| Welcome to Webforumz.com. |
|
Jan 13th, 2008, 12:47
|
#1 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Try out my CMS/Blogging Tool
Hey all, I'm sorry if this is not allowed, but I remember someone else posting a similar thread before, asking people to try out his CMS. As my first PHP project (alongside simonb) it was quite a challenge, I think it has taken about a week overall.
You can view the front end here:
cms.penguin-cms.com
And log in here:
cms.penguin-cms.com/backend
Username: bob
Password: test
I know that when you log in it displays that crappy screen, I have not got round to doing that bit yet 
Once again, if this is breaking the rules on advertising, then please just say.
JAck |
|
|
|
Jan 13th, 2008, 13:03
|
#2 (permalink)
|
|
Administrator
Join Date: Jul 2007
Location: Webforumz 24/7
Age: 15
Posts: 4,102
|
Re: Try out my CMS/Blogging Tool
No we allow this.
I've done it too.
I'll try it for you now, I'll let you know.
__________________
Languages: PHP, mySQL (queries), C#, (X)html, CSS, JS.
|
|
|
|
|
Jan 13th, 2008, 13:06
|
#3 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
Ok cheers |
|
|
|
|
Jan 13th, 2008, 13:14
|
#4 (permalink)
|
|
Administrator
Join Date: Jul 2007
Location: Webforumz 24/7
Age: 15
Posts: 4,102
|
Re: Try out my CMS/Blogging Tool
Feedback time!
1. Great work, I can tell you've put a lot of effort in.
2. You're CMS does not seem to vulnerable to SQL injection but I can make sure if you post your login script or send it to me.
3. It correctly filters PHP so no attacks can be made that way.
4. I was able to upload a PHP file (Bad!) but on trying to run (don't worry it was only to print "lolol") I got an internal server error. It would be better to only allow images etc. Not PHP files!
5. You can only edit one note, and editing it changes all notes to the same one.
__________________
Languages: PHP, mySQL (queries), C#, (X)html, CSS, JS.
|
|
|
|
|
Jan 13th, 2008, 13:23
|
#5 (permalink)
|
Join Date: Apr 2007
Location: Scotland, UK
Age: 15
Posts: 1,750
|
Re: Try out my CMS/Blogging Tool
I pretty much agree with Alex...
__________________
I'm back!!!! 
|
|
|
|
|
Jan 13th, 2008, 13:31
|
#6 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
Quote:
Originally Posted by alexgeek
Feedback time!
1. Great work, I can tell you've put a lot of effort in.
2. You're CMS does not seem to vulnerable to SQL injection but I can make sure if you post your login script or send it to me.
3. It correctly filters PHP so no attacks can be made that way.
4. I was able to upload a PHP file (Bad!) but on trying to run (don't worry it was only to print "lolol") I got an internal server error. It would be better to only allow images etc. Not PHP files!
5. You can only edit one note, and editing it changes all notes to the same one.
|
1. Thanks
2. Good. I'll PM you the script later.
3.
4. I used a very basic script from a tutorial. I have no idea how to filter file types, if I post it can you have a look?
5. THe idea is that the notes is just literally a place for admin to write things, so they all edit one note really. It was just a quick idea I had. I'll change it so that each note is stored in a seperate row of the table.
Cheers |
|
|
|
|
Jan 13th, 2008, 13:35
|
#7 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
The uploader is:
- PHP: Select all
$path = "http://www.webforumz.com/images/".$HTTP_POST_FILES['ufile']['name'];
if($ufile !=none)
{
if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path))
{
echo "Successful<BR/>";
//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
echo "File Name :".$HTTP_POST_FILES['ufile']['name']."<BR/>";
echo "File Size :".$HTTP_POST_FILES['ufile']['size']."<BR/>";
echo "File Type :".$HTTP_POST_FILES['ufile']['type']."<BR/>";
echo "<img src=\"$path\" width=\"150\" height=\"150\">";
echo '<h5>File Location: images/' . $HTTP_POST_FILES['ufile']['name'] . '</h5>';
}
else
{
echo "Error";
}
}
I want it to allow most things, but block any .php files.
Would it be something like:
- PHP: Select all
if ($HTTP_POST_FILES['ufile']['type']=php) {
echo '<p>NO!</p>';
} else {
upload the file...
}
|
|
|
|
|
Jan 13th, 2008, 13:38
|
#8 (permalink)
|
|
Administrator
Join Date: Jul 2007
Location: Webforumz 24/7
Age: 15
Posts: 4,102
|
Re: Try out my CMS/Blogging Tool
On looking at your login script I don't see any sql injection problems.
Will look at your uploader now.
__________________
Languages: PHP, mySQL (queries), C#, (X)html, CSS, JS.
|
|
|
|
|
Jan 13th, 2008, 13:40
|
#9 (permalink)
|
|
Administrator
Join Date: Jul 2007
Location: Webforumz 24/7
Age: 15
Posts: 4,102
|
Re: Try out my CMS/Blogging Tool
Hmm that's an old way of doing.
I use PHP5's $_FILES super global so I'm not really sure.
__________________
Languages: PHP, mySQL (queries), C#, (X)html, CSS, JS.
|
|
|
|
|
Jan 13th, 2008, 13:44
|
#10 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
I followed it in a tutorial. I'm looking for a better one on the web now.
|
|
|
|
|
Jan 13th, 2008, 13:57
|
#11 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
DID it
- PHP: Select all
$path = "images/".$HTTP_POST_FILES['ufile']['name'];
if($ufile !=none)
{
if (($HTTP_POST_FILES['ufile']['type']=="image/gif") || ($HTTP_POST_FILES['ufile']['type']=="image/pjpeg") || ($HTTP_POST_FILES['ufile']['type']=="image/jpeg") || ($HTTP_POST_FILES['ufile']['type']=="image/png")) {
if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path))
{
echo "Successful<BR/>";
//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
echo "File Name :".$HTTP_POST_FILES['ufile']['name']."<BR/>";
echo "File Size :".$HTTP_POST_FILES['ufile']['size']."<BR/>";
echo "File Type :".$HTTP_POST_FILES['ufile']['type']."<BR/>";
echo "<img src=\"$path\" width=\"150\" height=\"150\">";
echo '<h5>File Location: images/' . $HTTP_POST_FILES['ufile']['name'] . '</h5>';
}
else
{
echo "Error";
}
} else {
echo "Incorrect File Type";
}
}
Now, how would I create one that did not allow PHP but allowed zip, pdf & doc? |
|
|
|
|
Jan 13th, 2008, 15:19
|
#12 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
Quote:
Originally Posted by alexgeek
Feedback time!
5. You can only edit one note, and editing it changes all notes to the same one.
|
Quote:
Originally Posted by jackfranklin
5. THe idea is that the notes is just literally a place for admin to write things, so they all edit one note really. It was just a quick idea I had. I'll change it so that each note is stored in a seperate row of the table.
|
Changed. Each note now is in a seperate row of the database. |
|
|
|
|
Jan 13th, 2008, 15:22
|
#13 (permalink)
|
|
Administrator
Join Date: Jul 2007
Location: Webforumz 24/7
Age: 15
Posts: 4,102
|
Re: Try out my CMS/Blogging Tool
Great. What are you plans for this project?
__________________
Languages: PHP, mySQL (queries), C#, (X)html, CSS, JS.
|
|
|
|
|
Jan 13th, 2008, 15:27
|
#14 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
Well I have set up an entire website and trying to get the word around that the official beta will be released today. I want people to test it, and then in 2-3 weeks, the first proper release V1.0 should be out. Then people can use it for their blogs.
At the moment the only tester is my brother :P
(If anyone wants to test it for me check out the website)
Jack
|
|
|
|
|
Jan 15th, 2008, 18:43
|
#15 (permalink)
|
|
Section Manager - WOTM
Assistant Editor - LZ
Join Date: May 2007
Location: Cornwall, England
Posts: 1,101
|
Re: Try out my CMS/Blogging Tool
Hi guys, I ask of you to keep testing. I would like to have as much feedback as possible
I've now changed a couple of things:
-->When adding a comment, all 3 criteria must be filled.
-->Blogroll section in administration & displays on sidebar (not online yet)
-->On frontend date displays as 'Month dd, yyyy' instead of 2008-1-13.
More coming soon |
|
|
| | | |
Login
Contact Us
Advertise
Page Info
