PHP 5 CMS Framework Development

Most Web developers are familiar with one or more content management systems (CMSs), and how they can be used to create websites more efficiently than by hand. These developers may have deep knowledge of how to install, configure, customize, and extend a CMS. But far more rare is knowledge of how to develop a CMS of one's own, and the programming considerations required to do so successfully. These are the main themes of Martin Brampton's book PHP 5 CMS Framework Development.

This title was released by Packt Publishing on 6 June 2008, under the ISBN 978-1847193575. In addition to an appendix on packaging Aliro extensions, the book's material is organized into 14 chapters, covering various CMS topics: overall CMS architecture; users and administrators; code organization; user sessions; databases and data objects; access control; supporting extensions of the CMS; data caching and handlers; menus; support for multiple human languages; presentation services; miscellaneous services, such as file handling, email delivery, and admin functionality; error handling; and how to manage many types of content.

At the very beginning of the preface, the author notes that "This book guides you through the design and implementation decisions necessary to create a working architecture for a PHP5-based content management system." Martin Brampton is qualified for this task, given his strong background in CMS development, having served as the leader of the Mambo development team during a critical period of its evolution, and later creating his own CMS, Aliro. It should be noted that the book does not assume any prior knowledge of CMSs in general or Aliro in particular, although in most respects this work is very much a case study of the architecture and design decisions of that specific CMS. However, the book does assume a solid understanding of PHP and object-oriented principles.

All of the code samples come from the Aliro content management system, of which Martin Brampton is the project architect. On the book's Web page, the publisher has made available links to purchase the electronic version of the book, to download the source code, to post feedback on the book, to ask questions, to read the table of contents and media reviews, and to download a sample chapter (Chapter 6: Access Control). The only problem with these offerings is that the source code is not organized by chapter, but instead comprises the source code for Aliro. (The publisher's page labels it as 2.6 MB, as of this writing, but Aliro is about three times that size.) Consequently, readers who want to find specific code should search through the files using their favorite programmer's editor.

The author devotes the first chapter of the book to presenting his perspective on the advantages of using CMSs for site development, the required and the desirable features of a CMS, and some system management issues. Also covered are reasons for using PHP 5, its object-oriented capabilities, XHTML, and the Model-View-Controller pattern. He then discusses sundry topics on site hosting, JavaScript, site security, and CMS-specific terminology. Many readers may find interesting the arguments for separating system administrative access (as done in Aliro, for instance) versus integrating it with the regular site interface and using access control to restrict non-admin users (as done in Drupal, for instance). The chapter concludes with a summary, which for this and the following two chapters, may be of value to some readers, since these chapters are more narrative than the others. But the chapter summaries that follow, for the more technical material, could be disposed of in future editions, since readers will seek within the chapters for the information covered.

Throughout much of the history of the Web, one of the most problematic aspects of site development has been the management of users and administrators — especially with CMSs causing the two distinct groups to be splintered into a spectrum ranging from anonymous visitors with no privileges, to site administrators with full privileges, along with authorized users, content contributors, and content editors. In his second chapter, the author examines the challenges of user authentication, password storage, SQL injection, and other access issues. He proposes a framework solution and also a division of user data into two tables, as done in Aliro. He describes some of the key code utilized within his CMS (naturally, the full code is obtainable since Aliro is an open-source project). Chapter 4 addresses an area that frequently mystifies new PHP programmers — namely, how to create, utilize, and protect user sessions. Thus, this material should have been placed immediately after the second chapter.

The third chapter is devoted to the critical architectural issue of how to best organize one's code. Given that the two aforementioned chapters — dealing with users and sessions — both contain a fair amount of code, this chapter's meta-information should have been presented prior to both Chapters 2 and 4. Nonetheless, the author covers such topics as inclusion and the singleton pattern. He makes a strong case for favoring small classes, stored in separate source code files, and only loading them when needed, using PHP 5's autoloading capability.

In Chapter 5, the author spends some time exploring some of the key issues for storing data in a CMS framework, including dependency upon a particular RDBMS, item counting and ordering, database security, SQL validation, PHP exception handling, and the techniques that the author used for effectively dealing with these challenges when developing his own CMS. The first portion of the chapter, which essentially presents the problems, is fairly disjointed compared to the other material; the remaining portion of the chapter, which covers all of the solutions, is certainly more complete.

The next two chapters of the book, 6 and 7, are focused on topics more specific to CMSs: access control, and extensions to the CMS (components, modules, plugins, and templates), respectively. Chapter 8 explores caching and cache handlers, as well as the advantages of using them. The ninth chapter, on menus and page handling, is quite specific to Aliro, and thus will prove disappointing to any reader who hopes to get ideas for their own menu code. In contrast, Chapter 10 should be of interest to anyone who would like their websites to be usable and appealing to Internet visitors who do not read the single language of any site not designed for foreign use. Character sets and language extensions are discussed, as well as a third-party solution that is available.

For many years there has been an ongoing debate among PHP developers, as to whether or not to use templating systems as a way of separating presentational content from business logic and functional content. At essence is a question pondered by most if not all dedicated PHP developers: What is the easiest and yet most maintainable way to deliver one's XHTML code, using PHP? This is just one of many subjects discussed in Chapter 11, "Presentation Services", which is easily one of the most compelling and wide ranging sections of the book. Chapter 12 addresses the topic of allowing a site to interact with other services, such as those for WYSIWYG editing and XML parsing. Error handling is explored in Chapter 13, including errors within application code — from PHP itself and from business logic problems — and the database. The book's final chapter covers what the author refers to as "real content", by which he means the content contributed by administrators and users to a CMS, such as articles, comments, forum postings, calendar entries, and other items. The book's single appendix explains how to package an Aliro extension for release, and would most likely be of no interest to anyone not creating such extensions for distribution.

The book has few weaknesses. Occasionally the author will state something that could be misleading to the beginning programmer. For instance, on the first page of the first chapter (not an auspicious start) he refers to the World Wide Web as a markup language. On the contrary, the markup language used to create the Web, is HTML. As we are seeing more frequently in technical books, the writing itself could use a bit more editing — such as hyphens missing from adjective phrases in many locations in the text. Lastly, some programmers may find the author's GNU style of code formatting rather bizarre in appearance.

Overall, PHP programmers who are committed to following best practices in site security, code organization, database usage, and other important factors in any site development, will find plenty of ideas in this book to consider and possibly apply to their own coding. Readers who simply see the book's title, and perhaps browse quickly through its contents, may get the false impression that the information would only be of value to someone who wants to create their own CMS from scratch. The book may be of considerable value for such an effort, but it offers more than that. Many of the most critical issues in architecting and implementing a CMS, apply to non-CMS websites as well. Also, as a veteran of software development, the author conveys worthy advice on development practices — such as in the first chapter — regardless of the chosen computer language. In addition, for the growing number of developers who are exploring the inner workings of CMSs — usually with the idea of extending their functionality by writing modules — an appreciation for how the creator of a CMS thinks, could be helpful. Ideas are illustrated throughout with sample code — none of them excessive in length. PHP 5 CMS Framework Development offers lessons in PHP 5 object-oriented programming and website development that goes beyond CMSs and Aliro.