More Fun With Expression Engine

Calendar May 20, 2004 | Posted by Aubrey Turner

One of the interesting features of Expression Engine that I’ve been playing around with is the ability to define custom field groups and then create weblogs that use those groups.  This means that you can define any set of fields you want and then define a set of pages that display those fields.

For a while I’ve been toying around with changing the way my guns page is organized behind the scenes.  Right now it’s a bunch of kludged up PHP scripts, with the guns defined in a global hash array.  It’s a bit of a pain to manage and requires a number of manual updates when I add or change something.  Here’s an example of what the hash array entry looks like for one gun:


$guns = array(
      “kimber” => array(
                “maker” => “Kimber”,
                “makerurl” => “http://www.kimberamerica.com/”,
                “model” => “Ultra CDP II”,
                “modelurl” => “http://www.kimberamerica.com/CDP_Series.htm”,
                “caliber” => “.45 ACP”,
                “length” => “3 inches”,
                “weight” => “25 oz (unloaded)”,
                “capacity” => “6+1 (with factory magazine)”,
                “notes” => ” ... notes text ...”,
                “pictures” => array ( “pics/thumb/kimber_left_th.jpg” => “pics/kimber_left.jpg”,
                              “pics/thumb/kimber_right_th.jpg” => “pics/kimber_right.jpg”,
                              “pics/thumb/kimber2_left_th.jpg” => “pics/kimber2_left.jpg”,
                              “pics/thumb/kimber2_right_th.jpg” => “pics/kimber2_right.jpg”)
                ),
...

With Expression Engine I was able to define a set of custom fields and a set of templates to display the index page as well as an individual gun entry.  Using that, entering a new gun (or changing an existing one) is as simple as editing a weblog entry.  Here’s an example of the entry screen:

Here’s a shot of the index page:

And here’s an individual gun entry:

What’s interesting is that I spent at most a couple of hours arriving at this point. 

Although I’m convinced of the power of the tool, I still have some reservations before putting down $99 to purchase it.  Due to security concerns my hosting company prefers that PHP apps run as CGI processes.  They do allow PHP as an Apache module, but they have a number of restrictions on what PHP can do in that environment, since Apache is running as a system process, rather than under a specific user id.  This means that it is possible for User A’s PHP code to access data in User B’s directory in some cases (in fact, the installation instructions for Expression Engine require you to open up several of your files/directories to all users on the system; i.e. chmod to 666 or 777).  My main concern with Expression Engine is the developers’ attitudes to CGI and their dismissiveness of the security concerns.  That may be the deal killer for me.  CGI is not the hideous monster they make it out to be, nor is forking/exec’ing an external process the end of the world, at least for low-to-moderate volume sites.  If they want to continue to increase their user base, they’d be well advised to take the security concerns seriously and make their app work well with CGI (in their favor I should note that they do provide instructions on common problems encountered with getting it to work under the CGI execution model).

Still, the feature set the tool provides makes it tempting, especially with the competitive upgrade offer.  I’ve still got a week and four days to decide, so I will continue to play with it before making a decision.

Category Categories: Technology

4 Comments

  1. Aubrey Turner says:
    May 28, 2004 at 10:57 am

    Test comment one.

  2. Aubrey Turner says:
    May 28, 2004 at 10:59 am

    Test comment two.