PHP5 CMS Framework Development 72
Michael J. Ross writes "Most Web developers are familiar with one or more content management systems (CMSs), and how they can be used to create Web sites more efficiently than by hand. These developers may have deep knowledge of how to install, configure, customize, and extend a CMS. But far more rare is knowledge of how to develop a CMS of one's own, and the programming considerations required to do so successfully. These are the main themes of Martin Brampton's book PHP5 CMS Framework Development." Read below for the rest of Michael's review.
This title was released by Packt Publishing on 6 June 2008, under the ISBNs 1847193579 and 978-1847193575. In addition to an appendix on packaging Aliro extensions, the book's material is organized into 14 chapters, covering various CMS topics: overall CMS architecture; users and administrators; code organization; user sessions; databases and data objects; access control; supporting extensions of the CMS; data caching and handlers; menus; support for multiple human languages; presentation services; miscellaneous services, such as file handling, e-mail delivery, and admin functionality; error handling; and how to manage many types of content.
| PHP5 CMS Framework Development | |
| author | Martin Brampton |
| pages | 348 |
| publisher | Packt Publishing |
| rating | 8/10 |
| reviewer | Michael J. Ross |
| ISBN | 1847193579 |
| summary | An in-depth look at creating a CMS, focusing on Aliro. |
At the very beginning of the preface, the author notes that "This book guides you through the design and implementation decisions necessary to create a working architecture for a PHP5-based content management system." Martin Brampton is qualified for this task, given his strong background in CMS development, having served as the leader of the Mambo development team during a critical period of its evolution, and later creating his own CMS, Aliro. It should be noted that the book does not assume any prior knowledge of CMSs in general or Aliro in particular, although in most respects this work is very much a case study of the architecture and design decisions of that specific CMS. However, the book does assume a solid understanding of PHP and object-oriented principles.
All of the code samples come from the Aliro content management system, of which Martin Brampton is the project architect. On the book's Web page, the publisher has made available links to purchase the electronic version of the book, to download the source code, to post feedback on the book, to ask questions, to read the table of contents and media reviews, and to download a sample chapter (Chapter 6: Access Control). The only problem with these offerings is that the source code is not organized by chapter, but instead comprises the source code for Aliro. (The publisher's page labels it as 2.6 MB, as of this writing, but Aliro is about three times that size.) Consequently, readers who want to find specific code should search through the files using their favorite programmer's editor.
The author devotes the first chapter of the book to presenting his perspective on the advantages of using CMSs for site development, the required and the desirable features of a CMS, and some system management issues. Also covered are reasons for using PHP 5, its object-oriented capabilities, XHTML, and the Model-View-Controller pattern. He then discusses sundry topics on site hosting, JavaScript, site security, and CMS-specific terminology. Many readers may find interesting the arguments for separating system administrative access (as done in Aliro, for instance) versus integrating it with the regular site interface and using access control to restrict non-admin users (as done in Drupal, for instance). The chapter concludes with a summary, which for this and the following two chapters, may be of value to some readers, since these chapters are more narrative than the others. But the chapter summaries that follow, for the more technical material, could be disposed of in future editions, since readers will seek within the chapters for the information covered.
Throughout much of the history of the Web, one of the most problematic aspects of site development has been the management of users and administrators — especially with CMSs causing the two distinct groups to be splintered into a spectrum ranging from anonymous visitors with no privileges, to site administrators with full privileges, along with authorized users, content contributors, and content editors. In his second chapter, the author examines the challenges of user authentication, password storage, SQL injection, and other access issues. He proposes a framework solution and also a division of user data into two tables, as done in Aliro. He describes some of the key code utilized within his CMS (naturally, the full code is obtainable since Aliro is an open-source project). Chapter 4 addresses an area that frequently mystifies new PHP programmers — namely, how to create, utilize, and protect user sessions. Thus, this material should have been placed immediately after the second chapter.
The third chapter is devoted to the critical architectural issue of how to best organize one's code. Given that the two aforementioned chapters — dealing with users and sessions — both contain a fair amount of code, this chapter's meta-information should have been presented prior to both Chapters 2 and 4. Nonetheless, the author covers such topics as inclusion and the singleton pattern. He makes a strong case for favoring small classes, stored in separate source code files, and only loading them when needed, using PHP 5's autoloading capability.
In Chapter 5, the author spends some time exploring some of the key issues for storing data in a CMS framework, including dependency upon a particular RDBMS, item counting and ordering, database security, SQL validation, PHP exception handling, and the techniques that the author used for effectively dealing with these challenges when developing his own CMS. The first portion of the chapter, which essentially presents the problems, is fairly disjointed compared to the other material; the remaining portion of the chapter, which covers all of the solutions, is certainly more complete.
The next two chapters of the book, 6 and 7, are focused on topics more specific to CMSs: access control, and extensions to the CMS (components, modules, plug-ins, and templates), respectively. Chapter 8 explores caching and cache handlers, as well as the advantages of using them. The ninth chapter, on menus and page handling, is quite specific to Aliro, and thus will prove disappointing to any reader who hopes to get ideas for their own menu code. In contrast, Chapter 10 should be of interest to anyone who would like their Web sites to be usable and appealing to Internet visitors who do not read the single language of any site not designed for foreign use. Character sets and language extensions are discussed, as well as a third-party solution that is available.
For many years there has been an ongoing debate among PHP developers, as to whether or not to use templating systems as a way of separating presentational content from business logic and functional content. At essence is a question pondered by most if not all dedicated PHP developers: What is the easiest and yet most maintainable way to deliver one's XHTML code, using PHP? This is just one of many subjects discussed in Chapter 11, "Presentation Services," which is easily one of the most compelling and wide ranging sections of the book. Chapter 12 addresses the topic of allowing a site to interact with other services, such as those for WYSIWYG editing and XML parsing. Error handling is explored in Chapter 13, including errors within application code — from PHP itself and from business logic problems — and the database. The book's final chapter covers what the author refers to as "real content," by which he means the content contributed by administrators and users to a CMS, such as articles, comments, forum postings, calendar entries, and other items. The book's single appendix explains how to package an Aliro extension for release, and would most likely be of no interest to anyone not creating such extensions for distribution.
The book has few weaknesses. Occasionally the author will state something that could be misleading to the beginning programmer. For instance, on the first page of the first chapter (not an auspicious start) he refers to the World Wide Web as a markup language. On the contrary, the markup language used to create the Web, is HTML. As we are seeing more frequently in technical books, the writing itself could use a bit more editing — such as hyphens missing from adjective phrases in many locations in the text. Lastly, some programmers may find the author's GNU style of code formatting rather bizarre in appearance.
Overall, PHP programmers who are committed to following best practices in site security, code organization, database usage, and other important factors in any site development, will find plenty of ideas in this book to consider and possibly apply to their own coding. Readers who simply see the book's title, and perhaps browse quickly through its contents, may get the false impression that the information would only be of value to someone who wants to create their own CMS from scratch. The book may be of considerable value for such an effort, but it offers more than that. Many of the most critical issues in architecting and implementing a CMS, apply to non-CMS Web sites as well. Also, as a veteran of software development, the author conveys worthy advice on development practices — such as in the first chapter — regardless of the chosen computer language. In addition, for the growing number of developers who are exploring the inner workings of CMSs — usually with the idea of extending their functionality by writing modules — an appreciation for how the creator of a CMS thinks, could be helpful. Ideas are illustrated throughout with sample code — none of them excessive in length. PHP5 CMS Framework Development offers lessons in PHP 5 object-oriented programming and Web site development that goes beyond CMSs and Aliro.
Michael J. Ross is a Web developer, writer, and freelance editor.
You can purchase PHP5 CMS Framework Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Great Book. (Score:5, Funny)
Re:Great Book. (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Provided that you only need the functionality that flatpages provides, that's true.
Don't get me wrong, I love the heck out of flatpages, and in my experience it seems to meet at least 50% of my clients' needs (which is the intent of contrib apps - to take care of common use cases).
But I often run into clients who need more than that bare functionality. Usually I leverage flatpages by inheriting its model into an abstract base class (saves a bit of typing), and extend the heck out of it from there.
Again, it'
Re: (Score:2)
...and minus a massive amount of customization
This is the problem, whilst things like Joomla are fantastic to get you up and running near instantly, they're also useless if you want to step away from their way of doing things with regards to categories/sections and such.
There isn't a one size fits all CMS out there. You make compromises and choose which gives you the best fit to your problem but if you end up using one that is quite low level (well, probably a framework rather than a CMS e.g. Zend) to give
Re: (Score:2)
I get what you're saying but I've tried developing with both Django and Joomla (and others). Django is far beyond any other competitor I've tried. It's an absolute joy to work with and extremely well thought out. You're right of course when you say that one-size doesn't fit all, but Django is very, very good. Certainly beats the Hell out of anything I've seen done with PHP frameworks.
Re:Great Book. (Score:5, Insightful)
If people didn't occasionally reinvent the wheel, we'd still be using those old ones made of stone.
Framework + CMS (Score:2)
...having served as the leader of the Mambo development team during a critical period of its evolution...
The few times I looked into Mambo code it was horrible. Hopefully his Aliro code is much better.
When it comes to CMSs that I'm building myself, I prefer to use a custom or generic framework and build the CMS completely separate on top of that. As mentioned in this review, there is so much functionality that's generic to all web applications, like basic security [docforge.com]. So using a solid base it makes more sense to build the CMS functionality separately.
Re:Framework vs CMS (Score:3, Insightful)
In particular, is there really a need for CMS's these days for flexible web site development when there are very capable PHP frameworks out there (Zend, Symfony, cake, etc). I have used the Symfony framework for database driven intranet sites, but I have never used a CMS other than to put up a blog like thingy. Of course, these days many frameworks contain simple CMS's.
Re: (Score:2)
I use CMSs, because I'm a designer and primarily front-end developer. While I can read and write PHP, as well as a few other languages, I lack the programming theory and education necessary to dive into rolling my own client-ready CMS without taking excess time or making something sub-par in performance and security. I work in a small marketing firm as the lone "web guy", and things just have to get done. For many others, I imagine they're in the similar situation where they want to get a personal or self-r
Re: (Score:2)
Many web applications can benefit from CMS functionality, particularly if they are public-facing and part of a company's product. Personally, I like to start with a strong and flexible framework, on top of which I implement a very basic CMS system, that can be used to allow customers to manage all their own content and even the CSS and layout of the site, without requiring them to know anything about the application functionality except where it "plugs in" to the page content.
That said, some applications do
Re:Framework vs CMS (Score:4, Informative)
At the start of most projects I ask myself if there's an open source application that already exists that fits the requirements very closely. If the requirements are well written (actually, unlikely to significantly change), and an existing CMS fits almost perfectly, I'll use a CMS. But if it looks like additional modules won't do, and I'll have to hack the internals significantly, then I go with a framework.
My company's custom framework gives me something like 80% of what I need to build a simple CMS. Clients are pretty demanding about tweaks. So I've found I'm usually better off building a custom CMS on top of the framework so it's easy to make more custom edits for the client later.
Amen (Score:1)
While reinventing the wheel is generally not a particularly wise thing to do, building a new CMS is often one thing where it makes sense.
I have a friend who owns a company specialized in customizing Joomla (a fork of Mambo), and I occassionally do some work for him. His clients are abound. People are often lured by the seemingly low price of a Joomla deployment. PHP/MySQL hosting is everywhere and it's cheap. Joomla itself is free, and it has a huge number of extensions (or "components" in parlance) for dif
Re: (Score:2)
Same here - I've done several CMS applications as Mambo/Joomla components (extensions of sorts, for the uninitiated) over the years and finally became so fed up with the underlying code base, the restrictiveness, the little-to-no future-proofing by design that I wrote my own basic framework to link in my custom components and deleted Mambo/Joomla entirely - and never looked back. I only use one DB table from the original installation because I was t
Comment removed (Score:5, Funny)
Re:Your Slashvertisement (Score:2)
sux0r looks neat, but it's horribly ugly. True, serious webmasters can make their own skin, but you need a good default if you want to get anywhere.
Re: (Score:1)
Re: (Score:2)
CMS, huh? (Score:1)
* looks up, notices slashdot headline, skims article.
* shrugs.
* goes back to developing Drupal module.
Re:CMS, huh? (Score:4, Insightful)
I'd use this book not so much to start Yet Another PHP CMS (tm), put to perhaps acquire a deeper understanding of the involved bits. That, in turn, leads to core patching, and then to development for HEAD.
Not thinking things through is, imo, one of the top time-wasters in any project -- php or otherwise -- and this book seems as if it'd help in that regard.
Re: (Score:1)
Re: (Score:1, Informative)
You're probably right that this is the true value of the book, but the book should probably acknowledge that fact by making it non-specific to any one programming language.
A book on CMS design that covers modeling, permissions, extension points, non-browser access (WebDAV, Web Services, etc) and all the other issues that are pretty common across all CMS implementations could be pretty valuable. The author could even make code samples in PHP available on his website so long as he doesn't compromise the book
How to write GOOD code? WTF? (Score:5, Informative)
I just took a look at the Aliro code in SVN [cvsdude.com], and I have to say... It looks like the same spaghetti shit code that's so popular in the rest of the PHP community.
There are multiple class definitions per file, HTML output directly in functions within the classes, no clear modular structure that I would expect in a good CMS, the list goes on.
And before I get flamed horribly - Yes, I am a PHP developer. I code with PHP every single day for both work and pleasure. But the code I just looked at shows none of the good parts of object-oriented design. This code and CMS is not doing the PHP community any favors.
Re: (Score:2)
But aren't there frameworks available that force you to separate models and views?
Is there nothing like django but for PHP?
Re: (Score:2)
Yes, there is. CakePHP or Symphony.
Re: (Score:2)
Or rather: symfony
Re: (Score:2)
Re: (Score:2)
isn't PHP supposed to include closures [php.net] soon [derkeiler.com]?
i don't know much about closures but that's just what i've read while researching closures in PHP. in what kind of situation would you specifically need to use closures? couldn't you still create bound variables through nested or recursive functions? or do closures serve a more explicit purpose that cannot be achieved any other way?
also, what language would you recommend for web development that are more robust than PHP?
Cut the crap. (Score:2)
There are multiple class definitions per file, HTML output directly in functions within the classes ...
Chill. There is no silver bullet and no free lunch. Since you're bickering about HTML in the PHP code I gather you would rather build a templating system on top of PHP - which is so pointless, it's silly, as PHP itself *is* a templating language. That's where it comes from anyway. And most PHP crews have noticed that by now (Thank God). Except maybe for some Smarty hardcases that is. Kill one for me if yo
Re: (Score:1)
Since you're bickering about HTML in the PHP code I gather you would rather build a templating system on top of PHP - which is so pointless, it's silly, as PHP itself *is* a templating language
If I only had a dollar for each XSS vulnerability introduced by the lack of escaping template values automatically. I've been guilty of that myself, more than once.
A Web-CMS and/or Framework is there to take the gruntwork away, and if you pick a current day CMS that has 5+ years with 30+ coredevs on its history and don't like the code, chances are you haven't understood it and what it is meant to do in context of the entire stack.
I envy you. I take it you've never seen Joomla code?
Re: (Score:1)
It's amazing how you automatically assume I'm using some template language or something. I'm not talking about removing PHP code completely from HTML, I'm talking about HTML that is tied directly to the core functionality. I'm talking about the separation of responsibilities. You have obviously never used an MVC framework, or this would have been quite clear to you.
When HTML is used in a core function, the display can never be altered without changing the base class. That is a HUGE no-no. The display s
Re: (Score:1)
As you seem to be seeking a reputation as some kind of authority on PHP, might I suggest you adopt a more considered approach, and use less intemperate language?
It's not clear that you actually know what spaghetti code [wikipedia.org] is. I was already writing structured code when Djikstra's seminal article "Goto consider harmful" was first published.
Many Aliro classes exist in their own files, others are logically grouped. This is an implementation and convenience issue. A whole chapter [packtpub.com] of my book discusses the co
Developing My Own (Score:1)
All of the various CMSs that I have tried in the past don't have the capabilities I am looking for. Sure you can write your own modules and blocks, but instead of learning how to code for someo
Re: (Score:2)
As far as the initial product I'd say I'm 80% or so done.
If you install django and run "django-admin.py startproject cms" you'd be 80% done too.
The part I have to work on now is making the site much more efficient to the average user (IE faster page generation times, fewer queries, etc). Anyone have any tips for testing sites under load? IE any software out there to emulate 100s of viewers looking at the site at the same time?
If you used a framework rather than PHP directly you wouldn't have to worry about stuff like that... other smart people (not that you're not) do that for you.
Re: (Score:2)
If you install django and run "django-admin.py startproject cms" you'd be 80% done too.
Yeah, if you wanted everybody to edit their templates from the filesystem, didn't care about most CMS niceties like a menu system integrated with a hierarchical page structure, expected people to edit regex tuples to configure URLs - in short if all you cared about was a way to do quick-and-dirty page templating with barebones authentication - then yeah, you would be 80% done.
Django makes building a CMS much easier, probably easier than any framework in existence. But be realistic. It's quite easy to patch
Re: (Score:2)
The part I have to work on now is making the site much more efficient to the average user (IE faster page generation times, fewer queries, etc)
Here's some performance tips for a starting point [docforge.com]. Assuming no major database bottlenecks, be sure to look outside your code for quicker page rendering, starting with gzip compression and tweaking KeepAlive [docforge.com].
As for real load testing the only useful services I've found cost serious money.
Re: (Score:2)
Re: (Score:2, Interesting)
Well. Performance is very easy thing under php, if you know what you doing.
Change your mind to use opcode cache advantage in every where.
For example, neary every php example uses the sql and the others uses XML for data storage...
If you do not need to use Sql search facilites, you should have to save your data in php array format.
With APC or similar opcode cache or with PHP6 you got all your data in the server memory. No need to sql connection, no need to xml parsing. Just opcode cache.
Also using spagetti c
Why? (Score:1)
I might be reinventing the wheel of this argument, but just to make sure it's articulated: Do we really need to encourage more programmers to reinvent the wheel on the CMS? I feel like that approach should be discouraged for the sake of all of the non-technical users out there who have to deal with engineer-built back-end interfaces that tend to result from projects like what one would use this book to approach.
Even major, enterprise-level CMS solutions would probably benefit from starting with an off-the
I agree 100 percent! (Score:1)
Admittedly people may decide to make their own as a challenge, but there is just as much to be gained knowledge-wise working with on devs on an existing project that are similar to your needs.
Heck, it is even more logical to take an existing CMS and tailor it to suit your needs.
Not to plug names, but Xaraya, Zikula (formerly Postnuke), and even Xoops are fun to play with.
However, nothing really matches the learning experience of trying to build one from the ground up. But it's best to skip that step and pla
Interesting. Maybe. (Score:1)
At first I thought wow, a book to write CMSs in PHP, that's a fresh idea. Admittedly PHP has been used to write a great majority of content management systems in use today. More so if you include things like forums in the category. It seems like every developer's first non-trivial PHP project is a CMS of some sort.
But if this book is good enough to formalize the various basic elements of a content management system and present ways to implement them effectively (read: best practices) then I suppose it could
Onpub (Score:1)
Re: (Score:2)
Re: (Score:1)
There are many reasons to chose to create your own framework, just as there are many reasons why you may choose not to.
Personally, I avoid mainstream OSS frameworks because of the security implications involved. Not that writing your own framework will reduce security implications (technically), but if you look at wordpress or joomla, both of which had a number of security exploits that targeted and penetrated millions of web sites that were using them, begs the question: would you want to be another one of
So are plants the new drawn animals (Score:2)
... when it comes to programming book covers?
Re:Best CMS packages? (Score:5, Insightful)
Drupal (PHP)
Zope/Plone (Python)
Re: (Score:1)
Re: (Score:2)
I don't understand your question. Are you talking from a module-centric (code) way, or a content-centric way?
The module centric stuff should be easy to do. You have a mainline which is staging, and a release branch for deployment. Your developers develop in their own branch and integrate to main. If you want a QA cycle, then that's branched to from main, then integrated back to main.
The only problem is the database... you'd need a partial replication. You need to take the production database and have that f
Re: (Score:1)
Module or code -centric, doesn't matter.
Developers develop, submit to staging, the work is tested and then deployed to live.
As you say, the problem is the database. You do indeed need "partial replication".
And that's the issue, how do you do this?
Just seems to me that the Drupal developers didn't take this into account, and it's a showstopper for multi-developer environments, especially where - with continuous integration tools - we are used to this kind of things being automated and thus requiring
Re: (Score:1)
Depends. This is the top list. (Score:2)
Plone - Technologically Plone is the leading CMS as it's built on top of Zope, a Web Application Server with an integrated Object-Relational DB. Zope basically is what all other web frameworks want to be when they grow up. Rails including. It is considered by many CMS dev-teams to be the holy grail, and most other CMS crews, such as Joomla, Typo3 or Rails usually speak very favourably of it. However the downside of its conceptual superiority can be - of course - performance. Since it takes aprox. 5 minutes
As a regular php dev (Score:2, Insightful)
A custom CMS is only worth it... (Score:2)
Re: (Score:2)
If you cannot answer and account for _every_ detail and circumstance on paper, I do not suggest undertaking something like this.
Actually, if everyone did that for every software project we'd all be a lot better off. Code quality would probably be much higher and maintenance time lower.