PHP Developers Network

[alex.barylski]

How would you utilize AJAX in a full fledged Zend powered application?

I have a controller (master) and it has several actions:

- list
- create
- update
- manage

The list action needs to be updated based on a JScript timer but only a small section of it.

How would you do this in Zend? Sample code or basic gist of the idea would be cool

[Luke]

I just asked a question sort of like this here. Really there shouldn't be much of a difference in how you make ajax requests in ZF than in any other way... framework or no framework. I think what I'm going to do is something like this:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

/**

 * Application Controller

 */

class HockeyApp_Controller_Action extends Zend_Controller_Action

{

    private $_ajax = false;



    protected function _init()

    {

        if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')

        {

            $this->_ajax = true;

        }

    }

}



class UserController extends HockeyApp_Controller_Action

{

    public function deleteAction()

    {

        if (!$this->_isLoggedIn()) return;



        $user = new Model_User;

        $user->id = $this->getRequest()->getParam('id');

        if ($user->delete())

        {

            /**

             * If this request originated from XMLHttpRequest, than return a response in json

             */

            if ($this->_ajax)

            {

                $status = 'success';

                $output = Zend_Json::encode($status);

                $this->getResponse()->setHeader("X-JSON", '(' . $output . ')'); // is this the right way to do this? I'm not even sure  

                return;

            }

           

            /**

             * If the parser has made it here, than the request was just standard http, so forward them home or where ever they came from

             */

            $this->_view->status = 'success';

            $this->_forward('user', 'home');

            return;

        }

    }

}

[infolock]

Not to sound negative, plus i also hope you understand i'm sure you already have considered this, but I figure I might as well say it.

Doing what you are considering might *work* in all fairness, but if you are dealing with a site that gets thousands of users daily, you may want to look for an alternative solution due to the amount of bandwidth doing what I think you are doing is gonna cost you.

A java applet or a flash app might be a bit more benficial (=

If it's not high traffic, then by all means go for it.

Either way, Space Goat is right though. Will work regardless if you use zend's framework or if you use a basic lamp setup.

[Jenk]

AJAX is a form of request, as far as php cares, it's not different to the user entering the servers address in the address bar - you just have to know what to serve.

[onion2k]

Doing what you are considering might *work* in all fairness, but if you are dealing with a site that gets thousands of users daily, you may want to look for an alternative solution due to the amount of bandwidth doing what I think you are doing is gonna cost you.

As a rule of thumb a well designed AJAX application will reduce your bandwidth usage.

[infolock]

It can definately reduce it. trust me i understand it, i've used ajax for almost 2 years now (=

The thing is, making a script that is continuosly calling a php script that is in essence querying a database, can potentially send 3600 requests for 1 user if the user keeps the browser idle and on the same page for an hour. This is true because his script is continuosly making an ajax call every second probably using the javascript timeout/callback method.

All i'm saying is 1000 x 3600 makes for a great deal of bandwidth issues versus a 1 time query and forcing the user to refresh the page to update the list. or better yet, havin the javascript only query for the list once a minute or something.

[jmut]

What took my attention is you could delete any user providing the right user_id as it does not seem to be validated.
But I guess this is off topic and in real scenario this is validated

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

....

        $user = new Model_User;

        $user->id = $this->getRequest()->getParam('id');

        if ($user->delete())

...

[onion2k]

It can definately reduce it. trust me i understand it, i've used ajax for almost 2 years now (=

The thing is, making a script that is continuosly calling a php script that is in essence querying a database, can potentially send 3600 requests for 1 user if the user keeps the browser idle and on the same page for an hour. This is true because his script is continuosly making an ajax call every second probably using the javascript timeout/callback method.

All i'm saying is 1000 x 3600 makes for a great deal of bandwidth issues versus a 1 time query and forcing the user to refresh the page to update the list. or better yet, havin the javascript only query for the list once a minute or something.

You ignored the bit where I said "well designed". Having a page that hits once a second when it's idle is very unlikely to be well designed. Even then though, so long as you limit what you're passing via the AJAX connection to new and updated information you'll still only be using a tiny amount of bandwidth.

[infolock]

I agree. You just have to watch how often that gets sent. if it's based on the user clicking something before the request is sent, so be it. But if it's a repeating call that happens every second with no set timeout, you are set on disaster when thousands of users hit your site at the same time.

Just to clarify, i saw your comment about designing well. Just making a point about while the design may be in the best interest, sometimes you have to think beyond the 10,000 ft view and see what's really going to happen in every-day situations (=

[Luke]

What took my attention is you could delete any user providing the right user_id as it does not seem to be validated.
But I guess this is off topic and in real scenario this is validated

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

....
        $user = new Model_User;
        $user->id = $this->getRequest()->getParam('id');
        if ($user->delete())
...

yea it was just an example... but you're right. VALIDATE!

[alex.barylski]

Heh...Java? Why would I use Java when AJAX works best? What happens if people have Java disabled or not installed? The way my system works now, AJAX is only used when JavaScript is enabled otherwise it remains fully functional using static HTML, AJAX is simply used to reduce bandwidth, etc...

I'm not sure you followed what I was saying

Anyways, Ninja dude...

Just an observation, maybe you did it for demonstration, but:

Syntax: [ Download ] [ Hide ]

Syntax: [ Download ] [ Show ]

if (!$this->_isLoggedIn()) return;

Inside your controllers action...probably best inside the index.php, unless you have pages which are accessible by anonymous users???

Which makes for an interesting disscussion, as to how to solve that best? Intercepting filter perhaps?

Cheers

[Luke]

nope it's right just where it is

[Kieran Huggins]

I still think it should go through the whole spanking machine and get transformed to JSON or XML on the way out - isn't it a security concern if you short turn the controller?

[John Cartwright]

nope it's right just where it is

Not always.. I like to create a map of my application mixed in with user permissions and implement it either using the init() function in controller parent class automatically, or even through a plugin which could redirect if their session permission did not meet the requested action.

[Luke]

nope it's right just where it is

Not always.. I like to create a map of my application mixed in with user permissions and implement it either using the init() function in controller parent class automatically, or even through a plugin which could redirect if their session permission did not meet the requested action.

yea I've seen something sort of similar to that before... where privileges to controllers / actions were mapped back to a database table that was checked in my application controller and if the user doesn't have access, they never even make it to the controller/action. That is something I may implement for a system I'm working on right now, but for right now, this method is fine.