MyCMS [PHP, Secure, Fast]

[Liam]

MyCMS

Hello, RaGEZONE, today I am here to announce the official development of MyCMS!

MyCMS is a CMS based on nothing at all, completely from scratch! The CMS uses it's own include method, and is very secure, from how it is now!

This CMS will hopefully be a success! As I have just learnt PHP, so I am always upgrading the CMS, and fixing any errors I come across!

The CMS was developed by myself and PowahAlert, and he has left the rest of the work to me, so I can improve my PHP skills!

Image(s):



What have we coded?
Login - 100%
Register - 0%
Me.php - 50%
SSO - 100%
Logout - 100%
Client - 60%

The layout is being coded, right this second.

Snippet(s):
Me.php

PHP Code:

<?php
//###############################################
// MyKi's CMS.
// Help from PowahAlert
//###############################################

// Requiring Files.
@require_once 'global.php';

// Has the user logged in? If not, then they can gtfo to the index page!
if(!isset($_SESSION['MK_USER']))
{
Header("Location: index.php");
}

?>

Global.php

PHP Code:

if(isset($_SESSION['MK_USER']))
{
  $username = $_SESSION['MK_USER'];
  $query = mysql_query("SELECT * FROM users WHERE username = '$username'");
  $assoc = mysql_fetch_assoc($query);
  $password = $assoc['password'];
  $coins = $assoc['credits'];
  $mail = $assoc['mail'];
  $look = $assoc['look'];
} 


PHP Code:

// Variables for My CMS.
$fetch = mysql_fetch_assoc(mysql_query("SELECT * FROM server_status"));
$hotel_name = $fetch['site_name'];
$server = $fetch['server_ver']; 


Class.core SSO

PHP Code:

function SSO_TICKET($username) 
    {
        $rand1 = rand(100000, 999999); 
        $rand2 = rand(10000, 99999); 
        $rand3 = rand(10000, 99999); 
        $rand4 = rand(10000, 99999); 
        $rand5 = rand(10000, 99999); 
        $rand6 = rand(1, 9); 
        $ip=@$REMOTE_ADDR; 
        
        $ticket = "ST-".$rand1."-".$rand2.$rand3."-".$rand4.$rand5."-mycms-".$rand6; 
        mysql_query("UPDATE users SET auth_ticket = '" . $ticket . "' WHERE username = '" . $username . "'");
        mysql_query("UPDATE users SET last_ip = '$ip' WHERE username = '$username'");
        return $ticket;
}


        } 


Password encryption

PHP Code:

$password = sha1(md5($_POST['password'] . $salt) . $salt); 


What emulator will this work with?
The CMS will work with Phoenix Emulator!


There are no images, yet. I will keep you guys updated on what's going on with the CMS.

I will also be re-coding everything into functions, instead of everything in the global.php.

If you have any constructive criticism, post!

Please, don't spam me, I'm quite new to PHP, so to me, this ig good work, so far.

Thanks to PowahAlert for all the help he's given me!

[MentaL]

[Aaron]

Approved.

Your approach is fine.. as a beginner. Since you're new, it's best that you learn security right away -- how to avoid, and protect yourself from SQL/XSS injections. Look up mysql_real_escape_string, etc.

One way I would go about this, is to immediately learn MySQLi, and research OOP methods.


Add screenshots as soon as you've made some sort of progress.

[Joopie]

Maby try some oop

And "The CMS uses it's own include method, and is very secure".
It is just require_once what you use?
Posted via Mobile Device

[Kryptos]

I wouldn't expect this to be a success, it's far away from being at the level of other CMS' (uberCMS, Rev, Brick, VisualCCMS, etc), but I wish you good luck and hope you learn quite a bit!

[Hejula]

Lol, so if session it set every time someone reloads the page, it redefines all the variables? /sigh.

[Joopie]

Lol, so if session it set every time someone reloads the page, it redefines all the variables? /sigh.

True, if the user login just save all the user data in the session.

And use user IDs to get the data from the database. Its much faster because the id is an primary key that is indexed.
Posted via Mobile Device

[Liam]

Lol, so if session it set every time someone reloads the page, it redefines all the variables? /sigh.

I will be cleaning the CMS up, I got the client working, SSO tickets coded, and starting the Habbo Layout.

[Nathandj]

Use caching, and create functions like 'GetUserKey(id, var)'

[Liam]

I'm testing around with functions, is this kind of functions right;

PHP Code:

function TEST($username) 
    {
    mysql_query("UPDATE users SET motto = 'test' WHERE username = '" . $username . "'");
    } 


I popped this into the me.php, as a test. And it ran the MySQL query in the functions, so this is good.

PHP Code:

$Core->TEST("$username"); 


Should I use functions or use variables, or borh?

[Nathandj]

I prefer MySQLi instead of MySQL.

[Liam]

I prefer MySQLi instead of MySQL.

What's the difference?

[NoBrain]

Seem alright but as Kryptos said, "I wouldn't expect this to be a success".

All the best though.

What's the difference?

MySQLi is more efficient.

[Liam]

Well, it's deffenentally more secure and better than PhoenixPHP. Hehe.

---
Update:
Coding layout for the login
---

[BetterWay]

Well, it's deffenentally more secure and better than PhoenixPHP. Hehe.

---
Update:
Coding layout for the login
---

You keep fooling yourself do ya?
At the help threads you asked all about coding languages..
You just started PHP, and now you're developing an CMS..

This would be no success ;)

[Aaron]

I'm testing around with functions, is this kind of functions right;

PHP Code:

function TEST($username) 
    {
    mysql_query("UPDATE users SET motto = 'test' WHERE username = '" . $username . "'");
    } 


I popped this into the me.php, as a test. And it ran the MySQL query in the functions, so this is good.

PHP Code:

$Core->TEST("$username"); 


Should I use functions or use variables, or borh?

What's the difference?

Refer to s-p-n's [thread] in the CP section.


Learning this way is kind of good because if he has security flaws, or comes across errors/things he doesn't know how to resolve, he can ask for help, receive it, and learn immediately.

Have to start somewhere.