3

I am currently working on a legacy PHP application. To give you an idea what the application is like:

  • The backend is about 14,000 LOC. The frontend is is about 3,000 LOC.
  • Each url is a php script, no use of classes.
  • Each of those php scripts has a smarty template associated with it.
  • It makes heavy use of PEAR form generation plugins.
  • Frontend is offered in two languages. This done by duplicating the php scripts + templates.
  • It does not follow many best practices, like escaping all sql parameters, redirecting on a post request, putting php scripts out of web root, XSS protection, CRSF protection.
  • The app has two main developers, I am working on it temporarily to help out.
  • The app is used by several client. Each of them might have a slightly altered version.

Let's say you had two weeks, what would you do to fix this application? Is there there any framework you would recommend that work particularly well with this type of app and which can be introduced gradually?

I was thinking maybe start by introducing ORM, to get rid of sql injection and improve the spaghetti code to construct sql queries.

EDIT 1:: Since people seem to dwell on the SCM issue a lot. I do use git to keep track my own local changes. I am only working on this application temporarily, so I am not really in the position to tell the other developers which tools to use. Also, that was not really the question.

EDIT 2: The reason that I was considering a framework was a) the other developer brought it up b) it would give the project a more rigid structure, so mistakes (like CSFR) are more easily avoided in the future.

Maarten
  • 4,549
  • 4
  • 31
  • 36

4 Answers4

4

You should rewrite in very tiny bits of code, don't try to refactor the whole application at once. Do it while you implement fixes or something anyway. Always leave the code with improvements.

This is especially true if the application works just fine. Most users won't understand why you need to break their application to improve the code quality when the bad code worked perfectly fine for them.

If you rewrite an application you always loose all legacy knowledge that has been implemented in the application like old bugfixes. Maybe there is a bug and it already had been identified in the past you would probably need to tackle that again.

I wouldn't focus on implementing a framework in the beginning btw. You should try to focus on object oriented programming and implementing a design pattern where applicable. Implement a framework when your code is already somewhat clear and structured.

bardiir
  • 14,556
  • 9
  • 41
  • 66
2

Let's say you had two weeks, what would you do to fix this application? (It's insecure and has spaghetti code.)

First of all get en ligne what needs fixes first.

You can't turn spaghetti code into modular one within two weeks if you haven't analyzed the application so far. Additionally to refactor the code you need to get it under test first which can be problematic with legacy code. There are books written about techniques for such, but not all apply well to legacy PHP applications (but have very useful information anyway if you haven't done maintenance for legacy applications so far).

So you probably want to move database related code into a module of it's own while taking care about SQL injections. If you choose an existing database layer for that you can specifically say by looking into the code which scripts have been ported and which not.

You already use a view component, I would stick with it for the moment as you really have a short time-frame only.

Pressing an existing framework onto your current code-base seems counter-productive to me. You are merely looking for lightweight, existing and tested components so that you can reduce the own-written application code by using third-party components.

there is no scm

From all what you've shared so far about the application, this is what needs a fix first. Put it under source control. Before that you don't need to discuss further.

I've given a more lengthy answer with this question: How to implement MVC style on my PHP/SQL/HTML/CSS code?.

Community
  • 1
  • 1
hakre
  • 193,403
  • 52
  • 435
  • 836
1

I would recommend Symfony PHP Framework. Two weeks seems too short to migrate your application, especially if you don't already have Symfony skills.

Zend Framework is also a very good PHP framework.

Jerome
  • 11
  • 1
1

Migrating/re-factoring this application part by part would cost too many man hours than rewriting it.

  1. If you rewrite, its better to rewrite from scratch. That is rewrite it from the requirement.
  2. When you rewrite maintain the old site. Use branching in your SCM. If there is no SCM, start using it from now and branch afterwords.
  3. If it runs flawlessly (after lots of tesing) then it worths rethinking about migrating.
Shiplu Mokaddim
  • 56,364
  • 17
  • 141
  • 187
  • 1. Not an option, don't want to risk breaking it for the clients. 2. Haha, there is no scm. – Maarten Jan 17 '12 at 09:29
  • Start using SCM. Then create branch. – Shiplu Mokaddim Jan 17 '12 at 09:30
  • 1
    @Maarten: If there is no SCM, then to put it under SCM is the first thing you need to do before changing a single byte of code. – hakre Jan 17 '12 at 09:31
  • I was going to suggest to the two main developers to make a github account, but I am not really in the position to tell them which tools to use. – Maarten Jan 17 '12 at 09:33
  • I am using a git repo myself to track my own changes. – Maarten Jan 17 '12 at 09:34
  • 1
    For every project with more than zero developers you will need scm or you will loose your code or at least a lot of time in the future! There is no discussion invloved in this, this is a MAJOR fact! I don't know of any project not using scm that has not lost some code. On the other hand i don't know of any project using scm that lost any code at all. – bardiir Jan 17 '12 at 09:58