Becoming a drupal master builder - Given at Drupal Camp London 2016
I've been building Drupal sites for a number of years and have a broad experience building Drupal sites with various levels of complexity. I often work with other agencies to build Drupal sites or to migrate existing sites and as a result I will often see some very common mistakes and errors that shouldn't be happening. Due to Drupal's popularity I also see Drupal sites in the wild and can clearly see the same mistakes going on there as well.
During this talk I'll show some basic site building tips as well as some more complex and technical strategies that will make your Drupal sites better and more maintainable. Rather than just show you what to do, I'll also be explaining why doing those things are important and how developers and their websites will benefit from them. Although I'll be mainly concentrating on Drupal 7, some of these techniques are also applicable to Drupal 8.
6. My Experience
● 10+ years in programming
● 8+ years in the web industry
● 6+ years building Drupal sites
● 4+ years as Technical Lead at Access
● Development, system design, database and server
administration, consulting, SEO, usability, training,
mentoring
7. Other People’s Projects
● Reviewing projects built internally
● Migrating existing Drupal sites
● Third party sites that we need to host and maintain
● Rescue jobs
8. The good thing about
PHP, is it’s really easy
to learn.
The bad thing about
PHP, is it’s really easy
to learn
Ben Dechrai
11. Drupal File Structure
● Custom/contrib for the modules directory
-- sites
---- all
------ modules
-------- contrib
-------- custom
● Easy to spot what the custom modules are
● Makes analysing custom code much easier
● Always use sites/default/files to store your
files, it will make life easier in the long run
12. Multi-site Setups
● Use DNS entries to auto-detect your file directory
sites/www.example.com/files
sites/www.example.com/modules
sites/www.example.com/settings.php
● Nice idea
● In practice it causes more problems than it solves
● This is used even when not needed
13. Themes
● Use the template.php file for theme overrides and
helper functions
● Do not use the template.php file to run database
commands
● Do not hardcode ID’s all over the place
● Use generic templates and stop template proliferation
● Drupal 8 forces you to stop using logic in your
templates and instead use preprocess hooks
14. Overly Specifying Specific Specifics
● More specific custom code means more stuff to break
if ($node->nid == 1234) {
}
● Node ID and Block ID specific templates
● Use of taxonomy term ID to control things
● If you have to use specifics then use configuration to
set these values
15. Drupal Module File Structure
● Lots of Drupal 7 hooks come with a file parameter
● Use it to move functionality into different files
● Namespace your module functions in Drupal 7
my_custom_module_some_function()
● Put all classes in their own files
● Use the X Autoload module to use PSR-4 in Drupal 7
● Drupal 8 Forces PSR-4! :)
http://www.jpstacey.info/blog/2015-06-22/architecting-drupal-7-module-multiple-files
16. Drupal Module Documentation
● Add documentation to your modules
● Write more than the basics in your info file
name = Tool Tips module
description = A module for tool tips
● Add a readme file and detail to the drupal.org module
page
● Also think about adding install and configure help
17. Drupal CHANGELOG.txt
● Don’t allow information leakage by including the
CHANGELOG.txt file in your Drupal install
● Restrict access via webserver configs
● Can also remove them from your codebase but the
Hacked! module will complain
● Alternatively, simply remove them as part of your
deployment process
18. Drupal Custom Code
● Don’t reinvent the wheel, use Drupal’s framework
● Use third party modules to provide functionality as
much as possible
● Use Drupal’s hooks to accomplish actions or change
existing functionality
20. Don’t Hack Core
● There are a million good reasons not to do this
● This includes contributed module and theme hacks
● Patching is ok as a last resort, BUT document your
changes!
● Do it the right way, learn about hooks, overrides and
child themes
https://www.drupal.org/best-practices/do-not-hack-core
21. Version Control
● Use version control
● Seriously, use it
● Git is good, so is Mercurial
● Commit often, use commit messages, describe your
changes
22. Version Control Branches
● Git branching is cheap
● Use git flow (or a variant)
● The master branch is a copy of the live site
● All work should be done on a development branch and
merged with master when ready for deployment
23. Version Control Etiquette
● Describe your work in commit messages
● Don’t add databases to your git repo
● Don’t include the user files directory in your git repo!
● settings.php file is debatable, just be careful of
adding usernames and passwords to your repos
● Use a local settings file
if (file_exists(__DIR__ . '/settings.local.php')) {
include __DIR__ . '/settings.local.php';
}
24. Use An IDE
● Syntax highlighting, code navigation, debugging,
autocomplete, auto formatting and more!
● Quickly spot unused variables
● Detect errors and problems before you commit the
code
25. Development Environment
● Try to replicate your production environment when
developing
● Stop silly errors creeping into the live site
● WAMP/MAMP solutions just don’t cut it
● Use Vagrant and a provisioning tool
● Vlad! :)
26. PHP Errors
● Syntax errors should never make it into production
● PHP Notices and Warnings are also NOT acceptable
in a production environment!
● Understand the internal Drupal error processing
(See _drupal_log_error() in Drupal 7)
● Don’t use @ to suppress warnings, it’s lazy and has
performance implications
● Use try {...} catch() {...} block to catch
exceptions
27. Coding Standards
● Pick a coding standard and stick to it
● Use the Code Sniffer tool, preferably with the Drupal
coding standards files
● Implement a continuous integration system to auto
check the code (e.g. Jenkins)
● Coder module (https://www.drupal.org/project/coder)
has everything you need
https://www.drupal.org/coding-standards
28. Cyclomatic Complexity
● The total number of paths of execution through a block
of code
if ($variable == TRUE) {
do_something();
}
else {
do_something_else();
}
● High numbers are bad (harder to read and maintain)
● Use PHPMD to inspect your own code and refactor
complexity
Cyclomatic Complexity = 2
29. Always code as if the
person who ends up
maintaining your code
is a violent psychopath
who knows where you
live.
John Woods
30. Drupal Tests
● Drupal has a test module bundled
● Drupal 7 uses Simpletest, Drupal 8 uses Simpletest
and PHPUnit
● Write tests!
● Test current functionality, re-run tests when refactoring
or adding new functionality
● Can take time to write tests, but it’s worth it in the long
run
32. Drupal Content Types
● Content type != template type
Press Release
News Article
Front Page News Article
● A mistake that many site builders make
● Create functional content types, use data to control
them
33. CSS/JavaScript Aggregation
● Turn it on!
● Reduce the size of your files and the number of files
downloaded
● Reduces server load and decreases page load speed
● Try it before you deploy live, some CSS/JavaScript
code can be broken by this
● Spot problems before they appear in live
environments
34. Fieldsets And Vertical Tabs
● 40+ fields on your content types makes a long edit
page
● Use vertical tabs and fieldsets to break the page up
● Field Group module has this functionality
● Try to avoid using “Unlimited” cardinality on fields
especially on file fields
● Think about how your users will edit pages
35. Permissions
● General rule is to restrict user permissions to the core
activities they will be doing
● Giving users too much access can be confusing,
especially for new Drupal users
● Also don’t allow lots of ‘superuser’ roles as it becomes
difficult to restrict access
36. PHP Filter
● The PHP Filter module is bad, never use it
● Execution of PHP is slow and uncachable
● Quickly creates an unmaintainable mess
● Lots of security implications
● Removed from Drupal 8 (with much fanfare!)
37. Running Cron
● Don't get your users to run cron, put it in crontab
● Use the Elysia Cron module to process cron tasks at
different times
● Can see a massive (90%+) reduction in the cron
footprint
https://www.drupal.org/project/elysia_cron
38. Updates
● Some modules use update hooks to run actions,
usually to add or update database tables
● It is essential that you run update.php when you
deploy an update to a module
● Using ‘drush updatedb’ also works well here
39. Uninstall Deactivated Modules
● Uninstalling modules is important as they leave behind
tables and data that isn’t used
● Turn off and uninstall modules before deleting them
41. Views, Views, Views
● Use Views to show lists of content
● Built into Drupal 8
● Don’t duplicate a View to display the same thing on
different pages
● Use contextual filters to alter the same View in
different contexts
● Remember to add pagination and limits
42. Pathauto
● Seeing node/123 on production websites makes me
cringe
● Use Pathauto to create pretty paths from node data
● Creates SEO friendly paths
https://www.drupal.org/project/pathauto
43. Context
● React to certain page level conditions
- Paths
- Views
- Content Types
- Menu Items
- Taxonomy Terms
● Much better and more controlled block placement in
Drupal 7
● Fully exportable so placement can be kept in config
https://www.drupal.org/project/context
44. Advanced Aggregation
● Compress your CSS and JS even more
● GZips your code for smaller size when transporting
https://www.drupal.org/project/advagg
45. UI Modules
● Many modules come with a user interface (UI) sub
module that wrap the administration interface
- Views UI
- Context UI
- Rules UI
- Display Suite UI
etc...
● Turn them off in production
46. Devel
● Really powerful module
● Makes development easy in Drupal
● Awesome sub modules like Devel Generate and Devel
Node Access
● Who doesn’t love Devel?
● Don’t, don’t, DON’T leave it running it production!
● Also, DON’T commit dpm() into your code!
47. Stage File Proxy
● Really good module for using uploaded files on a dev
platform without having to download the user files
directory from production
● No need deploy to production
https://www.drupal.org/project/stage_file_proxy
48. Features
● Features allows modules to be made that create
Content Types, Fields, Views, Contexts, Rules, and
many more types of configuration
● Allows you to see when things have changed and
allows easy deployment of new functionality
● Try to add as much configuration into code as possible
● Group like items together
https://www.drupal.org/project/features
51. Cisco Internet Of Everything
● Runs Drupal 7.24 (as seen
from CHANGELOG.txt)
● Vulnerable to SA-CORE-
2014-005?
52. belgium.be
● Lots of stuff done right
● CSS and JavaScript
aggregation turned off
53. Greater Than Games
● Runs Drupal 7.41, as seen in
CHANGELOG.txt
● Multi-site setup
54. Elite Dangerous Community Site
● CSS/JavaScript aggregation
is turned off
● Some use of Path Auto so
URL’s like ‘node/123’ are
common
● Multi-site setup
● Hacked the Bootstrap theme
to make a sub-theme
● Call me! :)
56. Top Tips
● Have a go live plan
● Think about the experience of all of your users
● Don’t overcomplicate simple functionality
● Don’t use specific templates, generalise
● Think about the long term life of the site
● Learn the system (i.e. Drupal)
Editor's Notes
Who am I to tell you what to be doing with your Drupal sites?
This is a talk born from frustration
frustration of sites being so broken that they just need throwing away and starting again
frustration of drupal being hacked to make it work like an amature
So what is the problem?
Stems from the ability of people to build Drupal sites with little or no knowledge.
Drupal is a tool like any other, and there is a right way and a wrong way.
In the PHP world there is this saying...
Drupal is a great tool, it’s quite easy to get up and running quickly
But it’s really easy to build a Drupal site that is an unmaintainable mess
Drupal: The Right Way?
Main problem is when doing updates.
Split the module from one site into another, which site is running what module.
Think of MVC, but in this case it’s Entity, Theme, Menu hook?
Model is the Entity
View is the Theme
Controller is the menu_hook
Drupal 8 and Twig
what happens when things change?
what happens when you move from dev to production, will be IDs be the same?
file parameter is in menu, theme, as the most notable examples, and a few other things
It’s not just about how Drupal it put together, but also about the file structure within a module
often come across custom modules that have no explanation of what they are doing, even in comments in the code
don’t rely on the code being the documentation
understand how Drupal is put together and understand how it can be overridden
seen examples of:
- random scripts being placed next to drupal that aren’t in modules or things like that
- the book module being rebuilt
- cache modules being created from scratch
- Solr modules being built from scratch
- API integration modules being rebuilt from scratch
“re-invent the wheel, often” but own your own time!
Some tips on getting the most out of your coding
I still see this quite a lot
commit messages must be present
should also contain an indication of what changed and why it was changed
git flow is also a good mechanism to control git branching
settings.php file can be used to store certain module configuration options so it can be added to the repo
in which case the local override block should be added
this local settings technique is part of Drupal 8 core now
notepad isn’t enough
notepad++ is better, still not enough in my opinion
Notable examples are Netbeans, Eclipse or PHPStorm
Might be regarded as bloat-ware by some, but code navigation, debugging and autocomplete are essential for my sanity
Linux vs Windows for development and production
versions of software might cause problems, so installing the same version of X on both systems helps iron out issues in the future
also think about PHP settings and real world data, will your site be able to cope?
don’t forget about the error logs in Drupal
make sure to set the error message printing to an appropriate level
mainly simple things like:
- the number of spaces in code
-
Cyclomatic complexity is a good heuristic of the complexity of the code
this figure can be set
anything above 10 is going to be hard to figure out!
PHPMD will also point out where potential code problems might occurr
unused variables in code
variable names being too long or too short
excessive function lengths
Think about the next person who will look at the code.
when writing complex code there is something you should understand...
this also applies to yourself
modules like display suite provide a nice approach to templates
An example of a complex node would be
An Event
A gallery
A news item with multiple control fields (e.g. for permissions)
However, a few things to watch out for
Don’t include 50+ images into a single node
If you have to edit the php.ini to use 200MB+ uploads then you are doing it wrong
drupal has poor logging built in, so seeing who altered some item of content can be hard
avoid audit knightmare by restricting your users
what happens when you have a View with some PHP filter stuff in it?
Or a Node with some PHP filter code as the content?
Where is the code being executed from?
what about hooks?
the graph shows the time taken to execute the cron before and after
this can often lead to problems where a module expects certain parameters/ fields or whatever to be in place, which aren’t, errors are caused as a result
Don’t add a new View for every page that it should appear on
creates an administration headache
Remember about Views caching, but be fully aware of what it does
cached for everybody means that content generated by one user will be seen by all users so if you have any user specific stuff it will be seen by all users
Views is powerful, but remember that there is a right and a wrong way to override views. the wrong way can easily cause errors and security holes
and lots more!
further reduces the footprint of your site
saves CPU cycles
It slows down your sites with:
- profiling code
- inspection code
At Access we automatically detect for the presence of dpm() calls and fail the build if any are found
for example, with a new feature you would have
the content type
extra fields
vocabularies
views
this isn’t about pointing out problems with other sites, it’s about being easily able to see problems just from inspecting the front end code
i’ll show that the problems i have gone over here can be easily seen in live sites
i’m not making this stuff up!
In reality, most of the big Drupal sites do a lot of stuff right and finding sites that are really broken is often rare
misses out the latest securty patches
I want to go on record by saying that I freaking love Elite dangerous
this site is fucking atrocious!
I dread to think what is going on inside
i wonder if the code is as bad?
if anyone knows who is in charge then get them to give me a ring