Posts Tagged ‘joomla’

Book Review: Joomla 1.5 Template Design

Packt Publishing recently sent me a review copy of Joomla 1.5 Template Design by Tessa Blakeley Silver. Since I read most of it away from my computer, I wasn’t able to work through the examples. While I can’t speak to how well the code examples matched the actual process of building the template, I did enjoy reading the book. Coming in at 259 pages before the index, this book has enough content to cover everything you need to know while not wearing out its welcome.

The strongest part shines in Chapter 2, where Tessa introduces her “Rapid Design Comping” technique. This markup-centric approach helps you get your typography and HTML right first, then goes back and creates accompanying graphics. By getting your basic HTML and CSS out of the way up front, you don’t run into issues where you’ve designed a layout in PhotoShop that doesn’t translate to the web. Her coverage of this method is easily worth the price of the whole book.

Another plus is that Tessa incorporates HTML and CSS validation as a part of your template design workflow. Although having valid markup does not guarantee that your design will display properly in all browsers, it does help you avoid many such inconsistencies from the outset. She also covers common browser hacks (mostly to accommodate Internet Explorer 6) and how to use them as sparingly as possible. Finally, she also dives into avoiding quirks mode rendering and how to handle inconsistent renderings of the box model.

Coverage of Joomla-specific code and techniques is extensive, including custom module chrome and template parameters. She includes a complete reference for all <jdoc:include /> tags, as well as CSS selectors output by the Joomla core. Joomla template-specific PHP is also explained, but without going too deep into code that might confuse people without a programming background.

Despite a strong foundation in the fundamentals of Joomla templating and HTML/CSS, the book does have faults. There are some places where Tessa states something pensively (for instance, date formatting in XML manifests on page 138) which makes you wonder whether or not she’s confident about what she’s describing. Conversely, her description of the Model-View-Controller design pattern is very confidently stated, but slightly inaccurate. Fortunately, she describes the relevant details of View overrides correctly. That said, a more consistent voice would make the book easier to read.

Less forgivable is the introduction of the jQuery JavaScript library in Chapter 8. While she does a good job of showing jQuery’s power and simplicity, not once does she mention that Joomla already includes MooTools. Worse, readers are not alerted to the fact that jQuery will clash with MooTools if you don’t add the proper workarounds. While I love jQuery as much as Tessa does (and perhaps more), I was quite shocked by the omission. It’s quite possible that Tessa hasn’t run into this conflict, but it does happen frequently.

Despite a few missteps, this book is a solid introduction to the ins and outs of building a template in Joomla. All of the standard syntax is covered, along with a practical overview of how to structure your HTML and CSS for optimal browser compatibility. Advanced topics are also tackled head on, making this book the most complete reference for building Joomla templates that I know of. If you need to build a template or are curious about the process, this book should definitely be on your shelf.

You can read a sample of the book from Packt’s website [PDF], or purchase the book there as well.

Attention Podcast Suite Lovers

Throughout the life of the Podcast Suite, many of you have asked if you could make donations for the work I’ve put into it. Every time, I’ve redirected your kindness by suggesting a donation towards the Joomla project instead. I do this as the effort I put into the Suite is small when compared to the enormous effort put into Joomla itself. Without Joomla, the Podcast Suite would not exist.

However, if you have used the Podcast Suite and would still like to donate money, there is a current opportunity for you to make a tax-deductible donation that would help me greatly. At the last week of October, I will be flying with 12 other people from my church to Iloilo City, Philippines; we will be spending two weeks there to run a summer camp for street children. Each of us need to raise $2,300 for our trip expenses. You can read more about it in this (PDF) letter and make a donation here.

Any funds raised in excess of my $2,300 goal will go towards the goals of my other team members. Although I would be honored to receive money towards this goal from Suite users, do not feel any obligation to contribute towards this trip. I’m always thrilled to hear about the Suite being used. I want all Joomla users to be able to publish their own podcasts without knowing programming or RSS. When you publish a podcast with the Suite, you help me achieve that goal!

The way NOT to do JavaScript in Joomla!

While doing a little Sunday afternoon browsing of Twitter, I noticed Amy Stephen warning about a bad technique for using Joomla! with AJAX-style requests. I followed the link (WARNING: don’t use this code!) and found security vulnerabilities right away. Since the blog in question doesn’t support comments, I’m forced to respond here.

First, as Amy pointed out, the technique creates another entry point into Joomla. While this can be used effectively if you know what you’re doing, it’s totally unnecessary for a casual application of asynchronous JavaScript. Next, class, who can tell me what’s wrong with this piece of code?

cExt( $_POST['func'] );

That’s right, we’re passing data straight from our HTTP request (which can come from anywhere in the WORLD) into our application’s logic. Once we get into the the cExt function, the variable is used to execute code with no filtering whatsoever:

function cExt($func = ”){
$cext = null;
if(!empty($GLOBALS['cExt']))
$cext = $GLOBALS['cExt'];
else{
$GLOBALS['cExt'] = new plgCommunityExt();
$cext = $GLOBALS['cExt'];
}
if(empty($func))
return $cext;
else{
if($GLOBALS['ajax'] == true)
$cext->$func();
else
return $cext->$func();
}
}
function cExt($func = ''){

    $cext = null;

    if(!empty($GLOBALS['cExt']))

        $cext = $GLOBALS['cExt'];

    else{

        $GLOBALS['cExt'] = new plgCommunityExt();

        $cext = $GLOBALS['cExt'];

    }

    if(empty($func))

        return $cext;

    else{

        if($GLOBALS['ajax'] == true)

            $cext->$func();

        else

            return $cext->$func();

    }

}

Please, regardless of whether or not you use Joomla, don’t do this! It is a totally insecure way of writing code. Instead, if you are using Joomla, you can at least filter this variable using the following code:

$func = JRequest::getCmd('func', '');

This code will filter the func variable from the request and make sure it only includes numbers, letters, or underscores. Additionally, you should filter $func to make sure a corresponding public function in the plgCommunityExt class exists before attempting to use it to actually execute that function.

As a side note, $GLOBALS is being used an awful lot here. While this isn’t a security risk in and of itself, it is a bad practice that can lead to insecure coding. If the register_globals setting in PHP (going away in PHP 6) is turned on, this becomes a huge security risk as anyone in the world can set the value of cExt to anything.

The post ends with this quick jibe:

That was pretty easy wasn’t it, in order to get quick results you just have to find these shortcuts which will spare you the time and pain of having to read some Joomla-, or pick your favorite, CMS book.

I’d argue that the author of this blog post would not only benefit from reading a book about CMS development, but one on basic PHP security. The technique he describes is insecure in any PHP-based framework or CMS.

Fortunately, you don’t even have to run to the bookstore to find examples of the correct way of doing these things. Louis Landry has a quick example of how to return JSON formatted data simply and securely on this thread, without having to create a special component view. If you do want to use a view, this blog post will show you how to do it.

Finally, if you do want to learn how to add AJAX-style requests to Joomla (without necessarily using JSON), I’ll shamelessly plug my own book. But you don’t even have to buy it, because the sample chapter is indeed the one on JavaScript and Joomla (start on page 168 if you already know Joomla! MVC).

Podcast Suite 1.5 Stable Released

I released a stable copy of Podcast Suite 1.5 today, go get it. On the forums, we managed to find bugs regarding the MIME type being set in the HTTP headers. We also fixed a bug where languages other than English would not get their code in the RSS feed. A few other fixes and enhancements made it in. Thanks goes out to everyone who’s reported bugs on the forum and even offered solutions!

concrete5 – first impressions

I downloaded the concrete5 CMS a couple of weeks ago and intended to write a critique earlier, but am only now getting around to doing so. Since then, this article was released on CMS Wire and Joomla! fans on Twitter began talking.

What’s good

One common pitfall of CMSes is to abstract away the concept of a page. concrete5 avoids this and very much embraces pages. A+ in my book. While it’s true that some layer of abstraction can be helpful in certain cases (usually when you’re building an application inside of your CMS), it adds extra work for most webmasters.

Editing pages is also very straightforward. Once you’re in edit mode, all of the blocks (similar to Joomla! modules) appear with dotted borders. Clicking on one gives you several options for editing the block, including dragging and dropping the block to a new position. Very nicely done.

The features built around content5 are thoughtful. Versioning is built in and outputs diff-style coloring when comparing revisions. There are also extensions to help you embed videos, Google Maps, slide shows, and RSS feeds.

About 70% of the functionality you’ll need on a regular basis is contained in the toolbar that appears as you’re editing individual pages. For the rest, there’s a specific “dashboard” backend where you can go to manage themes and files, get reports, and perform other administrative tasks.

Theming is okay

The theming system is reasonable. Like Joomla!, you can add specific themes to specific pages. Closer to Drupal, your theme can define several different page types, which might eliminate the need for separate themes. However, concrete5 requires theme designers to instantiate objects within their markup, then call member functions of those objects to display output. This bothers me. It seems like static function calls or embedded tokens would handle this more elegantly.

Also, the greensalad example theme uses the “header.php at the top, footer.php at the bottom” style of breaking up the markup—I loathe this. There’s no reason to use this error-prone method for theming: you end up with tags that are opened in one file and closed in another.

What’s annoying

While the simplicity of editing individual pages is definitely something I prefer, concrete5 has sacrificed some features to get there. I was not able to find any kind of feature to create a blog-style index of content made up of blurbs from other pages. Add-ons are scarce: if you’re looking for a forum or shopping cart, you might be in for a wait until they attract more developers to the platform.

I ran into a few speed bumps when installing concrete5 locally. After downloading it and going to the installation screen, there was a checklist of PHP configuration settings necessary to run concrete5 (not unlike Joomla!’s). Most of them were good to go after tweaking folder permissions, but I did not have the GD library setup on my self-compiled version of PHP. I was a little surprised that the system would not let me continue installation. While I’m sure there are features in concrete5 that use server-side image processing, this doesn’t strike me as something so vital as to halt installation. (I was able to successfully install both GD and concrete5 on my spare Ubuntu machine.)

Although the GD dependency was annoying, the halted installation uncovers something even more so. If the installer detects even the slightest issue with your configuration, an advertisement for professional installation is displayed. Quite tacky; they could have at least provided a link to their installation forum.

Which brings us to community. This company oozes a know-it-all attitude. In sharp contrast to the websites of other CMSes, their official About page openly bashes Joomla!, Drupal, and WordPress; painting all three in rather broad strokes. This is very disappointing, unnecessary, and ultimately counter-productive. I’m all for making bold statements, but they’re driving away the very people who could help their platform grow quickly.

Final word

concrete5 is a very promising CMS that does the basics very well. The interface is picked up quickly and things are easy to find. However, if they’re earnest about building a community around their code, they might want to tone down the self-worship a smidge. And is content management really a human right?

Podcast Suite 1.5 Release Candidate 1

Podcast Suite 1.5 RC1 is now available for download here. A lot of validation issues are fixed, multiple feeds should be working, and a German translation of the UI is bundled. Thanks goes out to everyone using it and waiting for help on the forum! You’ve helped me catch a lot of issues, which has made the suite better software.

Avoiding Joomla! Pain – March 13th

This coming Friday at 1PM Eastern US time, I’ll be giving a talk about Avoiding Joomla! Pain. Recently, I’ve been running into PHP programmers tasked with maintaining Joomla! sites they didn’t set up. Some dig in and get busy, while others become frustrated when things don’t work the way they expect. In this talk, I’ll go over a few things to help you get a handle on how Joomla! works and how to extend it.

Fortunately, you don’t have to be anywhere near DC or even buy a ticket: it’s a part of the php|tek 2009 free webcast series. You must register to see the webcast, but registration is free.

If there’s something about Joomla! you’ve always wanted to know but have been afraid to ask, let me know in the comments and I’ll work it into the talk.

New Lynda.com Joomla! videos

Last Friday, Lynda.com released another volume of Joomla! videos created by Jen Kramer McKibben. Now, in addition to watching videos about all of the major content management systems, you can also learn how to create Joomla! templates and CSS with Jen. Head on over to Lynda.com now and preview some of the free videos.

Quick and dirty christmas list – a Joomla! Recipe

Right around Thanksgiving, my mother will usually email asking for a list of Christmas gifts. This previously presented a messy problem: we would have to sit down, come up with a list, send it to Mom, then she would have to circulate the list and coordinate who was buying what. Instead of doing that this year, I told Mom to wait a week. Ten days later, I managed to scrounge up enough time to dash off a Joomla!-based system to handle all of this. Joomla! took care of the basic interface and user management tasks, leaving me to finish off the rest as an MVC component.

First, I installed a standard copy of Joomla! 1.5 with no sample content. I adjusted the parameters of the default rhuk_milkyway template so that it would have green links and headers (Color Variation) with a solid red background (Background Variation). I could have ditched the Joomla! logo in the header, but was lazy and just left it in.

Next, I added an instance of the Login module and unpublished the main menu. Although the main menu was unpublished, I left it in the system as a holding place for the default menu item. I also set Joomla! to disallow account self-registration: only seven specific people would ever be logging into this site and I didn’t want any passers-by creating accounts. I created an additional menu and set the access level to registered users only; no need to show the world any piece of our application. This menu included a link to the User Form Layout which I titled “Change my password” (even though you can do more than change your password from this form).

Finally, I cobbled together a custom MVC component to handle the lists. Before writing a lot of code, I created a menu link pointing to the component on the main menu, then adjusted the login module to redirect to this menu item after authenticating. This makes the login process seamless: you don’t see any parts of or links to the list component before you are logged in. Your only options are to either log in, retrieve your username, or retrieve your password. Once you’ve successfully logged in, you’re immediately taken to the component.

After configuring the login module, I continued to build the component. Before calling the controller, I used this code to make sure the user is logged in before continuing:

if (!$user->id) {
    global $mainframe;
    $mainframe->redirect('index.php', 
      'No peeking! You have to log in first.');
}

Next, I have controller sets the default view to ‘mylist’. This view lists all of your requested items and provides a form for entering more. To set the default view, I overrode the display() function for the controller like this:

function display()
{
    $view = JRequest::getVar('view', '');
    if ($view == '') {
        JRequest::setVar('view', 'mylist');
    }
    parent::display();
}

This way, if ‘task’ in the request is empty, the component automatically calls display(), finds that ‘view’ is also empty, then sets it to ‘mylist’. Now, while the ‘mylist’ view lists all of our requests, it does not display the purchase status of those gifts. In addition to the ‘mylist’ view, there is an ‘item’ view providing a form where you can edit gifts you’ve already added. Links to the ‘item’ view are provided from the ‘mylist’ view.

In contrast to ‘mylist’, the ‘otherlists’ view displays all of the gift requests from all the other users, while listing gift purchases. It also has links you can click to mark yourself as having bought a specific gift. This way, people know not to buy something you’ve already purchasing. The code also makes it possible to mark multiple people as chipping in on a gift.

While the ‘item’ view simply loads a single row from the database, the ‘mylist’ and ‘otherlist’ views have their own data models. The data model for ‘mylist’ is very simple and has only one function, but the ‘otherlists’ model has functions for getting a list of all users, getting the buyers for each item, and getting all of the items listed by everyone else.

While there is more code I would like to add (such as gift suggestions for people who are slow about building their wishlist), following the MVC pattern now will make it easy to do that later. In the meantime, here’s a link to the code as it stands today (NOTE: this is not an installable Joomla! package. Drop com_christmaslist into the frontend components folder, run the .sql, then make an entry into jos_components if you want).

Textmate Bundle for Joomla!

I’ve been an avid Textmate user for a while now. It’s a text editor for Mac OS X that allows you to automate a lot of common text tasks. The editor has the concept of bundles, where you can group similar code snippets and macros together; selectively using each depending on the type of file you’re editing. Textmate also allows you to edit the core bundles that ship, as well as create custom bundles for your own projects.

To help with my Joomla! programming, I’ve developed a bundle of snippets for commonly used code. You can download it here. Unzip the package, then double click on the bundle to install it in Textmate. I’ve been slowly collecting snippets for a while now, so there’s some Joomla! 1.0 snippets as well as Joomla! 1.5, but it’s mostly 1.5 now. I’ll probably clean this up someday and add more functionality, but for now, here it is. No warranties, all the usual legal stuff, etc… enjoy!