As for my schedule, I’m now writing the third edition of my “PHP 5 Advanced: Visual QuickPro Guide” book. That project will take the next couple of months, through June. I’m hoping it will be entirely done (rewrites and all) in early July. I think I’ll have a decent-sized Web project to do in the fall, but other than that, I have no deadlines and obligations for the latter half of 2012. Little things will no doubt come along, but this kind of free time is unusual for me. (And, strangely, isn’t frightening at the moment, although free time come January could be a problem!) So, reasonably speaking, I will be able to work on the Yii book full time as of August 2012. This should coincide nicely with the hopeful release of Yii 2.0 over the summer. Speaking of which…

I’ve been chatting with Qiang Xue, the creator of Yii, and he has graciously offered to act as the personal tech editor for the book. This is a great honor to me, and will be a wonderful asset in making sure the book is as technically accurate as possible. In return, I’m going to help with some of the official Yii documentation (it’s the least I can do). And the good news keeps rolling in, as Alex Makarov, author of the popular Yii 1.1 Application Development Cookbook (Packt Publishing), has generously offered his assistance, too. These are invaluable pieces that are coming together nicely here.

In terms of publishing, my current plan is…

• To self-publish an ebook only. I will release it in mobi, epub, and PDF formats, without any annoying Digital Rights Management (DRM).
• Possibly no DRM.
• Probably no DRM.
• The price would be about $15 (USD).
• People would be able to buy the book in advance, and get each chapter as I write it. Revised chapters would be free updates.
• People would be able to buy just a single chapter and get revisions of that chapter as free updates.

I’m assuming that I’ll create a separate Web site for the book, as I’m also planning on making some of the book’s content freely available in HTML format. This does mean that along with writing the book, I’ll have to create the Web site and the above functionality, but such are the costs of doing things yourself. And I happen to know of a framework that makes Web development a lot faster…

I’ll continue posting updates here and on Twitter (by the way, I’m on Twitter @LarryUllman) as I have them. Yii postings may be sporadic for the next couple of months as I focus on the PHP Advanced book, but rest assured the Yii book is happening.

All thoughts, feedback, input, and offers of money are most welcome!

The posting ends with the most important security fact:

Remember, the most dangerous kind of security is a false sense of it. Thinking you’ve made your application more secure, when in fact you’ve weakened it, is the worst thing you could possibly do.

The previous edition had 14 chapters, plus two that were made available as free PDFs (one on image generation, the other on PDF generation). The current plan for this edition is to cut four chapters, add four entirely new chapters, and the add and remove some chapter sections here and there. The book will also have a “Review and Pursue” section at the end of each chapter, with review questions and pursue prompts.

My goals for this edition of the book were (in no particular order):

• Emphasize and expand the OOP sections
• Add more content geared towards creating larger, more elaborate, professional Web applications
• Add new content based upon changes in technologies since the last edition (specifically changes in PHP from version 5.2 to 5.4)
• Update outdated content (including replacing old approaches with entirely new ones)
• Removing no longer critical content
• Removing content now discussed in other books of mine

For example, new PHP features that will be covered include type hinting, the Nowdoc syntax, and traits. New Web application information include discussions of Apache’s mod_rewrite and phpDocumentor, and a chapter on debugging tools, unit testing, and improving performance. The expanded OOP material includes a chapter on design patterns and a new chapter that creates a whole example using OOP.

With all that in mind, the initial Table of Contents is posted below. New content is in green. Chapters I’ve cut (not reflected below) include one on security techniques (now well covered by my other books), another on e-commerce (I’ve since written awhole book on that), the PEAR chapter (replaced by one on the Zend Framework), and the Ajax chapter (well covered in many of my other books).

If you have any thoughts or suggestions, I’d love to hear them. Thanks!

• Chapter 1: Advanced PHP Techniques
  • Multidimensional Arrays
  • Advanced Function Definitions
  • Type Hinting
  • Anonymous Functions
  • The Heredoc and Nowdoc Syntax
  • Using printf() and sprintf()
• Chapter 2: Developing Web Applications
  • Modularizing a Web Site
  • Improved SEO with mod_rewrite
  • Affecting the Browser Cache
  • Better Documentation with phpDocumentor
• Chapter 3: Advanced Database Concepts
  • Storing Sessions in a Database
  • Working with U.S. Zip Codes
  • Creating Stored Functions
  • Displaying Results Horizontally
  • Storing Binary Data
  • Using PDO
• Chapter 4: Debugging, Testing, and Performance
  • Debugging Tools
  • Unit Testing
  • Profiling Scripts
  • Improving Performance
  • Implementing Server Caches
• Chapter 5: Basic Object-Oriented Programming
  • OOP Theory
  • Defining a Class
  • Creating an Object
  • The $this Attribute
  • Creating Constructors
  • Creating Destructors
  • Autoloading Classes
• Chapter 6: Advanced OOP
  • Advanced Theories
  • Inheriting Classes
  • Inheriting Constructors and Destructors
  • Overriding Methods
  • Access Control
  • Using the Scope Resolution Operator
  • Creating Static Members
  • Abstract Classes and Methods
  • Creating Namespaces
  • Using Traits
• Chapter 7: Design Patterns
  • What are Design Patterns?
  • [[Discussion of Specific Patterns TBD]]
• Chapter 8: Real-World OOP
  • Catching Exceptions
  • Extending the Exception Class
  • Implementing MVC
  • Using the Standard PHP Library
  • OOP-based E-commerce
• Chapter 9: Example–CMS with OOP
• Chapter 10: Networking with PHP
  • Accessing Other Web Sites
  • Working with Sockets
  • Performing IP Geolocation
  • Using cURL
  • Creating Web Services
• Chapter 11: PHP and the Server
  • Compressing Files
  • Establishing a cron
  • Scheduling Tasks on Windows
  • Using PHP’s Built-In Server
• Chapter 12: PHP’s Command-Line Interface
  • Testing Your Installation
  • Executing Bits of Code
  • Creating a Command-Line Script
  • Running a Command-Line Script
  • Working with Command-Line Arguments
  • Taking Input
• Chapter 13: XML and PHP
  • What Is XML?
  • XML Syntax
  • Attributes, Empty Elements, and Entities
  • Document Type Definitions
  • Parsing XML
  • Creating an RSS Feed
  • XML Error Handling
• Chapter 14: Using the Zend Framework
  • Installation
  • Creating and Validating Forms
  • Adding Captcha
  • Implementing Authentication
  • Using Zend_Mail

PayPal’s Website Payments Pro provides two APIs for processing payments: Direct Payment and Express Checkout. Both allow you to accept debit and credit cards (the specific cards will differ slightly from one region to the next), while Express Checkout also allows users to pay with their PayPal account. In both cases, the customer never leaves your site, unlike when using PayPal’s Website Payments Standard. PayPal does require you to use both APIs in order to use Website Payments Pro. To keep this post from getting too long, I’ll only address the Direct Payment, which most easily correlates to the Authorize.net code in the book. If you need help with the Express Checkout aspect, let me know.

To understand how to use Website Payments Pro instead of Authorize.net for the second example, let’s first look at how Authorize.net is used. The customer begins the checkout process on checkout.php. This script takes and validates the user’s shipping information. Upon successful validation, the user is redirected to billing.php, which takes and validates the billing information, including the credit card. Upon successful validation, the payment is processed by including two scripts: gateway_setup.php and gateway_process.php. For extra security, these two files are stored in a private folder outside of the Web root directory.

Within gateway_setup.php, a bunch of parameters are set within an array named $data:

<?php
$data = array();
$data['x_type'] = 'AUTH_ONLY';
$data['x_card_num'] = $cc_number;
$data['x_exp_date'] = $cc_exp;
// etc. 

Then the gateway_process.php script adds some more details to the array:

// Your account info:
$data['x_login'] = '75sqQ96qHEP8';
$data['x_tran_key'] = '7r83Sb4HUd58Tz5p';
// etc. 

Finally, gateway_process.php converts that data into a useable format for the cURL request, performs the cURL request, and reads the response into the $response variable. Finally, this variable is converted into an array:

$response_array = explode($data["x_delim_char"],$response);

That’s the end of the gateway_process.php script. The script that invokes it—billing.php—will then use $response_array to take the next logical steps.

In order to switch the payment gateway in use, you must replace the code in gateway_setup.php and gateway_process.php. This is much easier than you might think. For PayPal’s Website Payments Pro, you’ll need to change the code in those two files so that instead of creating, for example, $data['x_card_num'], it creates $data['ACCT']. The proper values and their meanings can be found in the PayPal documentation.  This means that gateway_setup.php would contain:

<?php
$data['PAYMENTACTION'] = 'Authorization';

// Billing info:
$data['ACCT'] = $cc_number;
$data['EXPDATE'] = $cc_exp;
$data['CREDITCARDTYPE'] = $cc_type;
$data['CVV2'] = $cc_cvv;
$data['FIRSTNAME'] = $cc_first_name;
$data['LASTNAME'] = $cc_last_name;
$data['STREET'] = $cc_address;
$data['STATE'] = $cc_state;
$data['CITY'] = $cc_city;
$data['ZIP'] = $cc_zip;
$data['COUNTRY'] = 'US'; // Or other, if accepting international orders.
$data['IPADDRESS'] = $_SERVER['REMOTE_ADDR'];

As in the book, these orders are being authorized first and captured later. The actual transfer of funds takes place in a second step, when the order ships. For simplicity sake, you could change the PAYMENTACTION to Sale, assuming that would be appropriate (and legal) in your situation. PayPal also wants you to pass along the customer’s IP address, for fraud prevention purposes. And you’ll need to get the credit card type from the user, which isn’t requested in the book’s original code.

Next, gateway_process.php needs your own information:

// Your account info:
$data['SIGNATURE'] = 'your API signature';
$data['USER'] = 'your API username';
$data['PWD'] = 'your API password';

This information will be determined when you sign up for Website Payments Pro with your PayPal business account.
Next, there’s the payment gateway stuff:

// PayPal Website Payments Pro Stuff:
$data['VERSION'] = '85.0';

// Transaction stuff:
$data['METHOD'] = 'DoDirectPayment';

And then there’s the order information:

// Order info:
$data['AMT'] = $order_total;
$data['CURRENCYCODE'] = 'USD';
$data['INVNUM'] = $order_id;
$data['CUSTOM'] = $customer_id;

The CUSTOM option lets you send your own data along, in this case the customer ID (although the customer ID could also be retrieved later via the transaction ID).

(Note: Dividing the data into these two files may seem odd, but it’s done so that the administrative side can easily use the same gateway_process.php script, after running a gateway_setup_admin.php script. If you need help with the admin process, to capture a prior authorization, let me know.)

Also, the GATEWAY_API_URL constant in gateway_process.php needs to be changed to PayPal’s proper URL: https://api-3t.sandbox.paypal.com/nvp for testing, https://api-3t.paypal.com/nvp for live purposes.

After identifying all the values, the gateway_process.php script converts that data into a string of URL-encoded name-value pairs. That does not need to be changed, nor does the cURL request made at the end of that script.

In response to the request, PayPal will return a string which contains more name-value pairs: TIMESTAMP=X&ACK=Success&VERSION=85&… This must be broken into an array:

$a = explode('&', $response);
$response_array = array();
foreach ($a as $item) {
 list($key, $value) = explode('=', $item);
 $response_array[$key] = $value;
}

This code is a bit different and more complex than the Authorize.net code, as Authorize.net only returns a string broken up by the pipe character (|). But at this point, <strong>$response_array</strong> is usable. Unfortunately, <strong>billing.php</strong> will need to be modified, because that script assumes a numerically indexed array. First, you’ll need to change the call to the stored procedure:

$r = mysqli_query($dbc, "CALL add_transaction($order_id, '{$data['PAYMENTACTION']}', $response_array['AMT'], $response_array['ACK'], '$response_array['PAYMENTADVICECODE']', $response_array['TRANSACTIONID'], '$response')");

After that code, different reactions occur based upon the success of the transaction. To check that, use $response_array['ACK'], which should have a value of Success. Other values include SuccessWithWarning, Failure, and FailureWithWarning. The response array will store the actual reasons in order elements in those situations. The unique transaction ID will be stored in $response_array['TRANSACTIONID']. This would be needed for the capture phase, if using that route. Again, if you need help with updating the admin pieces, let me know.

So that’s the gist of how you would use PayPal’s Website Payments Pro instead of Authorize.net for direct payment with the second e-commerce example in the book. As already mentioned, PayPal does insist that you create an Express Checkout process, too. It’s actually slightly simpler than this code because the user’s billing and shipping information is already stored in PayPal. To integrate this option, you’d add PayPal’s Express Checkout button to your cart.php page, and that would take the user to a different page on your site, where he or she enters his or her PayPal email address and password. This is then sent to PayPal for authorization, along with the order particulars. For more, see PayPal’s documentation.

I’ve been using Apple computers for thirty years now: I first learned how to program with Basic on an Apple IIe. My first Mac computer was purchased in 1994, a Color Classic. This was a few years before I begin my life as a programmer and Web developer. As a Mac user, and as a Web developer, I was so thrilled when Apple made the big switch in 2001 to Mac OS X, which is by far the most user-friendly version of Unix (Mac OS X uses a version of FreeBSD as its core). With Mac OS X, the same software running on Web servers also runs equally well on my home computer (and many of my clients run Mac servers, too). The specific software is the *AMP stack: Apache, MySQL, and PHP.

For the first several years, I always used the built-in Apache that came with the operating system, and then installed MySQL and PHP separately (Marc at Entropy.ch provided the best PHP installer). Then, a couple of years ago, Mac OS X began using a 64-bit version of Apache by default. This requires a 64-bit version of PHP, which requires 64-bit versions of all the associated libraries. Which wasn’t happening. Many PHP developers were stymied by Apple’s switch to a 64-bit Apache. One solution was to have the Mac run the 32-bit version of Apache instead of the 64-bit, which required some command-line tinkering. Fortunately, there was a better alternative: MAMP, which is also free.

The MAMP application installs Apache, MySQL, PHP, phpMyAdmin, and a couple of other niceties, separate from your built-in software. MAMP then slaps on a simple interface for starting and stopping them all, and adds a wee bit of possible configuration. Because of the issues with the built-in 64-bit Apache, I began using MAMP, and even started recommending it in my books. In time, I went ahead and purchased MAMP Pro, which provides an even better interface for controlling the same MAMP stack of applications. With MAMP Pro, you can easily create virtual hosts, set up an outgoing mail server, apply DNS, and more. Mostly, I purchased MAMP Pro because I had been using MAMP long enough that I thought it time I support the application. And that’s when I started second-guessing MAMP…

First, the paid version of MAMP comes with no more documentation or support than the free version, which is pretty much just wrong. For example, I had to enter my administrative password every time I started or stopped MAMP, which shouldn’t be necessary (and is annoying). I searched online, tried a couple of things: to no avail. MAMP Pro now allegedly comes with email support but no support was forthcoming when I first stated with MAMP Pro. In short, I realized that MAMP Pro isn’t giving you much for the $60 (USD) it costs, but I had already purchased MAMP Pro and had been using it for years, so I could live with that decision.

Another problem with MAMP is that it’s a bit of a pain to upgrade and they do released updates frequently enough to make it a factor. You have to copy out the database directory, install the new version, and then move the database directory back. I would think MAMP could come up with a better system, because the risk of wiping out all of your databases (and sites, if you place those within the MAMP directory) is far too high.

The next hiccup with MAMP is that they recently released version 2, which was a paid upgrade. MAMP 2 provides a couple of new features, but not a lot, and costs half the price of the original to upgrade. That may not be a lot compared to, say, upgrading an Adobe product, but remember that MAMP is just a package and an interface to a slew of free software. I’ve been holding off on upgrading, and then…

The final straw was that I needed to use a version of PHP with a couple of extra modules enabled. When I went searching online, I came across a number of excellent ways to install PHP on my Mac that don’t cost any money. Those are…

• AMPPS is a stack of Apache, MySQL, PHP, Perl, and Python. It runs on both Windows and Mac OS X, and is free. It’s not foolproof to install but documentation and support are available. The AMPPS control panel makes it very easy to configure Apache, PHP, and MySQL (e.g., change the version of PHP or what modules are loaded). And AMPPS comes with the ability to install many different software packages, such as WordPress.
• Brian Gilbert posted an article at RealityLoop that explains how to install MySQL and PHP (PHP built from the source code) In a second article, Gilbert explains how to setup Gmail as an SMTP server.
• Finally, what I’ll personally start using the most is a new PHP package for Macs, based upon the classic entropy.ch one. It worked flawlessly for me, and is well designed. It uses the built-in Apache, and doesn’t include MySQL, however, so you’ll have to install that separately (which is easily done). But this package is easier to install than building PHP from source. (For more information on this package, see this blog post.)

I’ll also add that if you, like me, really make use of virtual hosts, but don’t want the hassle of setting them up manually, you can consider VirtualHostX. It costs $30 (USD), but that’s still half the price of MAMP Pro. Personally, I’m just inclined to create virtual hosts manually anymore.

So there you have a quick long discussion of using Apache, MySQL, and PHP on your Mac. Mostly I feel that MAMP created an excellent, free product, that was a major asset to the Mac community for years. But the commercial product lacked many attributes that commercial applications should have. It’s been years now, and MAMP has yet to make the MAMP Pro application as professional as it should be. And so, it’s time for a switch, I think.

If any other Mac Web developers out there have any thoughts on the subject, I’d love to hear them.

dept_form.html

This page returns all of the employees in a selected department.

add_employee.html

This page uses Ajax to add an employee to the database (note: the version running on this site does not actually execute the INSERT query that updates the database.)

search_form.html

This page provides a simple search to retrieve employees by last name.

There’s no navigation within or among the pages. You’ll need to click Back to return to this page to see another example. To run one of the examples without Ajax (to see what that’d be like for visitors that can’t use the Ajax version), disable JavaScript in your Web browser.

I’m currently going through some items in my “to read” folder, and am reading, or perhaps re-reading, the Better Business Bureau’s PDF titled “Security & Privacy – Made Simpler“. If you do any e-commerce, or even just Web development, it’s worth reading. It’s a 22-page document that discusses almost every facet of e-commerce, such as:

• Developing a security and privacy plan
• Creating and communicating your security and privacy policies
• Good employee screening and policies
• Common hack/theft strategies
• General Internet security
• Proper handling of customer data
• Payment processing
• What to do in the event of a data breach
• A preview of international e-commerce considerations

The document also has many resources listed in these and other categories. You can download the PDF from that page, but there are also related FAQs and more on the BBB’s site.

1. Head to Peachpit.com (almost all of my books are published by Peachpit Press)
2. Click on Account Sign In at the top of the page.
3. If you don’t already have an account with Peachpit.com, click the Create a new one… link to register.
4. After you have registered, login.
5. On your account page (after logging in), click Registered Products.
6. On the Registered Products tab, click Register Another Product.
7. Follow the instructions to register the book.
8. Return to the Registered Products page.
9. For the book in question, click the Access Bonus Content link. That will take you to a page with all the bonus content for a given book.

Besides being able to access bonus content, there are other benefits to registering at Peachpit’s site. And while you’re there, you can also check out my author page, which lists the books I’ve written for Peachpit, the articles I’ve published there, and the blog postings I’ve published there. Both the articles and blog postings are viewable without registration or logging in.

I hope that helps anyone having trouble finding the material they’re looking for.