PHP CMS from scratch

glenwheeler

Senior Member
Hi Guys,

I have been doing a lot of reading up on PHP and buolding CMS's and would look start start and follow a tutorial of some sort to go ahead and build one. Does anyonre know of any good place where they have used maybe in the past? Any information would be great, thanks guys.

Glen
 
I have invited him 'round... I did end up going round his one night, but ended up getting addicted to Modern Warfare 2 instead.
 
Haha! Quality times mate...when should I pay a visit XD am on 13 hour shifts from now until Sunday, are you going back home for Xmas?..It would be idealm but I wpuld probably end up forgetting as you work rather quick! Your book is helping a lot tho.
 
I'm free pretty much every evening after 6pm. I'll be in Darlington on Christmas Day and Boxing Day, but should be in Newcastle pretty much any other time.
 
glenwheeler said:
Wicked, let me check my diary! lol

I found it:

imgRiverCottagePages.jpg


:p
 
Here's a different take in the 'should I build a CMS?' question: Unless you plan on building something like this as a learning exercise - don't waste your time.

There are many great CMS already out there and it takes an awful lot of work to build one - it's a complex wheel to re-invent.

The best CMS have been under development for years by teams of people. You would be far better off spending your time getting to know one or two good CMS, and writing plugins/extensions to satisfy your coding desire and customisation needs.
 
I completely disagree.

I built a CMS as both a learning exercise and a solution to a gap in the market. Since 2005, I've primarily designed and developed websites and web applications for professional wrestling and mixed martial arts (MMA) individuals and organisations. Up until 2007, I found I was doing the same things over and over again.

I looked into various CMS platforms such as Joomla!, Wordpress etc. but none offered the functionality I needed, nor offered a way of organising content in a way that I thought promoters would understand or find easy to work with. So I then decided I would make it my aim to build such a system.

Fast forward two years later. I'm now fairly proficient in PHP and MySQL (knowing nothing when I started) to the point I can now build bespoke solutions as well as modify pre-built solutions. I wouldn't have the knowledge I have today unless I had taken on a project such as building a CMS. There's only so much books or a website can tell you, and one thing they can't tell you is where you are going wrong; how well you're doing; or how your code can be improved.
 
MCB Web Design said:
I completely disagree.

I built a CMS as both a learning exercise and a solution to a gap in the market. Since 2005, I've primarily designed and developed websites and web applications for professional wrestling and mixed martial arts (MMA) individuals and organisations. Up until 2007, I found I was doing the same things over and over again.

I looked into various CMS platforms such as Joomla!, Wordpress etc. but none offered the functionality I needed, nor offered a way of organising content in a way that I thought promoters would understand or find easy to work with. So I then decided I would make it my aim to build such a system.

Fast forward two years later. I'm now fairly proficient in PHP and MySQL (knowing nothing when I started) to the point I can now build bespoke solutions as well as modify pre-built solutions. I wouldn't have the knowledge I have today unless I had taken on a project such as building a CMS. There's only so much books or a website can tell you, and one thing they can't tell you is where you are going wrong; how well you're doing; or how your code can be improved.

Ah but you do agree with me in so far as building a CMS is a great learning exercise.

I did exactly the same - I built two bespoke CMS, learned a lot and even got some satisfaction out of it. However, the end result was that both CMS got retired and apart from the knowledge and experience gained, I can't get back the considerable amount of time spent crafting, and re-crafting the code.

I did rescue some code which I now use as an app dev toolkit for those truly bespoke projects where a CMS does not suit, but this is different to rolling your own CMS.

I also agree that existing CMS platforms do not always make a perfect fit, however, it is far more sensible to use a CMS and make a few compromises and/or write some custom extensions rather than invest a considerable amount of time rolling your own. I say this because bespoke code can be very bad for clients. I have seen many projects where clients got led up a dead end with something bespoke that is no longer supported. Sites get scrapped, money (lots) wasted. Fully fledged CMS platforms have support, communities, future development and so on.

My point is that individuals do learn a lot of great stuff building CMS, but long-term, it's not realistic or sustainable for a majority of projects. I have rescued a few clients recently who ended up feeling shafted after being led down the bespoke route.

What is good for your clients is good for you...
 
I think the only CMS really worth building now as a real gap filler would be one for those who want Flash to be their output.. there's only a few of them about and they are all new and very interesting and would be a real challenge... :)
 
The best CMS have been under development for years
And how easy do you think it is to find out patched versions with detailed exploits on them?

Then how easy do you think it is to find all those outdated versions and as I have detailed attack vectors cause menace if I'm bored or depending on the vector cause significant problems to competitors or screw sites up for paying clients?

Granted I don't as I have ethics but you are talking a 5 min job.
Creating your own not only takes you off the radar, but as there are no detailed exploits most hackers 1 wont find your site, and 2 even if they did would have to spend a huge amount of time looking for weaknesses, if you write your own code and track your data correctly then you are sure your security is up to scratch. But by the severer volume of unpatched sites out their, bare in mind in 1 search I can gets millions of sites db passwords on their own, then they will more than likely just move on to easier targets.

If you also want pure customization, build 1 your self, as 1 I have done recently and just finishing it off now I wouldn't think you could find 1 that could be that customizesable.

Bare in mind web security degrees are 3 years on their own, and according to PCPro most web devs aren't taught nearly enough security coding for even basic basic protection at university.

I've got 6 security books alone 2 or 3 are over 800-1000 pages and do they rarely cover the same topic in the same way.

If the site is small and you stay updated on patches etc....then yeah go for it, want 1 that's protected or the site is big then build it your self, but learn what you are doing before hand from a security point of view at least.
 
Jaza, got some advice on which web security books are the better ones to indulge in (as a start?)
 
IMO the best one every web dev should get is~

#How to break web software
# Short but covers the basics in very good detail.

PHP
# Essential PHP security,
5 out of 5, can't recommend that enough.

# Pro PHP Security
Learn your PHP to a good standard first and it's long.

Apache
# Pro Apache
Very, very in depth and long.

If you really know your stuff, and have no life
# Grey hat hacking

That would be my top 4 TBH.
 
Jazajay said:
And how easy do you think it is to find out patched versions with detailed exploits on them?

Then how easy do you think it is to find all those outdated versions and as I have detailed attack vectors cause menace if I'm bored or depending on the vector cause significant problems to competitors or screw sites up for paying clients?

Granted I don't as I have ethics but you are talking a 5 min job.
Creating your own not only takes you off the radar, but as there are no detailed exploits most hackers 1 wont find your site, and 2 even if they did would have to spend a huge amount of time looking for weaknesses, if you write your own code and track your data correctly then you are sure your security is up to scratch. But by the severer volume of unpatched sites out their, bare in mind in 1 search I can gets millions of sites db passwords on their own, then they will more than likely just move on to easier targets.

Good point, and this convincingly adds even more weight to the argument that people should think twice before rolling their own CMS.

In an ideal situation a security aware dev can build a more secure backend, as you quite rightly say. However, in the real world most of them don't and this is another reason why choosing a good CMS is the best option in a majority of cases.

Some CMS platforms have a great record on security and it's not a big deal keeping them up to date. Gaining deep knowledge of Internet security, applying that to bespoke code and keeping it all up to date is a much bigger deal.

I'm speaking from experience, having gone through the built-it-yourself phase, I am finding the balance is swinging more in favour of known CMS platforms. Bespoke development is time consuming and expensive if done correctly and caries with it a burden of responsibility for future support.

Two of my recent projects involve migrating web sites away from dead-end bespoke code. One of these I built myself and standing back from the situation I can see that it makes absolutely no sense to continue with it. The other custom-build, strangely enough, has been getting hacked repeatedly and the original devs aren't interested, so it's getting migrated away from MS .ASP (even worse for security) to a LAMP CMS with a good track record and tons of support.

I'm not advocating short-cuts for code rookies. This is a sensible, viable and sustainable option for experienced developers and in many cases, the best option for clients too.
 
Back
Top