Jump to content

Recommended Posts

Hi,

 

I've been playing for a while at writing a CMS (Content Management System) for websites. It's now at a stage where i'm happy for people to have a play with it, hack it up, give comments and obviously, use it.

 

So, here you go, play to your hearts content, it's GPL, so it's basically free to use.

 

http://cms.monkies.co.uk/

 

Any comments you can either PM me or use the email links provided.

 

 

 

JUST READ THE NEW RULES: http://cms.monkies.co.uk/tmp/phpfreaks

Link to comment
https://forums.phpfreaks.com/topic/156551-cms-monkies/
Share on other sites

just a suggestion but after looking at your function file i only saw a few string replace functions to weed out  line breaks and to trim whitespace. your sanitization could be far better try the following example. ;)

<?php
function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);
        return $value;
    }
  
   function clean_post_var($var){
      $var=mysql_real_escape_string(trim($var));
      $var= strip_tags('allowed tags',$var);
      $var=htmlspecialchars($var,ENT_QUOTES);
      return filter_var($var,FILTER_SANITIZE_STRING);
   }
?>

Link to comment
https://forums.phpfreaks.com/topic/156551-cms-monkies/#findComment-824660
Share on other sites

I've not come across filter_var before so i'm looking into that now.

 

All GET and POST are fetched using:

function get_REQUEST($name)
{
$sret = "";
if (isset($_REQUEST[$name]))
{
	$sret = $_REQUEST[$name];
	$sret = mysql_real_escape_string($sret);
}
return $sret;
}
function get_POST($name)
{
$sret = "";
if (isset($_POST[$name]))
{
	$sret = $_POST[$name];
	$sret = mysql_real_escape_string($sret);
}
return $sret;
}
function get_GET($name)
{
$sret = "";
if (isset($_GET[$name]))
{
	$sret = $_GET[$name];
	$sret = mysql_real_escape_string($sret);
}
return $sret;
}

 

I have been wondering whether to sanitise the whole lot at once in the arrays.

 

Here's some other functions used to sanitise data:

 

function scheck_code($s)
{
$s = strip_tags($s);
return htmlspecialchars($s);
}
function escapehtml($s)
{
$s = str_replace("\\\"", """, $s);
$s = str_replace("'", "’", $s);
return $s;
}
function remove_rn($s)
{
$s = str_replace("\\r", "", $s);
$s = str_replace("\\n", "[br]", $s);
return $s;
}

 

There are others for various other reasons.

 

I have been considering changing htmlspecialchars($s) to htmlspecialchars($s,'ENT_NOQUOTES');

 

The majority (if not all (see next paragraph)) input is either stripped and classed as plain text or BB code. The only place where code (html, php, etc) is allowed is in the 'physical' site pages, or in theme page and block templates.

 

When I get back this afternoon, i'll double check the admin side features for allowing it to be open and a way for demo users to reset the site. There is one new admin feature which could be used nefariously by someone with admin privileges , for the demo site it might just be easier for me to disable it until feature is matured.

 

Anyway, the computer fair is calling...

Link to comment
https://forums.phpfreaks.com/topic/156551-cms-monkies/#findComment-824801
Share on other sites

The demo site is almost ready, but i've decided to sleep on it, I know i'll think of something.

 

So i'll say it'll be live by 3pm GMT Mon 4th May.

 

http://docs.monkies.co.uk/

 

user: admin

pass: password

 

When I use the following login credentials, nothing happens...

Link to comment
https://forums.phpfreaks.com/topic/156551-cms-monkies/#findComment-825156
Share on other sites

Even though it's only 11am GMT now, it has been open since about 3am GMT. That quoted post was at about 11pm GMT Sun 3rd May. I'm going to fill the demo site out a bit now. The login box currently in use doesn't give feedback, there are others that do (e.g. http://docs.monkies.co.uk/login/login ).

 

The stay logged in feature is quite recent. Before if someone else attempted to log in to the same account they would have been blocked for a period of inactivity of the original account. However now, the first user is just unceremoniously dumped and the new user allowed in. So, if your suddenly logged out, that'll probably be why. I'll also add a few more admin and user accounts shortly.

 

There's some other stuff but i'll either do it or document it on a page entitled 'issues' which i'll make accessible from the demo's home page.

 

Cheers for all help...

Link to comment
https://forums.phpfreaks.com/topic/156551-cms-monkies/#findComment-825522
Share on other sites

OK...

 

There's now 3 admin accounts and one user acount, all with the password 'password', and named as follows, admin, root, ardvark, user. The demo and documentation site can be found here:

 

http://docs.monkies.co.uk/

 

There's also a new version of the CMS available for download:

 

http://cms.monkies.co.uk/site/download.html

 

I'll be updating the documentation within the next few days. Also i'll point out some example sites already using the CMS (once there updated to the newer version).

 

Also i'll try and get some of the other modules in a fit state by next weekend.

 

Any comments and such always welcome (even though my own to do list is fairly long), at cms@monkies.co.uk

 

Cheers!

Link to comment
https://forums.phpfreaks.com/topic/156551-cms-monkies/#findComment-825656
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.