We are in the process of deciding whether to port our legacy PHP custom application into a CMS such as Drupal or an MVC similar to CakePHP.
Our current system was developed prior to 2004 and was based on a previous platform developed by our vendor. Over the years, the system has gone through a large number of modifications but the codebase is relatively intact and over 10yrs old. We have updated certain aspects of the system which have allowed it to run effectively on a PHP4 and MySql 4 platform.
The system is used to manage three operating programs and each take advantage of our standard data elements; site, students and tutors. Each of these elements has a class php file containing all functions for that element. Our biggest concerns are with the security and workflow engine.
The security model is very thin. The system uses a roles-based model and each role have been hardcoded into each display object including any forms down to a particular field within a form. Unfortunately, a programmer needs to scour through the entire codebase to make a single change to any role. This has caused us to elevate everyone to a super users because as the end users, we're unable to make those changes.
The workflow engine is non-existent. The system contains over one hundred workflows which have once again been hardcoded in the codebase. Adjustments of any kind need the intervention of a programmer and once again a review of the entire codebase.
Our final concern is the database and query engine. Unfortunately, the queries happen on the front-end and the security check is performed on the display. This is a potential nightmare since critical data is often pulled by a query and just not displayed. This creates the problem of an open door for someone with the right key.
I'm looking for some advice on whether porting our custom application into a CMS or MVC is a viable option or do we just start over in one of those systems. Also, what is the best approaches for managing the input, store, display and edit of information; CMS or MVC. Finally, if you're award of a case study for porting a custom application into a CMS or MVC, I'd be interested in reading it and a link would be great.