DevShed continues their series focusing on the security of your web application in this fifth part of the series. This time they look at preventing attacks on your app via correct authentication.

You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.

This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.

Andrew Wulf passed along a note about an ajax-based PHP documentation site aimed at making it simple to get at the PHP manual from a single page interface.

I wrote this little app for my own needs initially, as PHP is such a big monster that it was hard to find the right documentation, or discover which of the N similar packages I should use. When I moved servers I fixed up the app enough and decided to release it to the world. It's pretty handy as is, but there are still several things I need to add, particularly paging through the documentation, and supporting bookmarks.

The site, phpdox.net, supports two kinds of searches - one through an index of page titles and another through the hierarchical names of the documentation's filenames.

Asvin Balloo has posted a tutorial that shows how to combine the YUI libraries with PHP to create a simple image cropper.

This post will show you how to build an AJAX crop image tool using the image cropper control from YUI library and PHP. The ImageCropper Control from the YUI library gives you an interactive interface for getting the dimensions to crop an image and using these dimensions in PHP, we can do some cropping.

The script takes in an upload, shows it in the browser for cropping and once altered, pushes the altered image back out as a download. Full code is included as well as a demo of the final result and a sample file to get you started.

The Midstride Solutions blog has posted five tips and tools that can help to make you a better developer (and possibly make you a faster one).

In this post, I will discuss 5 tips and tools that the php community has provided to speed up development time and improve code quality. These should help you out if you don't already know them, but if you do I would like to hear what you use to speed up your development time.

Their five tips/tools are:

• Framework with the Model View Controller (MVC)
• AJAX Frameworks
• Integrated Development Environment (IDE)
• Database Creation/Management Software
• Object Relational Mapping (ORM)

Included for each is his personal preference and recommendation.

Zend has issued a press release about a new series of online training classes they will be offering.

Zend Technologies, The PHP Company, continues its series of free online seminars started in early 2007.The so-called "Webinars" are aimed at anyone interested in PHP - web developers, consultants, project managers and technical decision makers. Topics include PHP as well as specific solutions and the tools Zend offers for enterprise-use of this programming language.

You can get more information on the events from the Zend website but here's a few to give you an idea: "Zend Cargo and Present: Using PHP to Build a Mobile Internet Platform", "Get Rich Quick: Building Ajax-based RIAS with Zend Framework and Appcelerator" and "i5 - Application Lifecycle Management for the Enterprise".

All of the webinars are free and, if you miss a session and you want to catch up, you can always download it from their archive.

In this new post to the PHPInfo site, Brian Fioca takes a look at the WASP framework and how it can help you develop your applications quickly.

In this article I will demonstrate the power and simplicity of developing PHP applications using the WASP Framework through the illustration of a simple user module design pattern. The example code will encompass the creation of a user account and subsequent login validation. In the course of this discussion, we will cover the creation of the three tiers of the application- model, view, and controller-and introduce a simple approach to using AJAX to save application form data and present flexible user interfaces.

The provides the code and database structure to make the application work, including the "touch of Ajax" made using the Prototype Javascript library.

In this new post to the SitePoint PHP Blog there's a look at using a small templating engine recently released by Fredrik Holmstrom that takes a different tack on working with template files - it parses them into a DOM structure.

The main difference to traditional template engines (Such as Smarty), is that the template it self doesn't have any imperatives within. In fact, the template doesn't even have to be written to the template engine, to be used - Any markup can be used as a source.

The templating system uses Domlings, bits of HTML to match against and replace with the bound information. A few examples are included - a simple binding, how to switch out a block of HTML, pushing it back in and looping over a block of information to do some search and replace.

The IBM developerWorks website has a new tutorial for those looking to get into the powerful combination of Ajax and PHP - an introduction to creating Ajax-based websites with PHP.

Learn the process of writing Asynchronous JavaScript + XML (Ajax) applications using native JavaScript code and PHP. This article introduces a few different frameworks and application program interfaces (APIs) that reduce the amount of code you need to write to achieve a complete Ajax-based Web application.

They (briefly) explain what Ajax is and the benefits of it before jumping right in to a sample page. They go for the "manual first" approach so developers know to make basic connections with the XMLHttpRequest object and handle the responses. They do mention some of the libraries offered that help with the connections too (like jQuery, Prototype and Dojo).

In a new post to the ThinkPHP blog today there's a look at combining Comet with PHP to make a simple method for the client to talk back to the server outside the usual methods.

If a couple of users have opened the application there are already some hundred or thousand requests per second. The outcome of this is a big load for your server and a highly increased traffic - your server will in a senseless way be overloaded. In conclusion, our problem is the enormous amount of polling without knowing whether the server really wants to send a new push. Let's turn the initial situation around. And we get the solution to our problem: Comet.

With Coment, the model changes and the request is "cached" on the server-side automatically in a single Comet instance. Coordinate this with another recommendation of theirs, a PHP socket server, and you can do some pretty interesting things.

On the PHP::Impact blog today Federico points out a few HTML DOM parsers that work similar to jQuery:

• the Simple HTML DOM Parser
• Zend_Dom_Query
• phpQuery

Check out a previous tutorial of his for more information on using DOM parsers to scrape information from remote sites.