Mar 19 2008
Mar 19

There is a lot of functionality crammed into Drupal. This can be a good and bad thing.  One of the key benefits is that its components are well maintained. You have hundreds of smart people looking at the code every day and thinking of better and smarter ways of implementing the functionality. One of the drawbacks, however, is that it has a long release cycle, dependent on when a new version of Drupal is released. This means that if there are any new features put into that module or theme, it has to wait a year before it gets out to the general public in a new Drupal release.

The following is a list of issues created to strip some of that functionality out of core:

Remove Poll Module The poll module is a very simple module and there are better implementations of it in the Drupal contributions repository (Voting API). Remove Blog Module The Blog module provides a simple way of giving users their own blog and this could be better achieved with a better design if the Views API goes into Drupal core. Remove parts of Blog module from Blog API In the Blog API module, you notice that it implements parts of the blog module.  This is pretty bad design, and should be removed completely. Remove Access Rules The access rules implements some pretty complex access control on a user/ip basis. Although it's a great feature, the way it's implemented requires a call to a function that is the slowest query on Moving this to a seperate contributed module would allow some more added functionality to the access control, as well as improve Drupal usability. Remove Ping Module The Ping module is quite a useless module, and there are better implementations of it in the Drupal contributions repository (Multiping). Remove Comment Control The commenting control within Drupal is very complex and doesn't really help with usability. It would be a better idea to open up the API, and allow hooks to allow external modules and the theming layer to implement the controls. Remove Blog It from Aggregator There is a little button that appears beside feed items named "Blog It", which allows users to stick it on their own blog on the same site.  There are millions of reasons why this shouldn't live in Drupal core, so it will be good to see it go.

This is just the beginning of stripping Drupal to a really small, slick, and fast framework.  There are a lot more issues out there, and a lot more things that we could/should take out of Drupal core, so get involved and give your thoughts!

Mar 19 2008
Mar 19

Hooray, we're about 2 weeks away from DrupalCampNYC 4.

I sorta had a good time at DrupalCon 2008. If it weren't for the overpriced convention center, marketing sermons slyly disguised as sessions, stale presentations that I've seen a few times now, and inflated attendant pricing, I would say it was awesome. I don't think I'll be attending another DrupalCon unless it's an excuse to expense a trip to Europe.

Now, I have DrupalCampNYC to look forward to. A place exclusive of the dearth of marketing. A place where I can sit down with other developers , users, and ne'er do wells, share my experience and ideas, and learn from theirs. Best of all... It's free... Free of costing you money, and free of marketing.

So what does that mean...

1) everyone can attend including the folk working for underfunded causes, the brilliant students with great ideas, the total noobs. In other words the community, not just the Drupal professionals.

2) The sessions you want may not be right on, but they will be informative and informal allowing for more direct participant interaction with the presenters. I know this setting is better for my informational needs. You won't have marketing centric sessions like adobe folks evangelizing flex, telling you how it does browser interaction(history + deep linking) without JS. (adobe just bundled the js in flex, js is still required, you aren't free of it, you just get adobe's sanctioned version of everyone else's hacks.)

3) You won't see a logo or brand on everything you look at... If you're a New Yorker like me, you become sensitive to this bombardment at some point, and enjoy escaping it. Business still happens, but between the people involved in it.

Mar 19 2008
Mar 19

Here's a small one-line usability fix for all module developers that I think will be a huge help to users.

In the early stages of a project, I'm often playing around with quite a few new modules: testing them, seeing if they meet my requirements, installing and uninstalling. After downloading a module, the sequence of steps is always the same:

  1. copy to /sites/all/modules
  2. enable at /admin/build/modules
  3. configure all exposed settings
  4. use!

However, sometimes just finding the settings page takes the longest time out of all those steps. Is it in User Management? Content Management? Logs? Who knows!

I'm going to use the example of the Bio module; not picking on the Lullabot team or Bio module maintainers, this one just happened to be the first example I thought of. :)

Bio's settings page is difficult to find, as it's not in "Site configuration" but rather in "User management". It also hides itself quite nicely using the title "User biographies" instead of "Bio settings", as one would expect. The readme.txt file doesn't mention how to find the settings page at all.

So what I had to do in this case, after becoming frustrated with searching for the settings in the menu, was pull up the source code and check out hook_menu() to see exactly where I should go.

And here's my suggestion: we're all used to seeing the "installation successful" messages (and looking out for php errors on install of course). For example, the Bio module has these:


What if this message held the link for the settings page? Then it's just one click away, instead of a potential 2 minute search to find it.


This is just one line of code in the bio_install() function:

drupal_set_message(t('You can edit Bio settings at ') . l('admin/user/bio','admin/user/bio'));

Seems like a small change, but if every module did this, it would collectively save me hours in the module evaluation stages of a project, because I find that plenty of modules seem to hide their settings and not explicitly detail them in readme.txt, requiring me to either hunt them down or open the source.

Since I talked about the Bio module, I've provided a patch in the issue queue. Hate to be a complainer that does nothing about it... :)

Mar 18 2008
Mar 18

If you're using the Devel module while developing with Drupal, you may have enabled the "Switch users" block which is great for troubleshooting and configuring permissions.

However, if you accidentally use it while your site is in maintenance mode (offline), then you may notice a problem: it won't let you back to the path "/user" to log in again!

The solution is to use phpMyAdmin or your database manager of choice to empty the sessions table. Then you'll be able to access /user without being redirected.

Mar 18 2008
Mar 18

I've been running my political/editorial web site Prometheus 6 on Drupal since around version 4.2. Every module I've developed was for use on Prometheus 6 or some other experiment I was running.

Currently it's running on version 5.x and I was actually pretty satisfied with it. Had no real intention of upgrading to 6.x. But I was contacted by Sony BMG to write some interface code for They wanted to use SimpleXML rather than the DOM, and some other music-specific stuff. That had me hanging around the Drupal API site, which showed me all the 6.x stuff, and well, here I am.

The joint is still naked...a bare-bones install. That will change as I start porting and writing and such.

Usually when I upgrade modules (all of them except Amazon Associate Tools go back to version 4.2) I start with the simplest ones and work my way up to AAT. This time, with the boost I got from the Sony job, I decided to start with AAT. At this point, things are looking a lot simpler...I'd MUCH rather explain the SimpleXML based code. Other than Drupal-specific node implementation stuff, most of the code is in five functions:

Search and lookups
function amazon_item_lookup($asin, $params = array())
function amazon_item_search($search_value, $search_index = 'Books', $search_field = 'Keywords', $params = array())

function _amazon_xml_to_array($xmlelement, $prefix = '')
function _amazon_editorialreviews_to_array($editorialreviews)function amazon_xml_to_array($amazonxml)

The _amazon_xml_to_array() function is a mutation of a more general function I use to parse the SimpleXML data into an equivalent nested array. People are more comfortable with arrays. Also said parsing lets me sort any unrecognized data into an array called extendeddata, the point being I can change the data being retrieved (say, add the Tracks response group when searching for music) and I know where it will land for theming purposes.

I know Eaton is working an Amazon project for Drupal 6.x. This is going in a different direction though. I don't run the kind of site where random clicks will make you money, so I'll be looking into shopping carts and setup profiles.

I suppose if I do all this work, I'll wind up upgrading Prometheus 6, which means I need to upgrade the other modules too. Fortunately I like this sort of thing.

Mar 17 2008
Mar 17

I'm doing some testing of an upgrade for a site from Drupal 4.7.x to 5.x. As part of the major version upgrades in Drupal, you're supposed to disable all the modules you have installed. Since I got tired of unchecking boxes, I used the Greasemonkey addon for Firefox 2 to do it for me.

Once the addon is installed, right click on the monkey face in your status bar and make a new user script.

name: Uncheck Boxes
namespace: uncheck_boxes
description: Unchecks all checkboxes that are enabled by default
include: http://yourtestlocation/admin/modules

When you hit ok, your default text editor will ask you for script content.

// ==UserScript==
// @name           Uncheck Boxes
// @namespace      uncheck_boxes
// @description    Unchecks all checkboxes enabled by default
// @include        http://davidnorman.local/test25/admin/modules
// ==/UserScript==

var chkboxes=document.getElementsByTagName('input')
for (var i=0; i < chkboxes.length; i++) {
  if (chkboxes[i].type=="checkbox") {

That's it! Reload your modules page and all the checkboxes should be unchecked by default. When you're done disabling, you can right click the monkey face and uncheck your Uncheck Boxes script, disable Greasemonkey, or leave it available for other sites you want to uncheck by default.

Mar 17 2008
Mar 17

Thought I would test out Jing to create my first screencast. The star of my show is, of course, Drupal and the helper is Komodo. Alright, it's more about Komodo but it's a trick to view variables available for theming for a Drupal page. I find this to be very useful!

Mar 16 2008
Mar 16

The number of available Drupal modules is continuing to grow dramatically. Like a lot of other Drupal users, I spend a good deal of time downloading new modules and trying them out to see what they do. Unfortunately, not all contrib modules work as advertised. I may spend several hours working with a new module before realizing there's some small issue with it that prevents it from solving my problem.

Similarly, there are often modules out there that solve problems I didn't even know I had, but I'm simply not aware they exist.

What I want is a resource that leverages the experience of thousands of Drupal administrators. I want to know that I shouldn't even bother with a module because it's too buggy. I want to know what modules other users find useful in specific areas (such as multimedia, file handling, cache issues, etc.).

Other large OSS communities often solve this need for a shared knowledge base by providing user reviews. Mozilla, Thunderbird, Joomla and other modular systems provide user reviews and ratings. It is time that the Drupal community have one too.

When I first started using drupal about three years ago, it was not all that difficult to simply be aware of most modules and how effective they were because there just weren't that many. Now there are multiple new modules released on a daily basis, and I just can't keep up anymore.

Why do we, the Drupal community, not have a shared review/rating system? It's certainly not due to lack of demand. A search for "module ratings" on reveals a great deal of interest in this functionality.

As far as I can tell, the primary reason for not having a rating system for modules is fear. Module developers in particular are concerned with the fairness of ratings. They are concerned with "gaming" of ratings. They are concerned that inexperienced or "dumb" end users may unfairly give a bad review of a module simply because they don't understand how to use it. These are all reasonable concerns. But they are concerns shared by other OSS projects as well. Sure you will see "bad" reviews, giving a module the lowest possible rating along with some inane review such as "tis modules sukcs BEWARES" :) But who cares, it's just noise that will be drowned out by valid reviews. It works for other OSS projects, and it can work for Drupal.

John Forsythe
has released what I believe is the first site dedicated to rating and reviewing Drupal modules No doubt this site will be a source of controversy as developers voice their concerns. But we need this resource now.

I encourage my entire audience (hi, mom!) to register at and to submit reviews for both your favorite and most hated Drupal contributions. This is a great way for non-techies to contribute to the community. The site is young, and there is naturally a shortage of ratings on the site now, but that will change as the site brings on more users.

Maybe this database will eventually make its way to For now we can show our support for this type of system by helping build out the database at

Mar 16 2008
Mar 16

Everyday I search for modules to see if there are any new ones added and to see if I missed any on the last search. One thing that has troubled me a little is how to add images to posts on Drupal 6. In Drupal 5 it was easy, just add CCK and Image Field and you were sorted but in Drupal 6 these modules haven't yet been released. I haven't really had a good look for an alternative but when I noticed Img package I found what I hadn't been looking for, if you understand.

Read the full post on Millwood Online

Mar 13 2008
Mar 13

[ begin rant ]
A few days ago I posted to the planet about an initiative underway to help get testing in place for core and I must say I am not entirely impressed by the response from the community. Take that with a grain of salt though because, naturally, the Drupal Community Rocks.

Here's the synopsis:
A) There is an organization of volunteers in place poised and ready to write the simpletests we need.
B) The only reason, that I see, they are not doing this is lack of feedback from the Drupal community.

All that you have to do is edit the wiki page at ... it's only 4 core modules we are all familiar with ... a few moments of your time. We've even taken the liberty of contributing the first set of scenarios that need testing as an example. Take a look at it ... even adding one line will help Drupal. I won't even start bugging you about contributing to the testing initiative regularly ... at least not yet.

What are you waiting for? Drupal needs you.
[ end rant ]

Mar 12 2008
Mar 12

Well here is how the story goes...

Read the full post on Millwood Online

Mar 12 2008
Mar 12

Here’s a pretty basic css technique I’ve noticed myself using a lot of lately (not at all my own invention). The divs used as examples come from zen theme.

Often a design calls for putting a background (or border) on a sidebar. It should look as so:
If you haven’t been down this route before, you will probably try something like

  background: #123456;

As long as your sidebar is longer than your content you will think you have succeeded, but go to a page with long content and you will see:
short sidebar
Argh! We want the sidebar background to go all the way down the page!

You’ve learned not to overthink when you’re dealing with css, so next you might decide to give the whole page the sidebar color and then give the content section its own background on top of that. This simply gives the opposite effect:
long sidebar
Now things only look right when the content is longer than the sidebar.

The easiest way to get things straight is to just suck it up and take it to Photoshop. Make an image with a 1px height and a width the same as your sidebar. Instead of applying the image as the background to your sidebar, you’ll apply it as the background to the whole page.
bg image

#main {
  background: url(images/sidebar.png) repeat-y top right;

If you have two sidebars, make one image the full width of the page.

You had to use Photoshop.
You can’t easily change your sidebar width.
You have to load one more image per page.

You’re done!

The same principle is very useful for theming panels. Panels are made up of one or more rows which each have one or more columns. Once you put content in the columns of varying height you get one ugly panel:
panels hell
Do your panels kind of look like this too? Not good. This panel has two rows, and each row has 3 columns. Note that the second element in the second row’s first column (bottom left!) is actually a mini-panel containing two columns. Although the panel has a grid-like structure, the fact that all the content has varying heights makes it look like a mess and probably nothing like your designer’s mockup for your front page.

Adding backgrounds to the content will bring back order to the panel. But once again if you apply the background directly to columns you will end up with:
panel backgrounds
What you really want is more like:
panel heaven
This is the kind of thing that I imagine was really easy back in the days of table-based layouts. Now that the web is all about dynamic content in divs of unpredictable heights, these kinds of things are more difficult. The answer is to, as in the sidebar example, create a background image for each row and tile it vertically.

Now your panels can have the tabled look they seem to be begging for and without the embarrassment of actually using tables! Does anyone have a preferable technique?

Mar 12 2008
Mar 12

Charlie Gordon of DROP has offered to help put together the SimpleTests needed by Drupal core. All that we need to do as a community is edit the wiki page at and provide DROP the information necessary to write the tests. All that we are asking is a few minutes of your time to help suggests the tests that need to be coded ... you don't need to code them yourself.

If the concept of contributing towards providing test coverage for core is appealing, you should also evaluate to see the master list and sign up for the Unit Testing Group at ... volunteers are actively being sought to make Drupal the quality product it deserves to be.

It's a simple request ... a few minutes of your time ... and slowly Drupal really begins to Rock ;P

Looking forward to your contributions.

Mar 10 2008
Mar 10

Once again, DrupalCon this year was no disappointment. After getting back and having a few days to refresh and set my priorities, I've laid out a bit of list of tasks that I hope to complete in the coming months.

Image handling. There's no getting out of it now. After announcing my drive to make image handling part of core during the Multimedia Panel session (with Aaron Winborn and James Walker), I don't think there's any way I can back down from the commitment.

Image issue on

A color picker for Fivestar. Before the Drupal code sprint at MIT, I brokered a deal that if Mahalie Pech made me a set of Bombs for Fivestar I'd make it so you can pick the colors. That's come along pretty nicely for code written during a code sprint. Look to a beta implementation of that in Fivestar soon.

Fivestar issue on

Popups (modal dialogs). Tao Starbow took the lead on implementations of popups (think Facebook) in Drupal 6 and I helped kick around some possibilities and how we can possible get this implemented into the Drupal UI. Seems like first candidates for popup implementation are the help text Drupal-wide, and the confirmation dialogs (Are you sure you want to delete this node, etc). Tao's done an amazing job and I'm very excited to see where this takes the Drupal UI.

Popups issue on

Popups BoF

Tao leads the Popups Birds of a Feather session

Other things. Of course there are a lot of other things that are going to be tolling my time. Most pressing is finishing my portions of the Drupal O'Reilly book (led by Angela Byron and assisted by several other Lullabots). I'm also continuing to push the new 2.x version of webform, which is coming along very nicely and has been completely ported to Drupal 6. And finally, there's client work, workshops, and consulting that I'll be doing for Lullabot to keep our company rolling. I'll be at both the upcoming workshops, if you'd like to attend and rock your API/theming skillz. :)

Des Moines, IA Workshop: March 24 - 28, 2008 (canceled, sorry!)
Melbourne, Australia Workshop: April 7th - 11th, 2008

View more photos of DrupalCon on Flickr:

Mar 09 2008
Mar 09

Back now from DrupalCon, I'm parsing all that happened last week in Boston.  For me it was a whirlwind, interrupted by a plethora of hassles, including a nasty head cold, keyboard and trackpad on my MBP crapping out, a crashed demo, and several hours separated from my Treo while it rode around in the back of a Boston cab.  All that negative energy converging on me was more than offset by the positive vibe at the four day conference.  The kindness of the cabbie who drove crosstown to return my phone helped too.

One of the highlights for sure was spending time with a new Sun colleague, Brian Aker from MySQL.  We had breakfast at Henrietta's near Harvard Square before his keynote on Wednesday.   I asked him about the merger with Sun, what's next for MySQL, and how he'd like to see our field organizations work together.   He said the merger has been pretty well received and there was a general appreciation at MySQL for Sun's commitment to open source (something I hope will rub off on Brian's Slashdot amigo Chris Dibona, who conspicuously left Sun off of his Tuesday keynote list of companies that "get" open source).  There is a tradition of collaboration between Sun and MySQL too, which Brian indicated ought to help smooth the integration.   Lot's of his work is going into memcached these days, particularly in the libmemcached client.  He cleared up a misconception for me regarding Innodb: since Innodb is GPL'd, the risk of Oracle smothering it is nil - the community is driving it, and it's not the dead end many had feared.   What's next?  Don't expect to see MySQL 5.1 until 2009; do expect a maturing and further specializing application of the MySQL engines MyISAM, Innodb, BDB, and Archive; and plan for an adoption ramp for DRBD.  Brian had some great advice for Sun's field engineers: get familiar with MySQL technology by taking advantage of the many training resource available at  MySQL University is a great place to start, (be sure to catch Brian's talk on EC2 March 29).  I also caught some good audio one-on-one with Brian after his keynote which I will post separately, along with his advice on scaling up your database.

RDF and Semantic Web were topics of much conversation and at least one BoF session.  With the addition of RDF modules in Drupal 6, developers can mashup data from multiple sites in very interesting ways.  If Web3.0 is massively distributed data mining, indexing, and mashing it all up, then Drupal is positioned to be the portal for this convergence, as Dries Buytaert resolutely declared in his Monday keynote

I gave a talk on running Drupal on Sun, with some help from Chris Cheetham from Project Caroline, at the end of the day on Wednesday (slides at right).  As luck would have it, my demo froze up, but I did manage to show Drupal running in a Solaris Zone, and DTrace to count function calls from Drupal.  Chris's demo of Drupal deployment to Project Caroline went much smoother.

Another highlight was awarding the grandprize Sun Fire T1000 server to the winners of the Showcase Site competitionPingVision won it for their work on Popular Science Magazine.  Congratulations to Kevin Bridges and the rest of the crew at PingVision.

There was a lot of support for the next DrupalCon to be held in Hungary this fall.  It will be hard to top the Boston event, but I know this community will do their best to have the best one yet.

Mar 09 2008
Mar 09

For those of you with short attention spans, this is a call for co-maintaiers of the Picasa Module and the Auto Assign Role Module.

While at the Drupalcon in Boston I began talking to Kieran and others about my desire to actively participate in making core the best it can be. The focus I now have is to provide a continuous unit testing framework for core so that the proposed Paris Code Sprint can be a success. Make sure to join the Unit Testing Group and the Quality Assurance Group to keep informed of and participate in relevant debates.

To put it mildly, my free time allocation to support my modules has just completely vanished. Every moment I have available is going to be spent making sure I do my part to provide the Drupal community an additional 4 months of development time on D7. As a result I am looking for qualified candidates to help co-maintain the modules mentioned above. I look forward to speaking with you.

Mar 08 2008
Mar 08

I'd like to send a thank you to all who were involved with this year's Drupalcon. It was the first Drupalcon I have attended, and will most definitely not be the last.

The sessions were amazing and I learned a lot at every one I attended. The birds of a feather talks were very productive and fun. The thing I liked most out of the whole conference though, was meeting everyone. I had an amazing time, and can't wait for the next one.

Thanks a lot, Drupalcon, and I'm looking forward to meeting you again. Here are some pictures from the conference...

Mar 04 2008
Mar 04

The Drupliclown was created by Al Steffen during the Boston Druplicon ... it is recorded here and made available as an svg file for your enjoyment.

AttachmentSize 160.46 KB 193.7 KB
Mar 03 2008
Mar 03
Post by Cat Allman, Open Source Team

If you've ever wanted to hear what we on the Open Source team have to say "live and in person", you will get a chance next week at DrupalCon Boston '08. This twice annual conclave of Drupal developers is being held at the Boston Convention and Expo Center, March 3rd - 6th. Our fearless leader, Chris DiBona, is giving the keynote; "Open Source is Magic". Geek herder extraordinaire, Leslie Hawthorn will be speaking about Google Summer Of Code 2008, and the results of GHOP, the Google Highly Open Participation Contest. Come on down!

There will also be Googlers 2 weeks later in Chicago at PyCon. Guido van Rossum is giving the opening Plenary Keynote on March 14th, "Python 3000 And You", and our Brian 'Fitz' Fitzpatrick will be also be giving a keynote later in the conference. There will be a number of us in attendance - please say hi.

We hope to see you there!

Mar 03 2008
Mar 03

It's been a good, long while since I wrote a blog post. Between work and family, there just hasn't been time. I've been super busy for months now, but not without some benefits.

For one thing, I've been learning tons. I've been working on picking up more PHP and delving a bit more into backend Drupal work, as well as doing more accessibility and usability work and learning more about user experience design. I guess you could say I've been branching out every which way. As a reward for all that hard work, I'm going to DrupalCon in Boston. Although the conference doesn't start until tomorrow, Jon and I flew in for a long weekend to soak up some history and not a little seafood. I can now state pretty definitely that the Union Oyster House has the best clam chowder I've ever eaten, and Mike's Pastry has Boston Cream Pie to die for. Not to be missed. It might be cold here in Boston, but with good food and four whole days of Drupal learning, it's weather I'm happy to put up with.

Hi there,

I wanted to ask how the DrupalCon went and if there was anything particular that you walked away with that made you glad you went or was the whole event great all rounder.

Btw did you learn Drupal from book or from the web? I am trying to track down a good resource for learning Drupal that is hardcopy, can you suggest anything? or is web my best bet?

Mar 03 2008
Mar 03

It’s Sunday night and I’m on board the WiFi-equipped bus from Manhattan to Boston for DrupalCon Boston 2008. My Digital202 colleague Ben Horst is already there and the both of us are looking forward to a few solid days of learning, connecting with others in the community (many of whom we’ve worked with but never met) and diving into subjects like online communities, collaboration and the future of Drupal.

I wanted to share what we hope to bring to and gain from DrupalCon, and I think that this post will serve to help us make the right connections and participate in the right discussions. We had originally thought to lead a discussion on Drupal as the ultimate team collaboration platform, but have since decided to pull back from that. I felt we’d be more effective joining existing formal and “birds of a feather” sessions that are relevant, and connecting with other individuals and groups to share ideas and form relationships. Read on to learn about what motivates us and what you might hear us talking about at DrupalCon.

Some context. Digital202 is a full service web development shop headquartered in New York. We build gorgeous, interactive websites with a focus on online communities and social networks, and our geographically distributed model lets us work with great people around the world to get things done. We’ve built sites like and and more, and our portfolio is steadily growing. (We’re hiring! If you’re a Drupal rock star, get in touch!)

We’ve cultivated a trusted network of exceptional talent over the years, across a full spectrum of skills and expertise. We work with any number of people at any given time — from places all over the world, like India, Romania, Egypt, Hungary, Ukraine, across North America and elsewhere. We put great emphasis on the tools that help us all work together effectively, which lets us build great products and deliver superior value to our clients. We utilize issue tracking and revision control and other related components as necessary, as part of a broader team collaboration environment (called Workspace) that we’re working to improve and evolve. We’re all about the “future of work” and we pride ourselves on being able to maintain a distributed operation that is agile and effective.

From the start, I’d been fascinated by the ability to connect with others, regardless of where they were, to join forces and get things done. Even before I was swept up by the “dot com” boom as a young kid in Seattle, I was building software with others and leading special interest groups and communities. I went on to work for companies like (then Microsoft) and eventually started Digital202 in 1999. Naturally I sought to work with others to help my clients, and geographical location wasn’t much of a consideration. A colleague put me in touch with a family friend in India and soon I was actively working with our team there. This was all even before Thomas Friedman of The World is Flat fame says this phenomenon began. I felt that the greatest potential lay in openly finding ways to work with others to do great things. I’ve sought to work with others who share that mindset, and it’s a philosophy now deeply ingrained in our culture and our products.

At some point along the way, after a period of research and soul searching, we sharpened our vision, really defined what we wanted to dedicate our company to. Woven was founded, providing a name and an umbrella for our new overarching focus. Woven is dedicated to empowering people with the tools to work together effectively, regardless of geographical location. I believe that represents the greatest need and opportunity in our increasingly integrated world, and the way we can best give forth.

Digital202 continues as a growing consulting company and is effectively the “engine.” We help our clients build great community-based websites, and we’re strengthening our geographically distributed model so we can continue to deliver unparalleled results. As we’ve advanced, we’ve become well versed in the challenges of operating in a distributed fashion. At the same time we continue to identify solutions and these manifest in the form of processes and tools. We share this wisdom and these solutions under the Woven umbrella and we continue to work towards fostering a community of folks that share our vision and the goal of bettering the tools that let us work together effectively.

I believe Drupal has the potential to be the ultimate team collaboration environment. We’ve been experimenting in this realm and some of our work has resulted in contributions like Case Tracker. We’ve followed other activity in the community and what we see are excellent ideas, contributions, and talented individuals that are working towards this in some way. We also see that many of these are disparate efforts and that so much potential is left untapped because of lack of a defined objective and coordination amongst this segment of the community. There is great work being done on what we believe are important pieces: Project, the Version Control API, Organic Groups, the Chat API, and much more. There are various groups discussing issue tracking, project management, and so on. The Drupal project itself relies on the collaboration infrastructure.

I believe we need to coordinate our efforts and establish a roadmap towards developing a distribution of Drupal that aims to be the ultimate team collaboration environment. With “install profiles” in place since Drupal 5, the technological infrastructure is there. With Dries’ new startup Acquia promising to create and support Drupal distributions, I don’t think anyone in this community needs to be convinced that this is the right path. With the world where it’s at and team collaboration in such demand, I think the opportunity is clear. We’ve written about it here and elsewhere, Dries has stated he believes there is a clear opportunity here, many others have talked about this as well. Dries has said that Drupal core itself does not have a roadmap, but I imagine Dries would agree that distributions can and should have a roadmap.

I’ve got to wrap up this post, but I certainly do hope to continue this conversation with some of you. Let’s talk about how to coordinate our efforts, how to come together to strengthen a community, create that roadmap and build the ultimate team collaboration platform on Drupal. Drop me a note here, e-mail me at [email protected], or give me a call if you’re at DrupalCon.

Mar 03 2008
Mar 03

This is a list of sessions I'll be attending at Drupalcon tomorrow:

Site Building: Drupal Multimedia This session will show you how to bridge the gap between Drupal and multimedia. Drupal is cutting edge. Though support for multimedia out of the box is currently spotty, with a few contributed modules and some minor expertise, it can be used to create anything from a classy personal photo gallery to a hip music & video blog to a mega-corporate gaming and multimedia heaven. Community and Core: GHOP (Google Highly Open Participation) GHOP, which stands for Google Highly Open Participation, is a contest
which attempts to get high school students involved in open source
organizations such as Drupal. From November 2007 to February 2008, many 13-18 year olds did amazing work for Drupal, and many of them are
planning on being long-term members of the Drupal community. This
session will cover what GHOP students did for Drupal, and how their
becoming part of the community will strengthen Drupal. This session
will be a mix of presentations led by both GHOP admins and students,
and there will be a panel discussion about the GHOP experience. Mareting and Business: Making a Career out of Open Source Open Source software overview, the two license types, selling a solution, embedding, and sell services. Community and Core: OpenID and Identify in Drupal This session is about identity management in Drupal focused primarily
on the role of OpenID. With the release of Drupal 6 and the inclusion
of OpenID support in core, it’s time to look forward on the future of
digital identity, and how Drupal can best grow and expand to
accommodate the changes.

A number of other sesions on Monday sound very interesting, but sadly I can't be in two places at once!

Mar 01 2008
Mar 01

I arrived in Boston yesterday afternoon, absolutely exhausted after Usability testing at UMN -- which was amazing. See the report at 9am on Monday to hear why. It was snowing heavily here this morning. Today I need to prepare for my presentation on Scalable Theming and my parts of the Usability presentation, and try open another US bank account.

Here's my photoblog to date:

A few NEW cultural oddities I've noticed in the US since my last visit 5 years ago:

  • Airport pager: "The security threat level... is orange" -- talk about
    fear-mongering. No need for foreign terrorism in the US -- the local authorities are terrorizing plenty enough here!
  • Control-culture doesn't seem to be so severe this trip but is still grating. I think that's more to do with the people and places I'm mingling with though.
  • You can't seem to fill up a bottle with water anywhere. They seem to be getting the idea of 'being green' with recycle bins and signs to conserve hand-drying paper in the toilets and not leave the tap dripping, yet it's difficult NOT to go through several styrofoam, paper or plastic cups, bottles, plates and fast-food trays per day. I wonder how effective the recycling actually is here? Given the amount of extremely cheap "recyclable" materials consumed, and the fact that these materials usually aren't economically worth recycling, I suspect very little of it is actually recycled. Even where recycle bins are present. Meaning all the recycle bins do is make you feel less guilty about being a polluting consumer.
    • Most annoyingly of all for me, I can't fill up a bottle with tap water anywhere except a public bathroom, which 'feels' unhygenic, although probably isn't.
Feb 29 2008
Feb 29

Right now there are two big CMS systems which have been recently released. As you may or may not know Drupal and Joomla are the two biggest open source CMS solutions. They both have big communites, and both have been used by companies and individuals to make big and important websites. But what the biggest thing that comes to mind is what is the difference between these CMS systems?

New Features for Joomla

The new Joomla 1.5 marks the first Joomla release which gets away from the mambo codebase. It has been completely rewritten from scratch.

Template parameters

Template parameters can be used to let administrators control the template structure. Administrators could switch color schemes, choose between a 2 or 3 column layout … or set the minimum width of the template.

Template Overrides

Simplified changing way an article is rendered and changing the table output to divs. Pagination rendering and module styles can also be extended.

Support for multiple css files

The template manager supports multiple css files and adds support for a special editor.css file that gets loaded by the wysiwyg editor in the administrator.

New Template architecture

It is now possible override all the html generated by the modules and components to suit his needs.
To allow this kind of functionality Joomla! 1.5 implements a solution called a ‘template view‘. Components and modules developed using this new API (application programming interface) can be automatically overridden by template designers. There are now two types of templates: the site templates and the extension templates. A site template defines the look and feel of your website while an extension template defines how a certain component or module gets rendered. The extension templates can be overridden in a site template. PHP code is now the template language of choice to implement presentation logic. patTemplate (the old template language) while still supported is now not used in core (it was slow, and it didn't work with PHP code).

Improved SEF URL implementation

Joomla now has even more capability for search engine friendly URLs. That means that even out of the box joomla can now have a better url than, something more like us (yes, that's right with the blank space).

UI Improvements

Joomla has added new perameters to theming elements. They have provided an easy way for themers to incorporate rounded corners. They also have a new menu system for the admin section. They also cleaned up the administrator section, so that it is cleaner. The new Joomla also has more icons and buttons added to the install process. And has ajaxified the installer.

UTF 8 Support

This means that more languages can be used on a Joomla site. And the installer can detect your language.

New Features For Drupal 6.0


The new Drupal 6 experience starts with the installer, which has been drastically improved. It now guides you through the initial setup steps, so starting a new Drupal site is significantly easier. Configuration parameters that used to be all over the place are now prompted for during the install so there are fewer steps necessary to get the site configured.

Improved Language Features

You will notice the improved language features as well, in both the installer and throughout using Drupal. Right to left (RTL) languages are now supported, interface translations are automatically imported, and you can translate your posts right from the built-in interface, without installing additional modules.


The OpenID client module has been added to core. This allows your users to sign on your site with their OpenID accounts.

Actions and triggers

A new Trigger module has been added to core. The Trigger module lets you assign flexible configurable actions to several events happening on your site (eg. send an email when a post gets published).

Update status

The highly popular Update status module is now in core. This informs you about the latest bug fix and security updates for modules and themes enabled on your site, so you can always keep your site secure and clean.

Menu system

The menu system was rewritten from scratch, making it much more efficient. The menu interface is nearly identical so aside from the performance improvements, you will only notice the underlying changes if you are a programmer.


Theming has been made more flexible and easier by moving most of PHPTemplate engine deeper into core. Default template files (.tpl.php) can now be implemented by modules and a handful have already been converted. If you don't like the way something looks, just find the .tpl file, copy it to your theme, and change the HTML.

Book and Forum changes

The book module and forum module have been reworked from the ground up: it is now possible to have any type of content in forums (polls for example) and the book administration is simplified.


There have been significant improvements in drupal caching, this includes the javascript aggregator can greatly increase loadtimes on sites with multiple javascript files.


So as you can see I have laid it all out there the major features with both releases and I leave it up to you to decide. I picked drupal, but it really depends on the project your working on.

If your a developer and would like more information on how to get up to speed with drupal, you can also check out my post on the fundamental concepts of drupal for a php developer.

Related Posts

While working on various projects with drupal I realized that there is really no one definitive place which lists the concepts that you need to become familiar with when dealing with drupal. So I decided that I would put them in one place for people who maybe are experienced php developers who are trying to learn to work with drupal for the first time.

Feb 29 2008
Feb 29

The sections of this tutorial are as follows:

  • Brief background on ApacheBench and performance of Drupal Anonymous vs Authenticated Users
  • Accessing the cookie containing the Drupal session ID
  • Passing the session cookie to ApacheBench
  • Verifying that the Drupal installation being benchmarked recognizes the cookie and is serving authenticated Pages

    ApacheBench, also known as 'ab', is a command line program bundled with the Apache Web Server that measures the performance of web servers by making HTTP requests to a user-specified URL. ApacheBench displays statistical information, such as the number of requests served per second and the amount of time taken to serve those requests, that is useful for evaluating (benchmarking) and tuning the performance of a webserver. ApacheBench does a decent job of simulating different types and levels of load on a sever.

    Many Drupal websites make use of Drupal's core caching functionality, which typically improves performance for anonymous users (users who are not-logged in) by a factor of 10 times, measured in requests served per second. The cache system achieves this performance improvement by storing the results of certain database queries in designated cache tables, allowing Drupal to avoid repeating expensive or frequently run database queries. Drupal does not cache page content for authenticated users because Drupal's permissions system (and node_access restrictions) can show different content depending on a user's role and because some elements of the page are user-specific. Since authenticated users are typically served non-cached pages, requests served to them are more resource intensive and therefore take longer to conduct than requests served to anonymous users.

   By default, ApacheBench requests pages as one or multiple concurrent anonymous users. Benchmarks of performance for anonymous users can be useful for a website that most users will access anonymously, but these data do not accurately describe the performance of websites that serve a significant percentage of their total pages served to authenticated users (as most community sites tend to do). By providing the Drupal session cookie information, ApacheBench can perform benchmarking tests as an authenticated Drupal user.

Accessing the cookie containing the session ID:

Note: These instructions are for the Mozilla Firefox browser.

1)Log into your Drupal installation using the account that you'd like ApacheBench to use when conducting its tests.

2)Open the Firefox preferences menu and browse to the 'Privacy' Tab

3)Click the 'Show Cookies' button

4)Browse the list of sites to find the site that you have just logged into.

5)Highlight the cookie associated with your site that has a 'Cookie Name' value beginning with 'SESS'. There should be only one of these cookies. If you have two cookies with names beginning with 'SESS' for the same Drupal website, you should clear both of these cookies (which will log you out of your Drupal site) and log back in to ensure that you are specifying the correct cookie in ApacheBench.

6)You'll see that your site's SESS cookie has both 'Name' and 'Content' values. You're going to copy each of these values individually and pass them inside of a command line parameter to ab. Note: Do not log out of your Drupal site before testing with ab, as doing so will invalidate the cookie information you have just copied!

Passing the session cookie to ApacheBench

   The 'C' parameter is used with ApacheBench to specify a cookie. This parameter is case sensitive, and should not be confused with 'c' (lowercase) which specifies the number of concurrent requests ApacheBench will make. You'll describe your site's cookie using the following format:


There is no space between the equals sign. Below is a completed example specifying that 400 requests will be made (-n 400) with 10 simultaneous requests (-c 10):

ab -n 400 -c 10 -C 'SESS5a2cb35dfce80bc682796cc451440ac0=d45b85c5be4c651ea2ad520947082e04'

Verifying that Drupal accepts the cookie and is serving pages to an authenticated user

    It's important to verify that Drupal recognizes and accepts the cookie that corresponds to your session. Once, while performing a set of ab authenticated Drupal user benchmarks, I adjusted a Drupal cache setting that increased the number of requests served per second for authenticated users from 5 to 60. I thought, “Wow! I've made an enormous improvement!” What I had actually done was switched from Drupal core session handling to Memcahe's session handling, which caused Drupal to not recognize my cookie. Drupal was actually serving anonymous pages, which accounted for the dramatic “performance improvement.” To avoid misunderstandings like this one, we'll use ApacheBench's verbose mode to confirm that Drupal is serving authenticated pages.

   In our theme directory, we'll add a PHP snippet to page.tpl.php below the HEAD tag, that will print, inside an HTML comment tag, the username and uid (user id) of the user currently viewing the page.

<?php global $user; print 'This is user: '. $user-??>name .' : UID:'. $user->uid; ?>

Then, we'll run ApacheBench with a verbosity level of 4 (parameter -v4), allowing us to view the HTTP response code and html that the server is sending to ab.

    Viewing the content of pages served to ab is also useful in determining the nature of failed responses and investigating suspiciously high numbers of requests served per second. Apache identifies certain types of failed requests by serving them with an unsuccessful (non-200) HTTP response code. (For more about HTTP response codes\status codes, see the W3's "Status Code Definitions" .) ApacheBench recognizes HTTP response codes and reports the number of responses that are marked as successful and unsuccessful by Apache. A reportedly high number of requests successfully served per second can indicate good server performance, but it's important to distinguish pages served with a 200 response code from those that are truly served successfully. In some situations, Apache is unaware of serious problems that occur in other parts of the server stack and will serve pages with an HTTP response code of 200 (successful) despite the fact these pages contain only a PHP fatal error. In these cases, Apache is “successfully” serving the PHP fatal error message.

    Drupal correctly specifies non-200 HTTP response codes when it is unable to connect to the database. Viewing the content of the benchmarked page allows the person performing the testing to view the specific error message that the site is displaying. This is useful in identifying that the problem is, for example, that the MySQL max_user_connections value has been reached, as opposed to other database connection errors, such as an Access Denied error.

It's worth noting that while ab provides useful information about a server's performance, that it does not predict exactly how a server will perform under load from actual users.

Questions? Comments? Corrections? I'm happy to hear from you.

Feb 28 2008
Feb 28

I seem to have gotten myself involved in a Drupal Multimedia Panel with Nate Huag, James Walkah, and Aaron Winborn. All of whom have contributed greatly to multimedia handling in Drupal.

I suspect we'll be telling people how to use our modules to do cool things. I'm not sure the level of expertise to plan on, but I'll probably try to cover a few imagefield/imagecache site recipes that I like, as well as touch on future development for filefield, derivative, and transformer.

Look forward to seeing some folk there.

Feb 28 2008
Feb 28

Sitting in the Is Beauty Truth? session at TED2008 today, I am reminded of a phone conference with TED Curator Chris Anderson last fall to bring him up to date on the status of one of the previous year's TED wishes.

When Sun wrapped up its formal role in developing the Open Architecture Network (OAN) it handed over a sustaining challenge to the site's owner and community leader, Architecture for Humanity (AFH).   When TEDOpen Architecture network Curator Chris Anderson asked Sun why the TED Prize winner was left in a lurch I gave a short answer, "It was primarily due to reasons of expediency".  In actual fact, Sun never walked away from AFH.  Sun was, and continues to be, committed to their success and continues to be involved.  As of today, we now we see a clear path to a sustaining model that leverages the Drupal community and frees AFH from the dependence cycle it was caught in with Sun.  I look forward to bringing that good news to Chris before the conference wraps up on Saturday.

The first step on this path is to refactor the site such that it runs on an unadulterated Drupal core.  To do that AFH and Sun have contracted with CivicActions to migrate the OAN from a hacked Drupal 4.7 to a clean Drupal 5.X.  (It was the hacking aspect that I explained away to Chris Anderson as "expediency".  Corners were cut, compromises were made, but AFH's and TED's primary goal, to launch the site at TED2007, was achieved.  Incidentally, of the three TED2006 prize winner, only AFH's wish was realized by TED2007.)  CivicActions won the bid to perform the migration by doing a professional and efficient assessment of the OAN's current state and the effort required to bring it up to the high standards of a showcase Drupal site.

My next few posts will describe the process of setting up this development environment as we open Chapter 2 in the OAN's odyssey.  I'll describe how we use OpenSolaris to enable efficient development, testing, and deployment for multiple contributors working on multiple tasks and timelines.

For more on why OpenSolaris was chosen as the development and deployment platform for the OAN, see this article on the Sun Developer Network, and this brief interview.

Feb 28 2008
Feb 28

Just noting that I updated my Drupal 6 test site to 6.1 following the security release. The update was painless.

Thanks to Drupal 6's new update functionality, the site itself checks to see if any updates to core or modules are necessary and let's you know.

And if you think it's problematic that 6.0 already had a security patch...I beg to differ: new "dot 0" releases of any software often have bugs, sometimes security related, and Drupal's quick 6.1 release just demonstrates that Drupal in particular and open source projects in general are often quicker to identify and patch security bugs than proprietary development teams.

Feb 28 2008
Feb 28

This snippet of code gives a brief example of how to rewrite components of the $links variable to make them prettier :) Specifically, here I’m overwriting the link generated by the Forward module. You can see the result below: the little envelope icon labelled “Email”. Normally, this would just say “Forward this page”, which is a bit… well, it could be better. Obviously, it’s nice to be able to change these things to taste.

There are two ways to achieve this result: using theme code in template.php, or inside of a helper module. First, I’ll discuss the module approach.

The helper module method is what I had originally used. It’s a little neater, in that you code it once and forget about it, and it doesn’t clutter up template.php’s _phptemplate_variables function, which can easily become bloated with code.

In the module, I’ve added a function to implement Drupal’s hook_link_alter() function. Here’s the code to do it:

function mymodule_link_alter(&$node, &$links) {
  foreach (
$links as $module => $link) {   // iterate over the $links array
    //drupal_set_message(print_r($links)); // uncomment to display your $links array

    // check if this element is the forward module's link

if ($module == 'forward_links') {
$title = t('Email this page to a friend');    // change the title to suit
$path = path_to_theme() . '/images/email.png' // make an image path

      // now update the links array
      // set the title to some html of the image and choice of link text

$links[$module]['title'] = theme('image', $path, $title, $title) . ' Email'; // let's set some attributes on the link
$links[$module]['attributes'] = array(
'title' => $title,
'class' => 'forward-page',
'rel' => 'nofollow',
// this must be set, so that l() interprets the image tag correctly
$links[$module]['html'] = TRUE;

Ok so really, this ought to be done in the theme layer. Like I said, it’s perhaps not as compact and neat, but here’s the code. It’s mostly the same, but note a couple of additions and changes: firstly, we are not changing $links – this is a pre-rendered string by the time it gets to the template.php. We need to get to the original goodies! Hence, we use $vars[&#039;node&#039;]-&gt;links[module-name][field-name].

Secondly, note that because we have now altered the value of one of the original links’ values, does not mean that the node’s $links is correct. This is the bit that caught me out! We must now regenerate the $links variable using the theme_links() function, as per the last line of code below. This mimics what phptemplate.engine does in core.

function _phptemplate_variables($hook, $vars = array()) {
  switch (
$hook) {
      foreach (
$vars['node']->links as $module => $link) {
        if (
$module == 'forward_links') {
$title = t('Email this page to a friend');
$path = path_to_theme() . '/images/email.png';
$vars['node']->links[$module]['title'] =
theme('image', $path, $title, $title) . ' Email';
$vars['node']->links[$module]['attributes'] =
'title' => $title, 'class' => 'forward-page', 'rel' => 'nofollow');
$vars['node']->links[$module]['html'] = TRUE;
$vars['links'] = theme('links', $vars['node']->links,
'class' => 'links inline'));

You can achieve this effect for anything that’s in the $links array. On this page (below), you can see the link I’ve described here, another for print-friendly pages and also a themed comment link.

Feb 27 2008
Feb 27
  • Advisory ID: DRUPAL-SA-2008-018
  • Project: Drupal core
  • Version: 6.0
  • Date: 2008-February-27
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Multiple cross site scripting vulnerabilities


Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages.

The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character, allowing users to inject arbitrary HTML and script code in certain pages.

Wikipedia has more information about cross site scripting (XSS).

Versions affected

  • Drupal 6.x before version 6.1.


Install the latest version:

If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade.

Reported by

  • Steve McKenzie discovered the ECMAScript issue
  • The Drupal security team


The security contact for Drupal can be reached at security at or via the form at

Feb 27 2008
Feb 27

Next week, more than 800 people will gather in Boston and talk about Drupal for four full days. This annual event is known as Drupalcon, and it will be the first one I'll be attending.

The sessions will cover how large organizations are involved with the open source project (like Google and IBM), how it can benefit any company (Profitable Web Development Process), where authentication systems are going today (OpenID and Identity), getting the speed you need (Performance Tuning), developing through automated testing (SimpleTest), how Flash can benefit from a backend system (Drupal and Flash/Flex), building AJAXy user interfaces (Drupal 6 AHAH), ensuring secure websites (Security), usability analysis (Administrator/User Friendliness), and much more.

I depart on Sunday afternoon from Toronto, and will be there Sunday night. I'll be wearing my Drupal Camp Toronto shirt, so I should be relatively easy to spot. I am looking forward to seeing you all in Boston!

Feb 27 2008
Feb 27

Kudos to walkah et al for their work on the Drupal OpenID module and getting OpenID into core for Drupal 6!

By default, OpenID in Drupal 5 and 6 defaults to present regular Drupal authentication first, giving the user the option to toggle to authenticate via OpenID.

That's the exact opposite of what I wanted to deploy on my blog: I want users to log in using OpenID unless they have a very good reason not to. Here's how I solved the problem in 5 easy steps using just the magic of a phptemplate theme to modify the authentication interfaces to default to OpenID.

Step 1: Override Authentication UI

First I added the following overrides in my theme's template.php file to specifiy that I would be overriding various interface elements.

// override the user log in form at /user
function phptemplate_user_login($form) {
return _phptemplate_callback('user_login', array('form' => $form));

// override the user registration form at /user/register
function phptemplate_user_register($form) {
return _phptemplate_callback('user_register', array('form' => $form));

// override the password reset form at /user/password
function phptemplate_user_pass($form) {
return _phptemplate_callback('user_pass', array('form' => $form));

// override the user log in block
function phptemplate_user_login_block($form) {
// show hint in form element
$form['openid_url']['#value'] = 'OpenID Login';
// remove hint in form element on focus
$form['openid_url']['#attributes'] = array('onfocus' => "javascript:openid_url.value=''");
return _phptemplate_callback('user_login_block', array('form' => $form));

Step 2: New User Log In Template

Next I added a template file to my theme directory called "user_login.tpl.php" as per my override in template.php above with the following code.

// reverse default form element visibility toggles set in openid module js
drupal_add_js('$(document).ready(function(){$("#edit-openid-url-wrapper").show();$("#edit-name-wrapper").hide();$("#edit-pass-wrapper").hide();$("a.openid-link").hide();$("a.user-link").show();});', 'inline');// render login form

Step 3: New User Registration Template

Next I added a template file to my theme directory called "user_register.tpl.php" as per my override in template.php above with the following message, giving a link for users to go get an OpenID because I don't want users to create local Drupal identities.

Establish your <a href="" title="Learn More about OpenID">OpenID</a> with a provider like <a href="" title="Visit"></a>. Then come back to this site and <a href="" title="Log in to this site">log in</a> with your new OpenID.

Step 4: New Password Recovery Template

Next I added a template file to my theme directory called "user_pass.tpl.php" as per my override in template.php above with the following message, giving a link for users to go recover their password from their OpenID provider.

Visit your <a href="" title="Learn More about OpenID">OpenID</a> provider to recover your password. Then come back to this site and <a href="" title="Log in to this site">log in</a> with your OpenID.

Step 5: New User Log In Block Template

Next I added a template file to my theme directory called "user_login_block.tpl.php" as per my override in template.php above with the following code.

// reverse default form element visibility toggles set in openid module javascript
();$("a.openid-link").hide();$("a.user-link").show();});', 'inline');// render select elements in login block

You're Done!

After these 5 steps, users are presented with OpenID authentication on my site and guided to getting an OpenID if they don't have one already. A user with a local, Drupal identity can still toggle to authenticate on the now obscured /user login form, but only an existing user with the proper access can create new local Drupal users.

My dream for OpenID in Drupal core is to have admin UI that allows various configurations which make any necessary changes to the user authentication UI:

  • prefer OpenID authentication, allow Drupal
  • prefer Drupal authentication, allow OpenID
  • allow only OpenID authentication
  • allow only Drupal authentication (this case would be covered by just not enabling the OpenID module)

Let me know if you have more questions about or suggestions for this solution.

Feb 27 2008
Feb 27

Currently there are three options for creating error pages in the Drupal system, that I know of. I’m going to show here which I think is the best, for reasons of usability, performance and general webmaster sanity. At the foot of this article, there’s some free code too!

The options:

Drupal’s build in error page support

Drupal provides, out of the box, two fields in the Error Reporting configuration screen. These fields can be set to any internal Drupal path. Usually, they will be set to point the user to a page created specifically for the purpose.

The downside to this is that these will now be nodes in the system, and as such they will show up in popular content lists, site searches and the like. This is clearly not desirable.

Update: I have been made aware of an outstanding issue in Drupal core with error pages. This issue means that a user without “access content” permissions cannot access 403 error pages that are created as nodes. This is true in Drupal 5.x and even 6.1, and is another weak point for this mechanism.

Search404 module

Until very recently I was using search404 but I became less than pleased with the results. To start with, I thought I was aiding usability, but as it transpires… not really. The real killer for me is that search404 often gives me empty search result sets, because the path elements just don’t relate specifically enough to the content.

For instance, the node “/blog/my-drupal-article” will almost certainly contain all the words “my drupal article”, but may not contain the word “blog”, except in the path. This means the search doesn’t catch that article, so you get no results. Given that every 404 page the module generates incurs a DB query automatically, this query is effectively just trash, but cannot be disabled.

Customerror module

Customerror module skirts round the issues of having nodes as error pages. The module makes error handling pages available as custom paths inside Drupal. These aren’t nodes, so we have no issues there.

The configuration screen offers up two textarea fields which will contain the page content to be rendered on each of the 403 and 404 page errors. The key to making this more special than just a plain text or html page is the availability of PHP processing for these fields whilst not requiring nodes for the task.

Ok, so what I’m doing here is recommending customerror as the best choice for this task. That said, let’s throw down some code and make this more useful.

To start, visit the standard Drupal error reporting page at “/admin/settings/error-reporting”. Here, set the default error page fields to “customerror/403” and “customerror/404” respectively, if you’re going to override both these pages.

Now, on the Custom Error module’s config page at “/admin/settings/customerror”, enable both checkboxes that say “Allow PHP code to be executed for 40x”. Now let’s look at handling the 404 error. I’ve added the following code for this site, in the “Description for 404” textarea, and a suitably snappy title in the other field: “404 Not Found Error: No content found at the requested URL”.

<p>Sorry, no content was found at the requested path - it's possible that you've requested this page in error.</p>

<p>Use the search form below, or go to the <a href="">home page.</a></p>

// check that the search module exists and the user has permission to hit the form
if (module_exists('search') && user_access('search content')) {
// cool! - customerror doesn't trash the page request and the full path is available
$path = $_REQUEST['destination'];
// bin anything that's not alphanumeric and replace with spaces
$keys = strtolower(preg_replace('/[^a-zA-Z0-9-]+/', ' ', $path));

  // retrieve the search form using the data we've pull from the request
  // note that we can override the label for the search terms field here too
print drupal_get_form('search_form', NULL, $keys, 'node', 'Search terms');

In the 403 error fields, we adopt a similar technique. I’ve used “403 Forbidden Error: Access to this page is denied” for the title. Here we display different content depending on whether or not the user is logged in. If you’re running a site with lots of members, you can uncomment the user login line towards the bottom and the login form will be rendered on the 403 page!

<?php global $user; ?>
<?php if ($user->uid): ?> 
  <p>Sorry <?php print $user->name; ?>, you don't have permission to view the page you've just tried to access.</p>
  <p>If you feel that you have received this message in error, please
    <a href="">contact us</a> with specific details so that we may review your access to this web site.</p>
<?php else: ?>
  <p>This page may be available to clients and registered users only. Please select from one of the other options available to you below.</p>
    <li><a href="<?php print drupal_get_destination(); ?>">Login</a> to view this page</li>
    <li>Use the <a href="">search</a> facility</li>
    <li>Go to the <a href="">home page</a></li>
    <li>Go to the <a href="">site map</a></li>
<?php //print drupal_get_form('user_login'); ?>
<?php endif; ?>

Now we’ve got friendly, usable error pages that are helpful and don’t scare off visitors!

Updated 24th April 2008

Feb 27 2008
Feb 27

While chatting in IRC the other night, I found that Adam Light and I will be on the same flight through Chicago on our way to Drupalcon. So, if anyone else is scheduled for United 534 leaving Chicago at 1:10pm leave a comment. Adam and I plan to share a cab to the hotel as they are reasonably close and Public transport in a city new to me on a Sunday night after being up 14-16 hours just doesn't seem to hold an appeal for me. I plan on wearing my BADCAMP07 Drupal shirt so should be easy to spot.

On the downside, it appears that ChipIn has been having issues for the past 16 hours and timing out when people try and donate :(. It does seem to be working now so if you are still interested in helping out my travel fund I'd appreciate it.

Overall this schedule does work nicely. My in-laws are coming up to keep my wife company while I am gone (I suspect they are here to visit with the grand kids).

Feb 23 2008
Feb 23

Quite frequently I’ve been asked about putting images into site “sections”, depending on path or menu trail. Look up, that “Blog” image is what I’m talking about. It’s on all blog related pages. So, here goes – it’s nice to be able to finally offer this information here.

The first main chunk of code attempts to get a menu item and build an image link from that. The second chunk assumes failure of the first and tries again using a partial path method.

If all nodes on your site have menu entries, you can use that piece of code independently. Likewise, if all your nodes can be identified by the first bit of the path, the second chunk will stand alone.

I have got a mixture of the two on this site. A lot of the entries have menu entries, but the blog and portfolio section do not. Therefore, the image links on those sections are powered by the second chunk.

Note: this code expects to find sites/default/files of the GIF type in a directory ‘images/sections’ within my own theme directory. It also will only pick up sites/default/files that have names which are all lower case. In the case of menu entries that contain spaces, those will be replaced with hyphens, so if the menu link is “Site Map”, the image name will have to be “site-map.gif”. Path-based is really dependant on how you are using aliases (e.g. your pathauto.module setup) and isn’t really inside the scope of this article. You’ll have to figure that out yourself.

Okay; in order to not crowd up _phptemplate_variables(), I add just this one line of code in template.php inside that function (under ‘page’ – see here for details):

['section_link'] = get_section_link();

Then, elsewhere in that file, this code:

function get_section_link() {
// MENU - attempt to make a section link from a menu item, for this page
  // get active menu trail into an array
$menu_items = _menu_get_active_trail(); // $menu_items[1] is the top parent of our menu container, e.g. primary links
  // this gets the required menu item into an array
$link_array = menu_item_link($menu_items[1], FALSE); // whip out spaces and make the name lower case
$section_name = strtolower($link_array['title']);
$section_name = str_replace(' ', '-', $section_name);

  if (

$section_link = render_link($section_name)) {
// PATH - if we've not returned, we couldn't make a valid link from menu
  // let's try a path approach instead?
if (module_exists('path')) { // dependency for drupal_get_path_alias $sections = array(); // an empty array to collect stuff in

    // get all the top level links in the primary nav (id of 2) into a array

$primary_nav = menu_primary_links(1, 2); // iterate over the array and pull out the top level paths
foreach ($primary_nav as $menu) { // get the first element of the aliased path for this menu item
$path_element = explode('/', drupal_get_path_alias($menu['href'])); // put the first chunk of each path onto an array
$sections[] = $path_element[0];
// get the aliased path for the page we're on
$section = explode('/', drupal_get_path_alias($_GET['q']));
$section_name = $section[0]; // if the path matches a nav item, create a section image
if (in_array($section_name, $sections)) {
      if (
$section_link = render_link($section_name)) {


render_link($section_name) {
// construct the image's path (mine are GIFs stored in a subdir of my theme)
$image_path = path_to_theme() . '/images/sections/' . $section_name . '.gif'; // make some text for the image's alt & title tags (SEO, accessibility)
$image_alt = $section_name . t( ' section');
$image_title = $section_name . t( ' section link'); // render image html using theme_image (returns NULL if file doesn't exist)
$section_image = theme('image', $image_path, $image_alt, $image_title); // if the image rendered ok, render link using above variables
return ($section_image) ? l($section_image, $link_array['href'],
'title' => $image_title), NULL, NULL, FALSE, TRUE) : NULL;

Then finally in page.tpl.php (and any other page templates) we can use the variable in the “Drupal Way”, and print our variable where we like!

<?php if ($section_link): ?>
  <div id="sectionTitle">
    <?php print $section_link; ?>
<?php endif; ?>

Feb 22 2008
Feb 22

I hope to briefly cover some of the history and evolution of Drupal documentation, knowing the history is often important to understanding the present. Spend more time going over some of the present challenges of creating and maintaining documentation and debunk some persistent myths.

While the session is just over an hour, I hope to have feedback and participation, get some more people participating in one of the easiest ways to get started contributing to Drupal.

On Friday there is a code sprint, if you scroll down towards the bottom there is mention of non-developer activities and a documentation sprint so bring your laptops and get ready to participate.

I'd also like to add a thank you to those who have helped me out by contributing to my travel fund to get me there.

Feb 22 2008
Feb 22

As we mentioned last week, many of the mentoring organizations participating in the Google Highly Open Participation Contest had a difficult time choosing their Grand Prize Winners. All of our projects had stellar participants, and we're pleased to join them in sharing kudos with their unofficial "runner-ups."

Angela Byron and Adam Light from the Drupal project sent us these accolades:

Jimmy Berry

Jimmy Berry was a pleasure to work with over the course of GHOP. He has a real knack of coming in, tackling a difficult task that's been long-neglected (such as SimpleTest coverage for most of Drupal core, or the new Git back-end for our Version Control API module), and knocking it completely out of the park. Jimmy rocketed his way up the Drupal learning curve and is now one of our best new contributors.

Edward Yang

Edward Z. Yang already has open source development experience, as the developer for the HTML Purifier project. During his time with the Drupal project over the course of GHOP, he has shown a penchant for impeccable code quality, and takes incredible pride in his work, always going above and beyond (often way above and beyond) what has been asked for by the task description, as particularly evidenced by his work on the Coder Format module.

Charlie Gordon

If GHOP were based solely on community participation, Charlie Gordon would far and away take the prize. In addition to suggesting tasks and helping to answer other students' questions, he also spear-headed efforts to setup the Drupal community's successor to the GHOP contest, DROP. Oh yeah, and he also kicked butt on several GHOP coding tasks, and made very short work of everything from writing SimpleTests to porting Revision Moderation module to 6, and even creating and maintaining the new Citation Filter module.

Wilson Lee

Wilson Lee took on a wide variety of GHOP tasks ranging from documentation to code to marketing. Kourge did a particularly awesome job on a marketing
presentation for Drupal 6 (.zip) and a Core Hooks Cheatsheet (.zip) which will be of great use to Drupal module developers everywhere. Kourge was also frequently found in our IRC channels and helped other students find answers to their questions.

Dmitri G.

Dmitri G. was actually too *young* to participate in GHOP, being only 12 years old, so wasn't eligible to claim any tasks or prizes. However, he more than made up for that by helping to mentor and guide the GHOP students throughout the duration of the contest. So we'd like to name him as honorary GHOP runner-up.

Feb 22 2008
Feb 22

I have a client whose sysadmin is adamant about using Lighttpd as a webserver, whose site also uses imagecache.

There are some major differences in Lighttpd's rewrite system compared to Apache's rewrite system. The difference that is most important is the lack of the file exists check provided by the -f flag to apache's rewrite conditions.

The way imagecache works is to dynamically generate images that don't exist when they're requested from it's url namespace. So if you request and it doesn't exist the url rules rewrite it as
and drupal passes the request to imagecache. If the file does exist Apache just serves it directly.

Since Lighttpd's rewrite rules do not support this file exists flag they are unsuitable to solving our problem. I tried setting up several different variations of rewrite rules, specialized 404 handling.

So after installing mod_magnet, and editing the url prefixing for my local installation everything works wonderfully...

While everything is working I still have some concerns that make me want to do some benchmarks against lighthttpd and apache.

My concern is that mod_magnet seems to have a heavy performance cost, like 25% less requests per second according to the Benchmarks section of

When I consider it in light of the performance benchmarks at,
I start wondering if lighttpd + mod_magnet +fcgi really has a performance advantage over apache2 + fcgi + mod_rewrite.

I would expect lighttpd to have a smaller memory footprint, but a minimally configured apache + fcgi has a pretty small memory footprint compared to running mod_php....

Now that I have a working lighttpd install I may try to do some benchmarks to ease my mind.

Feb 21 2008
Feb 21

This is the result of seeing one too many 'For Drupal to really succeed' posts. Drupal is already a success. There is certainly room to get better and grow more, but Drupal has already succeeded.

When listening to interviews with musicians who have a new 'hit' album/song I often get a sense that the interviewer has this fundamental assumption that the artist just started playing/singing last month. When you listen carefully, you find that the artist has been working at their craft for years. So it goes with Drupal and Drupal's success.

For the time I have been with the Drupal community we have had a steady progression of success. In my first few years, the community took pride in the fact that sites could be built by skilled developers with no indication that it was using Drupal (Yes, many hobbyists often implemented sites that were obviously Drupal). Calls to put 'tagging' into the code to more easily identify Drupal based sites were often met with resistance. The prevailing attitude was to focus on quality and capability rather then count implementations.

What really attracted me to the project was a combination of things. Initially it was that I could run it on IIS. What kept me, besides being able to get it working, was the community and that the project had a defined mission and principles. When I first entered the IT field, I thought things like missions statements and principles were silly. Over time, I have found they are actually tremendously important for keeping a projects focus and not wandering to far afield. They help keep everyone near the same place in regards to how a project grows and evolves.

From the history page, we know that the 1.0.0 release was in 2001. A summary from the CHANGELOG.txt shows we are now at 13 full version release from the initial 1.0.0. and each one is our best yet.

  • Drupal 6.0, 2008-02-13
  • Drupal 5.0, 2007-01-15 - First release using X.y versioning
  • Drupal 4.7.0, 2006-05-01 - Last released version using X.Y.z for major release numbers.
  • Drupal 4.6.0, 2005-04-15
  • Drupal 4.5.0, 2004-10-18
  • Drupal 4.4.0, 2004-04-01
  • Drupal 4.3.0, 2003-11-01
  • Drupal 4.2.0, 2003-08-01
  • Drupal 4.1.0, 2003-02-01
  • Drupal 4.0.0, 2002-06-15
  • Drupal 3.0.0, 2001-09-15
  • Drupal 2.0.0, 2001-03-15
  • Drupal 1.0.0, 2001-01-15 - Initial release

The development cycle is so very funny in it's predictability too;

  • The developers contributing to core already have ideas and code for the next version for things that didn't get in this release.
  • The edge implementors working with the code are already discovering areas that could use a closer look and perhaps a better solution based on work they are doing for clients.
  • Contributed module developers are updating modules or hoping that others will supply them with patches and testing so that the less involved members of our community can catch up and start using the latest version.
  • Newer folks are trying to figure out which to go with, Drupal 5 or Drupal 6.
  • Non-participants are lining up to point out and decry how unusable things are because module x/y/z isn't updated and it's unconscionable that anyone would release something without it and demanding that someone do something (and being ignored because frankly that type of complaining isn't interesting)

Scattered through the forums you will see this pretty much every release. It can be fun helping people through this process of discovery. Many can and do become awesome contributors and build lasting relationships. Others, well, we see some others every release saying the same old thing, but oddly, never in the contribute category.

Drupal has already had success. As long as people continue to contribute to the project; donate time, code, reviews, support, documentation and other things we will really continue to really succeed. We can do better, but that too is a universal saying.

Feb 21 2008
Feb 21

For those of us who spend half the day on the command line and the other half working with Drupal. I have this setup now on my server.



About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web