Blog

0

When A Classic CMS Is Just Too Much

Monday, August 13, 2007

Re-inventing the wheel….There are many great content management systems on the Internet that are free and handle a specific task. Pligg we’ve already stated is great for digg clones and Drupal is great for a general purpose website or e-commerce solution. The big blogging management comes directly from wordpress and their awesome CMS.

Not everyone needs these great content management systems or they’ve got a different direction to go. For instance, a site like pownce is a specialized site that I highly respect because of its simple yet clean design.

What do you do when you just want something simple, yet extensible? Or, perhaps you just want to expand your skills and learn some new stuff without having to use a “crutch” like a full CMS.

The answer is a two pronged attack using Template Lite and EZ SQL. Say what?

We’ll call them “libraries” because they’re not a content management system, although they can be used to build your own content management system. As a matter of fact, Pligg uses them as the core for their design as well and they scale well for larger sites.

Template Lite

Are you a php developer that does things like this:

print “<div class=\”images\”><img src=\”src/image01.jpg\”></div>\n”;

If you find yourself printing out HTML in your PHP you’re the audience that needs to be enlighted by template lite. Template lite allows a talented PHP developer to bridge the gap between design and code. If you find yourself writing HTML inside your PHP you’ll soon learn it doesn’t scale very well.

What do you do when you have a missing end DIV tag in your page? You’ll be doing “view source” on your browser and scanning the PHP to fix the issue. Now, you risk making a change and breaking the PHP all together by missing a quote or a semicolon. Rule #1: Avoid mixing PHP and HTML when possible. This also goes for those that believe its tricky (fun?) to write javascript generation inside of PHP.

Writing one language inside another is about as fun as a blister. Sure, it doesn’t look pretty but the more you walk on it the more it hurts.

Template lite allows you to write a full web page without mixing a lot of PHP into the design, allowing for a clean design full of HTML tags and very little php logical blocks or ugly print calls.

A good example, let’s say we want a single input form line to enter a username for a registration screen:

print ‘<input class=“input” type=“password” name=“password” maxlength=“64″ size=“25″ tabindex=“2″ id=“password” value=“‘ . $name . ‘”>\n’;

It works okay for a few lines of PHP, but when you design a full form this way things may get ugly quick. And, when you want to change the tabindex, maxlength or name you’ll be trolling through a large quantity of PHP (you’re designer may hate you). There are many ways of doing PHP string manipulation, the example above concatenates three strings together (the base, the name and the ending) and then displays it.

However, a template looks a bit more like HTML:

<input class=“input” type=“password” name=“password” maxlength=“64″ size=“25″ tabindex=“2″ id=“password” value=“{$name}”>

It’s all basic HTML with the exception of {$name} inside the value string. A designer doesn’t get all up in arms with a “{$name}” variable in their HTML and it’s much simpler than embedding PHP into a print or echo string. The designer can how have the option to move around key values like {$name} to where ever they want! Now, let’s pretend they also wanted to say hi to the user:

<span class=”welcome_message”>Hi, {$name}</span>

Without having to understand PHP they’ve become a programmer in the matter of seconds! You simply supply them with a set of variables and they can wrap HTML around it all day long. Or, in some cases, you’re a developer and a designer and you want to do both. Now, you can segment your work into two separate designs and work them independently.

Put on your developer hat and do some code and worry about designing it for the user experience later. But, now does the developer work with template lite?

Template lite is a PHP object with all the goodies hidden simplicity. You learn some basic options and you’re ready to rumble:

$tpl = new Template_Lite; // Create template object

$username = “test user”; // Test user account
$tpl->compile_dir = “compiled/”;
$tpl->template_dir = “templates/”;
$tpl->assign( “user”, $username );
$tpl->display( “admin.tpl” ); // Display some pre-created template file

On the PHP side, we create a variable out of the template lite object called $tpl and assign the directory where we store our templates (this is part of the template lite documentation which is well supported). We bind our “variables” with our PHP variables using the ‘assign’ function which makes “user” (or, {$user} in the template) have the value of $username which we defined as “test user”.

This is the key to abstracting design content with php development. You don’t have to be writing a world class application to find a need for such abstraction! It cuts the complexity of your code down, removes HTML from being bound into your sources and allows you to design a rich HTML interface without being harassed by php logic and escaping quotes.

Most importantly, you’ll find a drastic reduction of stupid bugs when you stop coding two languages inside one another (yes, HTML is kind of a language).

EZ SQL

When designing complex PHP applications you’ll find yourself in need of a database almost immediately. Providing you already have some SQL knowledge (or know where to find some) you’ve got all you need to start doing database transactions.

However, the PHP implementation of database queries is often a bit tedious in how it returns data. Abstracting some of this complexity can be done using EZ SQL. It’s an object oriented approach to solving world hunger… well, it makes PHP and databases a bit easier.

You need a row? The get_row() function returns to you a pretty object with all the data you need. For instance, if you have a database table with fields: username, password and email you can obtain them quickly:

// Connect to the db as db_user with password secret_password and such…

$db = new ezSQL_mysql(‘db_user’, ‘secret_password’,
‘database_name’, ‘localhost’);

$user = $db->get_row( “SELECT username,password,email FROM users WHERE username = ‘fred’” );

print “Your name is: $user->username\n”;

print “Your password is: $user->password\n”;

print “Your email is: $user->email\n”;

This is a clear and pretty way of extracting data from your database, combine it with Template Lite and you’re on the road to making a very quick management system. Why re-design the wheel when there are tools online to get you 40% through your project before you even begin?

Don’t re-build the basic stuff, save all that brain power for designing something new, fresh and creative.

0

Integration: The Final Frontier

Wednesday, August 1, 2007

starship.jpgAs the wide world of the web continues to grow, companies are looking harder and harder at transparent user interfaces across many content management systems (CMS). One does not simply want a WordPress blog anymore, they want a blog, a forum, a social networking site, a digg-clone and many other things all tied together.

Why? Because not very many CMS’s can handle all the work of the many that exist. Although you can work Drupal to do a lot of powerful things, you cannot simply make it a full time blog as great as WordPress while maintaining a great forum experience like VBulletin and a digg clone like Pligg. Every content management system has its strengths and weaknesses but many designers want only the strengths.

How do you gain such a power? By integrating them all together of course! This, however, isn’t a task to be taken lightly. You must handle a lot of user data and rely on a single password record for all of the CMSs. Typically, the way I tackle this is to take the hardest user database and use that as the core of the authentication. The other option, which is very important, is to use the database with the most users as the core.

Integration and seemless design is important for this type of site ‘network’ and we’re seeing this occur more and more on the web. Rather than having a Drupal developer build modules (or install modules) to simulate the perfect storm of websites they’re integrating all the sites together with a common design so the user doesn’t even know they’ve moved from a Pligg site to a VBulletin forum because it all looks the same to them.

There is also the concept of “single sign-on,” which is another rough point if you’re using obscure content management software. In the perfect world we want to user to register and sign into one of the sites and have total access to all the sites in the network without re-authenticating. A project in and of itself!

We’re finding this is the way to go in many situations. Users of Drupal have commented that the forum module leaves much to be desired in terms of functionality and WordPress makes a great blog with some neat plugins to extend the blogs functionality but it’s not an E-Commerce solution either. Pligg, on the other hand, is really only good at digg-clones sites and doesn’t build a huge friends network or a social circle site, you’ve got to find other software solutions for this.

In the end, what everyone wants is to tie it all together into a “solution.” Much like Microsoft Office is a set of unrelated products brought together and forced to relate seemlessly to the user, the future of the CMS may be much the same. Plug-ins to build one site into another. You can see this already forming with some Drupal modules to plug into PhpBB and other forum software because users know “you just can’t beat a focused product” that does one thing great.

0

Large Demands For Drupal Work!

Thursday, July 26, 2007

You can make good bank as a drupal developerHow does one know the success of an open content management system (CMS)? By the amount of quotes you get on jobs in that realm. Drupal, as many know, is a very stable and flexible content management system used by many firms and a large quantity of web developers.

The trick? Drupal isn’t a walk in the park in terms of PHP development. A new PHP programmer still picking up basic concepts will soon drown in the intensity of Drupal. Although Drupal is very clean (coding wise) and hugely extensible to the experienced PHP programmer, there doesn’t seem to be a large pool of developers.

If you know Drupal and you’re a PHP developer, this is good news for you. If you’re a PHP developer and you don’t know Drupal then here is a project for you: learn Drupal.

Over the last six months, my project at techdiversions.com has many Drupal web designers asking “wow, how can I do that for my customer?” TechDiversions uses the Drupal E-Commerce modules and exists to sell video games, but honestly, the amount of money made by the video games as compared to additional contract work for building such a site just doesn’t compare.

Video game profit margins are not the best in the world of retail but Drupal PHP development does yield better margins (but requires more design, experience and sheer brain power to develop). It’s funny to see a site that’s slowly growing its customer base have higher profit margins in contract jobs just because it shows that E-Commerce and Drupal can provide a working solution for companies around the globe.

Why are we showing off TechDiversions? If you’re a video game player then you should buy stuff from the site, but that’s not the real point. The real point is learn Drupal and develope a first class site to draw in more jobs!

If you’re a drupal developer or want to become one, you should sit down and build a few websites. You don’t have to do a full E-Commerce solution but show off your skills and build some custom modules to do something fantastic to show off your skills to potential clients.

Fortunately, MediaCrumb has an experienced lead web designer and an experienced lead developer to build full solutions for customers. But, many web designers lack the training or patience to learn PHP and tackle a drupal problem. You’ll find, as a Drupal developer, web designers sending you e-mail and asking “hey, my client needs a bit of code in this module to do…” or “can you modify a core Drupal module for my needs…” or “can I keep you in contact for future modules?”

If you want to make some good money as a web programmer/developer I suggest learning the in’s and out’s to Drupal and become a commodity to web designers around the world.

0

The World Is Full of Spammers: Think Ahead

Wednesday, June 6, 2007

As a software developer I’m constantly challenged with avoiding annoying spammers. I easily spend 30% of my time working against people that serve no purpose but to bother me. The challenge isn’t simply blocking bots and spammers on development projects, it’s balancing the blockage with the loss of real users.

A good test case, the techdiversions.com mailing list. The concept is simple, a side-panel area where visitors can sign up for our mailing list to receive industry news, video game promotions and game release dates. The mailing list, from a business perspective, keeps users remembering who you are so they come back next time to buy from you and not your competition.

Enter the spam bot. This little bot comes along each day and causes endless headaches for my wife, the store owner, when she wants to manage her mailing list and user-base. This bot, for whatever reason, signs up for the mailing list with bogus e-mail addresses five times a day with ten new sign-ups each vist. Thats around 50 new sign-ups a day!

Now, you may ask “why would a bot use a bogus address for a mailing list?” Because bots aren’t very smart and more than likely the bot really wants to sign up for a site account so it can spam the comment log with advertisements for erection drugs and other products only 2% of its user-base buys.

Lucky for me, my wife runs the store so I can get away with a bit. But, had I developed the mailing list side-bar for a client and received calls saying “your module is causing IT nightmares” I’m back on the job to fix the issue. Had I thought ahead the issue wouldn’t have ever become a problem.

The lesson? Any form you present to the user will be subject to endless attacks by bots and frauds. Every site has a solution (or should) to the problem. For credit card fraud, some sites require you to enter the bank holders name from the back of the credit card before you can continue. For user spam, some sites require you to validate your e-mail address before you can login (i.e. Drupal). Others, like pligg, use “captcha” to accomplish registration successfully.

The problem with these solutions? Every single one will cause your users to think twice about sign up or purchasing. Internet users are lazy, I know, I am one of them. In certain circumstances a user will weight the annoyance of validation against what their attempted to get out of your site. A site that requires captcha to leave comments or login means the users going to think “is it worth my time to try to figure out this messy set of letters and type them in?”

In some cases, the annoyances of validating they are not a bot is enough to make them click back and head to a new site. This was also the case with techdiversions for user account login validation. By making users validate their account by testing their e-mail address means they may not purchase from us because they get confused, lazy or just don’t care. Yet, by allowing them to insta-login means we’ll receive more bots and fraud attempts because it’s “annoying” to have to sign up with endless valid e-mail addresses to login (although dodgeit.com makes it easier for them).

So, how do you balance good vs. evil? Market testing, unfortunately, will be the only real way. Setup a barracade to your spammers and bots and monitor your user registration, user comments or whatever you’re securing. If the number drops drastically you’ll have to find a better solution to the problem or lose precious eyes. In some cases, the solution is to bog yourself down in validating, by eye, each registration or deleting unwanted posts–yuck.

How did I solve my mailing list attack? I watched for patterns and reacted to the attack with a plan… I noticed each bot that came by created a first name and last name that were identical. How many people do you know with the same first name and last name? Very few! So, I took my chances and refuse anyone to sign up for our mailing list whom has the same first and last name. I guess we’ll lose folks named Bob Bob or John John but the benefit outweights the annoyance of daily user cleansing.

Did it work? So far I’ve received zero new sign-ups on the mailing list from bots! They may get more creative, but I believe the bot was signing up in error given the uselessness of the cause. To sign up for an e-mail only newsletter with a bogus e-mail is a good waste of time for both parties involved.

The lesson to take away from this:

  • Think Ahead: Can you develop a software application that has natural barriers to bots without harming your users.
  • Test Barriers: Try one new barrier against the bots and monitor the reaction from the humans. If you lose your audience you’re going to be worse off than dealing with bots.
  • Monitor Comments: Some “bots” are actually humans; they’re out to get back-links without providing any useful purpose. Delete them or monitor out the urls.
  • Monitor forums: Bots have a nasty habit of creating 200+ accounts and spamming urls all over the place. Listen to your users, they probably use your site more than you do (we hope!)
  • Bots Repeat: The only saving grace is that bots really only know how to do a limited number of things… over and over. Patterns can be seen and counter-measures can be taken.

Lastly, check to see if your CMS has spam-blocking modules. WordPress has many to choose from so browser around! Speaking of which, I’ve got to go delete the 376 spam messages in our pending queue.

Happy surfing!

0

Pligg Hits A Critical Security Vulnerability

Wednesday, May 30, 2007

Recently, the “digg clone” CMS Pligg was informed of a security attack that can compromise the entire management system by a hacker.

It’s only a matter of time before a hacker exploits the vulnerability because this is an open sourced project and anyone can see the code changes, thus a hacker with some coding knowledge should be able to reverse engineer (quickly) the code and begin writing an exploit.

I’ve contacted one of the Pligg folks to get more information on the situation so that we at Media Crumb want to know the in’s and out’s of the problem spot and work our clients through the solution. For Pligg projects that do not alter the sources or have not altered the login sources, its a snap to update.

For those that have manually altered the sources, the diff’s are a bit more complex. Make sure, however, you get the update installed. You can find more on Pliggs forum here and get the updates you need a.s.a.p!

« Older Posts
Newer Posts »