I am creating something similar to a Content Management System, that can be downloaded and used by everyone that needs it. I’ve been working in web-development for a couple of years (mainly as a hobby, i.e. creating personal homepages for acquaintances), but have never had the need of a user to enter his own configurations (let it be database connection, meta-data about his site, desired behaviour of the website).
Therefore I have no experience with custom configuration file handling. That’s where my question lies: What is the best practice to handle custom website-wide configuration files and handle them in PHP?
I have thought of creating INI-files, that can be customized from within the admin panel and that are hidden to the user by .htaccess for security purposes. However I don’t know if INI is the best method to do this considering that the page is being developed to be extensible through plugins (which may lead to another question soon).
So what is my best bet to handle configurability? For instance do I want to store database configuration in files somehow and have other configurations outsourced to the database itself? Or do I store everything in INI-files (also considering configurability for plugins: Should everyone of these have their own config-file)?
1
Have you looked at other CMS and how they approach the problem?
For example, Drupal configuration responds to all your current needs and shows one possible way to not being limited by the constraints of INI.
You may also consider:
- Ordinary PHP files (pros: simple, no parser needed; cons: the end user can screw the file and break the entire app),
- INI (pros: still simple; cons: the flat structure is limiting),
- XML (pros: no limits of INI; cons: not user-friendly, too much markup),
- JSON (pros: less markup compared to XML; cons: still not user-friendly),
- YAML (pros: humanly-readable; cons: the end-user can still screw the structure),
- Custom page which allows the user to configure every aspect of the application though web interface (pros: user-friendly; cons: the excessive cost of developing the solution).
If you’re working with end-users who don’t have technical background, the last solution is the only one viable.
Applications like PHPBB show how to make two-step configuration: when the application runs for the first time, it executes setup.php which asks for the connection string, the root password, etc. Once the app is installed, the administrator can log in to access the administration panel.
2
There are different configurations for any decent web application. Some of them has to be stored on the file system, because at the initialization time you don’t have access to the Data Storage, unless you hard-code it inside the source code.
You can store those configuration which are mostly database connection and encoding settings into any format that could be later feed into your application.
An INI file is good because it is simple. So if a non-technical user has to go and manually edit the configuration, it is less likely that they broke it, however there is a very small overhead in terms of parsing it. The INI files are one of the most common way of storing configuration data.
Another option is to make use of JSON to store the data. In this case it will harder to modify the file manually, however JSON is kinda established as an standard way of dealing with data. That meant to be like this in fact.
A PHP file containing any form of valid PHP code could be another option. You can define your options as Constants then you will have all of them in the global scope — it could be a good thing at development time or a potential security hole in the production, specially if you’re allowing third-party code to be included by user in your application.
A PHP Array of settings or a Serialized string of an array are other options. You can have an instance of your configuration class as well, inside your configuration file, that could provide you with extra functionality as well.
After your application is initialized, then you can connect to the data storage and load or store the rest of work in there which is more convenient for most cases.
P.S. There are dozens of other formats like XML, etc. that you can use them as a way to store the application configuration, but they are almost same as JSON and INI files in terms of explanation, so I’m not going to list all of them. You should eventually choOse a format that is more suitable for your end-user or offer them couple of ways and let them choose how they want to store the configuration — I know that it sounds like an overkill but at some projects it’s necessary to support different formats.
The popular CMS like WordPress stores its database configuration with few basic configuration options in php file called config.php and rest all in database.
This method is quite effective if you want to store single as well as multiple configurations which you may be thinking of like for theames, plugins, langualges etc.
Editing php config file with constants can also be also as user friendly as other text INI file if written so.
You will need to identify which settings can go in config file and other in database.