Workshop: Serious PHP for Real Drupal Developers

Drupal developers are in for a real treat in the next release of Drupal. As of version 8, Drupal will be incorporating the Symfony2 framework and requiring PHP 5.3.4+. Experienced Drupal developers know this means change. Are you ready to level up? Join PHP expert Lorna Jane Mitchell and Drupal trainer Emma Jane Hogbin as they guide you through the core PHP knowledge you'll need for the next release of Drupal. Workshop attendees will learn how to solve common problems using elegant design patterns with object oriented programming. Whether contributing to core, updating contrib modules, or creating custom Drupal products, participants will end the workshop with the skills needed to build elegant, contemporary PHP code for Drupal.

Who is the target audience?

PHP developers who've been focused on Drupal code for the last few years. They are excited about taking advantage of the new features Drupal 8 will be allowing (including PHP 5.3.4 and Symfony2) and want to ensure they are using best practices when refactoring their code. Secondary audience members include: junior and senior developers who've learned their trade on Drupal's code base. They don't have a computer science background and they have learned exclusively "by example". They may be self-conscious of their code and want to be more confident in their ability to create code and not just modify someone else's.


Familiarity with Drupal PHP and a desire to improve the quality of the code written for the Drupal project and web sites deployed with Drupal is required. Developers who maintain their own contributed modules, or work on core development are ideally suited for this program. Drupal consultants and companies focused on site building, theming, and "glue code" modules will not find as much value in this workshop and are encouraged to wait for the open source version of the program. Companies purchasing seats may have junior and senior developers attending. For this reason there will be pre-class resources available with introductory information on PHP and Drupal development. The pre-class resources will include Randy Fay's Examples module. A grocery list of system requirements will be provided; however, we do expect companies to provide their staff members with technical support on how to create a developer environment. Every company should have at least one participant able to create their own local developer environment. If your company does not have this capacity, please wait for the open source version of this course.


What will participants learn? What will they be able to do after the workshop?
  • Describe patterns used in code and frameworks from other projects.
  • Apply best practices for OOP in PHP to the Drupal 8 core and contributed projects.
  • Write more efficient code.
  • Refactor existing code to take advantage of new language features and design patterns.
  • Recognize and refactor Drupal-specific code to use new language features and Symfony.
  • Leverage the capabilities of Symfony when writing new Drupal code.


This class will be delivered as two half-day webinars with supplemental readings and practice exercises.
  • Dates: September 20, September 27.
  • Time: 9AM-12PM (Noon) Eastern Daylight Time
  • Location: WebEx Event Center (support for Linux, OSX and Windows; does not support iOS and other mobile devices)
There will be a recording of the session available within 48 hours of each class. Each company seat will also be granted one PDF license for Lorna's book, PHP Master. The webinars will be kick-off sessions, introducing participants to a hands-on suite of activities. Readings, code snippets, and step-by-step exercises will be available for each part of the workshop to guide participants through the best practices of PHP development for Drupal. To support learners, there will be a class IRC channel. The instructors will be available between webinars at specific times to answer questions and assist learners. We expect there will be many opportunities for peer learning and encourage participants to engage in the IRC channel outside of the office support hours.


Part 1

  • Design patterns: MVC, factories, dependency injections as it applies to context in D8
  • Using Object Oriented Programming to solve problems.

Part 2

  • PHP 5.3-specific features
  • Using Symfony2
X-Sec File Manager

X-Sec Team File Manager

Current Path : /var/www/drupal-7.19/
Upload File :
Current File : /var/www/drupal-7.19/authorize.php


 * @file
 * Administrative script for running authorized file operations.
 * Using this script, the site owner (the user actually owning the files on the
 * webserver) can authorize certain file-related operations to proceed with
 * elevated privileges, for example to deploy and upgrade modules or themes.
 * Users should not visit this page directly, but instead use an administrative
 * user interface which knows how to redirect the user to this script as part of
 * a multistep process. This script actually performs the selected operations
 * without loading all of Drupal, to be able to more gracefully recover from
 * errors. Access to the script is controlled by a global killswitch in
 * settings.php ('allow_authorize_operations') and via the 'administer software
 * updates' permission.
 * There are helper functions for setting up an operation to run via this
 * system in modules/system/system.module. For more information, see:
 * @link authorize Authorized operation helper functions @endlink

 * Defines the root directory of the Drupal installation.
define('DRUPAL_ROOT', getcwd());

 * Global flag to identify update.php and authorize.php runs.
 * Identifies update.php and authorize.php runs, avoiding unwanted operations
 * such as hook_init() and hook_exit() invokes, css/js preprocessing and
 * translation, and solves some theming issues. The flag is checked in other
 * places in Drupal code (not just authorize.php).
define('MAINTENANCE_MODE', 'update');

 * Renders a 403 access denied page for authorize.php.
function authorize_access_denied_page() {
  drupal_add_http_header('Status', '403 Forbidden');
  watchdog('access denied', 'authorize.php', NULL, WATCHDOG_WARNING);
  drupal_set_title('Access denied');
  return t('You are not allowed to access this page.');

 * Determines if the current user is allowed to run authorize.php.
 * The killswitch in settings.php overrides all else, otherwise, the user must
 * have access to the 'administer software updates' permission.
 * @return
 *   TRUE if the current user can run authorize.php, and FALSE if not.
function authorize_access_allowed() {
  return variable_get('allow_authorize_operations', TRUE) && user_access('administer software updates');

// *** Real work of the script begins here. ***

require_once DRUPAL_ROOT . '/includes/';
require_once DRUPAL_ROOT . '/includes/';
require_once DRUPAL_ROOT . '/includes/';
require_once DRUPAL_ROOT . '/includes/';
require_once DRUPAL_ROOT . '/includes/';

// We prepare only a minimal bootstrap. This includes the database and
// variables, however, so we have access to the class autoloader registry.

// This must go after drupal_bootstrap(), which unsets globals!
global $conf;

// We have to enable the user and system modules, even to check access and
// display errors via the maintenance theme.
$module_list['system']['filename'] = 'modules/system/system.module';
$module_list['user']['filename'] = 'modules/user/user.module';
module_list(TRUE, FALSE, FALSE, $module_list);
drupal_load('module', 'system');
drupal_load('module', 'user');

// We also want to have the language system available, but we do *NOT* want to
// actually call drupal_bootstrap(DRUPAL_BOOTSTRAP_LANGUAGE), since that would
// also force us through the DRUPAL_BOOTSTRAP_PAGE_HEADER phase, which loads
// all the modules, and that's exactly what we're trying to avoid.

// Initialize the maintenance theme for this administrative script.

$output = '';
$show_messages = TRUE;

if (authorize_access_allowed()) {
  // Load both the Form API and Batch API.
  require_once DRUPAL_ROOT . '/includes/';
  require_once DRUPAL_ROOT . '/includes/';
  // Load the code that drives the authorize process.
  require_once DRUPAL_ROOT . '/includes/';

  // For the sake of Batch API and a few other low-level functions, we need to
  // initialize the URL path into $_GET['q']. However, we do not want to raise
  // our bootstrap level, nor do we want to call drupal_initialize_path(),
  // since that is assuming that modules are loaded and invoking hooks.
  // However, all we really care is if we're in the middle of a batch, in which
  // case $_GET['q'] will already be set, we just initialize it to an empty
  // string if it's not already defined.
  if (!isset($_GET['q'])) {
    $_GET['q'] = '';

  if (isset($_SESSION['authorize_operation']['page_title'])) {
  else {
    drupal_set_title(t('Authorize file system changes'));

  // See if we've run the operation and need to display a report.
  if (isset($_SESSION['authorize_results']) && $results = $_SESSION['authorize_results']) {

    // Clear the session out.

    if (!empty($results['page_title'])) {
    if (!empty($results['page_message'])) {
      drupal_set_message($results['page_message']['message'], $results['page_message']['type']);

    $output = theme('authorize_report', array('messages' => $results['messages']));

    $links = array();
    if (is_array($results['tasks'])) {
      $links += $results['tasks'];
    else {
      $links = array_merge($links, array(
        l(t('Administration pages'), 'admin'),
        l(t('Front page'), '<front>'),

    $output .= theme('item_list', array('items' => $links, 'title' => t('Next steps')));
  // If a batch is running, let it run.
  elseif (isset($_GET['batch'])) {
    $output = _batch_page();
  else {
    if (empty($_SESSION['authorize_operation']) || empty($_SESSION['authorize_filetransfer_info'])) {
      $output = t('It appears you have reached this page in error.');
    elseif (!$batch = batch_get()) {
      // We have a batch to process, show the filetransfer form.
      $elements = drupal_get_form('authorize_filetransfer_form');
      $output = drupal_render($elements);
  // We defer the display of messages until all operations are done.
  $show_messages = !(($batch = batch_get()) && isset($batch['running']));
else {
  $output = authorize_access_denied_page();

if (!empty($output)) {
  print theme('update_page', array('content' => $output, 'show_messages' => $show_messages));

X-Sec File Manager Version 1.0