calibre2php

RhysMcW · 10-09-2009, 07:00 AM

On the Calibre2Web thread there were a number of requests for a PHP interface to Calibre.

I'm not really a PHP developer but decided to give it a try and now have something started that I want opinions on before I continue too much further (and in case someone else has already done something better).
There is still much to do but it is usable in it's current state.
The default view is basically the same as Calibre's and currently only sorts on the "Date" (date added to Calibre), but you can select the "Index by Title" or "Index by Author" (still defaults to sorting by "Date" for now).

You can view a demo here.
Username: demo
Password: demo123

All the files shown in the demo library are freely available, mostly on Gutenberg

Let me know...

itimpi · 10-09-2009, 07:21 AM

I just got a blank page when I tried to log into your demo

RhysMcW · 10-09-2009, 07:27 AM

Quote:

Originally Posted by itimpi

I just got a blank page when I tried to log into your demo

sorry - forget to update where my ebook store was...
should be up now...

FragFrog · 10-09-2009, 09:15 AM

I am somewhat mixed on this to be honest. On the one hand would a direct querying of the datastore file allow one to have the site available even when Calibre is not running - something quite usefull in its way, at least for me since I already have a webserver in my home network and don't need a second one. On the other hand, this only works if said webserver has direct access to the datastore file, which is somewhat less easily accomplished. Overall though I welcome the ability to simply add a vhost to my existing webserver and not bother with running Calibre all the time - I can see why there would be requests for this and appreciate the effort you've obviously put into this

Then, as for the code itself: you store almost all global information in the session which, if anything, lacks elegance. While some parts are decently documented, most are not, which is not too bad in a new project but something to be wary off.
What I find more troublesome however is the complete lack of classes and structure. Granted, procedural programming has its place, but it's a small place and not a good one to start out from with a new project in my opinion.
There is also a lot of mixing of PHP and HTML, while usually limited within functions it is not something I enjoy seeing - the MVC architecture has many benefits, and will save you a lot of trouble later on if the project grows.
Last but not least you do not seem to escape any variables in your SQL queries, but instead rely on them being set savely and correctly in the session. While this might be true (I must confess to not going over all your code) it is a potential security risk, especially on hosts with register_globals still active (and those number more than I would like). I am no hacker myself, but have experienced numerous attacks on sites I worked on - some successfull, others not so. It has made me cautious, and using parametrized queries would be a simple way to prevent any possible hacks since you're already using PDO

RhysMcW · 10-09-2009, 09:44 AM

Quote:

Originally Posted by FragFrog

On the other hand, this only works if said webserver has direct access to the datastore file, which is somewhat less easily accomplished.

What I've done is actually moved my ebook library store onto my web server and access have a shared drive mapped to it from the PC and I've set Calibre to use that path directly thereby any changes I make in Calibre are immediately available on my web interface.

Quote:

Originally Posted by FragFrog

Then, as for the code itself: you store almost all global information in the session which, if anything, lacks elegance.

Being very new to PHP I appreciate your comments.
I store the variables in the session to have them available to each .PHP without having to pass them in the URL to keep them from the user browsing, seems like a good idea unless there's a better way (still keeping them invisible to the browser).

Quote:

Originally Posted by FragFrog

There is also a lot of mixing of PHP and HTML, while usually limited within functions it is not something I enjoy seeing - the MVC architecture has many benefits, and will save you a lot of trouble later on if the project grows.

Not sure what the "MVC architecture" is yet

, I was trying to make this be dependent on as little as possible as some people were talking of wanting a PHP interface for use on their NAS box and I figured there probably won't be too many nice modules etc available.

Quote:

Originally Posted by FragFrog

It has made me cautious, and using parametrized queries would be a simple way to prevent any possible hacks since you're already using PDO

Do you perhaps have an example of using "parametrized queries"? Again, not sure what you mean yet

Thanks again for your comments. There's still a lot to be done and part of that I'll probably be moving some of the code in the main .php into functions in calibre2php.inc.php.

10-09-2009, 07:21 AM	#2
itimpi Wizard Posts: 4,553 Karma: 950151 Join Date: Nov 2008 Device: Sony PRS-950, iphone/ipad (Marvin/iBooks/QuickReader)	I just got a blank page when I tried to log into your demo

10-09-2009, 09:15 AM	#4
FragFrog Connoisseur Posts: 83 Karma: 32 Join Date: Oct 2009 Location: The Netherlands Device: PRS-600	I am somewhat mixed on this to be honest. On the one hand would a direct querying of the datastore file allow one to have the site available even when Calibre is not running - something quite usefull in its way, at least for me since I already have a webserver in my home network and don't need a second one. On the other hand, this only works if said webserver has direct access to the datastore file, which is somewhat less easily accomplished. Overall though I welcome the ability to simply add a vhost to my existing webserver and not bother with running Calibre all the time - I can see why there would be requests for this and appreciate the effort you've obviously put into this Then, as for the code itself: you store almost all global information in the session which, if anything, lacks elegance. While some parts are decently documented, most are not, which is not too bad in a new project but something to be wary off. What I find more troublesome however is the complete lack of classes and structure. Granted, procedural programming has its place, but it's a small place and not a good one to start out from with a new project in my opinion. There is also a lot of mixing of PHP and HTML, while usually limited within functions it is not something I enjoy seeing - the MVC architecture has many benefits, and will save you a lot of trouble later on if the project grows. Last but not least you do not seem to escape any variables in your SQL queries, but instead rely on them being set savely and correctly in the session. While this might be true (I must confess to not going over all your code) it is a potential security risk, especially on hosts with register_globals still active (and those number more than I would like). I am no hacker myself, but have experienced numerous attacks on sites I worked on - some successfull, others not so. It has made me cautious, and using parametrized queries would be a simple way to prevent any possible hacks since you're already using PDO

Advert

Advert