How do you convert an old OOP PHP project into the Yii Framework?
I had a similar task a year ago, but the code wasn't really OO at all. I created a new Yii project and placed the old site as a lib in the that project. I then set up the basics in Yii like database access, whichever session values were needed in both projects etc. I then ported route by route, feature by feature. It took some time, but it worked out really well. I just had a bootstrap script which routed requests based on "ported_routes".
When it comes to reusing classes that should not be a problem if they are well structured without dependencies on the old code. Yii places no restrictions on that stuff, so just add them as libs or browse through the Yii docs and see if it makes sense to refactor them into Yii components or subclass something in there.
As for CSS and JS that was redone from skratch, using LESS and newer JS libs. A lot had happened in the JS world since the original code was written. Yii does not require you to follow any predetermined structure for markup either, so in theory you should be able to use the old CSS unless you want to change markup fundamentals.
If your old code has a MVC-like structure the porting of actions and views will go smoother, but regardless you are pretty much left with a similar approach I think.
framework best for migrating an existing donation website to a php framework?
Cakephp and yii have PDO implemented.
I'll use YII, i love the way it implements the stuffs.
Generate migration using command line.. crud using web interface (so easy).
You can add foreign keys on your migration.. his support to database is larger than the cake php.
The model methods and pdo are so easy to work with, it have a lot of examples.
Cake php is sweet too, but Yii have more things and is more advanced.
The default scaffold on yii is better, advanced search implemented and jquery on the fly
Yii PHP Framework- Implementation
I'll go with the line
Is it possible to use Yii just by
copying the Framework to a folder on
the server and then including
something
and answer yes :p Though, you should just follow webapp creation through yiic webapp
like
so:
- Download the yii (yii-someversion.tar.gz or what have you) distribution,
- extract it somewhere (e.g.
/opt/yii
in *nix orC:/web/yii
in windows.) - Now put that directory in your path (
$PATH
in *nix, or%PATH%
in windows), - go to a shell / command prompt, change the directory to your
webserver's document root and do ayiic webapp <app folder name>
After answering a couple config question, you should have an look at the
index.php created there, you should have something like:
<?php
// change the following paths if necessary
$yii=dirname(__FILE__).'/../yii/framework/yii.php';
$config=dirname(__FILE__).'/protected/config/main.php';
// remove the following lines when in production mode
defined('YII_DEBUG') or define('YII_DEBUG',true);
defined('YII_TRACE_LEVEL') or define('YII_TRACE_LEVEL',3);
require_once($yii);
Yii::createWebApplication($config)->run();
and that's about it :p
Yii migration update
Wrap the column name in a CDbExpression
, which instructs Yii to include it in the resulting query unescaped:
$this->update('item', array('item_order'=> new CDbExpression('item_id')));
Going from a framework to no-framework
Current versions of PHP5 include much of the security framework you're looking for as part of the standard library.
- Use filter_input_array to declaratively sanitize stuff coming in from the outside.
- Access your database via PDO with parameterized SQL to prevent SQL injection attacks.
- Use the following PHP settings to make your site more resistant to session fixation and cookie theft:
- session.use_only_cookies (Prevents your session token from leaking into the URL)
- session.cookie_httponly or the
httponly
attribute to session_set_cookie_params() (Protects against scripts reading the session cookie in compatible browsers) - More suggestions and PHP example code available on Wikipedia.
- You can also use the
httponly
attribute with setcookie().
- Nothing fancier than basic templating and header-setting is required for new HTTP and HTML5 features:
- HTTP Strict Transport Security (Helps protect against WiFi exploits.)
- X-Frame-Options (Restrict embedding of your pages. Good against phishing.)
- HTML5 IFrame Sandbox Attribute (Sandbox 3rd-party ads/badges/videos. Already in WebKit. Likely to be at least partially implemented in Firefox 11.)
- Content Security Policy (Firefox 4's new security framework, complimentary to the sandbox attribute. Now also being implemented in Chrome.)
If you're accepting HTML as input, I recommend grabbing HTML Purifier and calling it via a FILTER_CALLBACK line in your filter_input_array setup. Its whitelist-based approach to input security makes a great (and very powerful) first line of defense against XSS.
As far as I can tell, PHP doesn't come with a mechanism for protecting against cross-site request forgery, but I'm sure Google can help you with that one. The OWASP Security Cheatsheets include a section on it if you want to implement your own protection.
Out of curiosity, I decided to also start looking at standalone components and here's what I've found so far:
Templating:
- PHP Template Inheritance (Regular PHP plus template inheritance)
- TWIG (Django/Jinja2/Liquid-style syntax including autoescape and sandboxing. Compiles to cached PHP for speed.)
- Dwoo (A faster, more featureful, PHP5-ish successor to Smarty. Includes a compatibility system for existing Smarty templates.)
Stuff I still haven't looked into properly:
- Route dispatching (Only found RouteMap and Net_URL_Mapper so far. Thanks, cweiske.)
- ORM (Just in case bare PDO isn't your thing)
Related Topics
Creating a Related or Similar Posts Using PHP & MySQL
Laravel 5.2 - Pluck() Method Returns Array
Asynchronous Processing or Message Queues in PHP (Cakephp)
What Are the Best Practices for Catching and Re-Throwing Exceptions
Parameter Type Covariance in Specializations
Fatal Error: Call to Undefined Function: Ldap_Connect()
PHP "Pretty Print" JSON_Encode
Youtube API V3: How to Find a List of Each 'Videocategoryid'
How to Check If an Entered Value Is Currency
How to Load a PHP File into a Variable
How to Integrate Moneybookers in Web Application in PHP
What Is the Best Method to Prevent a Brute Force Attack
Automatic Logout After 15 Minutes of Inactive in PHP
Displaying Multiple Lines of a File, Never Repeating