Valuebound Interactive Solutions is happy to share the Drupal 7 version of the Profile Enforcer module with the Drupal community. This release was thought necessary for the community as the Profile Enforcer module fulfills a very commonly encountered requirement that specified users of a site be allowed to access certain site pages only if they make a one-time entry of their profile details. The module has been updated to work with Drupal 7, with enhanced support features to make it more user-friendly.

While an obvious use of the module would be to ensure for instance, that a blogger can post his blog onto a site only if he's filled in his profile details, or that a forum user can open a new thread only if she's entered her name and email ID, the module can be enhanced to add significantly more functionality.

Other immediate uses of this module might be, for instance, if you have a site for brain training games. At the end of level one, the user can access level two only if he fills in certain fields. Or your user is a gold member. He can become a platinum member only if he inputs a value in certain fields.

You're welcome contact us for more information or clarifications on what this ubiquitously required potentially powerful module can do. Do also feel free to contact the expert Valuebound development team for enhanced functionalities you want to achieve through such a module. You can post support issues at https://www.drupal.org/project/issues/profile_enforcer.

Today, let’s discuss why enabling the PHP filter has to be a very very carefully considered decision on a Drupal user’s part. Here’s an example of why you might want to enable the PHP filter that is disabled by default in the Drupal 7 core.

Say, you want to insert the following mix of text, HTML and PHP code (PHP snippet) into the body of a custom block.

Have a great day today!

The date today is:

Now, if you do not enable the PHP filter module, you may find that Drupal 7 prints out your PHP code instead of interpreting it. So, you enable the PHP filter and take some other related measures, and voila, your code goes to your database, and is interpreted exactly the way you want it!

Oh, if it only were that simple!

Unfortunately, adding PHP code in your database by enabling this PHP filter can cause you to get extremely unsafe sitewise. This is one major reason why you should create modules using the API and hooks instead. However, if you absolutely have to add code to your database, you could try to reduce the code to a simple function call. Thus you'd have the function itself in a module (and this would be tracked via SVN). But then you are only a little step from removing the need for the inline code anyway….

Go ahead, though, and make an informed decision based on the following inputs on what could go wrong, and what precautions you can take should you still need to enable this filter in the Drupal 7 core :

Issues due to enabling the PHP filter

Security

PHP code contained inside your database can cause serious security issues. Allowing your CMS to allow execution of PHP can allow hackers to use your server for sending spam, hosting malware, hacking into other sites/databases on your server, and even hack into other servers on the network that might be behind firewalls!

Additionally, if hackers come to know that your site can be used to execute PHP, this alone can make it more likely to be attacked.

In this context, do make sure to check out this rather scary article on how database login details might be hacked from Drupal once PHP Filter module is enabled. Although the article is all about how admins who have ‘misplaced’ their login details might be able to retrieve them, there’s no reason why a hacker should have any scruples about doing such stuff, too.

If you must enable the PHP filter to execute database-included code, be sure to take security measures necessary in such cases. One of the ways you can do this is by limiting users - which is the next issue I’ll discuss --

Limiting Users

After enabling the PHP filter, you might want to restrict the PHP filter to users you can trust. You wouldn’t want the risk of unintentional modifications, or additions to your code, or malicious/unsanctioned activity, would you? So you might want to create roles other than “administrator” for users who you’d like to prevent from accessing / handling database-included PHP code.

Unfortunately, even after limiting your users, any malformed or incorrect coding can not just break your website, but stop its functions altogether. The sad fact is that Drupal experts may not always be expert coders.

Moreover, limiting users might not work if there is a misconfiguration giving people access to a text format, block etc with PHP execution enabled. The misconfiguration cannot cause this sort of damage, though, if the PHP filter is not enabled.

Eval()'d code Problems

Now, database-included code is eval()’d code, which is problematic in more ways than one. For starters, it is much slower than PHP hardcoded in a file. Additionally, it decreases the ability to debug the code by decreasing its readability and creates difficulties in predicting the code path before runtime. This can have security implications that are none too pleasant.

Speaking of debugging, errors in eval()’d codes throw up error messages that don’t provide much help in identifying or locating the error. There’s a good chance you might have to go through your database manually to find and fix the error. Such errors might even be fatal in certain instances, for example, if the error is in a block that is displayed on all pages.

Now, if instead of using the PHP filter, you use a custom module that replaces specific text in the node content with the result of the code it executes (without using eval()), or that appends its own text to the body content of the nodes, any user could then edit the node without permission to add arbitrary PHP code which would be run by the PHP filter. This means you do not have to worry about limiting users, but it still means you do not enable the PHP filter.

Writing and Managing Database-Included Code

If you put php code inside the node body you are creating a big code maintenance problem. Writing and maintaining database-included code is harder because you’re working inside a textfield in your browser. Having your code in a module lets you use an editor/IDE with syntax highlighting, autocomplete and other functions that make coding easier, faster, and more importantly, facilitate increased accuracy. Further, code in your database is much harder to find.

What’s more, database-included code cannot be version controlled. When versions of Drupal change, and your APIs alter as well, you do have to port your code while migrating. If your code is in a module, it can be ported in advance, tested, and only then deployed on the new site. But code inside a node or a block will only work with the Drupal version in which you first created the code.

These then, are a few major reasons why enabling the PHP filter might get you a lot more than you actually wanted, and not all pleasant either. Do feel free to write in with your own views, and tell us what you think of enabling the PHP filter in Drupal.

Reference
drupal.stackexchange.com/questions/2509/

In the dynamic world of web development, Drupal has emerged as a key player in the CMS landscape, despite facing intense competition. As of 2023, Drupal powers 1.1% of all websites and holds a 1.6%  share in the CMS market​​. While this represents a decrease over the years, it’s important to note that Drupal remains a popular choice for high-traffic and complex websites, reflecting its robustness and scalability.

Drupal in Enterprise Solutions

Drupal's versatility and security make it a preferred choice for numerous Fortune 500 companies. In 2022, prominent organizations such as CVS Health, Walgreens, Pfizer, and Tesla, among others, used Drupal for their websites​​. This widespread adoption by major corporations highlights Drupal’s capability to handle diverse enterprise needs.

Community and Ecosystem

The Drupal community is a vital aspect of its success, with thousands of active contributors and a rich ecosystem of modules. This vibrant community is fundamental to Drupal's evolution, providing regular updates, security patches, and innovative solutions.

Drupal 10: A Leap Forward

Released on December 14, 2022, Drupal 10 marks a significant step in Drupal's evolution​​. Key features of Drupal 10 include:

• Olivero Default Theme: Enhancing visual appeal and ease of use, making it easier for developers to create and manage content-rich websites.
   
• Claro Administration Theme: Offering a modern, user-friendly interface for website administration.
  
   
• CKEditor 5: Ensuring a seamless text editing experience with improved functionalities.
• Modern JavaScript Components: Replacing jQuery in many instances, aligning with modern web development practices.
• Theme Starterkit Tools: Simplifying theme creation for developers.
• Symfony 6 Integration: Enhancing backend processing capabilities and support for PHP 8.1.

These improvements reflect Drupal's commitment to staying at the forefront of web technology trends.

Challenges and Future Outlook

Despite its strengths, Drupal faces challenges in a rapidly evolving digital world. The community continues to focus on innovation and addressing emerging needs in web development, ensuring Drupal remains a competitive and reliable choice for enterprises and developers alike.

Conclusion

Drupal's future looks promising, driven by a passionate community and continuous technological advancements. As Drupal 10 ushers in a new era of web development, its role in shaping digital experiences is more crucial than ever. As advocates and contributors to the Drupal community, we at Valuebound are excited about the possibilities Drupal 10 brings and remain committed to its growth and evolution.

“Not only have we seen 1OO% uptime from the new platform but it’s four times faster than our previous platform.” 
- Peter Edwards, Digital Technology Manager at British Council

Public sector organizations have needs and accountabilities that are unique in the world of service providers. Since they run on the money of millions of taxpayers, their operations, output and most of all, expenditure, are subjected to intense scrutiny by the public and the media. It’s no secret that a huge majority of every form of mass media derive their incomes from analysing, dissecting and criticizing government actions and expenditure, because constant openness to feedback and suggestion is a vital part of healthy governance.

This necessitates the presence of stringent legislation with strong penalties to ensure fairness, confidentiality, safety and accountability in public sector operation. Unfortunately, such laws lead to the infamous ‘red-tape’ of complex hierarchies, long drawn vendor-selection processes and delayed grievance redressal that creates more grievances than they resolve.

Consequently, by adhering to rules made for the good of their clients, well-meaning public servants can unintentionally cause snags and delays in providing services. Since they operate in an intensely competitive environment in which image counts so much, these hold-ups can actually impact public servants’ careers and the image of the government, too.

Drupal - Inexpensively Automates Large Scale Policy Adherence

Drupal is a powerful Open Source CMS that can provide a web application that aids in adherence to standards and in monitoring through easy to implement automation. Understanding the complex workflows, documentations and policies of the public sector, Drupal developers have created powerful modules that make it easier to follow every step of mandated workflows and bureaucratic guidelines.

Further, as Drupal solutions are highly scalable and modifiable, they save money and time and free up resources to best meet client expectations given the exceptionally severe constraints under which the public sector functions.

Meets Service and Security Needs at Lower Costs and Increased Speed

Drupal is also extremely robust and secure and well meets the paramount need for the public sector to strike a balance between interactively providing information and services and maintaining a high degree of security for millions of records and data items. Additionally, Drupal’s capabilities of handling data fluctuations data make it perfect for handling the sudden spikes in service requirements around due dates for paying tax for instance.

What’s more, though Drupal is capable of being scaled and extended to much more complex levels as requirements increase, a Drupal solution can actually be set up very rapidly and easily. Temporary enhancements to handle different requirements during a special initiative such as a once in a decade census, for instance, can be rapidly configured, cloned for use again if needed, then withdrawn from the system.

The modular extensibility of Drupal also means that one need not scale up a system beforehand, but have an easier to maintain, more cost-effective and faster system by keeping things simple until the complexity is actually required. All this results in tremendous savings to the finances, resources, time and effort of a public sector organization and helps it to exceed people’s expectations.

Public service organizations have to necessarily use most of their funds for service. Although vital, security is not their main job. Drupal modules and updates necessarily have to be created keeping stringent security policies in mind, and have to integrate with or enhance the security management system of the Drupal solution they are added to. This ensures that the organization does not spend anything extra on security when it extends, scales up or modifies its Drupal system.

Frees up Resources - Automates Integration of Service Interfaces

Drupal is especially effective in managing user experience across devices. For an organization serving the public, interactivity may need to take place over a mind boggling array of platforms and devices -- a public sector organization may provide services and information over computers, tablets, smartphones, basic mobiles, landlines, ATMs, brick and mortar offices, smart cameras, interactive kiosks, television, radio etc.

Such an organization needs chat-rooms, forums, phone lines, mail services. It needs to offer secure forms and data access, and provisions for interaction, complaints and redressals, information upload and data recording provided by one complete solution which is scalable while being robust and secure. Drupal does all this as well as some of the best paid CMSs. Since it is a popular open source framework with a passionate culture among its highly skilled developers of constantly creating, updating and integrating modules according to every evolving need, an organization under strict spending constraints can concentrate its budget on adding technology features that directly improve services and reduce costs, instead of having to worry about paying costly licensing fees each time it needs to do so.

Scales and Extends to Meet Future Needs at no Licensing Costs or Lock In

The reason an organization can always get Drupal experts to provide it a highly professional, effective and secure application devoid of licensing fees, vendor lock-ins or expenses for security updates is the highly skilled and motivated Drupal community. The community consists of thousands of talented developers with a passionate culture of constantly contributing modules that meet ever evolving or anticipated need.

Drupal modules have to comply with the community’s strict quality and security policies. This makes Drupal is an extremely reliable investment for the future of a public sector organization. Additionally, the portable nature of Drupal precludes the possibility of an organization’s being locked in to any one Drupal provider. An organization can easily change providers or even have multiple providers working on it’s application at the same time. This also means that a company can hire any Drupal expert for site maintenance, monitoring, extending and scaling regardless of who has actually set up the site.

Migration to Drupal - Highly Secure, Minimally Disruptive

An expertly planned migration to Drupal using the Drupal migration module can rapidly and easily ramp up the site into a brand new enhanced one with all the needed components while ensuring workflow and data security including prevention of data loss. Drupal’s flexibility also ensures the integration of existing third party systems and software into the current processes. Thus, migration to Drupal causes minimal disruption and no data loss or corruption for sensitive and critical governance and service functions that need to be smooth and uninterrupted for the peace of mind of millions of people.

Drupal - A Well-Established Public Sector Success Story

Drupal has been around for over ten years, and is used by thousands of sites. Many of these are public sector sites with complex traffic, integration and security requirements such as NASA and the White House. Drupal has been known to drastically reduce or eliminate downtime in big sites, and to save time and money due to vastly reduced ‘failure alerts.’ Also, there are highly reliable troubleshooting resources and tutorials openly available due to the culture of documentation, contribution and sharing that has grown into a strong feature of Drupal that distinguishes it from other open source CMSes. In fact, there is a saying in the Drupal community that any solution an organization is looking for will probably have been discovered and implemented by Drupalers.

Drupal Solution Providers - Expert Service for Everyone

The vast resources at a Drupal expert’s disposal through the huge and established community of highly skilled and experienced module creators have facilitated the entry of a huge number of highly skilled individuals and boutique organizations capable of providing reliable Drupal services at lower costs than what a big organization would charge. Thus, for a public sector organization with perpetual difficulties in getting budgets approved, a Drupal solution would be approved much more easily by the funding authority.

It is not just developed countries, but also rapidly developing countries, especially hugely populated ones such as India and China, that are showing a strong trend towards Drupalizing their public sector service interfaces. When the Defence Research and Development Organization (DRDO) of India needed to optimise workflows for the purposes of critical data collection from its sixteen different labs, each of which is a behemoth following complex hierarchies and bureaucratic processes, it preferred to use the services of Valuebound Interactive Solutions, a boutique Drupal solutions provider.

Drupal experts create well-planned solutions by choosing the correct pre existing modules, developing needed modules and customizing distributions to create a solution designed for adaptation to constant change and enhancement, thus assuring an organization’s Drupal solution will last for decades working better for less money and time.

Valuebound, a Bangalore based Drupal development company, proudly announces the official re-launch of a new website for Zone Advanced Protection Systems, Australia.The new website: zoneaps.com.au  was official launched on June 6th, 2012.

Zone Products contracted Valuebound to implement a new design for their public website, using the Drupal Content Management System. In addition to designing a new theme & developing the content strategy, Valuebound team created a migration plan to import the content from the old Joomla based website to new Drupal CMS.

About Zone APS ( Zone Advanced Protection Systems), Australia

Zone APS, Australia is a key provider of mission critical electronic security and surveillance solutions. The enterprise was founded in 1986 and since then has partnered with some of the world’s leading electronic security equipment manufacturers like FLIR, MOOG,Video IQ and Pivot3 to deliver high performance security solutions. Arbitor™ PSIM(Physical Security Information Management) is Zone APS’s flagship software based Integration and Management Platform that connects and manages leading security and surveillance systems giving operators situational awareness and response capabilities through a Common Operating Picture (COP)

About Valuebound

An innovative enterprise level web solutions provider, Valuebound has gone from strength to strength as reflected in the projects we have undertaken. Valuebound is committed to help you and your business initiatives with its Drupal based responsive web solutions. For more information on how can we help you with your next project please contact us.

Valuebound Interactive has built an e-commerce website for Microchips Australia. This site is based on Drupal 6 and Ubercart, a Drupal e-commerce platform. A customized theme was designed and developed to showcase the strength of a client business vision. In addition we implemented a few unique featues like -

• The products can be bought online or a quote can be requested for the same.
• A buyer can shop online for both type of products i.e."Add to Cart" as well as "Add to Quote" variants.
• The mode of payment for “Add to Cart” category products is via Eway and to complete an order.
• If some products in the shopping cart belong to “Add to Quote” along with a few “Add to Cart” variants, the order will be processed as a free order with the following message under the tab “Payment not applicable until the quote item prices are detailed”.
• Products like microchips can be priced based on the quantity of an order placed by a customer.
• The payment options available can vary from using an official Purchase Order Number to paying by credit card.
• The option of placing an order for a product may vary based on the login options under different categories. For example, if Dr Smith logs in under “vet” category, he can now see the prices (applicable for vets) for Trovan Companion Animal microchips and can order directly from the website via “Add to Cart” but for other users it will still be "Add to Quote".

About Microchips Australia

Microchips Australia is a top notch distributor for Trovan Companion Animal Microchips and Readers. After its establishment in 1989 Microchips Australia diversified into making applications meant to aid wildlife research, laboratory testing and RFID animal identification. The implantable microchips supplied by the company are helpful in tracking lost pets and wildlife by utilizing the services of Central Animal Records, a nationally accredited animal microchip registry with a nationwide animal recovery database.

About Valuebound

An innovative enterprise level web solutions provider, Valuebound has gone from strength to strength as reflected in the projects we have undertaken. Valuebound is committed to turbofire your business initiatives with its Drupal based responsive website solutions. For more information on our services Contact Us.