developer is bound to make. Allow me to illustrate it with a real life example. Suppose, we need to alert the content inside a div with id “content”. The novice developer would write:

   <html>
   <head>
   <title>Invalid JavaScript Code</title>
       <script type="text/javascript" language="javascript">
           var content=document.getElementById('content').innerHTML;
           alert(content);
       </script>
   </head>
   <body>
   <div id="content">This is the sample content</div>
   </body>
   </html>

   Needless to say, the above code will throw an error. The technical explanation of the error is as follows. As JavaScript is an interpreted scripting language, it would try to read the content on the line 6. However, at that moment, the HTML had not been rendered and hence JavaScript will find no div. Its solution is very simple and elementary. All you have to do is to call this code on some event, like onload , onclick etc. Following is the correct way to do it:

   <html>
   <head>
   <title>Valid JavaScript Code</title>
       <script type="text/javascript" language="javascript">
           function init(){
               var content=document.getElementById('content').innerHTML;
               alert(content);
           }
       </script>
   </head>
   <body onload="init()">
   <div id="content">This is the sample content</div>
   </body>
   </html>

2. Reading string as array:Well, once I committed this mistake and spent over 2 days to find this issue from 102 lines of JavaScript. Suppose you need to read and display the 3rd character of a string. any C or PHP developer is bound to write the code like this:

   <html>
   <head>
   <title>Invalid JavaScript Code</title>
       <script type="text/javascript" language="javascript">
           function readString(){
               var str="JavaScript";
               alert(str[2]);
           }
       </script>
   </head>
   <body>
   <input type="button" onclick="readString();" />
   </body>
   </html>

   Quite interestingly, the above code if alert “v” in Firefox or Mozilla. On few Internet Explorers it will throw an error. The reason is that reading string as an array (str[2]) is not an cross browser compatible. The correct way code is as follows:

   <html>
   <head>
   <title>Valid JavaScript Code</title>
       <script type="text/javascript" language="javascript">
           function readString(){
               var str="JavaScript";
               alert(str.charAt(2));
           }
       </script>
   </head>
   <body>
   <input type="button" onclick="readString();" />
   </body>
   </html>

3. Validating for an blank field in JavaScript:This is one of the most common bug your quality analyst or client would let you know. When you are validating a blank field (say username). Most of the JavaScript developers would write the following code to validate it:

   <html>
   <head>
   <title>Valid JavaScript Code</title>
       <script type="text/javascript" language="javascript">
           function validate(){
               var value=document.getElementById('uname').value;
               if(value.length<1) {
                    alert("ERROR: Username cannot be left blank");
                    return false;
                }
           }
       </script>
   </head>
   <body onload="init()">
   Username: <input type="text" id="uname">
   <input type="button" onclick="validate()" />
   </body>
   </html>

Although the above code may seems to work, but it fails as soon as you enter any invisible character like space, newline/enter or a tab. The check is that the length of the string entered should not be less than 1 (in this case). What the developer has failed to negotiate that three invisible characters like spaces would count 3 but would be invalid. The solution is simple. Trim (similar to one in PHP) the value before applying this check. Unfortunately, there is no inbuilt function to trim a string. However you can use it from my free library rochak.js as used in the following example.

<html>
<head>
<title>Valid JavaScript Code</title>
    <script type="text/javascript" language="javascript" src="http://rochakchauhan.com/rochak.js"></script>
    <script type="text/javascript" language="javascript">
        function validate(){
            var value=document.getElementById('uname').value;
            value=rochak.trim(value);
            if(value.length<1) {
                 alert("ERROR: Username cannot be left blank");
                 return false;
             }
        }
    </script>
</head>
<body onload="init()">
Username: <input type="text" id="uname">
<input type="button" onclick="validate()" />
</body>
</html>

Well, my definition of an Infected computer is that it has some virus or worm or trojan or some spyware. There may be a case that it is infected with all of these….god bless that user

How do you know if you are infected?

Although there is no hard and fast rules, but the most common symptoms of an infection are:

1. Your PC get very slow overnight or in 2-3 days.
2. Your hard disk space magically get filled up.
3. The default homepage of your browser changes to some weird address.
4. You get Popups or alerts randomly.
5. You can NOT enable the option to “view hidden and system files”
6. When you click your Drive Icon or USB drive icon, you get a “Open With” dialog box.
7. You get some unknown and random Toolbar installed on your browser.

How to clean the PC?

Now thats a million dollar question I understand installing an Antivirus software may slow down your PC by a fraction, but trust me it is still very important before you go online. In fact a Antivirus alone is ineffective in todays Web 2.0 world. You need Antivirus, AntiSpyware and a basic firewall. I would advice you to use AVG Free 8

However if you are already infected, chances are you will not be allowed to download and / or update any Antivirus software. But no worries, thanks to Combofix. It is an amazing free tool to clean up your PC. Just run it and within 10 mins your PC would be clean as new. Once combofix has done its job, dont forget to install and update an Antivirus software (preferably AVG FREE .

May the forces of AVG be with you

PS: If you found this post helpful, you may want to try to “How to speed up your PC“.

Most importantly, turn off register_globals. This configuration setting defaults to off in PHP 4.2.0 and later. Access values from URLs, forms, and cookies through the superglobal arrays $_GET, $_POST, and $_COOKIE.

Before you use values from the superglobal arrays, validate them to make sure they don’t contain unexpected input. If you know what type of value you are expecting, make sure what you’ve got conforms to an expected format. For example, if you’re expecting a US ZIP Code, make sure your value is either five digits or five digits, a hyphen, and four more digits (ZIP+4). Often, regular expressions are the easiest way to validate data:

if (preg_match('/^\d{5}(-\d{4})?$/',$_GET['zip'])) {
    $zip = $_GET['zip'];
} else {
    die('Invalid ZIP Code format.');
}

If you’re expecting to receive data in a cookie or a hidden form field that you’ve previously sent to a client, make sure it hasn’t been tampered with by sending a hash of the data and a secret word along with the data. Put the hash in a hidden form field (or in the cookie) along with the data. When you receive the data and the hash, re-hash the data and make sure the new hash matches the old one:

// sending the cookie
$secret_word = 'gargamel';
$id = 123745323;
$hash = md5($secret_word.$id);
setcookie('id',$id.'-'.$hash);

// receiving and verifying the cookie
list($cookie_id,$cookie_hash) = explode('-',$_COOKIE['id']);
if (md5($secret_word.$cookie_id) == $cookie_hash) {
    $id = $cookie_id;
} else {
    die('Invalid cookie.');
}

If a user has changed the ID value in the cookie, the hashes won’t match. The success of this method obviously depends on keeping $secret_word secret, so put it in a file that can’t be read by just anybody and change it periodically. (But remember, when you change it, old hashes that might be lying around in cookies will no longer be valid.)

See Also:

• PHP Manual: Using Register Globals
• PHP Cookbook: Recipe 9.7 (“Securing PHP’s Form Processing”), Recipe 14.3 (“Verifying Data with Hashes”)

2. Broken Access Control

Instead of rolling your own access control solution, use PEAR modules. Auth does cookie-based authentication for you and Auth_HTTP does browser-based authentication.

See Also:

• PEAR Packages: Auth, Auth_HTTP.

3. Broken Account and Session Management

Use PHP’s built-in session management functions for secure, standardized session management. However, be careful how your server is configured to store session information. For example, if session contents are stored as world-readable files in /tmp, then any user that logs into the server can see the contents of all the sessions. Store the sessions in a database or in a part of the file system that only trusted users can access.

To prevent network sniffers from scooping up session IDs, session-specific traffic should be sent over SSL. You don’t need to do anything special to PHP when you’re using an SSL connection, but you do need to specially configure your webserver.

See Also:

• PHP Manual: Session handling functions
• PHP Cookbook: Recipe 8.5 (“Using Session Tracking”), Recipe 8.6 (“Storing Sessions in a Database”)

4. Cross-Site Scripting (XSS) Flaws

Never display any information coming from outside your program without filtering it first. Filter variables before including them in hidden form fields, in query strings, or just plain page output.

PHP gives you plenty of tools to filter untrusted data:

• htmlspecialchars() turns & > " < into their HTML-entity equivalents and can also convert single quotes by passing ENT_QUOTES as a second argument.
• strtr() filters any characters you’d like. Pass strtr() an array of characters and their replacements. To change ( and ) into their entity equivalents, which is recommended to prevent XSS attacks, do:
  $safer = strtr($untrusted, array('(' => '(', ')' => ')'));
• strip_tags() removes HTML and PHP tags from a string.
• utf8_decode() converts the ISO-8859-1 characters in a string encoded with the Unicode UTF-8 encoding to single-byte ASCII characters. Sometimes cross-site scripting attackers attempt to hide their attacks in Unicode encoding. You can use utf8_decode() to peel off that encoding.

See Also:

• PHP Manual: htmlspecialchars(), strtr(), strip_tags(), utf8_decode()
• PHP Cookbook: Recipe 8.8 (“Building a GET Query String”), Recipe 9.8 (“Escaping Control Characters from User Data”)

5. Buffer Overflows

You can’t allocate memory at runtime in PHP and their are no pointers like in C so your PHP code, however sloppy it may be, won’t have any buffer overflows. What you do have to watch out for, however, are buffer overflows in PHP itself (and its extensions.) Subscribe to the php-announce mailing list to keep abreast of patches and new releases.

See Also:

• PHP Mailing Lists: http://www.php.net/mailing-lists.php

6. Command Injection Flaws

Cross-site scripting flaws happen when you display unfiltered, unescaped malicious content to a user’s browser. Command injection flaws happen when you pass unfiltered, unescaped malicious commands to an external process or database. To prevent command injection flaws, in addition to validating input, always escape user input before passing it to an external process or database.

If you’re passing user input to a shell (via a command like exec(), system(), or the backtick operator), first, ask yourself if you really need to. Most file operations can be performed with native PHP functions. If you absolutely, positively need to run an external program whose name or arguments come from untrusted input, escape program names with escapeshellcmd() and arguments with escapeshellarg().

Before executing an external program or opening an external file, you should also canonicalize its pathname with realpath(). This expands all symbolic links, translates . (current directory) .. (parent directory), and removes duplicate directory separators. Once a pathname is canonicalized you can test it to make sure it meets certain criteria, like being beneath the web server document root or in a user’s home directory.

If you’re passing user input to a SQL query, escape the input with addslashes() before putting it into the query. If you’re using MySQL, escape strings with mysql_real_escape_string() (or mysql_escape_string() for PHP versions before 4.3.0). If you’re using the PEAR DB database abstraction layer, you can use the DB::quote() method or use a query placeholder like ?, which automatically escapes the value that replaces the placeholder.

See Also:

• PHP Manual: escapeshellcmd(), escapeshellarg(), realpath(), addslashes(), mysql_real_escape_string(), mysql_escape_string()
• PEAR Package: DB, DB Documentation
• PHP Cookbook: Recipe 18.20 (“Escaping Shell Metacharacters”), Recipe 10.9 (“Escaping Quotes”)

7. Error Handling Problems

If users (and attackers) can see the raw error messages returned from PHP, your database, or external programs, they can make educated guesses about how your system is organized and what software you use. These educated guesses make it easier for attackers to break into your system. Error messages shouldn’t contain any descriptive system information. Tell PHP to put error messages in your server’s error log instead of displaying them to a user with these configuration directives:

log_errors = On
display_errors = Off

See Also:

• PHP Manual: Error Handling and Logging Functions
• PHP Cookbook: Recipe 8.14 (“Hiding Error Messages from Users”)

8. Insecure Use of Cryptography

The mcrypt extension provides a standardized interface to many popular cryptographic algorithms. Use mcrypt instead of rolling your own encryption scheme. Also, be careful about where (if anywhere) you store encryption keys. The strongest algorithm in the world is pointless if an attacker can easily obtain a key for decryption. If you need to store keys at all, store them apart from encrypted data. Better yet, don’t store the keys and prompt users to enter them when something needs to be decrypted. (Of course, if you’re prompting a user over the web for sensitive information like an encryption key, that prompt and the user’s reply should be passed over SSL.)

See Also:

• PHP Manual: Mcrypt Encryption Functions
• PHP Cookbook: Recipe 14.7 (“Encrypting and Decrypting Data”)

9. Remote Administration Flaws

When possible, run remote administration tools over an SSL connection to prevent sniffing of passwords and content. If you’ve installed third-party software that has a remote administration component, change the default administrative user names and passwords. Change the default administrative URL as well, if possible. Running administrative tools on a different web server than the public web server that the administrative tool administrates can be a good idea as well.

10. Web and Application Server Misconfiguration

Keep on top of PHP patches and security problems by subscribing to the php-announce mailing list. Stay away from the automatic PHP source display handler (AddType application/x-httpd-php-source .phps), since it lets attackers look at your code. Of the two sample php.ini files distributed with PHP ( php.ini-dist and php.ini-recommended), use php.ini-recommended as a base for your site configuration.

Read the Original Post at: http://www.sklar.com/page/article/owasp-top-ten

Google Calendar Sync allows you to sync events between Google Calendar and Microsoft Outlook Calendar. You’ll be able to determine the direction of information flow, as well as the sync frequency. Staying on top of your Google Calendar and Microsoft Outlook Calendar events has never been easier!

Keep in mind that it’s not possible to sync events on secondary calendars at this time. Google Calendar Sync will only sync events from your primary Google Calendar and your default Microsoft Outlook calendar.

Get started

To begin syncing, follow the steps below:

1. To download Google Calendar Sync, visit http://dl.google.com/googlecalendarsync/GoogleCalendarSync_Installer.exe
2. Once a dialog box appears, click “Save File.” The download should open automatically. If it doesn’t, manually open the download from your browser’s download window.
3. Click “OK” to confirm that you’re aware this is an executable file.
4. Read through the Google Calendar Sync Terms of Service, and click “I Agree.”
5. Continue to follow through the Installation Options and click “Install” to finish the set-up process.

Once Google Calendar Sync is installed on your computer, the Google Calendar Sync Settings window will appear:

In the Settings window, enter your email address and password and select the Sync Option you prefer. For more information on each Sync Option, please visit Google Calendar Sync: Options

You’ll also be able to set the time interval for syncing to occur. Please keep in mind that 10 minutes is the minimum time interval allowed.

After the initial set-up, you can access the Google Calendar Sync Settings window again by double-clicking on the calendar icon in your Windows System Tray.

Icon Status

To access the Google Calendar Sync Settings window, just right-click on the calendar icon in your Windows System Tray and select “Options”.

When your events are actively syncing between Google Calendar and Microsoft Outlook Calendar, you’ll see arrows in the Google Calendar Sync icon:

When events aren’t actively syncing, your calendar icon will look like this:

That comes in useful when it comes to changing an application after it has been deployed. Separation of the views from the data means modifications made in the views do not affect the model and modifications made to the model to not effect the graphical user interface, simplifying maintenance. Also, an application may be expanded to add views and controllers that talk to a model without actually making any changes to the model itself.

Unfortunately for web developers, one of the features lacking in PHP until recently has been support for the MVC architecture. That has meant the MVC pattern has had to be implemented externally.

Some PHP frameworks have now added support for the MVC pattern, most notably the Zend Framework – one of the leading open-source PHP frameworks. Zend simplifies the task of developing secure, reliable web-based applications and web services. Zend provides an extensible code base, a flexible architecture and does not require any configuration files.

In this article we shall connect Zend to a database from Oracle, a company that’s been working closely to optimize its software with Zend.

Fire up Zend

The Zend framework requires at least PHP 5.1.4. It’s recommended to install PHP 5.2.2 or later because of the security and performance improvements in the newer version of PHP. Download the Zend Framework zip file from here and – if you don’t already have it – download and install Apache 2.2.3, making sure it’s configured with PHP. Then, add the following include_path directive to php.ini configuration file:

include_path=".;C:\ZendFramework\ZendFramework-1.0.1\library"

Enable the PHP database extension for Oracle database in php.ini.

extension=php_oci8.dll

Restart Apache HTTP Server. Install the Oracle database including the sample schemas and create a table Catalog using SQL script catalog.sql.

Create an MVC application

Now it’s time to create a Create Read Update Delete (CRUD) application using Zend’s MVC architecture that’ll let us build, read, update, and delete an Oracle database table row.

In the MVC architecture the model represents the entities/class objects, the controller implements the business logic and integrates the model with the view, and the view represents the presentation layer or the user interface.

The MVC architecture in Zend Framework is implemented by the Zend_Controller component. The Zend_Controller_Front class provides a front controller for the MVC architecture. The front controller intercepts all requests and dispatches the requests to action controllers based on the request URL. The format of the request URL is http://localhost/controller/action. If no controller is specified the index controller and the index action are invoked. An action controller class extends the Zend_Controller_Action class. An action controller class is named with the notation <ControllerName>Controller. For example, the action controller class for the “index” controller is IndexController.

Add a row

First, we shall add a row to the Catalog table. In the insertView.php add a form with input fields for the table row to be added. The “action” attribute of the <form> element specifies “database/insert”, which corresponds to the “insert” action of the “database” controller. In the DatabaseController insertAction function create a Zend_Db adapter, which represents a connection with Oracle database, using the Zend_Db factory.

$params = array ('host'=>'localhost','username'=>'OE','password'=>'pw','dbname'=>'orcl'); $db=Zend_Db::factory('Oracle', $params);

The first argument specifies the base name for the adapter class – “Oracle” for the Oracle database. The second argument specifies the adapter parameters. Retrieve the input fields specified in the insertView.php using $_POST['field'] and create an associative array, $row, for the columns that constitute a row in the database table. Specify the database table to be updated and insert the new row using the insert() method of the Zend_Db adapter class.

$table = 'Catalog'; $rowsAffected = $db->insert($table, $row);

The first argument of the insert() method is the database table and the second argument is the associative array that maps column names to values. Invoke the insertView.php with URL http://localhost/views/insertView.php. To add a row specify the column values and click on create.

Adding a row

Retrieve a row

Next, retrieve a row from the catalog table using the Zend Framework. Create a Zend_Db_Select object from the Zend_Db adapter object using the select() method.

$select = $db->select();

The Zend_Db_Select object is used to construct a SQL SELECT statement. Specify the FROM clause using the from() method and the WHERE clause using the where() method.

$select->from('Catalog', '*'); $select->where('ID = ?', $_POST['id']);

Create the SQL query string from the Zend_Db_Select object using the _toString() method. Run the SQL query using the fetchAll() method and query results will be returned as a row set.

$sql = $select->__toString(); $rowset = $db->fetchAll($sql);

Create a Zend_View object to render a view script and specify the directory containing the view scripts. The Zend_View class represents the “view” component of the model-view-controller pattern.

$view = new Zend_View(); $view->setScriptPath('views');

$view->id = $_POST['id']; $view->journal = $rowset[0]["JOURNAL"]; $view->publisher = $rowset[0]["PUBLISHER"]; $view->edition = $rowset[0]["EDITION"]; $view->title = $rowset[0]["TITLE"]; $view->author = $rowset[0]["AUTHOR"];

Create a view script, resultView.php, associated with the Zend_View object. The view script will run in the scope of the Zend_View object. References to $this in the view script are references to the Zend_View object. Create a table header and add values to the table using the Zend_View properties assigned in the action controller. In the selectAction function render the resultView.php script.

echo $view->render('resultView.php');

Invoke the selectView.php view script with the URL http://localhost/views/selectView.php. Specify the catalog ID for the row that is to be retrieved and click select.

Selecting a database table row

The row corresponding to the specified catalog ID will be retrieved and the results displayed.

Update a Row

Next, update a catalog table row using the Zend Framework. Create an associative array, $data, of column names and values for the row to be updated. Create a SQL expression specifying the WHERE clause for the ID of the row to be updated.

$where[] = "ID ="."'".$_POST['id']."'";

Update the database table using the update() method.

$n = $db->update('Catalog', $data, $where);

Invoke the updateView.php script with URL http://localhost/views/updateView.php. Specify the catalog ID of the row to be updated and the column values to be updated and click on update.

Updating database table

A table row may be deleted using the delete() function.

MVC has a proven track record in simplifying the development and on-going maintenance of applications. Using Zend and the methodology I have outlined, you can now take advantage of MVC to simplify your work with PHP applications

1. Open with the proper DOCTYPE & Namespace
   <!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd “>
2. Write all tags in lowercase
   <title>XHTML Rules</title>
3. Quote all attribute values
   src=”xyz.png” and not src=xyz.png
4. Close all tags
   <p>Some Text</p>
5. Close “empty” tags, too
   <img src=”xyz.png” />