I only began learning about web development 3 weeks ago and have grasped html, css and js quite quickly and have also had some success in using php to draw values from a mySQL database that I have setup however I have a few questions if that is OK?
I am designing a website that essentially allows users to register and then login and add details to a daily log which is stored in the mySQL database. I also want a forum, content section and a shop. Obviously there is no standard open source package for this so I have been investigating how to handcode the PHP to log users in and have them logged in across all parts of the handcoded website. I initially thought I could do this using sessions but I have read that they are bad for SEO? I understand that you can disable them and use cookies but I fear this is all getting a bit over my head? Would it be easier to try and develop this in ASP.NET?
Apologies if some of this doesn't make sense but as I said I am very new to this but I am eager to learn and really serious about it so I will take any information given to me on board. Thanks for your time
This is all very possible in PHP, but what you are asking is for an explanation that requires a book. Speaking of books, there are tons of great books offering help with exactly what you need:
PHP 5 CMS Framework Development: Would teach you about many of the pieces you are trying to assemble by hand including MVC principles.
"Obviously there is no standard open source package.."
Just to name one, WordPress allows users to log in and add stuff to a daily log (it's called a blog), has content sections, and has forum and commerce plugins. Personally, I've been amazed at how customizable WordPress is!
I don't understand your comment about using cookies instead of sessions. I recommend you use the PHP $_SESSION superglobal to keep users logged in during their session.
If you have super-sensitive data in these logs, one option might be to verify that the user's IP has not changed between requests.
I see no reason why ASP.net would be preferable. Personally, I like to learn programming by opening up vim and going at it.
P.S. Be sure you are escaping data provided to you by users before writing it to your SQL database.
Related
So I'm trying to make my own mini CMS, and just for my knowledge once I get it good enough, and I know enough, I'd like to sell it. Now for licensing, I know there's tons of licensing scripts you can pay for, but would the following be advisable?
I'd like to plant a script hidden in my CMS where instead of checking for some sort of key, it checks if your domain is allowed to run the CMS by running it past the main CMS database. Now I have two questions.
1.) Could I encrypt the code, so if I wanted it to redirect to a page where it just says "CMS Deactivated" For example, so that people don't go through the code just ctrl-f searching for the key text?
2.) I was going to reach the domain name by doing the following, $_SERVER['SERVER_NAME']. Is that going to be a reliable way of checking the domain? IE. Will IIS pick up on it?
I'm not trying to completely extinguish cracking of the CMS, I know that is impossible.
Maybe you should consider housing the whole thing on your own servers and making the content accessible via a REST API. You can certainly restrict and control that way.
Providing a CMS with source code to any client opens you to evaluation and cleansing. Not saying there's no way, but I am saying it may be easier for you to provide the content via REST than to write perfect security. Especially if you're asking this question.
As I said in my comment, I think worring about money is irrelevant for now, but here's some information for you to learn from.
1.) I haven't found an encryption solution that works. Any will require you to install additional PHP components (and no one wants to deal with that when there are plenty of free CMS's out there). There is code obfuscation, but that's iffy at best.
2.) According to this page, that should work on IIS!
I have a couple of questions. I hope people can give me a good view because I am stuck at the moment.
It's a year since I started developing so please bear with me.
How can I get data from a website that I don't own to my application?
I have done some database parsing before but that's all from my own website. I see people use different library's (HPPL for example).
But what if the website requires users to login? And besides does that work on HTML only? What about if it's a PHP based site?
Should I get the external data directly on the iPhone when opening the app or should I use a middle-man approach (server between external website and app that handles the info)?
3) What is the best way to save login information so that a user doesn't have to fill in every time he opens the app?
I am a bit confused about all the stuff so maybe you can clear things up.
The question is extremely broad; so you will get pretty general answers.
Essentially, you are asking how to consume a web service. For that question, I'd recommend one of several tutorials online, like this one. There are others. That should give you a start.
You should understand the Cocoa URL loading system. The documentation is very complete. You can certainly use third-party libraries for this, such as AFNetworking; but I would recommend you understand the Apple -provided frameworks first.
But what If the website has a login ?
Depends on what sort of authentication we're talking about.
And besides does that work on HTML only ? What about if it's a php based site ?
No. Should be no different.
should I get the external data directly on the iPhone when opening the app or should I use a middle-man approach (server between external website and app that handles the info)
In general, a simple design should be favored over a more complex design so long as it meets your specifications. There's probably nothing the intermediate server can do that the iPhone cannot - but we don't really know your specs.
What is the best way to save login information so that a user don't have to fill in every time he opens the app I am a bit confused about all the stuff so maybe you can clear things up...
You will want to investigate the Keychain then. See this SO question for a bunch of tutorial references.
Basically I have a new client that is after the following functionality from her accountancy website:
A client area in which here existing clients can log into.
a place within the log in are where clients can access documents
such as tax returns etc.
naturally this all needs to be very secure. My question is:
Is there a Wordpress plugin that can achieve this or is their an open source php framework out there that allows me to do this.
I could go through the process myself using php and mysql PDO but apart from encrypting the passwords i am not confident that the security i could program would be adequate. Any recommendations?
You could consider trying WP-Client
It's a Wordpress plugin that was built from the ground up to act as a client portal with the exact functionalities that you describe, plus much more.
http://WP-Client.com
If there are any plugins out there, they probably won't measure up to the amount of security you're looking for.
I would recommend storing all sensitive data outside of the public_html directory so that it is out of grasp for unwanted visitors/robots/etc.
You should also be encrypting all data sent/received with a SSL certificate.
It sounds like you're looking for a lot of functionality- the ability to upload these documents, access them based on users, etc. You may have to code something yourself or find a non-Wordpress solution that works for you. Perhaps you can use login credentials based off of the Wordpress installation...
Update
Since originally writing this I'm now in agreement with user1744188's answer below. WP-Client has been written specifically for this task, and for me it fills a big gap in the Wordpress market. The service I've been given is very good and I think it's priced well considering all the features and the resources you get.
It should definitely be noted, however, that the plugin itself is not open source. The main wp-client.php file in the root of the plugin is a big 0.5Mb monster of a file that has been encoded. Every method has been obfuscated and ties into some unencryption method using the licence key.
So it does what it does but you won't be able to extend or modify it easily.
Original Answer
I agree with John - I personally don't think I'd use Wordpress at all for this. However, I did a job not long ago and they sprung this requirement on me right at the end of the build so I had no choice.
I did it using S2 Member and it worked out well. Here's the ongoing thread on how to do it, the developer is a really helpful guy, he's produced a video to help and supported requests.
www.primothemes.com/forums/viewtopic.php?t=586
It's WordPress Plugin that connects with CRM to CMS, Means all your data will store in CRM for better management. you can find Here, They Prodive best solution for WordPress Client Portal.
Currently i am wondering whether or not to use a MySQL DB to provide content on my website.
An example of what i mean is based loosely here: http://www.asual.com/jquery/address/samples/
find the sample called SEO. Alternatively Click Here
Anyone with HTML5 able browsers will notice the URL is 'pretty' and is what you'd expect to find on any standard website.
Anyone with IE8 or a browser which isnt 'Webkit' enabled, will see the use of the Hashbang (#!) in order for SEO.
The problem is this: the content is pulled from a MySQL DB.. I have approx 30 pages (some are PACKED with content) And im wondering if all this tedious modification of my website is necessary?
I use jQuery MySQL and PHP through a single page interface so my content is not indexable at all. What are your views?
Help me!!
PS. would it be easier to provide PHP Includes in my DB content to fetch pages without having to upload all my pages into my DB?
your question is made up of a lot of questions. :)
to mysql or not to mysql: most of the PHP-usng web world is using mysql as a database to store content. i don't see much of a problem there. 30 pages is peanuts.
jquery and php for a single page interface indexable: depends on the search engine. i've read somewhere (too lazy to look things up) that google uses a javascript enabled crawler. not sure if they use it in production already.
PHP includes in DB content: textpattern uses this approach. your worry is a problem of scale.
if your PHP code can serve pages properly, it wouldn't matter where it pulls content from. DB or filesystem wouldn't matter at this point.
just do it.
There is no such question.
Mysql is okay.
Its general purpose solution for storing site data, everyone using it with not a single problem and even Wikipedia is happy with it.
Mysql is irrelevant to any problems of your site.
Your problem is somewhere else but you forgot to state it. Let me suggest you to ask another question, pointing to the real problem you have, not some guess you made of it's reasons.
Well, if you can avoid it, avoir storing pages inside MySQL, unless you want to give the administrator the possibility to edit the pages.
Aside from that, there is no problem in storing pages in a DB, would it be MySQL or others. A lot of CMS do it (Drupal, Joomla, etc.).
You might encounter some performance issues on your DB server if your traffic becomes high, but this is another problem.
In my tests and comparison, mysql connectivity and queries do slow down responses. If your site is simple and you are only doing updates yourself, then using a template engine and storing content in a files is not a bad choice.
If you decide to put it into SQL, then eventually you might need to build a cache. Hopefully nginx and not the php cache, so it shouldn't be a problem too.
The deciding factor is how you are willing to edit the content. I found that myself and my team is much more comfortable with editing html files through notepad++, Vim or Coda. If content is inside a database you get a poorly-performing (compared to desktop app) WYSIWYG editor.
Always use SQL the content is generated by your users. And do use some lightweight CMS.
I am using the one bundled with Agile Toolkit myself and templates look like this:
https://github.com/atk4/atk4-web/tree/master/templates/jui
would it be easier to provide PHP Includes in my DB content
I think you'll find your site far easier to maintain for years IF you keep a very clear separation of duties: data goes in a database, presentation and code go in files.
While there is some contention whether it is a good idea to store templates in a database, my gut feeling says that you should avoid that temptation unless you have a very good reason.
But storing code (your PHP include statements) in the database is almost certainly not the best way forward.
I am interested in the idea of creating a website that allows users to submit content and display it on new pages for other users to view. For example having a form with a few text fields to fill out, and this will be the information that is shared. I have looked at some CMS software and most of it is too much for what i need. So if you have any advice or documentation to lead me in the right direction that would be wonderful.
Any book on MySQL and PHP application development will contain examples that do exactly what you describe -- I suggest you buy one and get started on your adventure!
If you take up the challenge and not use existing code, one thing you'll want to know up front is this:
In any case, make 100% sure that the values users enter can not be interpreted as SQL code. If users abuse your forms and you don't take preemptive measures, SQL injection is an easy way of gaining access to the entire database or deleting data from it. Simply calling mysql_real_escape_string() on every variable that comes from the user form, will prevent this from being possible.
Check http://en.wikipedia.org/wiki/SQL_injection for more info on this.
Good luck!
look for lightweight CMS it not wise to reinventing the wheel
you can use a guest book source code it can do the job all you have to do is to add some html
While many CMS packages probably have more than you need, it will most likely still be easier to learn a CMS than to figure out how to do everything on your own.
That said, figuring out how to do it yourself is a much better way to learn the fundamentals of web development. A popular place to start is PHP running on Apache with a MySQL database. If you're on Windows, you can find packages that install all of those things together and saves you from a lot of the low level configuration, for example WAMP.