My first content management system.

[Grenadier]

Hello everyone, today im here to show my first CMS. Its really basic, as i still have tons to learn.

------------
Instructions
------------

Download the CMS, and the database i have provided and upload the script to your server (localhost)..

Import the database in PHPMyadmin.

Now locate the cmsadmin.php File and change some stuff around.

PHP Code:

session_start();   error_reporting(0);   define('ADMIN_PASS', 'password');   $mysql_server = 'localhost';   $mysql_username = 'root';   $mysql_password = 'your root password';   $mysql_database = 'database';   $username = 'admin'; 


Now you can visit the site. Go to administrator, and add a new page. You can login to the admin panel with the password: Password. Then you will be able to view the page you have added by clicking "content" in the navigation area on the homepage. You may alreay see a test page i made earlier.

Please leave me some feedback, there isn't really much of a design to it, its really basic. :)

[MentaL]

[Smitty]

Just a couple of things I noticed really quickly

#1. CSS in the html files themselves -- should be linked in their own .css files
#2. Inline styles -- should be handled through CSS
#3. Lots of SQL injection issues. You don't sanitize anything (unless I'm missing something) before you run your queries.
#4. When building a CMS, it is best to use templates. Keep the PHP and the HTML/CSS seperate for easy scalability
#5. I also notice there are some times where you echo variables and wrap them in quotes. That isn't necessary and I would assume actually slows processing down
#6. You have your config variables hard-coded at the top of the pages. Create a config file and include that file into any pages that require it.

All that being said, your code is quite easy to read and you definitely have talent.

[Grenadier]

Just a couple of things I noticed really quickly

#1. CSS in the html files themselves -- should be linked in their own .css files
#2. Inline styles -- should be handled through CSS
#3. Lots of SQL injection issues. You don't sanitize anything (unless I'm missing something) before you run your queries.
#4. When building a CMS, it is best to use templates. Keep the PHP and the HTML/CSS seperate for easy scalability
#5. I also notice there are some times where you echo variables and wrap them in quotes. That isn't necessary and I would assume actually slows processing down
#6. You have your config variables hard-coded at the top of the pages. Create a config file and include that file into any pages that require it.

Ah, thanks for the advice man. Im not going to start it again, im gonna tidy it up as i go along. :)

[WizCoder]

Ahwrg my eyes. It's manageable but not easy to read.

Security wise - Pretty good
Some stuff do not need to be defined
css - separate file

echo'ing html is bad practice and really shouldn't be done

One more thing, use oop it's better. WHY?

other than those things, the way you organized stuff is pretty nice as people can easily edit things.. Also
Indenting is important for readability!

[Grenadier]

Ahwrg my eyes. It's manageable but not easy to read.

Security wise - Pretty good
Some stuff do not need to be defined
css - separate file

echo'ing html is bad practice and really shouldn't be done

One more thing, use oop it's better. WHY?

other than those things, the way you organized stuff is pretty nice as people can easily edit things.. Also
Indenting is important for readability!

Nice feedback, thanks alot! :) Keep it comming guys, the more you give me feedback, the more i can improve this CMS and learn. :)

[Dave]

Ahwrg my eyes. It's manageable but not easy to read.

Security wise - Pretty good
Some stuff do not need to be defined
css - separate file

echo'ing html is bad practice and really shouldn't be done

One more thing, use oop it's better. WHY?

other than those things, the way you organized stuff is pretty nice as people can easily edit things.. Also
Indenting is important for readability!

Echoing HTML is not always bad practice, how else do you want to output certain stuff in PHP?
In this case it could be less, but it's not that it's always bad practice.

Tips:
- Instead of using $_REQUEST, use the one you need. ($_GET or $_POST)
- Try to store less things in variables.
- Avoid iFrames
- When you're outputting stuff, be sure to add protection against XSS. (Information here and here.)

[s-p-n]

Don't use '?>', only use the '<?php' at the very first line and character of the file, and don't put any HTML tags inside of your PHP strings, and you should be good.

[Grenadier]

Thanks for all the feedback people :)

[Justei]

I didn't see the code itself, but a tip to any new coder I like to give is to read the following standard:
https://github.com/php-fig/fig-stand...ng-standard.md

[Doctorate]

Eh, I'm still learning PHP. Taking a look at this atm. If its simple, might help me learn a few things.

[InMemory]

Only looked over it briefly but here are some things I noticed.

* Use UTF-8 on your HTML AND SQL tables, otherwise some characters might not work.
* Use PDO/MySQLi as MySQL is old and outdated
* Use CSS pages instead of inline CSS (not sure how to word that right)
* In cmsadmin with your labels, use a lang system, not amazingly hard to implement :)
* Don't use cookies to store passwords "setcookie('cmsadmin_pwd', $admin_password);"
* Use OO

Good luck :)

[Chris]

Echoing HTML is not always bad practice, how else do you want to output certain stuff in PHP?
In this case it could be less, but it's not that it's always bad practice.

Tips:
- Instead of using $_REQUEST, use the one you need. ($_GET or $_POST)
- Try to store less things in variables.
- Avoid iFrames
- When you're outputting stuff, be sure to add protection against XSS. (Information here and here.)

Code:

<?php
function showStuff() {

$words = 'Uhh, hey. How are you? :)';
?>
<div class="coolDiv"><p><?php echo $words; ?></p></div>
<?php
}

It's a good practice for bulk html inside php.