Yii is a free, open-source Web application development framework written in PHP5 that promotes clean, DRY design and encourages rapid development. It works to streamline your application development and helps to ensure an extremely efficient, extensible, and maintainable end product. Yii is a perfect choice for any sized project. However, it has been built with sophisticated, enterprise applications in mind.
Features of Yii Framework : Whether you are one developer building a fairly simple Web site, or a team of distributed developers building an extremely complex Web application, using Yii is like augmenting your development team with additional experienced, professional, and efficient resources.
1. Model-View-Controller (MVC) design pattern : Yii implements the model-view-controller (MVC) design pattern, which is widely adopted in Web programming. MVC aims to separate business logic from user interface considerations, so that developers can more easily change each part without affecting the other. In MVC, the model represents the information (the data) and the business rules; the view contains elements of the user interface such as text, form inputs; and the controller manages the communication between the model and the view.
2. Database Access Objects (DAO), Query Builder, Active Record, DB Migration : Built on top of the PHP Data Objects (PDO) extension, Yii Data Access Objects (DAO) enables accessing to different database management systems (DBMS) in a single uniform interface. Applications developed using Yii DAO can be easily switched to use a different DBMS without the need to modify the data accessing code. Yii Query Builder offers an object-oriented method for building SQL queries, which helps reduce risk of SQL injection attacks.
3. Form input and validation : Collecting user data via HTML forms is one of the major tasks inWeb application development. Besides designing forms, developers need to populate the form with existing data or default values, validate user input, display appropriate error messages for invalid input, and save the input to persistent storage. Yii greatly simplifies this workflow with its MVC architecture.
4. AJAX-enabled widgets : Extending Yii is a common activity during development. For example, when you write a new controller, you extend Yii by inheriting its CController class; when you write a new widget, you are extending CWidget or an existing widget class. If the extended code is designed to be reused by third-party developers, we call it an extension.
5. Authentication and authorization : Yii has a built-in authentication/authorization (auth) framework which is easy to use and can be customized for special needs.The central piece in the Yii auth framework is a pre-declared user application component which is an object implementing the [IWebUser] interface. The user component represents the persistent identity information for the current user. We can access it at any place using Yii::app()->user. Using the user component, we can check if a user is logged in or not via CWebUser::isGuest; we can login andlogout a user; we can check if the user can perform specific operations by calling CWebUser::checkAccess; and we can also obtain the unique identifier and other persistent identity information about the user.
6. Skinning and theming : In Yii, each theme is represented as a directory consisting of view files, layout files, and relevant resource files such as images, CSS files, JavaScript files, etc. The name of a theme is its directory name. All themes reside under the same directoryWebRoot/themes. At any time, only one theme can be active.
7. Web services : Yii provides CWebService and CWebServiceAction to simplify the work of implementing Web service in a Web application. The APIs are grouped into classes, called service providers. Yii will generate for each class aWSDL specification which describes what APIs are available and how they should be invoked by client. When an API is invoked by a client, Yii will instantiate the corresponding service provider and call the requested API to fulfill the request.
8. Layered caching scheme : Yii provides various cache components that can store cached data in different media.
A. CMemCache: uses PHP memcache extension.
B. CApcCache: uses PHP APC extension.
C. CXCache: uses PHP XCache extension.
D. CEAcceleratorCache: uses PHP EAccelerator extension.
E. CDbCache: uses a database table to store cached data. By default, it will create and use a SQLite3 database under the runtime directory. You can explicitly specify a database for it to use by setting itsconnectionID property.
F. CZendDataCache: uses Zend Data Cache as the underlying caching medium.
G. CFileCache: uses files to store cached data. This is particular suitable to cache large chunk of data (such as pages).
H. CDummyCache: presents dummy cache that does no caching at all. The purpose of this component is to simplify the code that needs to check the availability of cache. For example, during development or if the server doesn’t have actual cache support, we can use this cache component. When an actual cache support is enabled, we can switch to use the corresponding cache component. In both cases, we can use the same code Yii::app()->cache->get($key) to attempt retrieving a piece of data without worrying that Yii::app()->cache might be null.
9. Error handling and logging : Yii provides a complete error handling framework based on the PHP 5 exception mechanism. When the application is created to handle an incoming user request, it registers its handleError method to handle PHP warnings and notices; and it registers its handleException method to handle uncaught PHP exceptions. Consequently, if a PHP warning/notice or an uncaught exception occurs during the application execution, one of the error handlers will take over the control and start the necessary error handling procedure.
10. Security :
A. Cross-site Scripting Prevention : Yii incorporates the work of HTMLPurifier and provides developers with a useful component called CHtmlPurifierthat encapsulates HTMLPurifier. This component is capable of removing all malicious code with a thoroughly audited, secure yet permissive whitelist and making sure the filtered content is standard-compliant.
B. Cross-site Request Forgery Prevention : To prevent CSRF attacks, it is important to abide to the rule that GET requests should only be allowed to retrieve data rather than modify any data on the server. And for POST requests, they should include some random value which can be recognized by the server to ensure the form is submitted from and the result is sent back to the same origin.
Yii implements a CSRF prevention scheme to help defeat POST-based attacks. It is based on storing a random value in a cookie and comparing this value with the value submitted via the POST request.
C. Cookie Attack Prevention : Yii implements a cookie validation scheme that prevents cookies from being modified. In particular, it does HMAC check for the cookie values if cookie validation is enabled.
11. Automatic code generation : Yii is equipped with a Web-based code generation tool called Gii. It supercedes the previous yiic shellgeneration tool which runs on command line. In this section, we will describe how to use Gii and how to extend Gii to increase our development productivity.
12. Friendly with third-party code : Yii is carefully designed so that third-party libraries can be easily integrated to further extend Yii’s functionalities. When using third-party libraries in a project, developers often encounter issues about class naming and file inclusion. Because all Yii classes are prefixed with letter C, it is less likely class naming issue would occur; and because Yii relies on SPL autoload to perform class file inclusion, it can play nicely with other libraries if they use the same autoloading feature or PHP include path to include class files.