Basically I have a new client that is after the following functionality from her accountancy website:
A client area in which here existing clients can log into.
a place within the log in are where clients can access documents
such as tax returns etc.
naturally this all needs to be very secure. My question is:
Is there a Wordpress plugin that can achieve this or is their an open source php framework out there that allows me to do this.
I could go through the process myself using php and mysql PDO but apart from encrypting the passwords i am not confident that the security i could program would be adequate. Any recommendations?
You could consider trying WP-Client
It's a Wordpress plugin that was built from the ground up to act as a client portal with the exact functionalities that you describe, plus much more.
http://WP-Client.com
If there are any plugins out there, they probably won't measure up to the amount of security you're looking for.
I would recommend storing all sensitive data outside of the public_html directory so that it is out of grasp for unwanted visitors/robots/etc.
You should also be encrypting all data sent/received with a SSL certificate.
It sounds like you're looking for a lot of functionality- the ability to upload these documents, access them based on users, etc. You may have to code something yourself or find a non-Wordpress solution that works for you. Perhaps you can use login credentials based off of the Wordpress installation...
Update
Since originally writing this I'm now in agreement with user1744188's answer below. WP-Client has been written specifically for this task, and for me it fills a big gap in the Wordpress market. The service I've been given is very good and I think it's priced well considering all the features and the resources you get.
It should definitely be noted, however, that the plugin itself is not open source. The main wp-client.php file in the root of the plugin is a big 0.5Mb monster of a file that has been encoded. Every method has been obfuscated and ties into some unencryption method using the licence key.
So it does what it does but you won't be able to extend or modify it easily.
Original Answer
I agree with John - I personally don't think I'd use Wordpress at all for this. However, I did a job not long ago and they sprung this requirement on me right at the end of the build so I had no choice.
I did it using S2 Member and it worked out well. Here's the ongoing thread on how to do it, the developer is a really helpful guy, he's produced a video to help and supported requests.
www.primothemes.com/forums/viewtopic.php?t=586
It's WordPress Plugin that connects with CRM to CMS, Means all your data will store in CRM for better management. you can find Here, They Prodive best solution for WordPress Client Portal.
Related
So I'm trying to make my own mini CMS, and just for my knowledge once I get it good enough, and I know enough, I'd like to sell it. Now for licensing, I know there's tons of licensing scripts you can pay for, but would the following be advisable?
I'd like to plant a script hidden in my CMS where instead of checking for some sort of key, it checks if your domain is allowed to run the CMS by running it past the main CMS database. Now I have two questions.
1.) Could I encrypt the code, so if I wanted it to redirect to a page where it just says "CMS Deactivated" For example, so that people don't go through the code just ctrl-f searching for the key text?
2.) I was going to reach the domain name by doing the following, $_SERVER['SERVER_NAME']. Is that going to be a reliable way of checking the domain? IE. Will IIS pick up on it?
I'm not trying to completely extinguish cracking of the CMS, I know that is impossible.
Maybe you should consider housing the whole thing on your own servers and making the content accessible via a REST API. You can certainly restrict and control that way.
Providing a CMS with source code to any client opens you to evaluation and cleansing. Not saying there's no way, but I am saying it may be easier for you to provide the content via REST than to write perfect security. Especially if you're asking this question.
As I said in my comment, I think worring about money is irrelevant for now, but here's some information for you to learn from.
1.) I haven't found an encryption solution that works. Any will require you to install additional PHP components (and no one wants to deal with that when there are plenty of free CMS's out there). There is code obfuscation, but that's iffy at best.
2.) According to this page, that should work on IIS!
I have a couple of questions. I hope people can give me a good view because I am stuck at the moment.
It's a year since I started developing so please bear with me.
How can I get data from a website that I don't own to my application?
I have done some database parsing before but that's all from my own website. I see people use different library's (HPPL for example).
But what if the website requires users to login? And besides does that work on HTML only? What about if it's a PHP based site?
Should I get the external data directly on the iPhone when opening the app or should I use a middle-man approach (server between external website and app that handles the info)?
3) What is the best way to save login information so that a user doesn't have to fill in every time he opens the app?
I am a bit confused about all the stuff so maybe you can clear things up.
The question is extremely broad; so you will get pretty general answers.
Essentially, you are asking how to consume a web service. For that question, I'd recommend one of several tutorials online, like this one. There are others. That should give you a start.
You should understand the Cocoa URL loading system. The documentation is very complete. You can certainly use third-party libraries for this, such as AFNetworking; but I would recommend you understand the Apple -provided frameworks first.
But what If the website has a login ?
Depends on what sort of authentication we're talking about.
And besides does that work on HTML only ? What about if it's a php based site ?
No. Should be no different.
should I get the external data directly on the iPhone when opening the app or should I use a middle-man approach (server between external website and app that handles the info)
In general, a simple design should be favored over a more complex design so long as it meets your specifications. There's probably nothing the intermediate server can do that the iPhone cannot - but we don't really know your specs.
What is the best way to save login information so that a user don't have to fill in every time he opens the app I am a bit confused about all the stuff so maybe you can clear things up...
You will want to investigate the Keychain then. See this SO question for a bunch of tutorial references.
I only began learning about web development 3 weeks ago and have grasped html, css and js quite quickly and have also had some success in using php to draw values from a mySQL database that I have setup however I have a few questions if that is OK?
I am designing a website that essentially allows users to register and then login and add details to a daily log which is stored in the mySQL database. I also want a forum, content section and a shop. Obviously there is no standard open source package for this so I have been investigating how to handcode the PHP to log users in and have them logged in across all parts of the handcoded website. I initially thought I could do this using sessions but I have read that they are bad for SEO? I understand that you can disable them and use cookies but I fear this is all getting a bit over my head? Would it be easier to try and develop this in ASP.NET?
Apologies if some of this doesn't make sense but as I said I am very new to this but I am eager to learn and really serious about it so I will take any information given to me on board. Thanks for your time
This is all very possible in PHP, but what you are asking is for an explanation that requires a book. Speaking of books, there are tons of great books offering help with exactly what you need:
PHP 5 CMS Framework Development: Would teach you about many of the pieces you are trying to assemble by hand including MVC principles.
"Obviously there is no standard open source package.."
Just to name one, WordPress allows users to log in and add stuff to a daily log (it's called a blog), has content sections, and has forum and commerce plugins. Personally, I've been amazed at how customizable WordPress is!
I don't understand your comment about using cookies instead of sessions. I recommend you use the PHP $_SESSION superglobal to keep users logged in during their session.
If you have super-sensitive data in these logs, one option might be to verify that the user's IP has not changed between requests.
I see no reason why ASP.net would be preferable. Personally, I like to learn programming by opening up vim and going at it.
P.S. Be sure you are escaping data provided to you by users before writing it to your SQL database.
I am defining out specs for a live activity feed on my website. I have the backend of the data model done but the open area is the actual code development where my development team is lost on the best way to make the feeds work. Is this purely done by writing custom code or do we need to use existing frameworks to make the feeds work in real time? Some suggestions thrown to me were to use reverse AJAX for this. Some one mentioned having the client poll the server every x seconds but i dont like this because it is unwanted server traffic if there are no updates. I was also mentioned a push engine like light streamer to push from server to browser.
So in the end: What is the way to go? Is it code related, purely pushing SQL quires, using frameworks, using platforms, etc.
My platform is written in PHP codeignitor and DB is MySQL.
The activity stream will have lots of activities. There are 42 components on the social networking I am developing, each component has approx 30ish unique activities that can be streamed.
Check out http://www.stream-hub.com/
I have been using superfeedr.com with Rails and I can tell you it works really well. Here are a few facts about it:
Pros
Julien, the lead developer is very helpful when you encounter a problem.
Immediate push of new feed entries which support PubSubHubHub.
JSon response which is perfect for parsing whoever you'd like.
Retrieve API in case the update callback fails and you need to retrieve the latest entries for a given feed.
Cons
Documentation is not up to the standards I would like, so you'll likely end up searching the web to find obscure implementation details.
You can't control how often superfeedr fetches each feed, they user a secret algorithm to determine that.
The web interface allows you to manage your feeds but becomes difficult to use when you subscribe to a loot of them
Subscription verification mechanism works synchronous so you need to make sure the object URL is ready for the superfeedr callback to hit it (they do provide an async option which does not seem to work well).
Overall I would recommend superfeedr as a good solution for what you need.
This is a general programming question.
What is the best way to make a light blogging system that can handle images, bbcode-ish styling and text without a database back end? Light means not more than 50 to 100 posts in extreme cases.
What language(s) should be used? Is there any preferred data format for the information? How does security play out?
EDIT: Client has no database, is on a shared server. Can't change that. Therefore, no DB.
EDIT2:
Someone mentioned SQL Compact - does that require anything more than copying files to the server? The key here is again that things shouldn't require any more permissions than FTP Acess.
If you're looking to do it yourself; store each post as a file in a directory. Then to sort and limit the posts you rely partially on the file names to order and limit them, and potentially (in the case of a search) on reading every last file. Don't go letting users make 10,000 posts though. But yeah, the above is considered a flat file data format. You can get fancy by using a standard format like JSON, Yaml, or XML within each post file, and even fancier by requesting these with Ajax calls in mostly client side code.
Now if the reason you want to work with flat files is that you just don't want to install a database server, there's nothing stopping you from reading a local (to the server) file as a berkley DB, a Lucene Index, or an SQLite DB from within your webapp using the appropriate client library. You'll find any of these approaches a little more sane (a bit faster, a bit more readable in code) than the afore-mentioned with all the same requirements for installing on the server (read-write file permissions). Many web frameworks or languages (like php) come with the option of an API to these client libraries; SQLite, and Lucy (C Lucene) particularly.
If you're just looking for examples of it being done, I first (I think 1999 or 2000) came across blosxom which is a perl script that either runs as a cgi script per request or as a cron job. It builds a dated index of "posts" based on whatever you throw into the directory it's meant to scan. It also builds an RSS feed.
Jekyll or Blogofile are my favorite kind of solution for that, "compiling pages before upload".
I'm going to go out on a limb here and say that it's not always the destination, but the Journey.
If you're going to set out to do this, I recommend using a language you are comfortable. Personally, this would be C#/.net for me, but from your tagging, I'll assume PHP would be the Serverside scripting language you would choose.
I would layout how I wanted my application to behave. If there is going to be a lot of data, you should consider (as dlamblin mentioned) an DB of some sort for lookup and retrieval. (Light Blog, not so much data... 1000 users can edit? maybe you should consider a DB.) Once you've decided how to store the data, decide how to present it.
Write some proof of concept code for each of the features you want to implement (blog templating, bbcode, user authentication, text searching...) and start to work them all together.
search for flat-file cms-es on google, for example:
http://www.flatcms.org/
this has been already done, so there is no need to create such CMS again. there are plenty of them.
I concur with dusoft that this has already been done.
DotNetBlogEngine.net is an ASP.NET (C#) based blogging system that has a nice XML back-end as an option.
Doesn't answer your question directly but check Unify.
If you do not want to write a new one or want to get some inspiration:
Flatpress
Simple PHP Blog
Ninja Designs are working on a db-free wordpress clone
You could either use XML, or use SQL compact (which allows for handling things just like SQL Server, but instead of a database you utilize flat files).