[BETA] AdvacPHP

[Liam]

AdvacPHP - Also known as Advac Content Management System

AdvacPHP is a simple coded news system, it allows site owners to keep there users up to date with small articles!

The CMS comes with a admin panel allowing you to create news/articles along with the article creators name!

Images:




Snippets:

PHP Code:

<?php
$query = "SELECT id, title, author, post, DATE_FORMAT(date, '%d %M, %Y') as sd FROM news_posts";
$result = @mysql_query($query);
 
if ($result) {
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo '<p><b><h1>'.$row['title'].'</h1></b>
<h2>Posted by: <b>'.$row['author'].'</b><br /><br></h2>

<h3><b><i>Article:</b></i><br> '.$row['post'].'<br /></h3>
';
}
} else {
echo 'There are no news posts to display!';
}
?>

$dbc = @mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL: ' . mysql_error());
@mysql_select_db (DB_NAME) OR die('Could not select the database: ' . mysql_error() );

$title = "AdvacPHP";
$motto = "Free news system for your website!";
$logo = "../images/logo.png";
$text = "<br>Keeping you updated!";
$latest = "Latest news";

The CMS is in BETA stages, and will be secured more in R2. Also, please don't flame me, as I am quite new to PHP!

Download: advacphp.rar

How to setup?
1) Edit global.php
2) Edit admin/checklogin.php
3Create a db called advacphp and insert:

PHP Code:

-- phpMyAdmin SQL Dump
-- version 3.4.5
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Jan 07, 2012 at 10:57 AM
-- Server version: 5.5.16
-- PHP Version: 5.3.8

SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `advacphp`
--

-- --------------------------------------------------------

--
-- Table structure for table `comments`
--

CREATE TABLE IF NOT EXISTS `comments` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `nid` int(11) NOT NULL,
  `title` varchar(70) NOT NULL,
  `author` varchar(50) NOT NULL,
  `comment` text NOT NULL,
  `DATE` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- --------------------------------------------------------

--
-- Table structure for table `members`
--

CREATE TABLE IF NOT EXISTS `members` (
  `id` int(4) NOT NULL,
  `username` varchar(65) NOT NULL DEFAULT '',
  `password` varchar(65) NOT NULL DEFAULT ''
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

--
-- Dumping data for table `members`
--

INSERT INTO `members` (`id`, `username`, `password`) VALUES
(1, 'Admin', 'abcdefghi123456789');

-- --------------------------------------------------------

--
-- Table structure for table `news_posts`
--

CREATE TABLE IF NOT EXISTS `news_posts` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `title` varchar(70) NOT NULL,
  `author` varchar(50) NOT NULL,
  `post` text NOT NULL,
  `DATE` datetime NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;

--
-- Dumping data for table `news_posts`
--

INSERT INTO `news_posts` (`id`, `title`, `author`, `post`, `DATE`) VALUES
(6, 'Welcome to AdvacPHP', 'AdvacAdmin', 'Hello, welcome to AdvacPHP, Advac is still in development, so yeah, enjoy?', '2012-01-07 20:41:34');

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; 


If you have any suggestions, feel free to comment!
I will probably re-code the adminlogin later on!
This is free to use and free to develop off!

[MentaL]

[NubPro]

o.o
I can make a better one then this

[Liam]

o.o
I can make a better one then this

I'm not here to compete, I'm just hear to learn and release.

[holthelper]

Code:

AdvacPHP != Advac Content Management System
AdvacPHP == Advac PHP: Hypertext Preprocessor

[Liam]

Code:

AdvacPHP != Advac Content Management System
AdvacPHP == Advac PHP: Hypertext Preprocessor

Just a name, haha.

[TimeBomb]

Alrighty, I just went through it a bit, here are some of my critiques...

General notes:

- Change the name from AdvacPHP to AdvacCMS, so it makes sense.

- If you use near-identical HTML in a lot of your files, it may be a good idea to have the HTML headers/footers/whatever in separate HTML files, and include them in your PHP files when need be. This would help clean up a lot of the HTML mess mixed in with the PHP.

- You use poor HTML symantics in some areas. For example, you should not be using <br> or <p> outside of actual text, ex. articles. Likewise, you should not be using <table> tags outside of displaying data. (Although I don't think you do this, it's just a general note.) For layout purposes, use <div>'s and CSS.

- Let's look at your code right here...

PHP Code:

<?php
// Don't remove copyright
?>
<b>Copyright © AdvacPHP ~ 2012 ~ All rights reserve.</b>
<?php
// Don't remove copyright
?>

This is just plain ugly and bad practice. Either use HTML comments:

Code:

<!-- COMMENT -->

or keep it all in one PHP block:

PHP Code:

<?php
// Don't remove copyright
echo '<b>Copyright © AdvacPHP ~ 2012 ~ All rights reserve.</b>';
// Don't remove copyright
?>

index.php:

- As far as I can tell, the website will not run without global.php and config.php. Therefore, change the includes at the top from include to require_once.

- Move CSS to it's own file

- The missmash of HTML and PHP is really confusing. Either completely seperate the HTML using some sort of template system (PHP makes it really easy, google it), or, at the top of the file, do whatever is needed to grab all the PHP variables, and then, below all that, have all the HTML in one place, and stick the PHP variables in when need be using simple <?php echo $variable; ?>

- Unnecessary spacing/empty lines. In one area, I counted 29 empty lines. This is really ugly and makes it even more confusing - lower it to only one or two empty lines in all areas.

- I see // Don't remove copyright but no license. Read up on licenses, in-particularly - open source licenses, and attach it to your project if you don't want people removing the copyright.


global.php:

- There is no need to define the database variables as constants via the define() function, as you have done. They are only used in one area - and in the same file. I would recommend loading config.php before global.php, and putting the database variables in the config.php as normal PHP variables.


admin/index.php:

- See index.php notes.


admin/loggedin.php:

- See index.php notes.

- This script is easily SQL injectable. At the very least, clean the input variables. Or just use PDO or Mysqli with parametrized queries.


admin/logout.php:

- Don't ever use <? with PHP files, always use <?php.


admin/checklogin.php:

- You should probably be using the database variables from global.php, instead of redeclaring them here.

- Why is the table name in a variable...?

- mysql_connect("$host", "$username", "$password") - the quotation marks around the PHP variables are not necessary.

- mysql_real_escape_string(stripslashes($mypassword)) - outside of Mysqli and PDO, this is an accepted way to clean input. It should be done in all areas of your site where user input may enter an SQL query.
If I remember correctly, there can be issues with the stripslashes function depending on your PHP configuration. Take a look at this question/answer on stackoverflow.com for more info and a solution.




There, I went over your whole script. You're welcome, and GL.

[Liam]

Thank you very much for your helpful comment, this will help me fix up in later versions!

[s-p-n]

PHP and HTML code should be in separate files.

[Liam]

PHP and HTML code should be in separate files.

yeah, I know. I will fix it up when I have some time :]

[At0m]

Nice Job, keep going man ;)