Posts Tagged ‘joomla’

I have another How To Joomla article up: How to debug our Joomla code with FirePHP. Just recently, I discovered a plugin that painlessly adds FirePHP to your Joomla site. After installing it and doing some tests, I decided to write an article. In the midst of writing the article, I went to the FirePHP wiki and found another FirePHP plugin for Joomla released by the Kunena team. This one is even better, with tighter integration into the Joomla environment. I see many possibilities for model debugging and exception handling down the road.

Drupal and Wordpress also have FirePHP plugins, as do most of the major stand-alone PHP frameworks. Have a look to see if your favorite is listed before trying to hack FirePHP into your next project.

Earlier this week, I made my debut on HowToJoomla.net with an article on How to Fix Joomla Content Plugins. If you’ve used Joomla since the 1.0 days, you may recall that content plugins acted on both articles and Custom HTML modules. In 1.5, this behavior changed so that Content plugins only act on articles from the Article Manager. Fortunately, there are several options for regaining and controlling this functionality, which I outline in the post. Head over and let me know what you think!

When I originally received my copy of the Joomla! 1.5 Development Cookbook, I was in the middle of a large client project. The book sat over on my shelf for a few days waiting to be read. While working on my code, I came to a point where I wanted to add some custom markup to the portion of the HTML document. Although I usually whip out my Joomla Textmate bundle to pull up the right snippet, this wasn’t something I already had preprogrammed and ready to go.

If I learned something, you’ll learn something

I was about to do a Google search, but suddenly remembered that James’ book was in arm’s reach and might have the answer. After turning to the index and finding the topic, I quickly located the exact code I needed to move on. Despite having written a book on Joomla myself, this one came to my rescue at just the right time!

While it took me a while to read all 130 recipes (including time on airplanes, buses, and sitting in my living room), the practical tips and methods were worth it. James covers a wide breadth of Joomla programming topics, matched only by his Joomla Framework reference. Most passages are 2-3 pages long and include relevant information that’s quickly applicable to any Joomla project you’re working on.

Essential information

Two chapters in this book really make it a must-purchase for any Joomla developer. The Multilingual Recipes chapter gives more in-depth information on internationalization and character encodings than any other Joomla reference I’ve seen. Even if you’re only creating a website in one language, it’s imperative that you understand how character encodings work. Current versions of PHP have some shortcomings with handling UTF-8 strings, but Joomla’s special libraries will help you handle them correctly.

Character encodings aside, Keeping it Extensible and Modular is the most useful chapter in the entire book. This chapter is devoted to helping you work with Joomla’s different extension types and getting around some of the shortcomings in 1.5. For instance, James shows you how to create installable libraries by creating a custom type of plugin.

Also, this chapter has a recipe for using the component installation process to install additional extensions. This method allows you to include your modules and plugins inside of your component package; installing multiple extensions in one click. I plan on using it as soon as I get a chance to work on the Podcast Suite!

While the content in this book is very strong, it does have a couple of drawbacks. While most of the recipes have readily usable code that’s straightforward, a few of them don’t make a strong case for why you would use the described method. For instance, there’s a recipe on creating and raising a custom error level. It goes into how you want to avoid conflicting with Joomla and PHP error codes, but it doesn’t explain why you would want to create a custom error level in the first place. Fortunately, most of the recipes have more context.

I’m willing to read more than two pages… seriously.

The biggest disappointment of this book is in the execution of the cookbook format. Having read other “programming cookbooks” in the past, I know that the goal of these kinds of books is to help you find relevant information on specific topics quickly. However, Packt seems to have decided that providing “quick information” means catering to readers with severe cases of attention deficit disorder.

If you try to read entire chapters of this book at a time, you’ll notice that some recipes are almost identical. In Chapter 7, there are individual recipes on setting the HTML document generator, description, and metadata. These add up to less than three pages, but all include the same introduction at the beginning of each. Additionally, all three of these include “See also” references to each other. These would have worked much better as a combined recipe, including a reasonable scenario where you would want to set these things. In its current form, almost half of your reading consists of headers and duplicated information.

I get the feeling that Packt was trying to break all of the topics up into the tiniest pieces possible. This way, they’re able to slap “130 simple but incredibly useful recipes” on the cover and advertise a page count of over 300. This is really taking a short view of things, as James did a wonderful job with the topics he covered. While some marketer is probably pushing for a specific length, I’ve found that the length of a book is not proportional to its usefulness. For instance, I learned far more in 145 pages of Javascript: The Good Parts than I did in nearly 800 pages of Programming Ruby.

Hidden Joomla treasures

Despite the sometimes choppy format, the Joomla! 1.5 Development Cookbook organizes a lot of how-tos missing from Joomla’s online documentation. Anyone coding anything more than the simplest module can benefit from the recipes in this book. James demonstrates expert programming knowledge and delivers it in a very accessible format. The time you’ll save by having this information at hand will offset the cost of purchasing it within the first week. If you’re writing code for Joomla, you need this book.

UPDATE: you can also read a PDF sample of Chapter 2 from Packt’s website.

Packt Publishing recently sent me a review copy of Joomla 1.5 Template Design by Tessa Blakeley Silver. Since I read most of it away from my computer, I wasn’t able to work through the examples. While I can’t speak to how well the code examples matched the actual process of building the template, I did enjoy reading the book. Coming in at 259 pages before the index, this book has enough content to cover everything you need to know while not wearing out its welcome.

The strongest part shines in Chapter 2, where Tessa introduces her “Rapid Design Comping” technique. This markup-centric approach helps you get your typography and HTML right first, then goes back and creates accompanying graphics. By getting your basic HTML and CSS out of the way up front, you don’t run into issues where you’ve designed a layout in PhotoShop that doesn’t translate to the web. Her coverage of this method is easily worth the price of the whole book.

Another plus is that Tessa incorporates HTML and CSS validation as a part of your template design workflow. Although having valid markup does not guarantee that your design will display properly in all browsers, it does help you avoid many such inconsistencies from the outset. She also covers common browser hacks (mostly to accommodate Internet Explorer 6) and how to use them as sparingly as possible. Finally, she also dives into avoiding quirks mode rendering and how to handle inconsistent renderings of the box model.

Coverage of Joomla-specific code and techniques is extensive, including custom module chrome and template parameters. She includes a complete reference for all <jdoc:include /> tags, as well as CSS selectors output by the Joomla core. Joomla template-specific PHP is also explained, but without going too deep into code that might confuse people without a programming background.

Despite a strong foundation in the fundamentals of Joomla templating and HTML/CSS, the book does have faults. There are some places where Tessa states something pensively (for instance, date formatting in XML manifests on page 138) which makes you wonder whether or not she’s confident about what she’s describing. Conversely, her description of the Model-View-Controller design pattern is very confidently stated, but slightly inaccurate. Fortunately, she describes the relevant details of View overrides correctly. That said, a more consistent voice would make the book easier to read.

Less forgivable is the introduction of the jQuery JavaScript library in Chapter 8. While she does a good job of showing jQuery’s power and simplicity, not once does she mention that Joomla already includes MooTools. Worse, readers are not alerted to the fact that jQuery will clash with MooTools if you don’t add the proper workarounds. While I love jQuery as much as Tessa does (and perhaps more), I was quite shocked by the omission. It’s quite possible that Tessa hasn’t run into this conflict, but it does happen frequently.

Despite a few missteps, this book is a solid introduction to the ins and outs of building a template in Joomla. All of the standard syntax is covered, along with a practical overview of how to structure your HTML and CSS for optimal browser compatibility. Advanced topics are also tackled head on, making this book the most complete reference for building Joomla templates that I know of. If you need to build a template or are curious about the process, this book should definitely be on your shelf.

You can read a sample of the book from Packt’s website [PDF], or purchase the book there as well.

Throughout the life of the Podcast Suite, many of you have asked if you could make donations for the work I’ve put into it. Every time, I’ve redirected your kindness by suggesting a donation towards the Joomla project instead. I do this as the effort I put into the Suite is small when compared to the enormous effort put into Joomla itself. Without Joomla, the Podcast Suite would not exist.

However, if you have used the Podcast Suite and would still like to donate money, there is a current opportunity for you to make a tax-deductible donation that would help me greatly. At the last week of October, I will be flying with 12 other people from my church to Iloilo City, Philippines; we will be spending two weeks there to run a summer camp for street children. Each of us need to raise $2,300 for our trip expenses. You can read more about it in this (PDF) letter and make a donation here.

Any funds raised in excess of my $2,300 goal will go towards the goals of my other team members. Although I would be honored to receive money towards this goal from Suite users, do not feel any obligation to contribute towards this trip. I’m always thrilled to hear about the Suite being used. I want all Joomla users to be able to publish their own podcasts without knowing programming or RSS. When you publish a podcast with the Suite, you help me achieve that goal!

While doing a little Sunday afternoon browsing of Twitter, I noticed Amy Stephen warning about a bad technique for using Joomla! with AJAX-style requests. I followed the link (WARNING: don’t use this code!) and found security vulnerabilities right away. Since the blog in question doesn’t support comments, I’m forced to respond here.

First, as Amy pointed out, the technique creates another entry point into Joomla. While this can be used effectively if you know what you’re doing, it’s totally unnecessary for a casual application of asynchronous JavaScript. Next, class, who can tell me what’s wrong with this piece of code?

cExt( $_POST['func'] );

That’s right, we’re passing data straight from our HTTP request (which can come from anywhere in the WORLD) into our application’s logic. Once we get into the the cExt function, the variable is used to execute code with no filtering whatsoever:

function cExt($func = ''){

    $cext = null;

    if(!empty($GLOBALS['cExt']))

        $cext = $GLOBALS['cExt'];

    else{

        $GLOBALS['cExt'] = new plgCommunityExt();

        $cext = $GLOBALS['cExt'];

    }

    if(empty($func))

        return $cext;

    else{

        if($GLOBALS['ajax'] == true)

            $cext->$func();

        else

            return $cext->$func();

    }

}

Please, regardless of whether or not you use Joomla, don’t do this! It is a totally insecure way of writing code. Instead, if you are using Joomla, you can at least filter this variable using the following code:

$func = JRequest::getCmd('func', '');

This code will filter the func variable from the request and make sure it only includes numbers, letters, or underscores. Additionally, you should filter $func to make sure a corresponding public function in the plgCommunityExt class exists before attempting to use it to actually execute that function.

As a side note, $GLOBALS is being used an awful lot here. While this isn’t a security risk in and of itself, it is a bad practice that can lead to insecure coding. If the register_globals setting in PHP (going away in PHP 6) is turned on, this becomes a huge security risk as anyone in the world can set the value of cExt to anything.

The post ends with this quick jibe:

I’d argue that the author of this blog post would not only benefit from reading a book about CMS development, but one on basic PHP security. The technique he describes is insecure in any PHP-based framework or CMS.

Fortunately, you don’t even have to run to the bookstore to find examples of the correct way of doing these things. Louis Landry has a quick example of how to return JSON formatted data simply and securely on this thread, without having to create a special component view. If you do want to use a view, this blog post will show you how to do it.

Finally, if you do want to learn how to add AJAX-style requests to Joomla (without necessarily using JSON), I’ll shamelessly plug my own book. But you don’t even have to buy it, because the sample chapter is indeed the one on JavaScript and Joomla (start on page 168 if you already know Joomla! MVC).

I released a stable copy of Podcast Suite 1.5 today, go get it. On the forums, we managed to find bugs regarding the MIME type being set in the HTTP headers. We also fixed a bug where languages other than English would not get their code in the RSS feed. A few other fixes and enhancements made it in. Thanks goes out to everyone who’s reported bugs on the forum and even offered solutions!

I downloaded the concrete5 CMS a couple of weeks ago and intended to write a critique earlier, but am only now getting around to doing so. Since then, this article was released on CMS Wire and Joomla! fans on Twitter began talking.

What’s good

One common pitfall of CMSes is to abstract away the concept of a page. concrete5 avoids this and very much embraces pages. A+ in my book. While it’s true that some layer of abstraction can be helpful in certain cases (usually when you’re building an application inside of your CMS), it adds extra work for most webmasters.

Editing pages is also very straightforward. Once you’re in edit mode, all of the blocks (similar to Joomla! modules) appear with dotted borders. Clicking on one gives you several options for editing the block, including dragging and dropping the block to a new position. Very nicely done.

The features built around content5 are thoughtful. Versioning is built in and outputs diff-style coloring when comparing revisions. There are also extensions to help you embed videos, Google Maps, slide shows, and RSS feeds.

About 70% of the functionality you’ll need on a regular basis is contained in the toolbar that appears as you’re editing individual pages. For the rest, there’s a specific “dashboard” backend where you can go to manage themes and files, get reports, and perform other administrative tasks.

Theming is okay

The theming system is reasonable. Like Joomla!, you can add specific themes to specific pages. Closer to Drupal, your theme can define several different page types, which might eliminate the need for separate themes. However, concrete5 requires theme designers to instantiate objects within their markup, then call member functions of those objects to display output. This bothers me. It seems like static function calls or embedded tokens would handle this more elegantly.

Also, the greensalad example theme uses the “header.php at the top, footer.php at the bottom” style of breaking up the markup—I loathe this. There’s no reason to use this error-prone method for theming: you end up with tags that are opened in one file and closed in another.

What’s annoying

While the simplicity of editing individual pages is definitely something I prefer, concrete5 has sacrificed some features to get there. I was not able to find any kind of feature to create a blog-style index of content made up of blurbs from other pages. Add-ons are scarce: if you’re looking for a forum or shopping cart, you might be in for a wait until they attract more developers to the platform.

I ran into a few speed bumps when installing concrete5 locally. After downloading it and going to the installation screen, there was a checklist of PHP configuration settings necessary to run concrete5 (not unlike Joomla!’s). Most of them were good to go after tweaking folder permissions, but I did not have the GD library setup on my self-compiled version of PHP. I was a little surprised that the system would not let me continue installation. While I’m sure there are features in concrete5 that use server-side image processing, this doesn’t strike me as something so vital as to halt installation. (I was able to successfully install both GD and concrete5 on my spare Ubuntu machine.)

Although the GD dependency was annoying, the halted installation uncovers something even more so. If the installer detects even the slightest issue with your configuration, an advertisement for professional installation is displayed. Quite tacky; they could have at least provided a link to their installation forum.

Which brings us to community. This company oozes a know-it-all attitude. In sharp contrast to the websites of other CMSes, their official About page openly bashes Joomla!, Drupal, and Wordpress; painting all three in rather broad strokes. This is very disappointing, unnecessary, and ultimately counter-productive. I’m all for making bold statements, but they’re driving away the very people who could help their platform grow quickly.

Final word

concrete5 is a very promising CMS that does the basics very well. The interface is picked up quickly and things are easy to find. However, if they’re earnest about building a community around their code, they might want to tone down the self-worship a smidge. And is content management really a human right?

Podcast Suite 1.5 RC1 is now available for download here. A lot of validation issues are fixed, multiple feeds should be working, and a German translation of the UI is bundled. Thanks goes out to everyone using it and waiting for help on the forum! You’ve helped me catch a lot of issues, which has made the suite better software.

This coming Friday at 1PM Eastern US time, I’ll be giving a talk about Avoiding Joomla! Pain. Recently, I’ve been running into PHP programmers tasked with maintaining Joomla! sites they didn’t set up. Some dig in and get busy, while others become frustrated when things don’t work the way they expect. In this talk, I’ll go over a few things to help you get a handle on how Joomla! works and how to extend it.

Fortunately, you don’t have to be anywhere near DC or even buy a ticket: it’s a part of the php|tek 2009 free webcast series. You must register to see the webcast, but registration is free.

If there’s something about Joomla! you’ve always wanted to know but have been afraid to ask, let me know in the comments and I’ll work it into the talk.