Migrating Pure PHP Project to Yii Framework

How do you convert an old OOP PHP project into the Yii Framework?

I had a similar task a year ago, but the code wasn't really OO at all. I created a new Yii project and placed the old site as a lib in the that project. I then set up the basics in Yii like database access, whichever session values were needed in both projects etc. I then ported route by route, feature by feature. It took some time, but it worked out really well. I just had a bootstrap script which routed requests based on "ported_routes".

When it comes to reusing classes that should not be a problem if they are well structured without dependencies on the old code. Yii places no restrictions on that stuff, so just add them as libs or browse through the Yii docs and see if it makes sense to refactor them into Yii components or subclass something in there.

As for CSS and JS that was redone from skratch, using LESS and newer JS libs. A lot had happened in the JS world since the original code was written. Yii does not require you to follow any predetermined structure for markup either, so in theory you should be able to use the old CSS unless you want to change markup fundamentals.

If your old code has a MVC-like structure the porting of actions and views will go smoother, but regardless you are pretty much left with a similar approach I think.

framework best for migrating an existing donation website to a php framework?

Cakephp and yii have PDO implemented.
I'll use YII, i love the way it implements the stuffs.
Generate migration using command line.. crud using web interface (so easy).
You can add foreign keys on your migration.. his support to database is larger than the cake php.
The model methods and pdo are so easy to work with, it have a lot of examples.

Cake php is sweet too, but Yii have more things and is more advanced.
The default scaffold on yii is better, advanced search implemented and jquery on the fly

Yii PHP Framework- Implementation

I'll go with the line

Is it possible to use Yii just by
copying the Framework to a folder on
the server and then including
something

and answer yes :p Though, you should just follow webapp creation through yiic webapp like
so:

1. Download the yii (yii-someversion.tar.gz or what have you) distribution,
2. extract it somewhere (e.g. /opt/yii in *nix or C:/web/yii in windows.)
3. Now put that directory in your path ($PATH in *nix, or %PATH% in windows),
4. go to a shell / command prompt, change the directory to your
   webserver's document root and do a yiic webapp <app folder name>

After answering a couple config question, you should have an look at the
index.php created there, you should have something like:

<?php

// change the following paths if necessary
$yii=dirname(__FILE__).'/../yii/framework/yii.php';
$config=dirname(__FILE__).'/protected/config/main.php';

// remove the following lines when in production mode
defined('YII_DEBUG') or define('YII_DEBUG',true);
defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',3);

require_once($yii);
Yii::createWebApplication($config)->run();

and that's about it :p

Yii migration update

Wrap the column name in a CDbExpression, which instructs Yii to include it in the resulting query unescaped:

$this->update('item', array('item_order'=> new CDbExpression('item_id')));

Going from a framework to no-framework

Current versions of PHP5 include much of the security framework you're looking for as part of the standard library.

• Use filter_input_array to declaratively sanitize stuff coming in from the outside.
• Access your database via PDO with parameterized SQL to prevent SQL injection attacks.
• Use the following PHP settings to make your site more resistant to session fixation and cookie theft:
  
  
  • session.use_only_cookies (Prevents your session token from leaking into the URL)
  • session.cookie_httponly or the httponly attribute to session_set_cookie_params() (Protects against scripts reading the session cookie in compatible browsers)
  • More suggestions and PHP example code available on Wikipedia.
  • You can also use the httponly attribute with setcookie().
• Nothing fancier than basic templating and header-setting is required for new HTTP and HTML5 features:
  
  
  • HTTP Strict Transport Security (Helps protect against WiFi exploits.)
  • X-Frame-Options (Restrict embedding of your pages. Good against phishing.)
  • HTML5 IFrame Sandbox Attribute (Sandbox 3rd-party ads/badges/videos. Already in WebKit. Likely to be at least partially implemented in Firefox 11.)
  • Content Security Policy (Firefox 4's new security framework, complimentary to the sandbox attribute. Now also being implemented in Chrome.)

If you're accepting HTML as input, I recommend grabbing HTML Purifier and calling it via a FILTER_CALLBACK line in your filter_input_array setup. Its whitelist-based approach to input security makes a great (and very powerful) first line of defense against XSS.

As far as I can tell, PHP doesn't come with a mechanism for protecting against cross-site request forgery, but I'm sure Google can help you with that one. The OWASP Security Cheatsheets include a section on it if you want to implement your own protection.

Out of curiosity, I decided to also start looking at standalone components and here's what I've found so far:

Templating:

• PHP Template Inheritance (Regular PHP plus template inheritance)
• TWIG (Django/Jinja2/Liquid-style syntax including autoescape and sandboxing. Compiles to cached PHP for speed.)
• Dwoo (A faster, more featureful, PHP5-ish successor to Smarty. Includes a compatibility system for existing Smarty templates.)

Stuff I still haven't looked into properly:

• Route dispatching (Only found RouteMap and Net_URL_Mapper so far. Thanks, cweiske.)
• ORM (Just in case bare PDO isn't your thing)

---

Related Topics