Timani I

With CiviCRM being such a light, flexible and powerful alternative to use, and as an Open Source utility it makes it even better. Occasionally you will need to include functions, and extend the API.

There is a Wiki that is pretty well documented, but even i will admit it will take some getting into, but once you are going then you can do a lot, and i mean a LOT.

Granted that not everyone uses Drupal, or Joomla, and if you are using a

framework like Codeigniter, CakePHP, Symfony, Plone or even another CMS like

WordPress you may want to actually get information related to CiviCRM. To get this done it is a pretty straightforward 3 step process if you have everything install correctly.

First you will need to include the following files:

1. civicrm.settings.php
   1. This is usually in the root of your CiviCRM install. So for Drupal: $drupal_root/sites/all/modules/civicrm/civicrm.settings.php
2. $civicrm_root/CRM/Core/Config.php
   1. For Drupal based installs: $drupal_root/sites/all/modules/civicrm/CRM/Core/Config.php
3. include specific php files within the api directory

Once you have located your files above you can then include them in your file to bootstrap Civi. After this is done you will then have access to the global $civicrm_root from within your application.

Here is an example of what a bootstrap file may look like:

// Set the Drupal Root path
$drupal_root = '/home/httpdocs/foo';

// Set the Civicrm settings file path
$civicrm_settings_path = $drupal_root . '/sites/all/modules/civicrm/civicrm.settings.php';

//Include the CiviCRM settings files
require_once $civicrm_settings_path;

//Initialize the CRM
civicrm_initialize( );
<pre>// Include the Config file
require_once $drupal_root. '/CRM/Core/Config.php';

$config =& CRM_Core_Config::singleton( );

// Include any Modules that you may want to extend
require_once $drupal_root.'/api/v2/Contribute.php';

// Finally API call time
$contribution = civicrm_contribution_get();// now make API call // do whatever you want with your contribution
</pre>

Now you can have the CRM running and integrated with virtually any external PHP framework or simple standalone script.
This is great if you have an existing CMS or framework, so rather than a rebuild you can simply extend CiviCRM and get it
to do everything you need.

I think i may actually be interested in a WordPress plugin to try and get some smoother integration. With WordPress 3.0 Beta out it may not be a bad idea.

Working on a site that needed to get some pretty detailed membership information as well as some payment processing the natural solution seemed like the Drupal based CiviCRM .  However, there was one problem and that was the CMS they had managing the rest of the site was actually in Worpdress, so i would need to bootstrap Drupal.

Ideally if there was a CRM plugin with payment processing and some of the advanced features of CiviCRM then this would have been the natural choice. But seeing as none existed CiviCRM was the choice.

As a result we would also want to use some of the Drupal classes, methods, and functions so we needed to bootstrap Drupal outside of the Drupal root.

For example the site http://foo.com is the site root, and the Drupal root is http://foo.com/drupal. If the site needed to have a registration form for a page within their current path where the events are located, the ideal method would be to simply call the hook for the Drupal form from http://foo.com/events/party/event-1.

To do this you need to bootsrap the Drupal files like this

$drupal_directory = "/home/httpdocs/drupal";  // wherever Drupal is

$current_directory = getcwd();

chdir($drupal_directory);

require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

$sql = "SELECT node.title, node.type, node.nid FROM {node} WHERE node.type = '$node_type' ";
$output .= "";
$result = db_query($sql);
 while ($anode = db_fetch_object($result)) {
 $output .= l($anode->title, "node/$anode->nid")."<br />";
}

print $output;
// --------------------------------------
// ...
// ...
chdir($current_dir);
return;
 

There was one other way to do this and you can find how it was done here:

$_SERVER['SCRIPT_NAME'] = '/script.php';
$_SERVER['SCRIPT_FILENAME'] = '/script.php';
$_SERVER['HTTP_HOST'] = 'mysite.example.com';
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['REQUEST_METHOD'] = 'POST';

chdir('/path/to/drupal/');
require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);

TheAnd there you have it, now you have full access to methods like: db_query(), db_fetch_object() and l() from outside of the Drupal root. Be sure to check out this post on the Drupal forum on how to bootstrap or include Drupal functions outside of the actual path.

I am sure everyone has had a time when using drupal that you have had to create a page and needed to alter the output that may be given by a Drupal module. A lot of the time this leads to much frustration cursing and in the end some sort of core hacking or something of that nature as well as cursing and hours of confusion.

Introduction

I think that is one of the subtle failures by drupal is getting all the power it has harnessed and being able to easily access resources on certain topics. Yet once you manage to get into the details it can be pretty sweet.

In this case there is a bit that needs to be understood about themeable functions, and for that be sure to look here for the basics of theming and what it entails. This is more a practical example.

So the first thing that you will need to do is find out what functions are themeable and what the default formatting of these functions is so that you can get both the default layout and the parameters each function may take. So to do this check out the Drupal API for a full list of the built in themeable functions. If you ever have time it is advisable to sit down and take a look at the functions here, some will definitely offer a better understanding of the functionality of the CMS but also give you many flexible tools to work with in module and theme design.

In this case we are going to have custom breadcrumbs. So we need to know what the function is so that we can overide it, and in our case it is the theme_stylesheet_import function which you can find here. Once you have taken a peek at the notes you can go ahead and fire up you favorite ide and navigate to your current active theme on the web server. So for example, if your current theme is called “Garland” and the theme folder is named millions then the path you would find the template.php file is site_root/themes/garland/template.php. Once we have this open you will be able to see the default functions and overrides for the current theme, garland one of drupal 6′s default themes is a very good example for this.

Code

Once we the active template.php is open scroll down to the bottom of the page and prepare to paste in the function from theme_stylesheet_import from Drupal into you file. Now you have the base in which to work off of, so the next step is to rename the function that you have just added to something drupal will be able to interpret.

At this point you will likely need to have a better understanding of templating systems, and the available templating systems in drupal and you can find this piece of good reading here . So to save you from the reading the current default in drupal is PHPTemplate. Now why does this matter? Well if we are going to override the themeable function we should prefix this with the current template engine name, in our case the function theme_stylesheet_import would be name phptemplate_stylesheet_import in out template.php file.

function phptemplate_stylesheet_import($stylesheet, $media = 'all') {
if (strpos($stylesheet, 'misc/drupal.css') !== 0) {
$stylesheet = str_replace('misc/drupal.css', 'misc/mysite.css', $stylesheet);
}

}

Now to be sure that this works it is best to clear the drupal cache, it has happened before where you make changes to a theme file but they are not readily available when you go back to the browser and refresh. This is likely because you have caching turned on or you need to clear the cache. One way to do that is to uninstall and reinstall the theme. This is because each time that you install a theme in drupal it will go back and clear the cache and start to rebuild for the theme as if it was installed for the first time. To do this login to the admin and go to admin/build/themes, uncheck the theme and select another as default and save, when the page reloads, you can set check your old theme as default and there we go. Now when you go ahead and load your site you will see that the drupal.css file is no longer loaded.

Conclusion

Well that is great but what is this good for other than that. Well perhaps you have a site where you need to load different stylesheets for each section of your site for some reason or don’t want people to be able to detect you are on drupal. one way would be to modify the phptemplate_stylesheet_import function that we just wrote and replace the drupal.css with a file of our own like this:

function phptemplate_stylesheet_import($stylesheet, $media = 'all') {
if (strpos($stylesheet, 'misc/drupal.css') !== 0) {
$stylesheet = str_replace('misc/drupal.css', 'sites/themes/divninja/ninja.css', $stylesheet);
}
if (strpos($stylesheet, 'misc/drupal.css') === 0) {
return theme_stylesheet_import($stylesheet, $media);
}
}

Further Reading

1. Overriding themable output
2. Remember Always practice safe coding, never hack the core

Related articles by Zemanta

• Web Content Management Systems From A Designer’s Perspective (Drupal Technical Stuff) (slideshare.net)
• Interview With Drupal Founder Dries Buytaert (centernetworks.com)
• Why Drupal is a great social media platform (in layman’s terms) (freshnetworks.com)
• Hosted Drupal CMS planned for midyear (infoworld.com)

When we were planning on setting up our project management solution we wanted to get something that would meet a number of criteria that we had.

(more…)

The other day we were talking over a coffee about site security and was it really wise to trust plugins and without a second inspection, or a look at the code.

Now i am sure that many of us have gone and installed a plugin or two without actually looking at the code, but does it really mean we are at risk? I think the undeniable answer is yes, and this is for the very reason of the widespread, and almost unrestricted release of themes and plugins for WordPress. The allure of “free” themes and plugins often leaves the casual blogger or website developer at risk for being exposed by these various sites that offer “free themes”.

Background

I think the even though it is slightly dated many of the points in the post remain valid:

Do not download WordPress themes distributed by 3rd party sites – 5thirtyone.com

Even though the article is dated 2007 it still contains very valid points. I have worked in theme development many years for WordPress and when themes do not need any sort of encryption or otherwise to be functional.

A lot of the times this is the method that those who are trying to get access to your private data may choose to go.

There are a number or reasons why this method is pretty prevelent

1. The code is often an encrypted string of data so filters for spam and malware may not immediately be able to detect them.
2. The encoded strings are harder to trace than plain-text because a file-search or grep may not be able to parse the encoded script.
3. To the unknowing eye an eval() of an encrypted script may seem no more harmful than any other PHP snippet in the code.

Scenario

This actually became an issue on a discussion on linkedIn where someone there was having a problem installing a theme. At first inspection he was getting this error:

Parse error: syntax error, unexpected ‘{‘ in /www/webroot/foo/wp-content/themes/Wood3/functions.php on line 149

Which is usually symptomatic of a couple of things:

1. The theme author may have accidently added in an extra brace when the theme was released.
2. The user had taken to the code and maybe deleted a line or added in.

Seeing as the theme was released i decided to go and download it and take a look and i opened the coded and perused to line 149 and found something slightly disturbing, here is a snippet.

eval(str_rot13('shapgvba purpx_sbbgre().....

I am not sure what it does in once evaluated and i shall not be trying to find out. I think it is good it broke before it executed because it could have done a number of malicious things, especially if it had been installed in production environment.

For example if you had an e-commerce site and you stored Credit card information on your server for some reason, it would be easy to grab any and all data.

Conclusion

I am sure there will be those that say this is true of any theme, but i usually look at the code of mine before installing. Perhaps it should be a more common practice, or for those who are not as well versed avoid less reputable sites for themes and plugins.

I think one of the easiest ways is to see what the various aspects of the themes are, such as links in the footer, or if you can take a look at the source code for anything that may seem suspicious.