Precurio PHP Intranet Review

In searching for an Open Source PHP Intranet solution, I came across Precurio. It had the look and features I was searching for, so I decided to give it a spin.

After evaluating Precurio for a whole afternoon, I’ve decided not to use it. It does not seem mature or stable enough to meet my needs. Here is some of my feedback that I proved to them and hopefully I’ll come back in maybe a year it will have matured.

– Installation process is buggy. Had issues with cache_dir and had to manually edit Zend library files. User creation step was skipped several times till the cache_dir issue was worked out. Took me several hours to get it installed.

– Did not allow us to specify the socket in the mysql host name like most other PHP apps do.

– Various php errors and warnings appeared upon first use. Posted these in the Installation forum. Could not debug myself after a few tries.

– One of the biggest red-flags that made me end my evaluation of Precurio was when I noticed this posted to my profile Recent Activity feed:

Test Tester You account has been created. Your login details are:
Login : someone@example.com
Password : [snipped]

Imagine my surprise when my password was displayed for me on-screen. This is a MASSIVE security flaw. Even if this message is only displayed to me, it is 1) not hashed in the DB obviously, and 2) visible for anyone walking by my computer to see.

This tells me that Precurio’s approach to security is not up to my standards. Too bad b/c I was going to use it for 2 large projects. That was a deal breaker for me and stopped my evaluation in it’s tracks. Too bad b/c on the plus side the code is well organized and built on the Zend Framework.

Good start, and has huge potential, but needs a lot of work and maturity.

UPDATE1: Apparently it requires PHP version 5.3.0 and I’m on a slightly earlier version. So that might (and I say that with heavy skepticism) be the cause of the PHP errors.

UPDATE2: While user passwords are stored in some sort of two-way encryption in the main user table, it is stored in plain text in other tables. Not ok in my books – especially for corporate use.

UPDATE3: Precurio immediately released a patch for the plain text password issue. Great response time. I think I may continue to try an puzzle out the PHP errors on my version of PHP and see if I can’t salvage this after all.