thanks yes i do have a php book but i have not read it only small parts of it. I wouldnt say neither mine or s-p-n cms is good or bad, The best cms is the cms what has what the user needs any only that.Quote:
Originally Posted by Jub
Printable View
thanks yes i do have a php book but i have not read it only small parts of it. I wouldnt say neither mine or s-p-n cms is good or bad, The best cms is the cms what has what the user needs any only that.Quote:
Originally Posted by Jub
Good job ashley.
Working hard as usual. You should take a break, go have fun.
But I support this topic(clicks like button)
Thanks mate, Its what i love doing :)Quote:
Originally Posted by cboyownz
Also i have made some slight changes to the CMS and now patched the very small session bug. It was only a small problem that allowed users to stay on a page logged in to a "Fake account". The cms now detects a "fake account" and will then log them out and redirect them to a login page.
I have also taken some screenshots for this thread what you can see in the thread.
Many thanks, Ashley Meah
Hey it's not as good as Windows quite yet... :P jkQuote:
Originally Posted by Jub
Uh huh, inefficient and redundant.. That's why my site loads in roughly half a second.
Results generated by FireBug 1.6.1 benchmarking http://www.wysgui.com/ on the date of 04/04/2011.Code:3 requests
16.3 KB
(0 from cache)
354ms (onload: 392ms)
----===========----
11 requests
242.7 KB
(239.5 KB from cache)
509ms (onload: 525ms)
And that's the heaviest version of Wysgui available :ott1: Na-na-na-na, na---NA!
But I'd love to see your factual research papers on your very reliable informative post quoted above stating how a CMS (loaded up with a bunch of redundant methods and files) which performs better than Stock Drupal and just as well as Stock Wordpress- (a blog MADE to be fast)- Hm, forgot what I was going to ask..
s-p-n, Please stay on topic or don't post. If you want to talk about your CMS you have a thread.
I have not focused on time of loading speed ect. but i am using a free web-host and works and the same speed of most websites. Also you should do a test on localhost to get the speed of your cms. Domains, Web-hosts and ISP's all effect the speed of ANY site loading.
EDIT:
Just run a benchmark from a quick google search and got http://webwait.com/ and my website loaded in the average of 0.51s from 5 tests. from the domain viroware.com
Run the test on localhost for the time of the code itself without changes from webhosts, dns servers and ISP's and got the average of 0.04s from 10 tests.
If you recommend any more software that could be more accurately of loading time please suggest.
EDIT AGIAN:
I have closed my demo as people are so immature and don't understand a demo is to test out the cms, And to not advertise about how gay they are (nothing against gay people but my site aint a gay social network.).
The online demo seems to be down?
Could you please read the thread and comments before postin.
Quote:
Originally Posted by viroware
Quote:
Originally Posted by Macbeth
Oh srry, can't believe I missed that message. What about the screenshots? Or have them been removed too?
Sorry my fault, When i closed the demo i forgot the screenshots where using the same sub-domain, So i removed the sub-domain. Thanks for telling me , I added the sub-domain agian and the screenshots should be back online now.Quote:
Originally Posted by Macbeth
This is unproffesional, your grammar is terrible witch leads me to not even want to click the links. S-P-N's cms was amazing, i bet ashley made a bunch of rz accs to comment on his own thread.
Yea... and I would advise whoever "wants to use it" to get themselves Drupal, Joomla or Wordpress to save themselves from this misery you call ViroWeb. I'll be honest with you but this project of yours is far from what I would call a CMS.Quote:
Originally Posted by viroware
Secondly, your back-end is absolutely redundant... and it follows extremely basic and conventional methods and techniques. With the flexibility of OOP now a days, I would expect greater use of modular programming (MVC) with a DRY focus. I mean come on! Your functions aren't even encapsulated into classes. If you keep this approach of yours up, you will inevitably have a bulky, hard to maintain and most definitely, inefficient CMS (or inefficient development for that matter!)
Thirdly, if you are using a WYSIWYG editor, you should at least filter (perhaps compliment it with: HTML Purifier - Filter your HTML the standards-compliant way!) the incoming / user-entered data otherwise you will be opening yourself up to XSS injection. I'm basing your lack of security consideration on:
If you already have a client-side filter in place (didn't thoroughly look over your "CMS" since I prefer not to give advice or attention to crap), I would still suggest you have a server-side filter in place. Point is... stop blowing your horn over crap.PHP Code:$content = $_POST["content"];
Please learn to read before you post, This CMS is in Alpha and will be for a while. I started working on this to get better at php. Also the security is working, If you think otherwise try to hack viroware.com, Nuff said.Quote:
Originally Posted by SaintsIan
Also the reason im using a WYSIWYG Editor, If you havnt noticed this is a CMS, Content management system. The only user who could hack this site is the admin himself
Also if you are already logged in to the control panel why would you want to hack it? Adding security for mysql injection in the control panel is just a waste, If your not an admin you can NOT hack it but what website owner is dumb enough to try to hack his/hers own site.
Quote:
Originally Posted by SaintsIan
Why don't both of you try and create your own CMS, I dont see you releasing a CMS to the community. The only thing you bring to this community is depression so please leave quietly and close your virtual door on the way out.Quote:
Originally Posted by herp
I know my cms is not great but it does work and i do understand i need to do alot but if people wana tell me thats ok, If people wana get rude then np. What pissed me of the most is iv helped this kid alot with templates ect. and this is what i get in return LOL.Quote:
Originally Posted by Zen
Thanks,
Also here a msn convo i had with you jayden. A fail with strip_tags(); for you so in future dont get rude AGAIN after you left windows live messenger crying.
http://viroware.com/1.png
http://viroware.com/2.png
lol, Does anyone has any requests they would like added into the cms. I still need to create a register for normal users aswell as a comment system for the posts. I should be releasing this update by monday but i have alot of free time still.
I am going to work on security more but i still dont see why i should protect agianst mysql inject on the admin panel. If the user is not logged in it will end the script before it trys to change anything. Whats your (who ever reading this) opinion.
Don't care who starts the flaming, if you participate then you get infracted.
Keep it clean.
Crash
Why spam even more when you can just clean up the mess of spam/flames that's already here?Quote:
Originally Posted by CrashOveride
:?:
Ashley. Ashley.. I didn't mean any offense to you, but that post needed a reply... Couldn't help myself.
I'm also not trying to steal your thread.. Don't listen to those assholes who are, though. Your CMS is off to a fine start, and you're right in some aspects, and wrong in others.
The admin panel with mysql injections.. You're very right, but you're not thinking of something. The administrator can accidentally mess up the database by using quotes. Any potential bug such as this needs to be repaired.
But you're right about your methodology. You can have advanced forms a hacker would love to get their hands on in the back-end admin panel, but you MUST be very careful with security if you do that. I hate to beat a dead horse, but this is coming from my experiences with hackers who've helped me with my own CMS, so I advise you to take in from my experience, rather than shunning me off your thread (which, quite frankly, isn't going to happen).
*Continues to beat dead horse*
Also, PHP's mysql_ extension is (very slowly, but surely) going out of date.
Please use the mysqli extension with procedural or OOP- doesn't matter. Both can be organized and easier for you, you'd likely do better with procedural code. Fuck what people say, you can forward the assholes to Taco (Daevius) or I, if they want to argue that procedural is inefficient, I have research better than them, procedural is potentially much more efficient. If you code better with procedural techniques, use them.
So with the above information in mind, I have a request:
you adopt the MySQLi extended procedures instead of functions from that of MySQL when using PHP to talk to a MySQL 4.3+, or MySQL 5.0+ database.
It's safer, more advanced, and potentially faster in many cases. (Preparing a query, and executing it several times with different bound parameters is faster (AND MUCH MORE SECURE) than executing a new "escaped" query for each new parameter, for instance.)
Not to mention escape techniques (potentially) need to be modified whenever the encoding is.
Anyone who thinks mysql_real_escape_string() is 100% secure probably owns a crack-pipe.
Here you go, a 'nicer' version of what I earlier posted due to your provocations.
You asked me to clarify why I criticised your project in the first place, so there you go. I gave you a reason in a form of a constructive criticism. No need to go hostile on me.Quote:
Originally Posted by viroware
I wasn't criticising you for using a WYSIWYG editor, I was simply commenting on your blatant disregard for security. Secondly, regardless of whether or not such feature is accessible by an administrative user or a registered member, you should always take into account security protocols for your websites. It is a common practice. Besides, if you were to expand the project in the future to allow user registration along with user access control, you will need to take into account security considerations when developing things such as profiles... so why not start now?Quote:
Also the reason im using a WYSIWYG Editor, If you havnt noticed this is a CMS, Content management system. The only user who could hack this site is the admin himself
Also if you are already logged in to the control panel why would you want to hack it? Adding security for mysql injection in the control panel is just a waste, If your not an admin you can NOT hack it but what website owner is dumb enough to try to hack his/hers own site.
By all means continue with your current development and programming strategy, however, I personally think you should make room for expansion and modification if you intend to release this for the public to use.
P.S. I was referring to XSS injection if you had read carefully, not SQL. Also, you included "strip_tags()" for everything other than $content. If security doesn't really matter, just take them all out then. Don't be a hypocrite.