Template vs coding from scratch in 2018

[Forumine.com]

We're rounding up with the design of a forum website forumine majorly in PHP. However, in the process of coding, I stumbled upon various tools, websites, and plugins that simplify modern coding and surprising easy to use. I now have to choose between coding from scratch versus just using these cool tools which even claims to deliver better and faster results.
Bearing in mind the pros and cons of both practices which includes having the right skills to write your codes to perform its specific function, implementing and completing your project within the shortest stipulated time frame, flexibility of code interpretation to visitors depending on the kind of website, freedom and customization capabilities, and extensions/patches for future upgrade.

My concern is what works best in recent years considering the points aforementioned and how coding literacy has been made super easy with friendly GUI websites and Free tools available online/offline. Looks like most millennial coders are "code kiddies" as it gets hard to tell a Code written from scratch to a template from the users stand point these days.

 

[Azareal]

From scratch can be higher quality, and I really do feel the difference, however it can also be a lot of work and can slow you down when you just want something out *right now*.

 

[Page]

From scratch can be allot more hard work and takes darn time. But more perfect results

 

[daica85]

I think using templates is saving a lot of time, money as well as resources. If you want to develop a forum from scratch, it needs a lot of time and hard work.

 

[Forumine.com]

Thanks for your contributions guys. At least I know what to consider whenever I have to setup a forum or blog website in the future

 

[Cosmic]

So, first rule: nothing is truly coded from scratch. Even if you write raw PHP, you’re still leveraging millions of hours of work that other people did to just use the language runtime and the web server.

So, the question is how much of other people’s code to leverage. At the very least, you’ll want to pull in a bunch of frameworks. Something on the backend, like Laravel or CakePHP. Some frontend stuff, like Bootstrap, Angular, React, Ember, etc. If you don’t do that you’re kinda wasting time. It’s like trying to open a beer with a pocket knife, not a bottle opener.

If you want to go a step further in using other peoples code, use something like Wordpress maybe, which is pretty customizable. There are templates too I guess. But be careful of any backend templates. The $100 things you can buy off those template sites are basically just cookie cutter molds. Meh, if you’re gonna use one of those, why would your users use your site, and not the other 999 sites that bought the template?

 

[Azareal]

I don't really like frameworks. Then again, Go's standard library is practically half a framework, templating (w/ XSS protection), weird query abstraction (w/ prepared statements), etc.

I would be careful of too much magic in a framework, as sometimes you get an array when you're expecting a string which creates a security vulnerability. That's precisely how some of these "NoSQL Injection" vulnerabilities work (there are others too which are trickier, always be vigilant, even with MongoDB) which can result in someone running arbitrary code.

Remote Code Execution is the highest and worst class of security exploits and can often evolve into someone seizing complete control over the machine. Adversaries are practically salivating at the thought of that level of access.
Drupal was affected by getting strange types when they didn't expect it too. Arbitrary code execution there too. Don't just use it, but try to understand how it works and how the control flows through it.

Also, type hints are your friend, if a function only expects strings, then lock that down in it's definition. The cowboy days of PHP where people will give you a chance after a security incident are over. Security, security, security. No risks can be taken.

For frontend, it probably depends on what you're doing, but in many cases, you may not need a frontend framework. They slow down page loads (particularly on mobile), add complexity, and aren't as useful as they seem (particularly, if you're serving static content).
Sometimes, it's enough to just go for the classics, rendering templates out on the server, doing full round trips, etc. A good CDN can cut times down anyway.

But yes, it's always good to leverage other people's work, I wouldn't want to spend the next few months writing a MySQL Adapter 😱, although make sure they're highly reputable when doing so. People can and will slip in malware.