Advice for porting custom PHP application to CMS or MVC

Posted on 2010-09-08
Last Modified: 2013-11-08
We are in the process of deciding whether to port our legacy PHP custom application into a CMS such as Drupal or an MVC  similar to CakePHP.

Our current system was developed prior to 2004 and was based on a previous platform developed by our vendor.  Over the years, the system has gone through a large number of modifications but the codebase is relatively intact and over 10yrs old.  We have updated certain aspects of the system which have allowed it to run effectively on a PHP4 and MySql 4 platform.
The system is used to manage three operating programs and each take advantage of our standard data elements; site, students and tutors.  Each of these elements has a class php file containing all functions for that element.  Our biggest concerns are with the security and workflow engine.

The security model is very thin.  The system uses a roles-based model and each role have been hardcoded into each display object including any forms down to a particular field within a form.  Unfortunately, a programmer needs to scour through the entire codebase to make a single change to any role.  This has caused us to elevate everyone to a super users because as the end users, we're unable to make those changes.

The workflow engine is non-existent.  The system contains over one hundred workflows which have once again been hardcoded in the codebase.  Adjustments of any kind need the intervention of a programmer and once again a review of the entire codebase.
Our final concern is the database and query engine.  Unfortunately, the queries happen on the front-end and the security check is performed on the display.  This is a potential nightmare since critical data is often pulled by a query and just not displayed.  This creates the problem of an open door for someone with the right key.

I'm looking for some advice on whether porting our custom application into a CMS or MVC is a viable option or do we just start over in one of those systems.  Also, what is the best approaches for managing the input, store, display and edit of information; CMS or MVC.  Finally, if you're award of a case study for porting a custom application into a CMS or MVC, I'd be interested in reading it and a link would be great.

Question by:chris_thorn
LVL 17

Accepted Solution

Thomas4019 earned 250 total points
ID: 33633652
I've done a lot with Drupal and I quite like it. Security is much easier as you almost never even to write PHP.

Drupal alone does little next to nothing. It's with the modules where the real power comes in. Modules like CCK, Views, Panels, Rules allow for very dynamic sites with no coding. Google "drupal views" or "drupal cck" etc to get an understanding of each.

CCK = content storage
Views = content display
Panels = multiple displays concatenated.

I recommend starting from scratch. The drupal ideology is very different from custom code. Also sounds like your code is unwieldy.

Read the Drupal cookbook to get an idea of how it's setup,

Drupal updates fast so make sure any info you read is up-to-date.
LVL 34

Assisted Solution

by:Beverley Portlock
Beverley Portlock earned 250 total points
ID: 33634702
In my opinion I would start over. I look at it as follows:

1. Your database is OK and you're happy with it so leave it alone

2. The code is all there so you know everything the system does. Sketch this out as a modelling diagram and use this as the basis for changing the design. Mark out the sections with hard coded rules as they will have to go

3. The code works so you can simply refactor a lot of existing code

4. You can leave the old system in place whilst developing the new one in parallel

5. Retrofitting old code into a code framework of any kind is a recipe for pain. Choose the framework you want and start coding in that framework refactoring your good code into the framework. Try  getting a framework that lets you keep the existing database structure. Be aware that after MySQL 4.0 the MySQL passwords changed format.

You must also remember that whilst a framework will save a lot of effort, you will have a steep learning curve initially. ALso try and pick a framework that mathces your current coding practices and has GOOD up-to-date documentation. Some frameworks have documentation that is very out of date.

What about other issues? Have you got a central repository, either CVS or Subversion? I'd rather program without a framework than without a repository. Are all the programmers involved using a decent IDE like Eclipse PDT?

Author Closing Comment

ID: 33853543
no further answers

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
what is best version of php to use 6 46
Animated .jpg? 13 59
php call to a non-object 3 32
Scope of $_SESSION 17 27
In this article you'll learn how to use Ajax calls within your CodeIgniter application. To explain this, I'll illustrate how to implement a simple contact form to allow visitors to send you an email through your web site.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now