I am trying to help a small restaurant owner take orders via the web.

Looking for a solution that:

• Can create the restaurant's menu.
• Display that menu on the restaurant's web site.
• Preferably, using PHP with MySQL.
• Take orders via that web page.
• Let the restaurant owner update the menu with today's specials, via the web.

Can you recommend any applicable open source solution(s)?

Hello lothario,

I've found out very little still about Joomla! but I have a friend who uses it every day and it works great for him; he's been recommending that left and right for any kind of web site with as many features as you want.

I've played with it a little bit and it seems very promising. It creates the PHP code automatically for you for common tasks like a log in and updating the content of pages is extremely simple without typing a single line of HTML code anywhere.

I strongly suggest you look into Joomla to see if it fits your needs.

I would set up a LAMP or WAMP server in your development computer first to try it out and to get familiar with it. Once you're comfortable with it you can tell your restaurant owner how to log in to the Control Panel of Joomla! and start updating the menu or even set up RSS news feeds for it.

Good luck on that project, it sounds very exciting,

Zac

If you want a secure system (which you want! since people can actually ORDER, thus real money transfers), DO NOT GO WITH JOOMLA! it's very vulnerable to loads of exploits weekly. If you still go with that route, fine, but then be sure to actually update as soon as there is an update announced by joomla security team. Also be very reluctant to thirdparty plugins for joomla! They are prone to abuse. (joomla! developers barely check those plugins for abusive code inside them, and since everyone can submit a plugin, this could end up harmful)

My suggestion would be to self build the system. (and then test it with a knowlegdeable php programmer to find any faulties). Better yes, let a experienced php programmer do the job, if affordable.
Most serious websites where payment info is used, use custom systems.
Reason is that it's doing what you want it to do, and just that no overload of stuff you don't need and therefor maybe being more prone to attacks, secondly, home made systems are more difficult to hack (if coded properly), since there is no public information about the backend. With e.g. Joomla! everybody can download it, and thus find errors easily, to abuse.
The only way to limit that chance if using Joomla! is doing regular updates (see above). But the experiences i've whitnesses tells me, people ease down on updates, once the site is up and running.

There is a lot in the teebones post that is correct, but let me post my own take on the Joomla! security issue, which probably differs in emphasis

• Many/most people who have launched themselves into the world of websites and CMS programs don't even realise that there there is a security issue until they get caught (and, even then, they may not have much of a 'root cause analysis and protecting for the future' attitude). They've read a 'How to Build a Fabulous Website and Start Coining it in, with no Real Effort,in Twenty Four Hours' type book, and it doesn't mention security and the result is they've either not thought about it, thought that it doesn't need doing or that it is somebody else's problem.
• Joomla! does have a poorer reputation for security than many CMS programs. The Joomla! guys themselves understand this, but claim that most of the security problems come from third party modules; in this they are probably correct
• You could build a site without third party modules, and avoid this element of the problem; you'd still have the rest of security to worry about
• Practically, you couldn't build a site without third party modules, because for most real sites you need the add-on functionality that they provide, otherwise you'll have a very dull site
• You could minimise your use of third party modules
• You could audit every third party module that you use, but you probably won't, because it requires quite a lot of work
• If you've gone at the third party modules like a starving man at an 'all you can eat' buffet, nothing will save you; you'll have so many that you can't audit them and the probability is that, with so many, you will have one, or more, with potential exploits against them
• Security is a process; whatever you do, you will have to devote time and energy to security, otherwise someone will exploit you; the worst mistake that you can make is thinking that this will, somehow, take care of itself

My objection to that would be that you are likely to substitute your own crap code for Joomla!'s not very good code. Brutal, I know, but there is certainly the case to be made that one of the disadvantages with 'easy' systems -whether it be a CMS, or PHP 'easy programming' or whatever- is that they encourage people to over-estimate their capabilities; if understanding security and auditing code for security issues isn't one of your strengths, better stay away from needing to do it. You could argue that it does get you the much-discredited 'security-by-obscurity' though.

I'd remove that objection if the coding was done by an experienced PHP coder with the right, security aware, mindset. But, that's not what you are going to do, is it?

Note this; it is not optional, if you are taking payments from plastic cards.

In short, I am afraid that the simplicity of setting up a website has been widely oversold to people who don't really have the background to understand the potential issues, and this goes wider than any one individual CMS.

Sorry for bumping an old thread but I am thinking of creating a site similar to the justeat(dot)ca website. i.e. Customers can browse the menu of local restaurants and then order and pay online.

If I was to create the bones of my site with Joomla and then have a developer write a custom component that facilitates the listing of menus and shopping cart functionality, would you also view this as a security concern seeing as the site itself will be Joomla based?

Many thanks!

Well, it may have been better to start a new thread...I would say, in this case, you've done the right thing, because your problem is so similar to the original, but maybe a mod will come along and disagree.

Anyway, to the answer:

It depends.

If you could configure the CMS-driven part to have nothing to do with the ordering part, then I don't see why it should be too great a problem. Unfortunately, a design like that may well have poor usability (eg, maintaining a completely separate list of pictures, from the ordering part might be seen as unnecessarily obstructive by users, and you could still have, eg, denial of service attacks on the CMS part, which, if the CMS part was of any use (and why have it, if it wasn't?) would still be badly perceived).

If the 'ordering part' and the 'CMS part' are more integrated, then there is clearly a possibility that an attack on the CMS could cause problems for the ordering part.

In any case, just to repeat, in case you haven't followed the link above, if you are intent on taking payments from plastic, you need to meet the appropriate requirements; see here. Also note that this is not optional; if you believe that this is too much trouble, and unnecessary bureaucracy, don't even start.

I am unclear why there is no thought of using a system which has a slightly better security rep than Joomla!. This couldn't cure all of the problems - you'll still have all of the problems of creating and working with a secure platform, but you really don't want to opt to import unnecessary problems.

1 members found this post helpful.

Hi salasi,
Thanks for the reply. Gives me a bit more food for thought.

The reason I thought of using Joomla was because I have used it for a couple of basic website in the past. What would you suggest in place of it?

Maybe Drupal or Plone, although Plone does seem to be a bit slow (or need a bit more in the hardware department to be adequately fast), although there are many others. A site like cmsmatrix will show you loads of options and a site like cmswire will give you background materials, and comparative reviews and details.

Here´s an example http://eatonline.eu, this website was designed with open source(joomla)

Hi,

A few years ago we built an online ordering system and website for a restaurant in PHP. This platform allows restaurant owners to put their restaurant menu online, manage orders and page content. Customers can order and customize food items, choose a delivery method, pay for their order and tips online, save their favorite orders, etc.

Here is a link to the demo: dallasjonesbbq.outsidethepixel.com

We were thinking of making this platform available for free for web developers, open it to contributors and let them develop plugins and extensions.

Is that something anyone would be interested in? Would you prefer to use a framework/platform like this one developed by another team, rather than creating your own from scratch?
Any suggestions are welcome.

Thanks,
Aurelien

__________________________
Outside The Pixel
outsidethepixel.com

Hello aurelien, welcome to LQ.

Might I suggest that you make a new post on this subject. I agree the original post is similar.

I just think that a new post would be a better way to make your question more visible.

Sure I'll do that. Sorry for the inconvenience.