Book Image

Elgg 1.8 Social Networking

By : Cash Costello
Book Image

Elgg 1.8 Social Networking

By: Cash Costello

Overview of this book

As an updated version of the first ever Elgg book, this is an excellent resource for those interested in Elgg development due to its attention to detail, clearly written style and knowledgeable author. - Dave Tosh, Elgg co-founder. In his book, Cash Costello makes full use of his skills in development and communication to tackle the complex subject of Elgg social networking. This easy-to-read guide gives end users, new developers, and old pros alike a solid base to start their venture into social media with Elgg. I highly recommend it as a useful and enjoyable read. - Brett Profitt, Elgg Lead Developer The web is becoming increasingly social as millions of people use it to blog, share, post, 'friend', 'unfriend' (which was made the Oxford word of the year in 2009), comment, and chat. Elgg ñ your award-winning open source social networking engine ñ is tailor-made to create any social networking or social media website you can imagine. If you want to create a social networking website from scratch using Elgg, then this book is exactly what you need.Elgg 1.8 Social Networking covers everything you need to know about building a social networking site with Elgg. It begins with instructions for installing Elgg, continues with a guided tour of its capabilities, and finishes with practical advice on deploying Elgg on a production server. And in between, it is packed with information on configuring and customizing Elgg through plugins and themes.This book is a learn-by-doing guide to creating your own social networking site. It includes three sample case studies on how Elgg could be used as an e-learning tool, an intranet application for organizations, and a niche social networking site. Step by step it takes you through the installation, configuration, and customization of Elgg. Valuable advice is sprinkled throughout the book to enable you to build your site like an expert. For developers, this book provides a multitude of options. First, there is a tutorial-based section that systematically teaches you how to build plugins. Soon you will have ten plugins for use on your site in addition to all the knowledge you have gained. Second, if you prefer a quick overview, this book has an appendix that describes Elgg using the terminology and design patterns common in web development. Third, if you are interested in creating a theme, it also includes a design tutorial and a catalog of Elgg's view templates. The book then goes on to describe what is involved in running a production website. It has sections on selecting a hosting provider, configuring and tuning the server, backing up the site, and dealing with spammers.
Table of Contents (21 chapters)
Elgg 1.8 Social Networking
About the Author
About the Author of 1st edition
About the Reviewers

Lightning round

There are many topics in Elgg development that have not yet been covered in this guide. This section includes brief descriptions along with pointers of where to look in the code for more information.


Elgg uses a simple version of pluggable authentication modules (PAM). The default authentication module uses the username and password available from the ElggUser class and stored in the database. Additional authentication modules can be registered through plugins.

See: /engine/lib/pam.php and pam_auth_userpass() in /engine/lib/sessions.php


There are several types of caches in Elgg. There are memory caches for database queries and loaded objects to reduce the number of database queries. Views can be cached to files to skip the generation of frequently used views like the CSS view. There is also experimental support for memcache. The caching code is spread throughout the engine libraries.

See: /engine/lib/cache.php, /engine/lib/memcache.php, and any of the data model files.


The database username, password, and hostname are stored in /engine/settings.php. Other configuration settings are stored in the database. Elgg supports system-wide settings through its data list functions and site-specific settings through its configuration functions.

See: /engine/lib/configuration.php and the config database table for site settings and the datalists database table for installation settings.

Debugging and logging

Elgg provides its own logging function: elgg_log(). This function works in concert with the debug mode in the site settings. The debug mode parameter sets the trace level to control the amount of information logged. Elgg supports logging to PHP's error log or to the screen. Additional destinations can be set through a plugin hook.

User actions are logged to the database through the system log functions. There are two plugins for working with the log: logbrowser and logrotate.

Elgg also overrides PHP's default logging and exception handling with functions in elgglib.php.

See: /engine/lib/elgglib.php and /engine/lib/system_log.php.


Elgg includes its own library for client-side JavaScript and Ajax functionality built on top of jQuery. It is designed to be extensible with plugins able to create their own namespaced objects (see /mod/embed/views/default/js/embed/embed.php for an example of that). The library supports submitting to Elgg actions via Ajax, displaying status messages, and custom client-side events.

See: /js/ and /views/default/js/


Elgg has many menus. Site-wide navigation, avatar drop-down menus, and a footer menu are just a few examples. All of the menus are created using a single API. This API supports static menus, context-specific menus, custom templates, and hierarchical menus. A valuable resource for understanding the menu system is a series of articles posted on the Elgg blog. They can be found by visiting and searching for "menu".

See: /engine/lib/navigation.php and /views/default/navigation/menu/

Private settings

Private settings are similar to metadata and are used for storing settings for plugins and users.

See: /engine/lib/private_settings.php


Search is provided through a plugin that uses MySQL's free text search capabilities. There is a readme file in the plugin's directory that provides an overview of the plugin and how to extend it.

See: /mod/search/


A wide range of topics fits under the heading of security. This section highlights Elgg's security against cross-site scripting (XSS), cross-site request forgeries (CSRF), and SQL injection attacks. User-submitted input passes through the get_input() function, which filters the data. The filtering occurs through a plugin hook that the htmlawed plugin handles. The action system uses a token-based approach to CSRF attacks. SQL injection protection is provided by escaping parameters during query generation. More detailed information is available on the Elgg wiki.

Session handling

Elgg uses PHP's session handling and stores the session data in the database. A session contains the user object for the logged in user, which is accessed through the function elgg_get_logged_in_user_entity().

See: /engine/lib/sessions.php

Unit tests

Elgg uses the SimpleTest framework for its unit tests. The unit tests are run through the diagnostics plugin. Plugins can add unit tests by registering a callback for the 'unit_test', 'system' plugin hook.

See: /engine/tests/ and /vendors/simpletest/

Web services

A REST/RPC hybrid web services API is included with Elgg. It enables sites to expose a custom web services API. These web services can be used for building desktop and mobile applications, integrating with third party applications, or creating mashups with other websites.

See: /engine/lib/api.php


Elgg has a simple widget framework. By default, widgets are available on users' profiles and dashboards. They are easy to create and there are tutorials in Chapter 8 and on the Elgg wiki for building them.

See: /engine/lib/widgets.php