Ah no, I don’t want Virtualmin to be PHP. I think one of the advantages it actually has is that it’s developed on Perl (even when some sites comparing control panels mention it wrongly as being developed with PHP).
For some strange reason, I always have the impression the same things in Perl are faster than exactly the same stuff in PHP. Maybe it’s just me or my mind playing tricks on me over the years, but I do thing that Virtualmin is so fast because its Perl or maybe it’s because Perl developers tend to be better than newbie PHP ones (me included). Or just because I always loved Perl as my first script language I ever learned.
I thing Perl probably adds some extra security vs PHP today. Not because it’s safer, that would be rubbish as I’m sure you can potentially execute similar flaws and injections to the code but for the fact that most attackers are very good at exploiting PHP apps today and less tools try to do it with Perl. Like the false sense of security, you could say with Windows Phone is more secure than Android because nobody is using it
I like Perl. And while I’m not an expert I may take my rusty Perl books out again just to benefit from writing something for Virtualmin. With the years I replaced Perl with PHP for most things, not because I disliked Perl but because everything is PHP today and so software, documentation and just general code is easier to find. It’s actually rare to see a web server software build in something else, its either PHP or Python.
I don’t want to run PHP inside the Virtualmin code, that would certainly be a bad idea running it as root….like most Virtualmin scripts already do. But just use the API like you mentioned but instead of having to setup an external server to the Virtualmin server where the PHP interpreter is executed have a way to run it build in with the same internal server.
Example, if you want to add an extra piece of code into the side menu that triggers a PHP page/module, this will probably cause all kind of security problems right now, unless its running as Virtualmin or inside it. If you are running it externally then you don’t need to log into Virtuamin in the first place. The idea is to extend what someone can do and make it feel as a natural extension of the control panel. For example, if someone wants to build a module service into Virtualmin that does something he needs to create a Perl module. But if they only know PHP, maybe a special module that wraps PHP from an allowed domain inside that server (that has a PHP interpreter and server running) could manually be allowed to execute Virtualmin data or requests (denying any other public requests but only accept them from inside logged Virtualmin users). I’m not sure to be honest. I just an idea to make it simpler for PHP developers that want to build things for the software.
Personally, I will just use Perl but it would be great if you already have code you can re-use. This would be for people that want to extend the control panel for their own use or customers, in no way I’m referring to push or mix code into the official software.