So, this might be a stupid question. Bear with me, I'm new to CMS usage :P
Anyways, I'm using Bolt CMS to create a very simple website. For it, I just need a simple contact form, which means my server needs to be able to send out an email. I want to use PHP for this.
Now, how exactly should I handle this with Bolt CMS? The default configuration does not allow .php files to be uploaded, however I could easily change this in the main configuration, to allow for its type. My first guess was to try and upload it to either the theme folder, or the file folder for the theme. However, when I try to upload .php files they don't even show up in the folders I upload them to, even though it says the file was uploaded successfully. However, I'm unsure this would even be the best way to handle PHP scripts with Bolt CMS.
Anyone got any inputs to this? :)
Thank you!
For security reasons, Bolt will not allow you to run PHP scripts from inside Bolt. If this is something you need to have, there are two options:
Make it standalone. Create a contact.php on the server that handles it, and link to that.
The better solution would be to use an extension for that. Simpleforms (easy to implement, with a fair share of options), BoltForms (more options and allows for more control over the fields as well as uploads) or Simple Contact Form (very bare bones, but might be what you need).
Related
I'm in the process of building an eCommerce site for a college assignment. The question is, should all files be set up as .php? i.e. in what instance should or shouldn't be html? (Please note I've got the login and registration forms set up as .php which are currently connecting to a db). Many thanks.
I personally recommend you use .php files only for your website. In general .html files are used for templating and they only set up the 'view' of the page. By default, .html web pages can not use PHP code unless you set up the server to do so (For example using a .htaccess file as explained here)
It's really just as Bonner said, asking how long is a piece of string. The answer can differ depending on what you are doing. Based on what you are working on I still recommend you use .php as the file extension for your project.
First off, this isn't really a programming question but more of a programming concept question. Basically, I've built a bespoke PHP framework to speed up deployment on my end and I want some kind of plugin system in place that will allow me to add specific features to the base of the framework (like the SQL class or maybe a Twitter package) that will allow me to throw them into a folder and not have to actually edit the base for every new project.
Any ideas of the best way of going about this?
Here is a nicely written post by #ircmaxell on how to do that and what are the options:
Handling Plugins In PHP
Also check out:
Best way to allow plugins for a PHP application
what im doing in my cms:
for each plugin i make a folder latin-named of this plugin's name.
i create a /translations folder in there too. Check here.
have a single php file that has 2 basic functions, the plugin_install and plugin_uninstall (you know, things to happen on install/unistall like tables creation/drop)
create a special page of your system that reads these plugins, installed and not and give an on/off switch so users can install/unistall them.
load these single files mentioned above by a single call to include_once on top of your index page (or administration page) so to include whatever functionality they offer.
enabled plugins will be loaded (include_once) from your main page, and also their functionality, so each plugin can call each other's as well.
I'm helping a client with their website (it's manually written using a Dreamweaver template and a ton of quadruple-nested table elements for design. Ouch), and I want to offer them a break from using Dreamweaver to write things.
I was thinking of using Wordpress or a similar CMS to do the job, as Wordpress is clean, fast, and really easy to design for. I've done it a few times, and it's almost as easy as just coding pure HTML.
My main concern is that the site has been hacked a few times before, even though it was pure HTML with no server-side code whatsoever. I can setup a manual Linux server for them, because the hosting company they use is one that I've never heard of.
The site owners are completely technologically impaired, so I don't want to scare them off by showing them a dynamic CMS with tons of features, as they think pure HTML is so much safer, they have to go out of their way to work with it.
I know this is a ton of writing, but what would be the most appropriate CMS for such a setup (hard-coding or dynamically generating content) for such a setup? I don't want to keep having the person manually write non-standards compliant quadruple-nested table layouts anymore, but I don't want to be responsible for having their site hacked...
Thanks!
A solution that allows for local editing, and the uploading of only static HTML files, would be the safest way to go. If it's a high-risk site, I would consider staying on that track.
If a site containing only static HTML was hacked, then most likely through some problem on web server or even operating system level - I am not aware of any exploits concerning static HTML resources. Problems usually come up when dynamic languages are involved.
Whatever you do, don't use Wordpress. It is bound to be subject of exploits and attacks simply due to its popularity.
If the site is pure HTML, then the insecurity is in the server, or the connection made between the server and the client.
I'd look into how to make the server more secure before making changes to the site, although doing both is a good idea. CMS's like WordPress use MySQL databases to store posts, etc, so that means client -> server connections. A way to make transfers of data more secure is to use https:// instead of vanilla http://. You can redirect using a .htaccess file if need be.
To summarise, I'd look at the server side of things for any vulnerabilities.
James
Wordpress has become a pretty wonderful CMS. If the site is high-risk, you might want to shy away from it, but I haven't had a site that I thought was too high-risk for WP myself. The site should keep up with regular updates and regular backups and there are some security tips that you can follow to help keep it more secure and less of a target.
First. Hide WP on the front end
Add this to your functions.php:
remove_action('wp_head', 'wp_generator');
remove_action('wp_head', 'rsd_link');
remove_action('wp_head', 'wlwmanifest_link');
That will remove default header info that can be searched for by scripts.
Install wp in a directory that will help obscure its location and obscure the admin URL.
Change the name of wp-contents folder to something else and move it outside of the main wp directory. For instance, you could name it "includes" and put it into the root folder. and then links to template files will not have wp-contents in them.
On top of that, use a secure host, lock down your files (especially on shared hosting), and you can look at something like vaultpress, but it seems like if you use a solid backup plugin and a good host, that is unnecessary. You can also look at some of the security audit plugins, but don't keep them running after you get feedback.
This code in your wp-config.php file will help to install in a directory and move wp-contents outside of it into an "includes" folder:
define('WP_HOME', 'http://domain.com');
define('WP_SITEURL', WP_HOME .'/admin');
define('WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'].'/includes');
define('WP_CONTENT_URL', WP_HOME .'/includes');
Wordpress is good for blogs
Typo3 is a good cms but hard to learn at start
Joomla and Drupal can be used as cms
I run multiple websites all running off of a single installation of CodeIgniter on my server (separate application directories and a single system directory). This has been working fabulously and I don't see any reason to change it at this point.
I find myself writing library classes to extend/override CI all of the time and many times if I find a bug or improve effeciency I have to go back to several websites to make the same adjustments at risk of a typo that breaks one of the websites. Because of this it requires that I change each file and then test that site for bugs.
I have been pondering a solution of using a single libraries directory in a central location and symlinking all of my websites to that central directory. Then when I make a file change it will immediately propagate to all of the downstream websites. It will still require that I test each one for errors, but I won't have to make the changes multiple times. Anything that is specific to a single website will either be a non-shared file (still in the linked directory just not used elsewhere) or can be put in a local helper.
Also, I keep separate 'system' directories by CI version so I can migrate my websites independently if necessary--this central libraries file would be attached to a specific version to reduce possible breaks.
Does anyone see potential issues or pitfalls from taking this approach? Has anyone accomplished this in another direction that I should consider?
Thanks in advance!
I think this actually makes sense :] Go for it. Even on official CodeIgniter page, they mention it's possible.
Also, I don't see one reason why there should be any problem.
Edit: they touch the problem of multiple sites here: http://codeigniter.com/user_guide/general/managing_apps.html
also:
http://codeigniter.com/wiki/Multiple_Applications/
http://www.exclusivetutorials.com/setting-multiple-websites-in-codeigniter-installation/
How to Handle Multiple Projects in CodeIgniter?
http://codeigniter.com/forums/viewthread/56436/
I have a single system directory and separate application directories for my CI apps. In order to share libraries and some view templates between my apps, I have created a "Common" directory, in the same folder as the CI system and with the same structure as a regular app folder and used symlinks, but you can modify the Loader class so that it looks in the Common folder too. My setup looks something like this:
/var/CodeIgniter/
/var/Common/
/var/Common/config/
/var/Common/controllers/
...
/var/Common/libraries/
...
/var/www/someapp/
/var/www/someotherapp/
...
I'm not sure how you handle publishing your sites (assuming you actually do any of that), but I'd look into version control. For example, in SVN you can make external to another svn directory (or file) and then just update the current svn directory which grabs the external file. This approach gains one benefit from the others, which is when you modify the common library, the others aren't immediately affected. This prevents unwanted breaks before you have time to go test all the sites using the common library. You can then just update each site's folder whenever you are ready to test the changes. This is "more work", but it prevents code duplication AND unwanted breaks.
I wrote a MY_Loader to do exactly that.
http://ellislab.com/forums/viewthread/136321/
I have a hosting (hostgator) account with a master directory and multiple subdirectories, each representing a www address. I'd like to know if its possible to create an interface in php that would allow me to update a given file (say, header.php) in a specific folder (my custom wordpress theme which resides in each site) which will be the same in every site.
I currently have to do this via FTP, but its cumbersome b/c I have to open each directory and copy the file to it. So if I have 30 sites to update, its very time consuming. i'd like to just have a list of sites with a checkbox beside each of them (and a "select all" toggle) and run the update on all sites in one click)
Thanks for your input!
PS: I know there are probably chron scripts or interfaces that can do this, but I'll be creating a scriptable (PHP) solution I can package up and send to someone and it just works and is brain-dead simple to use.
Yes, it's possible, you can modify files using PHP's file functions and you can communicate what to update through sockets.
It would be fairly complicated to implement though so I'm not sure what you're asking for.. Yes it's possible but I doubt someone here will give you a copy&paste solution. Do you have a more specific question?
EDIT: an easier solution would be to have a SVN repository so you can simply do it with one line of PHP code:
`svn update`
Any reason you're not using WordPress MU? With it and the child theme functionality built into recent versions of WordPress, your life might be a lot easier.
Yes:
I currently have to do this via FTP,
but its cumbersome b/c I have to open
each directory and copy the file to
it. So if I have 30 sites to update,
its very time consuming. i'd like to
just have a list of sites with a
checkbox beside each of them (and a
"select all" toggle) and run the
update on all sites in one click)
Basically you need to script those FTP actions and provide some logic as to what path and what files. You can then style the entire thing with a simple front end, listing your sites with a checkbox to select.
Doesn't seem difficult, just have to get the FTP path traversal working and file cp'ing down.
Have a look at Phing and search Google for deployment with PHP
If you are hosting multiple WP sites, you really should use WPMU.
I've implemented Uploadify for single / multiple file upload. Works great.
I also use Wordpress.
if its just the header.php and you dont have svn (you could setup an hook which would copy it for you to the right place)
you could write a bash script if you have ssh access