Need recommendations.. PHP frameworks? Or something similar. Making a CMS (kinda)..

I know basic PHP (enough to do database driven sites, barely), but have only worked inside existing CMS’s for years.. Drupal, WordPress, etc..

Now i’m getting LOTS of requests from a certain niche market to make their sites, but Drupal etc is overkill.. so I want to make my own little system..

All I need to do is have good SECURE authentication, that lets authorised users submit data to a pretty large financial-style database. I’ll also be piping emails through to scripts to submit more data that has to be approved by admins, etc.

I’m fine with the logic behind it.. and could probably write it all in bare PHP/MySQL, but then i’m not good enough to make sure it’s totally secured, all data is perfectly validated, etc.. and I really can’t be fucked coding it all from scratch.. and surely these days you don’t need to?

What’s the best way to go about it? I hear about all these PHP frameworks etc.. is that what I need?


Codeigniter is probably the easiest I’ve seen to get into. Kohana is another

I use Zend Framework, but heard CakePHP is better. Who knows.

I’ve been building with Cake for ~6 months now. Currently working on my first real project using the framework.

It has it’s ups and downs and the community is amazing. Unfortunately documentation is somewhat lacking and books on it are at this point severely outdated.

The learning curve is incredibly steep but once you know what you’re doing with it, it’s simply amazing.

With that said, I would really suggest you look into Drupal.

I use Drupal extensively.. my problem with Drupal is how big it is, just to run authentication + forms. Is it really the best solution out there? I figured there’d be some framework I could just implement a basic authentication "include" on each page, and some forms, and done. Not have to run the entire Drupal framework just to get those 2 functions..

I haven’t worked extensively with any framework, but trying to use Drupal for just the auth and form validation is like buying a car to use the lighter and glovebox.

Haha well put.

If that’s the case then man you don’t want a framework. Hand code it yourself or use some pre-made PHP classes.

Just worried if I hand code it i’ll miss something when it comes to security aspects (form inputs etc) since this will be finance related..

Will play around more though

I know what you mean, and this is part of why I am often reluctant to offer my development services for public-facing sites. I’m ultimately responsible (even if only to myself) if the site gets hacked, regardless of how I cover my ass with contracts. If you are serious about becoming a pro PHP developer, though, pick up some books on PHP security (just go to Amazon and search "php security&quot and read. You can also find out which open source PHP apps are considered "very secure" and do a code review. … This post has seriously fucked up formatting for some reason.

Brain just asploded.

Thanks for this, will break it down into a set of rules that i’ll keep in mind when building it..

Drupal is kind of bloated but with modules like boost it can still be fast as shit.. set up an install schema to roll out your basic needs that you’re talking about quickly, and then the beauty of drupal is it’s bat shit easy to expand on when all of those clients start asking for extra features down the road.

True. I had a quick look at install schemas once. I’ll revisit it. Is there a tool to create them yet or is still a matter of writing that big config/whatever file they used to talk about?

No I haven’t had the need to do one yet, so I can’t help, but at least there is a whole api structured around doing it so it shouldn’t be to complicated