In a new post to the Debuggable blog Felix Geisendorfer illustrates a simple access rights system that can be plugged into any CakePHP application you might be developing.

If your application is like most, then you have some basic permission requirements for your data. A simple scenario is the following. Blog posts can only be edited by their owners and administrators. Same goes for viewing unpublished blog posts.

His example modifies the typical "posts" controller to add in a new model (User) with a permission check (can) and a model that implements it into the PostsController to ensure that a user can view any given posting.

Over on the PHP Zone (from the DZone community site) there's a in-depth tutorial looking at the creation and management of an access control system (users, passwords and what they can do) in your PHP application. It's an excerpt from the Packt book PHP5 CMS Framework Development.

Many websites will want to control who has access to what. Once embarked on this route, it turns out there are many situations where access control is appropriate, and they can easily become very complex. So in this chapter we look at the most highly regarded model role-based access control and find ways to implement it. The aim is to achieve a flexible and efficient implementation that can be exploited by increasingly sophisticated software. To show what is going on, the example of a file repository extension is used.

They talk about some of the general considerations about access control (limiting the number of rules, common difficulties) and plenty of code/database schema to get you started.

Along with the popularity of Twitter has come one of it biggest problems - its instability. More and more people are using the service every day and some are leaving when they encounter the frustration of too much downtime. Enter a project that Graham Christensen is getting started - Stablr, a PHP-based version of the popular web service.

Stablr, the proposed name, will be the main gateway for it's users. People will post to Stablr, which will then (when it can) forward it to Twitter. If a Stablr users posts to Twitter directly, the message will be retrieved and replicated on Stablr. Responses to posts, direct messages, and tweets from friends of Stablr users would also be replicated.

He's already seen some great response from the community with offers to help and has taken it to the next level by coming up with a five-page document detailing the plans behind the project (using things like caching, an Access database and Jabber integration).

Lee Blue has posted something looking to bridge yet another gap between Ruby on Rails and PHP - a method for adding before_filter functionality to PHP.

I often use this when implementing a simple login screen for a password protected section of my application. In a Zend Framework application you can implement a preDispatch() function in a Zend_Controller_Action which will run before an action is dispatched. This lets you setup your filter to check to see if the visitor is logged in or not. If the visitor is not logged in, you can redirect them to the login screen of your application.

He includes example code to show its usefulness - checking to see two things: is a user is logged in and to see if they're allowed to use a certain resource.

In this new blog entry, Rob Allen has shared a simple View setup that he's been using in his Zend_View setup (on the Zend Framework).

It's in the manual, but I thought I'd blog about my simple View Helper setup that ensures that I can get at the view with minimal effort. [...] his class contains the code required by Zend_View to collect an instance of the view and assign it to a protected variable. All my view helpers extend this class and so I can access the view using $this->_view.

His code creates a simple object that all of his views extend and make a single object that refers back to the view itself.

Gergely Hodicska has posted about some hacking he's down with the Zend_Acl package in the Zend Framework to make support for custom roles and resources.

I found that the base Zend_Acl package has some limitation/problem if you want to use it in a bigger real life project. Zend_Acl supports only logical roles, resources so I decided to extend it to allow using custom roles and resources which can represent existing entities (for example users/groups and topics in a database)

He talks some about the package and its current functionality, including the limitations he ran up against. He came up with a structure for what he wanted (seen here) and set out to extend the class, making an interface and implementing it with his own loading method.

His source code can be downloaded here.

rPath linux has issued an update to their packages for PHP, PHP-MySQL and PHP-PGSql to correct issues that could make it possible for a remote user to gain unauthorized access.

his fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions or by malicious people to potentially compromise a vulnerable system.

References and links to the update information can be found in their original advisory.

Stefan Mischook has once again updated his beginner tutorial to help new developers to PHP get acquainted with working with objects in PHP.

I've update my beginners tutorial on object oriented PHP adding steps 12-17. I cover two new basic OO concepts in these steps: Constructors and Access modifiers.

The fully updated tutorial can be found here on Stefan's website.

On PHPGeek.com, there's a new post talking about the use of the AuthComponent for CakePHP for access control in your application. It's not a tutorial, but it does follow how the developer came upon the component and why they're using it.

Nearly everything that is built needs at least some level of authentication and authorization before users can be let loose to use it. Unfortunately, not only is there a lot of confusion out there on how to use it, but lots of poorly done, reinvented wheels out there because of it.

He points out the solution he came across via another article from the "Another Cake Baker" blog (lemoncake) show how to use the component for ACL in CakePHP 1.2.

From the PEAR blog today comes a new post talking about the introduction of a much requested option when accessing the PEAR source code - SVN over CVS.

As part of the PEAR2 project we are making that happen. I'm happy to announce that we now have an SVN repo ready for testing. Web access at http://svn.pear.php.net with the SVN url being http://svn.pear.php.net/repo.

The access isn't quite available yet, but it will be as soon as they figure out how they want people to be able to access the parts of the PEAR2 source code. Keep an eye on the PEAR Blog for the latest.