MixedContent

A few rainy weekends ago, I had the urge to roll up my sleeves and build something. Every web application I’ve built in the last few years has been built on Drupal, and I wanted to see (remind myself) what it would be like to develop an application from scratch (where “scratch” = a random collection of open source components combined with bits from Drupal). I also had given myself the timeframe of a weekend, so building “Basecamp right” was out. I wanted a simple coding project.

Since I’m extremely childish, immature, and a fan of the practical joke, I decided to build a web app that let you send an email to someone, but make it appear as if it comes from someone else. I decided to call it Prankmail. Frivolous, slightly dangerous, and perfect for a rainy weekend indoors.

Skipping to the good part, you can check it out at:
http://prankmail.org

And if you would like to read about how I built it, and how the
“build from scratch” process compares to building a Drupal site, continue on:

Before I really started with application specific code, I wanted to grab a few Open Source pieces and get a simple and efficient framework to build on (We’re not using Drupal, after all).

I wanted to have clean URL’s (none of that goofy query string nonsense) so I took a look at how Drupal uses MOD_REWRITE and .htaccess files and cobbled together a simple solution. I’ve also been looking at the new Zend framework, and I like the way it maps URL’s to controllers. I am also a fan of Drupal menu system, so I hacked up the arg() function from Drupal, and made it route URL’s to controllers. I like Ruby’s “convention over configuration” and so by default, I set it up so a URL of ‘/message/123′ gets passed to a function ‘controller_message’ with an arg of ‘123′, if that function exists.

I really like Drupal’s very light weight DB abstraction layer, and so I grabbed that as well (mostly because the syntax is so natural to me at this point), and stuck it in my web app.

For templating, I decided to give Smarty one last try. Every time I struggled with the syntax, or found myself fighting along, I could hear Rasmus saying “PHP *is* a templating language, stupid!” Next time, I think I will just stick with a ‘pure’ PHP templating solution.

Setting up this simple framework let me write the rest of the application with speed and ease. Included libraries aside, the actual application itself is quite small.

For help on the UI, I used JQuery and specifically thickbox. I also found the visual JQuery site to be a great resource when I got tripped up on syntax. JQuery is truly fun to code with, and it’s a great feeling to have so much control over the DOM, with such simple and beautiful syntax.

I mean, how is the following snippet not poetry in it’s simplicity:
//add a token to the form that we will check to
//make sure the form processor only looks at forms
//submitted from this page...
$.get("/token",function(txt){
$("#mailform").append('
‘);
});

The above snippet leads into how I was concerned with spammers and bots submitting mail, so I borrowed a technique from Jack Born and used JQuery to append a token (MD5′d salt + timestamp) to the submission forms DOM, and at the same time inserting the same token into the Session. When the form is submitted, I check to make sure that the timestamp is “fresh” (within 20 minutes), and that the two tokens match. This should prevent, or at least make it more difficult for a bot to make a post directly to my form processor (and I don’t have to use a silly CAPTCHA).

So how did the whole process work, compared to using my usual framework of choice, Drupal?

Setting up the whole framework from scratch was definitely the fun part. I really enjoyed having a chance to “do things my way”, rather then hunt through documentation or lines of code in search of an answer. I think many people code because it feels good to build something, and while Drupal gives you many things “for free”, it was very enjoyable and satisfying to dive in and do it myself.

When it got to the point of adding comments and RSS feeds to the site, I have to admit that it was proving to get a bit tedious, and it would have been nice just to “turn comments on”, in Drupal. But all that being said, the whole exercise reminds me that there are many ways to get a job done. Drupal is a fantastic tool for a specific set of problems, but it’s just that.

Moral of the story is?

There are no silver bullets, and building silly websites is easy and fun.

Now go send some mail!