Drupal Community Philosophies
In presentations I usually point out that Drupal is three things:
- A content management system: The forms you fill out, the buttons you click, and the content you work with. The stuff you interact with every day while you manage your site.
- A content management framework: The low-level APIs that let you extend and modify Drupal to make it do everything from ratings to image galleries to your dishes.
- A community: The thousands of documentation writers, developers, testers, support providers, designers, and evangelists from all over the world, working together to make Drupal a better platform every single day.
It's this third point I'd like to talk a little more about today, by providing some insights into the general Drupal community philosophies that guide our interactions with one another, and as a result, the growth and direction of the Drupal project as a whole.
The Drupal community has several core philosophies, some of which are documented, others of which you just kind of pick up from spending enough time watching various interactions on the forums, on issue queues, and on the mailing lists. Here's a brief guide, for the uninitiated.
Avoiding the Template.php of Doom (or, Overriding Theme Functions in Modules)
Drupal's theming system offers developers and designers a flexible way to override default HTML output when specific portions of the page are rendered. Everything from the name of the currently logged in user to the HTML markup of the entire page can be customized by a plugin "theme".
Unfortunately, this system can be its own worst enemy. Themes are very powerful, but in many cases they're the only place where specific output can be changed without hacking core. Because of this, themes on highly customized production sites can easily turn into code-monsters, carrying the weight of making 'Drupal' look like 'My Awesome Site.'
This can make maintenance difficult, and it also makes sharing these tweaks with other Drupal developers tricky. In fact, some downloadable modules also come with instructions on how to modify a theme to 'complete' the module's work. Wouldn't it be great if certain re-usable theme overrides could be packaged up and distributed as part of any Drupal? As it turns out, that is possible. In this article, we'll be exploring two ways to do it: a tweaky, hacky approach for Drupal 5, and a clean and elegant approach that's only possible in Drupal 6.
The Open Security Model, Drupal and ExpressionEngine on Security
I recently evaluated ExpressionEngine for viability as a CMS replacement for Drupal. ExpressionEngine (EE) is a commercial CMS tool built on PHP and mySQL by EllisLab. A client of ours was attracted to its clean interface, built-in features, and expandability.
I was impressed by the well-designed UI and the flexibility of EE's templating engine. There are definitely lessons the Drupal community can learn from their attention to detail. In fact, as I explored the EE support forums, I discovered a great deal of antagonism towards Drupal -- to my surprise, it wasn't based on features or learning curve, but on the idea that Drupal is insecure.
In the forums, comments such as this were common whenever Drupal or other CMS systems were brought up for comparison:
Some reasons why one might not want to use Drupal?
[2/5] Drupal Acidfree Module “node titles” SQL Injection Vulnerability
[2/5] Drupal Unspecified Spoofing Weakness and Cross-Site Scripting
Module-In-A-Box: We Built Admin Tools So You Don't Have To
Building a Drupal module from scratch can be remarkably simple -- just create an .info file, create a .module file, then implement a few functions like hook_menu and hook_nodeapi. In no time, you've got a module up and running, leveraging Drupal's APIs and adding functionality to your site.
The problem
Unfortunately, things can get a bit more complicated if your module needs to store and maintain its own collection of data. The Custom Links module, for example, allows users to add clickable links to the bottom of each node on a Drupal site. While the code to actually add the links to each node is only a few dozen lines of PHP, it takes a few hundred lines of code to store and manage the information about those links. The module needs to create a database table to store its records, provide management pages so an admin can add new links, manage permissions, handle adding and editing records, request confirmation when administrators delete a record, and so on.
Is that site running Drupal?
Various attempts at "fingerprinting" a Drupal site have been tried in the past, none of which are completely fool-proof.
These range from *super* easy stuff like checking for CHANGELOG.txt to checking the source for a reference to "drupal.css" (Drupal 4.7) to checking for common paths like taxonomy/term/1, and /user, (which might be aliased to something else with something like Pathauto/Path Redirect module), and so on.
However, since Drupal 4.6, there's a super geeky trick you can use to fingerprint a Drupal site that works 90% of the time.
- Get Firefox.
- Get the Live HTTP Headers extension.
- After restarting Firefox, click Tools > Live HTTP Headers. This'll pop up a little window to the side.
- Visit a website you suspect of being Drupalish. You know, like http://drupal.org/ (except, you know, I bet they're running WordPress...).
- Highlight the Live HTTP headers window and type "exp", looking for the following in the output:
Expires: Sun, 19 Nov 1978 05:00:00 GMT
You know, like so!
Update 2008-May-31 Or! For you command-line junkies out there, check out TBarregren's helpful bash script which allows you to just do ./is-drupal www.lullabot.com - Awesome!
By the way, this date has special significance in the Drupal community. Anyone know why? ;)
Hat tip to chx for this trick. :)
Theming Best Practices (Garland Gets a Cleanup)
Yesterday Garland got a long-overdue update: The page.tpl.php file was updated to use best practices. Now we can finally open up Garland in a workshop scenario and not have to use it as example of the bad practices within a .tpl.php file. This article applies to Drupal 6 and higher, though the theming principles apply to all versions of Drupal.
What's this about best practices? Let's compare the before and after of a few of the improvements. Each of the items below are extremely common things you can do to keep your .tpl.php files clean.
Modifying Forms in Drupal 5 and 6
Drupal has a lot of forms to fill out and not all of them may be just the way you want or need them to be. Modifying forms is a topic that is often met with groans but once you understand the two methods to accomplish the task and the basic, underlying concepts, it really isn't that hard to do at all. You'll be a form-modifying, input-customizing wiz in no time. This article will briefly discuss what's going on and then mainly focus on showing working examples for both methods in Drupal 5 and 6. You should be comfortable creating a new function, looking at arrays and a having at least a passing understanding of the Forms API is real handy. Also note that in the examples below I have them wrapped in php tags but you should not include those if you copy/paste. That is just so it looks nice and clear for the article.
Deciding to make the change in the theme or a module
So there are two methods for altering form output in Drupal, one at the theme layer and the other through a custom module. Changes to the HTML can be accomplished with either method so most people will use the method they are more comfortable with already; themers use the theme and developers use a module. There are two situations however where you will want to use a module rather than a theme:
- Changing functionality of a form (e.g. adding new validation rules or submission actions) can only happen in a module.
Lullabot Announces the Launch of FastCompany.com Website on Drupal
February 12, 2008 -- Built by teams from Lullabot, Achieve Internet, Treehouse Interactive, Advomatic, and Mansueto Digital, the new FastCompany.com web site combines rich editorial content with advanced networking tools for industry watchers and professionals.
The upgraded site integrates the websites' editorial features with Company of Friends, Fast Company's successful business networking site. Originally launched in 1997, Company of Friends boasts nearly 100,000 members and offers a vibrant mix of online discussions and offline meet-ups.
"We've worked closely with Mansueto (the publishers of Fast Company) from the early planning stages through today's launch, and the new site is a great demonstration of Drupal's capabilities," says Jeff Eaton, lead consultant at Lullabot. "They've combined the quality content of their print magazine with the dynamic features of a networking site; it's one of the first large-scale sites that uses those features to enhance a successful existing website. Bringing the Company of Friends network into the mix makes the site shine." The site's new functionality allows visitors to combine business content from around the web with original Fast Company content and discussions with other like-minded professionals. "It's easy to get swept up in the river of industry news, and the site is smart enough to take user interests and relationships into account, giving every visitor a tailored view of what's going on in the business world", adds Eaton.
Replace any string in Drupal (5/6), without Locale module
During a recent Lullboat podcast we mentioned a new feature in Drupal 6 that allows you replace any string in Drupal without using Locale module (thanks Moshe!). Faithful podcast listener Rob Loach took it upon himself to write the String Overrides module that lets you accomplish this task with ease in Drupal 6.
While Lullabots were lamenting the fact that this feature was never in Drupal 5, we realized that it actually could be accomplished. An hour after undertaking the project, the patch was submitted to the String Overrides queue and committed shortly afterwards.
String Overrides accomplishes this in Drupal 5 by imitating the Locale module, and without hitting the database (since variables are cached and pulled up on every request anyway). Since this essentially a hack for Drupal 5, you cannot combine it with Locale module or languages other than English. Here's the key code that makes this possible:
Setup a Memcached-Enabled MAMP Sandbox Environment
Memcached is a service that allows entire database tables to be stored in memory, drastically speeding up queries to those tables and alleviating database load. In Drupal, the Memcached module allows you to store all cache tables in memory.
This article will guide you through installing memcache on your Mac OS X sandbox machine, allowing you to test memcache deployments locally. For in-depth instructions on installing memcache on a production server, read the companion article on How to install Memcache on Debian Etch. This was installed on Mac OS 10.5.1 and MAMP 1.7 with PHP 5.2.5.
