Ian Selby has posted a new tutorial today looking at something that can be very handy in the right situations - dynamically adding new functions to an already defined PHP class.

I've gotten a lot of great suggestions for features [for PHP Thumbnailer], and have wanted to add them, but at the same time don't as I would prefer not to bloat the class with all sorts of functionality. So I started thinking about how I could provide certain functionality for people that want it, without either simply making it a part of the class (and making it more bloated as a result), or coming up with all sorts of extended classes to maintain and distribute.

His solution was to add functionality dynamically to the class as plugins. Each plugin is defined as its own class (to keep things standardized) and will be included/executed by a base controller class. He includes some sample code showing how to create a basic user object that can store the first and last names of the user in question.

Matthew Weier O'Phinney has a new post today looking at how you can integrate access control list (ACL) functionality into your Zend Framework application's models.

In my last post, I discussed using Zend_Form as a combination input filter/value object within your models. In this post, I'll discuss using Access Control Lists (ACLs) as part of your modelling strategy. ACLs are used to indicate who has access to do what on a given resource. In the paradigm I will put forward, your resource is your model, and the what are the various methods of the model. If you finesse a bit, you'll have "user" objects that act as your who.

He looks at the Zend_Acl component and how to extend your model with it to work with roles in a sample BugTracker application providing an abstraction interface to work with identities for your users.

DevShed continues their series creating a simple blogging application with the CodeIgniter framework with this part of the series - adding in a display for user comments.

In this specific case, the first of these files was defined as a basic controller, and was provided with the ability to paginate the aforementioned blog entries via the corresponding pagination class included with CodeIgniter. However, in its current incarnation, the blog application is pretty limited. It doesn't let users post comments on each blog entry. Thus, in the next few lines I'll be improving the signature of the controller class to address this important issue.

The review the code from before (showing the pagination of the blog entries) and add onto it a new comments method and how to create a new view to show the messages visitors to the site have submitted.

DevShed continues their series looking at user authentication in PHP applications with this third part of the nine part series. The focus is on the creation of the authentication scripts.

In this article we will continue to discuss the application-wide scripts that we started to talk about in the last article. These special scripts are used by all the scripts and pages of the application. We will continue to look at the func.inc script that has several useful functions defined in it.

Their func.inc script contains the helper functions the rest of the application can use (like isAdmin, isAuthd, genpass and checkEamil). They explain each of the the functions and include an example of them in action. The also include the other half of the pair - the logout script.

On DevShed.com today they're continuing a series with part two of their look at user management - more specifically at the creation of a user management application for access control.

Any application that is security critical will have some kind of method to track and maintain user activity. In this article we will begin to build a user management system that will give us control over who has access to which part of our application.

The system's functionality will also provide authentication support (not just role management) and allows for user registration, "forgot my password" and password management. Code and database information for the ten files needed to make the system are included.

On DevShed there's a new tutorial looking at user management in a PHP application including looks at data validation and encrypting passwords.

In this article we will look at how to create a secure user management module. No user authentication or user management script can ever be one hundred percent secure, but we can try to use the tools that are available to us to their maximum, and thereby make it difficult for malicious users to hack our scripts.

They include example scripts showing how to validate user input - length, alpha, empty or not and if its numeric or not. They look at encryption with the sha1() technique, comparing the user's input, hashed, to the key already stored.

DevShed finishes off their series on database security in PHP applications with this look at protecting your application and data from the threat of SQL injections.

In this article we will continue to explore various attacks that can be made on a database and how to prevent these attacks. We will also build the last page of our site.

Their example script is a login for a secured area of the site and contains a possible place for an injection - non-validated user input. With something as simple as making the username a single quote, an attacker could find out more about your database structure and use that to get further into your systems. To avoid it, they recommend validating with the mysql_real_escape_string function as a first line of defense.

The NETTUTS site has this new tutorial posted today about the creation of a site with a user registration and membership functionality built in.

A tutorial for the very beginners! No matter where you go on the internet, there's a staple that you find almost everywhere - user registration. Whether you need your users to register for security or just for an added feature, there is no reason not to do it with this simple tutorial. In this tutorial we will go over the basics of user management, ending up with a simple Member Area that you can implement on your own website.

They use a MySQL database to store the users' information, show how to create the login form to test the user's credentials and the registration form to make signup easy. They also thrown in a dash of CSS to help style the forms into something a bit more pleasing to the eye.

New on the Developer.com website is this tutorial from Jason Gilmore looking at OpenID authentication through the Zend Framework's Zend_Auth component.

I'll show you how to take advantage of a powerful open user identification service known as OpenID, and show you how to incorporate OpenID authentication and identification features into your Zend Framework-powered website. Even if you haven't started taking advantage of a web framework such as Zend's, this tutorial will serve two important purposes, demonstrating not only the allure of OpenID, but also how a framework such as the Zend Framework can greatly reduce development time.

He points to several places you can set up an OpenID account and mentions the Zend_Auth component that already includes all of the methods you'll need to validate a user based on their choice of provider. He creates a simple form and makes an indexAction in his controller that makes a Zend_OpenId_Consumer object to grab the user's information and verify the login.

The Zend Developer Zone has posted a recording (from the Zend/PHP Conference & Expo 2008) of the UnConference session user group panel discussion.

Ben Ramsey, Software Architect at Schematic and PHP community leader, and Keith Casey, founder of CaseySoftware, held an UnCon session at ZendCon this year to discuss PHP User Groups.

You can either listen to it on the page or you can always grab the mp3 and listen at your leisure.