By Harry Fuecks

PHP / Web Application Integration

By Harry Fuecks

I forget how I ran into this document now and can’t even tell you who the author is (hopefully they’ll step forward) but it’s an interesting read anyway: Aspects of the integration of two or more web applications (application/pdf). Found the link a while back, via one of the Gallery forums / mailing lists, thanks to a chance result searching for something entirely different on Google.

Anyway – memory loss aside – this is basically a short “research paper” written by one of the Gallery2 development team on how to do web application integration. In case you were wondering Gallery is a (perhaps the most) popular PHP image gallery application. Gallery2 is a complete re-write and was released last autumn (./ announcement here).

Returning to integration, this is area which has yet to be well solved IMO, either in PHP or other web platforms. The basic requirement often stems from “How do I provide my sites visitors a single signon to my forum / wiki / blog / gallery etc.?”.

The gallery2 paper identifies the following key “aspects” for integrating web applications (the selection of items has a PHP-specific slant but believe it’s still broadly applicable to any web platform);

  • Master-Slave relationship and Communication
  • User and Group management
  • Session management
  • Authentication
  • URL generation
  • Visual Integration
  • (Permission Management)
  • Controlling Access
  • Search and other API interfaces
  • Namespace Collisions
  • Environment

Will let it speak for itself. Really this document now needs expanding with more detail and proposals for ways to solve this stuff in a generic manner (if that’s at all possible) that could be applied to any (PHP) application.

In practical terms, another way to look at web application integration is where to do it, as in what layer? That pretty much boils down to;

  • At the data: e.g. hack App Y’s signon logic to use App X’s “users” table. This often starts out looking like the easiest way to go but, in practice, may lead to having to re-write (or copy / paste) significant parts of App Y and means you need to track your hacks. Every time I’ve ever gone here, reached that point of “Would have been less work to write my own from scratch”.
  • At the code: APIs, smart includes etc. This is generally the way to go I guess but requires application development teams to think out of the box a little and consider how and where other applications could plugin with theirs. Have seen this done many different ways in PHP, from fudforums (an includable PHP script containing functions like fud_fetch_full_topic) and the Horde framework’s “COM” to Serendipity’s embed “mode” and dwBliki. Really this topic needs a long, long discussion, which I’m going to avoid.
    But while I’m here, on a semi-related note – Scarlet (en) a dependency injection container for PHP. This is not the only PHP DI implementation BTW – will have to see what Pawel has to say about his on Friday. Meanwhile Jeff has something brewing.
  • At the HTML: such as Sitemesh way (or PHP Mesh – capture and merge your HTML server-side. XSLT might also apply here. Also relatively easy but also easy to break I guess.
  • …and one more I guess – Greasemonkey – push the problem onto the browser.

Anyway – judging by results, the Gallery team certainly have some lessons to share.

Ending on a vision thing: how about we make 2006 the year we really nail PHP app integration?

  • WebDevGuy

    You could also use LDAP/OpenLDAP for single signon access control.

  • WebDevGuy

    Or an RBAC like Pear’s LiveUser

  • Ren

    Hacking at the data layer, can be done abit lower with database triggers. Pick one table as the master, and put insert/delete/update triggers on to replicate to the slave tables.

    Could put a front controller on the combined applications then that invoke the actions of both applications for things they have in common, login etc. It’d probably require knowing about the inputs & validations and rewriting $_GET/$_POST to the expected values. Though detecting the success or failure of an action maybe problematic, worse case could mean scrapping html.

  • Randy Boland

    Their server seems to be dead. Would anyone be willing to re-post it elsewhere?

  • Their server seems to be dead. Would anyone be willing to re-post it elsewhere?

    OK – for now have put a copy here – that’s without the authors permission and will happily remove it again as requested.

  • expos1994

    I just did this with phpbb. It was rather simple after a little research.

    For my needs all I wanted to be able to do was authenticate users outside of the forums. I was able to use the phpbb session and user data and just add the same authentication code to each of my pages. If the user isn’t logged in they are sent to a custom login page that is basically a hacked up phpbb login page.

    It was about 3 lines of code. 1. Include the common functions 2. start the session 3. set the userdata. (all of the function are including in phpBB’s standard includes).

    There will be a few more hacks and cracks that I will do, but basically I’m integrated.

  • toyer90

    IMHO Drupal has more or less done this – or at least can do this without much problems.

    I can have a forum, wiki, blog and gallery all from one sign in, managed by roles with very good access rights.

    If I can’t do something, the API’s are goood enough for me to write a module that will extend the features to do it, without any core code hacks. Sure I have to update them when an API changes etc, but that only happend per x.x verson.

  • Randy Boland

    Thanks, Harry. By the time I got around to checking for a reply, it was back up.

  • Pingback: Online Marketing Spot » Blog Archive »()

  • willthiswork

    With regard to User and Group management LDAP would also be an interesting option as someone pointed out in this thread.
    But certainly not in shared hosting enviroment, which unfortunately cuts out a lot of audience.
    Pear, as usual, has already some nice packages like DB-ldap and Net_ldap.
    I also tried Pear_LiveUser but it was in a very early stage at the time and I could not figure out how to work it properly.
    Did anyone experimented with it recently?

    Along with Drupal, also Egroupware did a very nice job in building a pluggable api.
    Especially with the Kontact project

  • Anonymous

    Coppermine for all its crappy code seems to have done all the above and much better

  • Anonymous

    I was looking for the same thing, and currently doing some research on it. I still think that there has to be a generic script/standardize rule like the one w3 buil for css, xhtml and etc.

    Somebody know any small project that work on this yet?


  • Andy Staudacher


    This “short paper” is nothing more than a short writeup since G2 was contacted by Brian Moon from a while ago to get an integration initiative started. I just wanted to create a coarse list of things that should be addressed. As with most of these things, I have never heard anything back.

    However, we’ve done much more and this document is very coarse. Detailed documentation is still missing, but there is more than this small writeup: (goes into more detail) (explains the approach to integration, no specs yet for a standardization / general initiative).

    But I was happy to hear that a phorum developer actually started a phorum integration module this January / February and the result is very similar to what is explained in the above links.
    Also, there are more and more CMS’ / frameworks that offer the required events.


  • Bharat Mediratta

    In case it’s unclear from his post, Andy Staudacher is a principle developer of Gallery 2 and the author of the PDF document. He has been the lead developer for the Gallery 2 integration system.

  • Pingback: links for 2006-06-16 at 59ideas()

  • Pingback: links for Jun 12-18 at 59ideas()

  • shaw

    I used pervasives data integrator for a quickbooks to salesforce application integration project and I have to say it was so simple and took less than three days. They have a slower free version too if you only need to do a one time thing at

Get the latest in Front-end, once a week, for free.