A question with regards to CMS

derbys

Junior Member
Hi folks, im currently developing a website and have created an intial index page thats in html (with CSS template etc) However, want im thinking of doing is creating a CMS that allows the client to update certain pages and upload files to certain areas of the site to allow other people to download those files etc etc.

What im wondering really, is what is the best way to do this? Are there any decent tutorials around? And should the CMS be created using PHP or is there another way that it can be completed. I've attempted (and failed) to try and create a CMS but am not sure if that has something to do with my CSS template and current HTML.

If anyone could give a bit of advice, that'd be great.
 
Hay derbys,
I'm currently creating an intense custom 1, 4 days straight and I am still no where near the end, the code for my last page alone was well over 200lines all hand written.

Custom 1's are by far superior in my book as you can create them to do what ever you want, however with them comes the security risk and time to create them properly.

This latest one is all Ajax driven, colour coded tables, high security, intense site visitor tracking, intense search engine tracking the works which they couldn't get to the intensity they need on-line TBH.

For what you want alone and this is with me being half awake and not even thinking about it in great detail you have to~
1. Make sure the login in script is strong enough. The 1 I wrote for this client took me a day on it's own I wrote a smaller version script on one of the threads for SamC, what I wrote for him took me an hour, what I wrote for my client took me 6-7 hours, by far the best program I have ever written thou. Do you know what a brute force attack is or even session hijacking? As they have to be considered from the outset.

2. Then validate the user across pages and kick them out if need be.

3. To interact with a database you would have to set up yourself. Do you have an knowledge of MySQL? and if so performance and security knowledge?

4. Validate user supplied data to make sure they don't compromise the database, again different data requires different techniques, how good are you with regular expressions?

5. To upload files you need to check a minimum of
~ the size of the file,
~ type of the file,
~ it's extension,

Because otherwise they can upload anything do you know how to do that?

6. Check user permissions, what happens if they interact with a part of the CMS they shouldn't?
Someone else just asked me to look at thier CMS, gave me a username and password that would expire in a few hours. Thought great they have taken security into account. logged on and I had access not only to thier live site which meant I could screw with it but also all the users usernames and passwords, I could also create my own.

So when my guest username runs out, I could log back in as any 1 even the root user and delete their entire database and if they are logging who deleted what they would more than likely get the blame and get sacked not me. The site would go down until the DB was populated again.

Now my point is they thought about security but they overlooked something so simple which could of had devastating consequences to their site. It goes with out saying I flagged it up immediately with them, actual just writing this I've just realized something I missed in the CMS I'm building at the moment and I've been coding those pages for 5 hours give or take today and it is so simple as well. But as an example I shouldn't be able to change pages if I'm a guest. The computer program should know who I am at all times and know what I am and am not allowed to be viewing yet alone clicking.

If you can interact with a DB and fancy a challenge go for it but TBH I have to agree with Harry if you can find 1 on-line that is good enough for your needs go for that instead it will save you a world of grief.

Find one thou that doesn't require just a password to log on. A mate of mine got hacked the other month because of that reason, didn't help that his password was banana, same to his email I know. :mad: and had no protection against a brute force attack.
 
Back
Top