Monday, May 7. 2007

Start Writing Embeddable Applications

Clay Loveless wrote last year an article entitled Stop Writing Loner Applications in which he ranted about all the monolithic applications that act like they're the only kid on the block when it comes to user authentication. Basically, if you want to create a site that utilizes several third-party, off-the-shelf PHP apps (say, a forum, a blog, and a wiki), getting a shared authentication to work between them can be more than a little painful.

I've hit a similar problem repeatedly the past couple months: most of these apps simply are not embeddable, at least not without modifying the source.

"Why embed?" you ask. Simple: if I'm creating a site that has one or two of these applications, but also my (or my company's) own custom functionality, I may want to ensure that certain elements are present on all pages, or that I can control some of the content in all pages: a unified header and footer, ability to inject statistic tracking javascript, etc.

The predominant attitudes are either, "Don't embed our app, embed your app in ours," or "Just modify the templates." Neither of these solutions is acceptable.

Why not? In the first case, it's my site. If I'm mixing and matching several such applications, which ones should I embed, and which should be the master? Honestly, the applications I'm writing for the site are the master application; the third party solutions should be embedded in my website.

In the second case, I may have my own header and footer, and tools for automating what tracking scripts are embedded when -- in other words, I'm running my own display logic, possibly with my own tools. Embedding these tools into another apps templates is at times difficult (if the application is simply using PHP, the difficulty may be mainly finding what code to alter), at times impossible (if the application uses a templating engine vastly different than what I'm using, or one that does not allow arbitrary PHP). Why should I have to write an interface to my code for each application?

Truthfully, it simply makes sense to use a Two Step View in most cases, having the application generate content that is then injected into a sitewide template I control.

I've tried in a number of cases to write wrappers so I can grab content from these third party apps, typically using output buffering to capture the output so I can inject it into my own views. So far, my experience has been universally dismal. Most of the secure, robust apps out there (I'm not going to name names) still use procedural methods for at the very least the main script, usually index.php. This includes slurping in configuration from other files... all of which happens in the global namespace. What's the problem? Most wrappers I write are by necessity class methods or functions, or run from within one, meaning the global namespace is no longer in effect. The end result is that I have to greatly alter the code to get things to work -- in one case, my colleague and I ended up changing all $_GLOBALS references to $_SESSION simply to get things to work. Hackish, but it got the job done. However, it also means it will be a nightmare to upgrade until we can script it.

If you're writing a standalone PHP application, maybe the next great forum software, or blog software, or wiki, or what have you, please design it in such a way that it is easily embeddable:

  • When using configuration files, use a configuration component that doesn't require use of the global namespace (PEAR's Config, Solar's Solar_Config, and Zend Framework's Zend_Config come to mind); when coupled with a registry or implemented as a static class property (in PHP5), you can have access to the configuration from anywhere in your application.
  • Have your bootstrap script call on class methods or functions to do their work. Don't do any decisioning in the global namespace.
  • Better yet, use an MVC pattern in your apps, and have your bootstrap simply dispatch the controller. This can easily be duplicated in somebody else's code, or simply directly included.
  • Make sure your templates are easily modified to allow developers to strip out header, footer, and menu elements.
  • Create an API to allow retrieving necessary javascript and CSS so that it can later be injected into another system's templates.
  • Don't use $_GLOBALS ever. It seems like an easy way to keep variables accessible across classes and functions, but with PHP 5's static properties, or judicious usage of singleton's in PHP 4, there are other ways to accomplish the same effect with fewer side effects.

If you're responsible for maintaining an existing project, please start fixing your application today so it can be embedded. Believe it or not, it may actually increase adoption of your project, as more people will be able to use it within their existing sites. At the very least, you'll stop me from ranting, and reduce the amount I spend on acetaminophen.

Posted by Matthew Weier O'Phinney in PHP at 00:00 | Comments (9) | Trackback (1)
Defined tags for this entry: ,
Related entries by tags:
Pastebin app updates
ZendCon08 Wrapup
git-svn Tip: don't use core.autocrlf
Setting up your Zend_Test test suites
Pastebin app and conference updates

Trackbacks
Trackback specific URI for this entry

No More PHP 4, Pt. 2: Stop Using Global Variables
PHP 4 is end-of-life very soon. In addition to offering projects the chance to refactor and improve their application design, PHP 5 offers many things PHP 4 just doesn't. This series of posts will deal with things projects can get their fingers into that
Weblog: /dev/weblog
Tracked: Nov 02, 13:38

Comments
Display comments as (Linear | Threaded)

I wonder how embeddable web applications using frameworks like Simfonie, cakephp or Zend are.
#1 Christof Damian on 2007-05-07 02:22 (Reply)
Because the frameworks you mention all provide an open interface to there auth methods it shouldn't be hard at all to embed within any of them.

The problem comes in when all the auth methods are so deeply embedded into the code of the site that its next to impossible to call them without loading the whole site to begin with.
#1.1 Richard Thomas (Link) on 2007-05-07 02:40 (Reply)
And it's not just the auth that makes such applications easier to embed; it's the fact that typically apps written with such frameworks will be written using OOP and without using globals; you can typically either directly include the bootstrap of these applications from within another function or method with no side effects.

The principal issue I've been encountering is that so much processing is done in the global namespace that trying to initiate the app from a function of method simply cannot work as the scope disappears.
#1.1.1 Matthew Weier O'Phinney (Link) on 2007-05-07 08:25 (Reply)
- Can you give more examples on bootstrap script and how you would organise stuff as MVC.
- Can you give an example as how to make js and css easily retrievable from another app.
- Can you give a code example as how to avoid $_GLOBALS
#2 Lars Olesen (Link) on 2007-05-07 11:15 (Reply)
@- Can you give more examples on bootstrap script and how you would organise stuff as MVC.

Please have a look at Zend Framework, SolarPHP, CakePHP to see how bootstrap is used.

@- Can you give an example as how to make js and css easily retrievable from another app.

Creating a view helper is not hard. There are a lot of examples you can see in Savant template, SolarPHP.

@- Can you give a code example as how to avoid $_GLOBALS

Use singleton/registry design pattern. You can find some good implemetations in Zend Framework and SolarPHP framework
#2.1 pcdinh on 2007-05-07 21:35 (Reply)
Great post.

I know the pain you are talking about, trying to get blogs, forums, and your own built app all to work well together.

One nice way to work is to replace the forum/blog user tables with a view to your own user table.
#3 MM (Link) on 2007-05-07 11:15 (Reply)
Good post. Not least because all my applications will be fine :-)
#4 Oliver Saunders on 2007-05-08 09:10 (Reply)
You take other framework?Are n't you forgot something.Whatever mvc they told you.Are they taking the risk of validate each user on each transaction query insert,update,delete and log file.I said no.

Look below


or


Which faster?Think about yourself

With adodb I can change my db faster
False
Each db have each style such as oracle didn't have auto increment and stick with the pl/sql so on..

Built your on framework.I suggest .You migh reusing back old function.And it's all about resuing not stupid folks telling your code are not final,abstract lala.Do your own stylo.

Front End Validation
#5 hafizan on 2007-05-08 20:16 (Reply)
Until recently, I wasn't convinced that there were that many benefits to using a framework. I'd always created my own mini-framework for each project or employer that suited the particular needs they presented. However, in working on Zend Framework, and being able to see it develop from the ground up, I can see now why frameworks are so popular.

There are two principal reasons for using a framework: (1) not reinventing the wheel, and (2) development speed. Yes, (2) is hard to achieve at first, until you become proficient in the framework you choose, but believe me, a well-written framework can save you tons of time as you develop your application. Really, (2) in large part is a result of (1) -- when everyone develops their own frameworks, there's a lot of duplication of effort. Sure, your idea of how something should be done may differ from somebody else's, but if they end up in basically the same end-result, you've just wasted time.

You mention AdoDB and a sense that you can't really develop faster using it than using the direct database access. I find this patently false. Database abstraction layers, and even just simple database access layers like PDO can save you tons of time as they simplify the interface used to access the database, as well as provide security features such as quoting input values. If you do all this yourself, you're going to be much less efficient.

Me? I'm going to keep hacking on Zend Framework and the other projects I have my hands in, and hope that others derive value from what I've done -- as I have from them.
#5.1 Matthew Weier O'Phinney (Link) on 2007-05-18 08:09 (Reply)

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA