ViroWebCMS
About
Hello, I am releasing my cms what is still in develpment and written in php and using MySql, I will keep updating this for a while so i will just release updates now and then. This is a simple CMS what is SEO, There is also a basic mod system. Any files in the folder /m/ will be added to the menu and the contents of that file we be displayed. ViroWebCMS by ViroWare is licensed under a Creative Commons Attribution 3.0 Unported License.
CKEdior:
The html editor included in ViroWebCMS was not created by me. Its a free html Editor anyone may download. But there is a licence, Follow CKEditor licence for the Editor. http://ckeditor.com/license
Features:
- secure user system (Please report any glitchs/errors and i will fix them ASP)
- Fully working backdoor (admin control panel)
- Fully dynamic, No html or php knowledge needed to use, (Basic php and mysql knowledge require to install).
- Search Engine Optimized so you can change the description and keywords for each page on the site aswell as default for mods and the posts page.
- Easy to customize template (only one file to change template)
- *NEW - CKEditor is not included to make posting posts and pages easier and better
Install:
- Open up the archive and read the readme file for the archive inside's password.
- Extract the ViroWebCMS sub-archive contain cms files.
- Create a mysql database and inport cms.mysql, after that delete cms.mysql
- Upload all the files what were in the ViroWebCMS sub-archive to your php webhost.
- Go into /inc/mysql.php and change the mysql connect and select database information to your mysql database.
Now go onto your site and click "Me", Then login with the default login details. Click site settings and change the sites information to suite your site.
Dont post negative comments, I Just wana release this for anyone who DOES wana use it and instead of being immature tell me how i can inprove?
many thanks, Ashley Meah
15-03-11
Sav.
Re: ViroWeb CMS Alpha
looks nice a little bit better css
15-03-11
viroware
Re: ViroWeb CMS Alpha
When i first started this cms is was to get better with using functions, I did create an option to change what stylesheet to link to the pages. If anyone wishes they can create there own style sheets for ViroWebCMS and then switch between what ones they wana use, I should be updating the style system soon to detect what styles are on the system, then with a simple enable link to activated each style.
15-03-11
icekiller
Re: ViroWeb CMS Alpha
I really like it, I would mess around with the CSS some more and get some colors. But thats also because I'm mega stoned and looking for those EYE POPPING Colors :\
16-03-11
viroware
Re: ViroWeb CMS Alpha
Quote:
Originally Posted by icekiller
I really like it, I would mess around with the CSS some more and get some colors. But thats also because I'm mega stoned and looking for those EYE POPPING Colors :\
lol ima work more on design, If something is ugly people wont use it but i have to draw the line one how much on style, My main goal of the cms is the code, How it performs ect and security. Styles are optional and can be changed and most people wont use the default theme so i spent limited time on the css.
I did have a diffrent front end system but i cleared it up alot, The newer one is much easyer to edit then the old one. Tonight im going to work on a better style for the admin panel.
Many thanks, Ashley Meah
16-03-11
Chris
Re: ViroWeb CMS Alpha
It seems a little basic. what's the purpose of this? Just someone who wants to run their own website, but doesn't know how to code?
16-03-11
viroware
Re: ViroWeb CMS Alpha
Quote:
Originally Posted by chrisdothtml
It seems a little basic. what's the purpose of this? Just someone who wants to run their own website, but doesn't know how to code?
I use a cms for my website, Its a much easyer way to manage your sites content, This also has other features to change links and the style and theres a basic mod system. Most websites use CMS, Ragezone uses wordpress what is a CMS.
I've reached the point FragFrog was talking about with FrogBlog. The sad truth is, I'm pretty much the only developer for WysGui. A few people here/there pitch in some pointers, etc. But it's very rare somebody submits any real code to help my CMS..
I've gotten little over a thousand downloads the entire time, yet hardly anyone ever contacts me/asks for help/asks to help. I consider myself lucky to get this far.. Lately, with the 10 months of inactivity, I've been getting 0 downloads and my rating on OpenSourceCms went down FAR.
During the entire life of Wysgui, one hacker contacted me with a security vulnerability. Since then, nobody unexpected contacted me (with the exception of Mark from OpenSourceCms.com.. which was nice).
So, eh, making a CMS is really a tedious task without much (if any) benefit..
Please do use WysGui 2.3 and contribute to WysGui 4.x (Upcoming and Open Source) or ask about WysGui Evolution (the missing 3.x) (Closed Source)...
And Good luck.
PS: You're more than welcome to use parts of wysgui in your own CMS, or make a CMS using WysGui.
As for me, I'm not even sure if I'll be making a WysGui 4... Though I have a ton of ideas.
I've reached the point FragFrog was talking about with FrogBlog. The sad truth is, I'm pretty much the only developer for WysGui. A few people here/there pitch in some pointers, etc. But it's very rare somebody submits any real code to help my CMS..
I've gotten little over a thousand downloads the entire time, yet hardly anyone ever contacts me/asks for help/asks to help. I consider myself lucky to get this far.. Lately, with the 10 months of inactivity, I've been getting 0 downloads and my rating on OpenSourceCms went down FAR.
During the entire life of Wysgui, one hacker contacted me with a security vulnerability. Since then, nobody unexpected contacted me (with the exception of Mark from OpenSourceCms.com.. which was nice).
So, eh, making a CMS is really a tedious task without much (if any) benefit..
Please do use WysGui 2.3 and contribute to WysGui 4.x (Upcoming and Open Source) or ask about WysGui Evolution (the missing 3.x) (Closed Source)...
And Good luck.
PS: You're more than welcome to use parts of wysgui in your own CMS, or make a CMS using WysGui.
As for me, I'm not even sure if I'll be making a WysGui 4... Though I have a ton of ideas.
I dont need any code, I understand html and php the two things for a cms, Also mysql but thats not a programming language. I wont be using WysGui, If i was going to use a cms or blog platform that was not my own, It would be wordpress.
I dont need any code, I understand html and php the two things for a cms, Also mysql but thats not a programming language. I wont be using WysGui, If i was going to use a cms or blog platform that was not my own, It would be wordpress.
Hm, I'd use wordpress too, *if I were to use a CMS.
But I think you're misinformed. I wasn't offering you code. Just saying, I made a CMS 3 years ago, so I know a thing or two about the CMS and Open Source Software world that I think you should know. I certainly expect you to code and such all by yourself with the techniques you already know and use.
If you want, you can even build your CMS using WysGui Evolution (If you view the spoiler you'll see a few reasons why you should consider it). But I don't care about that, build your own CMS. Just know what you're in for. If you're able to, I'd be more than happy enough to invite you over to the WysGui 4 development team, as well.
But I don't care if you build your own, use mine, or help build mine. Just saying: custom CMS world can be a very terrible place... Since I've been there/done that, I thought you'd like some pointers, (and possibly some development tools to help you), but I guess not.....
Spoiler:
WysGui Evolution simplifies the task of building a robust, secure, versatile CMS.
WysGui Evolution is more like a foundation to make a better CMS. It has most of the hard stuff implemented. (File managers, theme management, WYSIWYG editors, Syntax-Highlighted Code Editors, BB-code editor, User, Rank, and Group Management, flexible security, and an efficient way to load content..) When you code PHP in WysGui, security is done almost seamlessly through the modules you use.
As you can probably imagine already, Drupal, WordPress- etc, none of them offer the variety of developer tools in quite the form WysGui does.
Which brings me to my next feature: each user/rank can have a control panel of their own, so you can add features such as "Manage Profile", "Friend List", etc, and they'll be very user-friendly, when all the developer has to do is create a few forms & display modules, and add those pages to the user control panel.
Obviously, these features serve no purpose for the developer who wants to quickly and easily add a bunch of third-party CMS-dependent widgets and modules (as of right now). WysGui is mostly aimed towards skilled, picky developers who only use their own code and go code-crazy typing away (like me). You can always add outsourced things (For example, I added the CKeditor, MarkItUp, CodeEditor, etc) very easily by installing them inside modules. (Most scripts say, "Put this in the <head>..</head>.. Put this in the <body>..</body>.. include this file..), WysGui modules have a place for just about any third-party script.. I worked very hard making WysGui JUST as extensible as your own PHP web-site without a CMS.
The problem with that is, those people who can benefit greatly don't look twice at wysgui because they see it as another "learning-curve" when they just want to code away.. (Which is exactly who WysGui Evolution is for.)
Though I can't blame you for not using (or looking twice at) my precious open-source software, as I felt similar when I was making WysGui in the first place. I didn't want to use other CMS- they restricted me from doing things. So I made WysGui, it has all the benefits of a CMS but doesn't restrict me from doing anything.
I can certainly understand how you might think it will restrict you from doing things, but I'd like to believe and try to assure you it won't..
Also, WysGui has just about the worst documentation you'll ever find. It's mixing out-dated tips with deprecated facts. There are spam bots running around posting all over my wiki shit ads that make NO SENSE- and I could really care less about fixing it right now.. not my priority -AT ALL-.
So, My advice to you: Write very thorough documentation for YOUR CMS.
Note: Not asking you to use mine instead of yours at all, just saying.. u can look at mine, view some of the hurdles I went through, possibly use mine to help create yours by actually installing it or just looking at some of the features for ideas, or whatever.. not use it, I really don't care.
I have written a very small document to give people basic information on what functions are used for what to allow people to use these in there mods aswell as if anyone mods virowebcms.
I have added a licence to ViroWebCMS, For more information please goto: ViroWare
I have also updated the new news feature. It show the latest posts, But it be shorten down to under 2 lines of text aswell as displying a read more link. It also limit the amount of posts to show what you can change. More information will be coming soon as i plan to open a site like wiki for information and help for ViroWebCMS. wiki seems kinda overdone for me so i paln to create the system myself to keep it low in size and simple. Might also create it as an mod for ViroWebCMS.
Dont complain without giving me reasons why, I created this for free for who wants to use it if your not giving me reasons/advice why keep negative comments to yourself.
@viroware, hopefully you learn from working hard and reading books. Good luck. A small side note, don't refer to s-p-n's CMS, it's hardly better than yours.
@s-p-n, yours isn't much better than his, if better at all. It's a bunch of crappy unorganized code with a lot of inefficient methods which led to you writing files after files of redundant code.
@viroware, hopefully you learn from working hard and reading books. Good luck. A small side note, don't refer to s-p-n's CMS, it's hardly better than yours.
@s-p-n, yours isn't much better than his, if better at all. It's a bunch of crappy unorganized code with a lot of inefficient methods which led to you writing files after files of redundant code.
thanks yes i do have a php book but i have not read it only small parts of it. I wouldnt say neither mine or s-p-n cms is good or bad, The best cms is the cms what has what the user needs any only that.
Working hard as usual. You should take a break, go have fun.
But I support this topic(clicks like button)
Thanks mate, Its what i love doing :)
Also i have made some slight changes to the CMS and now patched the very small session bug. It was only a small problem that allowed users to stay on a page logged in to a "Fake account". The cms now detects a "fake account" and will then log them out and redirect them to a login page.
I have also taken some screenshots for this thread what you can see in the thread.
@viroware, hopefully you learn from working hard and reading books. Good luck. A small side note, don't refer to s-p-n's CMS, it's hardly better than yours.
@s-p-n, yours isn't much better than his, if better at all. It's a bunch of crappy unorganized code with a lot of inefficient methods which led to you writing files after files of redundant code.
Hey it's not as good as Windows quite yet... :P jk
Uh huh, inefficient and redundant.. That's why my site loads in roughly half a second.
And that's the heaviest version of Wysgui available :ott1: Na-na-na-na, na---NA!
But I'd love to see your factual research papers on your very reliable informative post quoted above stating how a CMS (loaded up with a bunch of redundant methods and files) which performs better than Stock Drupal and just as well as Stock Wordpress- (a blog MADE to be fast)- Hm, forgot what I was going to ask..
s-p-n, Please stay on topic or don't post. If you want to talk about your CMS you have a thread.
I have not focused on time of loading speed ect. but i am using a free web-host and works and the same speed of most websites. Also you should do a test on localhost to get the speed of your cms. Domains, Web-hosts and ISP's all effect the speed of ANY site loading.
EDIT:
Just run a benchmark from a quick google search and got http://webwait.com/ and my website loaded in the average of 0.51s from 5 tests. from the domain viroware.com
Run the test on localhost for the time of the code itself without changes from webhosts, dns servers and ISP's and got the average of 0.04s from 10 tests.
If you recommend any more software that could be more accurately of loading time please suggest.
EDIT AGIAN:
I have closed my demo as people are so immature and don't understand a demo is to test out the cms, And to not advertise about how gay they are (nothing against gay people but my site aint a gay social network.).
Could you please read the thread and comments before postin.
Quote:
Originally Posted by viroware
I have closed my demo as people are so immature and don't understand a demo is to test out the cms, And to not advertise about how gay they are (nothing against gay people but my site aint a gay social network.).
Oh srry, can't believe I missed that message. What about the screenshots? Or have them been removed too?
Sorry my fault, When i closed the demo i forgot the screenshots where using the same sub-domain, So i removed the sub-domain. Thanks for telling me , I added the sub-domain agian and the screenshots should be back online now.
This is unproffesional, your grammar is terrible witch leads me to not even want to click the links. S-P-N's cms was amazing, i bet ashley made a bunch of rz accs to comment on his own thread.
Dont complain without giving me reasons why, I created this for free for who wants to use it if your not giving me reasons/advice why keep negative comments to yourself.
Yea... and I would advise whoever "wants to use it" to get themselves Drupal, Joomla or Wordpress to save themselves from this misery you call ViroWeb. I'll be honest with you but this project of yours is far from what I would call a CMS.
Secondly, your back-end is absolutely redundant... and it follows extremely basic and conventional methods and techniques. With the flexibility of OOP now a days, I would expect greater use of modular programming (MVC) with a DRY focus. I mean come on! Your functions aren't even encapsulated into classes. If you keep this approach of yours up, you will inevitably have a bulky, hard to maintain and most definitely, inefficient CMS (or inefficient development for that matter!)
Thirdly, if you are using a WYSIWYG editor, you should at least filter (perhaps compliment it with: HTML Purifier - Filter your HTML the standards-compliant way!) the incoming / user-entered data otherwise you will be opening yourself up to XSS injection. I'm basing your lack of security consideration on:
PHP Code:
$content = $_POST["content"];
If you already have a client-side filter in place (didn't thoroughly look over your "CMS" since I prefer not to give advice or attention to crap), I would still suggest you have a server-side filter in place. Point is... stop blowing your horn over crap.
07-04-11
viroware
Quote:
Originally Posted by SaintsIan
Yea... and I would advise whoever "wants to use it" to get themselves Drupal, Joomla or Wordpress to save themselves from this misery you call ViroWeb. I'll be honest with you but this project of yours is far from what I would call a CMS.
Secondly, your back-end is absolutely redundant... and it follows extremely basic and conventional methods and techniques. With the flexibility of OOP now a days, I would expect greater use of modular programming (MVC) with a DRY focus. I mean come on! Your functions aren't even encapsulated into classes. If you keep this approach of yours up, you will inevitably have a bulky, hard to maintain and most definitely, inefficient CMS (or inefficient development for that matter!)
Thirdly, if you are using a WYSIWYG editor, you should at least filter (perhaps compliment it with: HTML Purifier - Filter your HTML the standards-compliant way!) the incoming / user-entered data otherwise you will be opening yourself up to XSS injection. I'm basing your lack of security consideration on:
PHP Code:
$content = $_POST["content"];
If you already have a client-side filter in place (didn't thoroughly look over your "CMS" since I prefer not to give advice or attention to crap), I would still suggest you have a server-side filter in place. Point is... stop blowing your horn over crap.
Please learn to read before you post, This CMS is in Alpha and will be for a while. I started working on this to get better at php. Also the security is working, If you think otherwise try to hack viroware.com, Nuff said.
Also the reason im using a WYSIWYG Editor, If you havnt noticed this is a CMS, Content management system. The only user who could hack this site is the admin himself
Also if you are already logged in to the control panel why would you want to hack it? Adding security for mysql injection in the control panel is just a waste, If your not an admin you can NOT hack it but what website owner is dumb enough to try to hack his/hers own site.
Quote:
Originally Posted by SaintsIan
Yea... and I would advise whoever "wants to use it" to get themselves Drupal, Joomla or Wordpress to save themselves from this misery you call ViroWeb. I'll be honest with you but this project of yours is far from what I would call a CMS.
Secondly, your back-end is absolutely redundant... and it follows extremely basic and conventional methods and techniques. With the flexibility of OOP now a days, I would expect greater use of modular programming (MVC) with a DRY focus. I mean come on! Your functions aren't even encapsulated into classes. If you keep this approach of yours up, you will inevitably have a bulky, hard to maintain and most definitely, inefficient CMS (or inefficient development for that matter!)
Thirdly, if you are using a WYSIWYG editor, you should at least filter (perhaps compliment it with: HTML Purifier - Filter your HTML the standards-compliant way!) the incoming / user-entered data otherwise you will be opening yourself up to XSS injection. I'm basing your lack of security consideration on:
PHP Code:
$content = $_POST["content"];
If you already have a client-side filter in place (didn't thoroughly look over your "CMS" since I prefer not to give advice or attention to crap), I would still suggest you have a server-side filter in place. Point is... stop blowing your horn over crap.
Quote:
Originally Posted by herp
Listen the fuck up, noob. On behalf of this forum SHUT THE FUCK UP. Nothing from you, this cms is shit. he is not 'the new guy with the fucked up face' he is a most active person on this forum. Your grammar and spelling makes me want to punch a hole in the wall. Your back end is FUCKED. Stop talking about hacking because tbfh you have no idea what the fuck it is. You are a unwelcomed noob. Shut the fuck up.
do your worst, mods.
Why don't both of you try and create your own CMS, I dont see you releasing a CMS to the community. The only thing you bring to this community is depression so please leave quietly and close your virtual door on the way out.
Quote:
Originally Posted by Zen
oh? did you get banned?
you're a massive faggot.
Viroware, its not what i would class as "good" but props for actually trying.
I know my cms is not great but it does work and i do understand i need to do alot but if people wana tell me thats ok, If people wana get rude then np. What pissed me of the most is iv helped this kid alot with templates ect. and this is what i get in return LOL.
Thanks,
Also here a msn convo i had with you jayden. A fail with strip_tags(); for you so in future dont get rude AGAIN after you left windows live messenger crying. http://viroware.com/1.png http://viroware.com/2.png
lol, Does anyone has any requests they would like added into the cms. I still need to create a register for normal users aswell as a comment system for the posts. I should be releasing this update by monday but i have alot of free time still.
I am going to work on security more but i still dont see why i should protect agianst mysql inject on the admin panel. If the user is not logged in it will end the script before it trys to change anything. Whats your (who ever reading this) opinion.
Don't care who starts the flaming, if you participate then you get infracted.
Keep it clean.
Crash
Why spam even more when you can just clean up the mess of spam/flames that's already here?
:?:
Ashley. Ashley.. I didn't mean any offense to you, but that post needed a reply... Couldn't help myself.
I'm also not trying to steal your thread.. Don't listen to those assholes who are, though. Your CMS is off to a fine start, and you're right in some aspects, and wrong in others.
The admin panel with mysql injections.. You're very right, but you're not thinking of something. The administrator can accidentally mess up the database by using quotes. Any potential bug such as this needs to be repaired.
But you're right about your methodology. You can have advanced forms a hacker would love to get their hands on in the back-end admin panel, but you MUST be very careful with security if you do that. I hate to beat a dead horse, but this is coming from my experiences with hackers who've helped me with my own CMS, so I advise you to take in from my experience, rather than shunning me off your thread (which, quite frankly, isn't going to happen).
*Continues to beat dead horse*
Also, PHP's mysql_ extension is (very slowly, but surely) going out of date.
Please use the mysqli extension with procedural or OOP- doesn't matter. Both can be organized and easier for you, you'd likely do better with procedural code. Fuck what people say, you can forward the assholes to Taco (Daevius) or I, if they want to argue that procedural is inefficient, I have research better than them, procedural is potentially much more efficient. If you code better with procedural techniques, use them.
So with the above information in mind, I have a request:
you adopt the MySQLi extended procedures instead of functions from that of MySQL when using PHP to talk to a MySQL 4.3+, or MySQL 5.0+ database.
It's safer, more advanced, and potentially faster in many cases. (Preparing a query, and executing it several times with different bound parameters is faster (AND MUCH MORE SECURE) than executing a new "escaped" query for each new parameter, for instance.)
Not to mention escape techniques (potentially) need to be modified whenever the encoding is.
Anyone who thinks mysql_real_escape_string() is 100% secure probably owns a crack-pipe.
Here you go, a 'nicer' version of what I earlier posted due to your provocations.
Quote:
Originally Posted by viroware
Please learn to read before you post, This CMS is in Alpha and will be for a while. I started working on this to get better at php. Also the security is working, If you think otherwise try to hack viroware.com, Nuff said.
You asked me to clarify why I criticised your project in the first place, so there you go. I gave you a reason in a form of a constructive criticism. No need to go hostile on me.
Quote:
Also the reason im using a WYSIWYG Editor, If you havnt noticed this is a CMS, Content management system. The only user who could hack this site is the admin himself
Also if you are already logged in to the control panel why would you want to hack it? Adding security for mysql injection in the control panel is just a waste, If your not an admin you can NOT hack it but what website owner is dumb enough to try to hack his/hers own site.
I wasn't criticising you for using a WYSIWYG editor, I was simply commenting on your blatant disregard for security. Secondly, regardless of whether or not such feature is accessible by an administrative user or a registered member, you should always take into account security protocols for your websites. It is a common practice. Besides, if you were to expand the project in the future to allow user registration along with user access control, you will need to take into account security considerations when developing things such as profiles... so why not start now?
By all means continue with your current development and programming strategy, however, I personally think you should make room for expansion and modification if you intend to release this for the public to use.
P.S. I was referring to XSS injection if you had read carefully, not SQL. Also, you included "strip_tags()" for everything other than $content. If security doesn't really matter, just take them all out then. Don't be a hypocrite.
Thanks both of you, I will take it into mind and im thinking of re-making the backend, Im using the same codes over and over agian so ima add functions to do this instead.
SaintsIan, Sorry for the bad start, I am going to fix it all up.
S-p-n, I didnt think about the bug side of things with out using mysql_real_escape_string.
So tonight im going to rebuild the whole backend from scratch with a nicer UI, Do any of you have any advice on organizing the backend?
I have updated the front end abit and been playing black ops i will be working on the new backend abit now and some later.
Make it unique, and easy to use. With as many connections as possible.
Example, when adding content, have options to add to nav bar, view preview of the whole page with the content in it before publishing, and yeh. Get creative- make life easy.
When content is submitted, send user to the place in the Admin Panel to Edit that content item (which should have roughly the same options the user has in Add Content).
Organization should be somewhat standardized around the whole system- So the features look familiar to each other, not necessarily other systems.
Heres a screenshot of the new login, I have start work on the general settings page but have alot to do still. Nazi zombies is hard to leave, its addictive lol.
I am aware of spelling mistakes, This just quick i wana get the system complete then work on the smaller things such as more user friendly redirects ect.
I will no longer be support updates for this version of ViroWebCMS, Im going to skip a few numbers and rebuild ViroWebCMS, Once finished i will release as beta and then carry on working on ViroWebCMS to release the full version. If people are using ViroWebCMS i will support updates, Else i may only update now and then when i have spotted a bug or want new features as i also use ViroWebCMS for my website.
I like to thank s-p-n for helping me last night understand OOP alot more aswell as teaching me some basics about MySqli.
