Over on the Blue Parabola blog Matthew Turland recently posted a new tutorial on using the PHP_CodeSniffer PEAR package to check out how well your code adheres to the coding standard of your choice.

For the sake of consistency [on a client project], the development team had stuff with the coding standard used by the framework itself. However, evaluating the code manually is tedious and time-consuming. There's a solution to this type of problem: the PHP_CodeSniffer package from PEAR, which builds an infrastructure around tokenizers for PHP, CSS, and JavaScript and utilities to detect coding standard violations within code in any of those languages.

He includes an example token output (the codesniffer package is based on the Tokenizer) from a script and walks you through the initial setup of the package, how to create "sniffs" for the code you want to analyze and how to run them using the popular unit testing tool PHPUnit.

DevShed continues their series focusing on the security of your web application in this fifth part of the series. This time they look at preventing attacks on your app via correct authentication.

You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.

This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.

On the SaniSoft blog Tarique Sani has posted about (and made available for download) some code sniffs for the CakePHP framework. Some problems arose with some of the naming that the framework uses, but with some "tinkering around"...

[It became] apparent that I had to have my own set of Cake sniffs to manage this but a separate standard just for this seemed an over kill and the simplicity of code made it kind of fun to add more standards which I liked but were in different set of sniffs.

You can grab the whole list of sniffs from their downloads. They implemented them as a pre-commit hook on their SVN server even so that developers could not violate the coding standards when they submit their code.

Daniel O'Connor has posted a quick guide to customizing your installation of the PHP_CodeSniffer PEAR package to match the coding standard you'd like.

PHP_CodeSniffer is a PEAR package which detects potential coding problems and enforces your style guide. The default is the PEAR coding standard, but you can easily change that.

His method requires the creation of a custom "FooCodingStandard.php" (named whatever you'd like, of course) that contains a class/method defining the "sniffs" you'd like to use for your standard. Use "pfm" to make it into a package and install it to your system - you'll be all set.