Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Whether this is about ha.ckers.org, sla.ckers.org or some other project you are interested in or want to talk about, throw it in here to get feedback. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
cms
Posted by: thomaspollet
Date: November 16, 2006 03:17AM

Hello,

What content management systems do you like? Some time ago I started coding a pet cms but as the cms-o-sphere is crowded enough I quit it. Yet I'm still frustrated with the design and coding of most cms's. Is there a cms out there which does not suck? Is it worth the time coding yet another cms?


Greets,
Thomas

Options: ReplyQuote
Re: cms
Posted by: jungsonn
Date: November 16, 2006 03:57AM

I don't know any CMS that doesn't suck, I tried many OpenSource most of the time their code is so fubar. Since then I always roll my own.

I do use a third party wysiwyg class in it for the editing in the cms like TinyMCE which is free.

Options: ReplyQuote
Re: cms
Posted by: rsnake
Date: November 16, 2006 11:37AM

Obviously we use Wordpress for the blog. We use Microsoft's unsupported CMS system in some strange ways at the company work for. Neither of which I think are particularly bug free and scalable. So I can't comment. Drupal gets high marks from lots of the SEO people, minus all the security issues.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: cms
Posted by: thomaspollet
Date: November 17, 2006 03:48AM

Drupal is pretty nice but as all other cms's it's developed around a need for features and user functionality. From a software engineering point of view all cms's are just webpages on steroids. The idea I had when I was thinking about cms's was based on strict separation of different layers: there's
-data
-application logic
-page structure
-style
now these parts can be implemented using
-db : mysql
-programming language: php
-structure: xml + xslt
-style: css

I won't elaborate on this but if you think about it you may see a use in this kind of design. Yet, having a consulting background, webdesign is on the very low end of the payscale + Users don't care fuck about software design, they want features and bling bling. Do you think it's worth to pick back up coding a cms this way? It would take months to implement good and still the functionality won't be super.
I think about 20.000 lines for a basic version. For now I have something like 3k lines.

Options: ReplyQuote
Re: cms
Posted by: jungsonn
Date: November 17, 2006 07:10AM

KISS. :)

I see ~ saw alot of programmers in my career/life, and i dunno what goes around in their heads when design a system that is so huge which does the same practical things as my own build cms which 1 php page with about 800-1000 lines of code. Most of them are making it so impractical. Yeah i'm a practical guy, the less code the better. So the more i can slam into 1 php page, the better.

usually i build it like this:

* core script 800 - 1000 lines code.
* few external classes which handle mail, pdf, login, sessions, wysiwyg editor.
* external html pages, which i parse in the core.
* external php/html pages with sql queries in pure html, which are parsed into the core.

so the only risk is limited to the core script, the rest of things can do nothing on their own, can't be compromised or whatever.

Options: ReplyQuote
Re: cms
Posted by: nEUrOO
Date: November 17, 2006 07:37AM

@Jungsonn
But if you want something really flexible I mean, if you want to distribute it for the public, you should need a template engine too, an admin board etc.

This is basically what we see now...

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: cms
Posted by: jungsonn
Date: November 17, 2006 09:25AM

Ouch.

That's the problem. I always build it custom for clients,
never the same thing twice, cause they all demand other things.

So you build it for the people who cannot build it themselfs, that's a big deep security abyss. Cause by allowing it flexible and broad means that it's easier to compromise generally. A tradeoff between scalable/flexible and security.

I've seen it happen much, clients go buy a cms cause they can't code it themselfs, after that they want extra features not in it, they come to me and we both agree i build a custom cms and ditch the other one cause that thing was rich featured but not the way they wanted it. :)

I'm happy cause it generates some extra bucks for me.

Options: ReplyQuote
Re: cms
Posted by: jungsonn
Date: November 17, 2006 09:29AM

Just like this list:
http://www.milw0rm.com/webapps.php

If i look at that one, the shivers run over my spine.

Options: ReplyQuote
Re: cms
Posted by: thomaspollet
Date: November 17, 2006 10:22AM

jungsonn, you have some code open sourced somewhere?
I wasn't especially talking about security but more general software development: imo good software design mitigates the security risks: in a layered approach, input validation can be performed at the different levels and in an organised way, that's true for all software. Whenever i see something like

$result=mysql_query($query);
print '<a href="blah" style="styleshit">' ;
print $result[0];
print '</a>';

I'm done: in my mind this would go more like

$xml_result = custom_query($what_i_need);
$xhtml = to_xhtml($xml_result,$xslt);

(been a while since I programmed php, excuse for evt. syntax errors).

Javascript eyecandy (for menus etc.) can be encapsulated in the xsl stylesheet then, in the csszengarden.com way add the style info.

Kinda obvious, but few open source projects actually take this path.
What do you think? (Going to digg up the code I did to recall exactly how I did it, something I do remember was that the admin interface was also programmed using the same logic the cms was built upon). Hope this is somewhat clear to get my point through.



Edited 2 time(s). Last edit at 11/17/2006 10:29AM by thomaspollet.

Options: ReplyQuote
Re: cms
Posted by: nEUrOO
Date: November 17, 2006 10:39AM

@thomaspollet
Hum, based on what I remember of OpenSource softwares, it's basically the same thing, let's say:

1/ Input Validation
$datas = parse_all_my_global_variables();
2/ Queries
$results = $database->get_results($sql_query);
3/ Send to the template engine
$template->assign('results', $results);

Is there any difference between what you have in mind and this ? Because maybe i don't catch it... but for me, it's the same approach (so nothing new).

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote
Re: cms
Posted by: thomaspollet
Date: November 17, 2006 11:09AM

neuroo, if the input validation was always done like that, the number of sql inj/xss/file inc wouldn't be as high as it is now... then there's the use of xsl stylesheets which is a powerful way to add structure and eyecandy to basic (xml) data whereas now these things are commonly implemented in the same code as the fetching of the data. I don't know about every os cms but I've seen alot which 'just get the job done'.

Options: ReplyQuote
Re: cms
Posted by: jungsonn
Date: November 17, 2006 11:51AM

thomas,

I'dd like to see some piece of code, yes.

generally i'm absolute no fan of templating (like smarty does for instance) that's just plain horror. Why not just parse .tpl files with pure html in it? that's what i liked about phpbb boards.

Options: ReplyQuote
Re: cms
Posted by: nEUrOO
Date: November 17, 2006 12:28PM

For me, the Smarty Engine is very nice.
You can of course use it as a simple template engine (like the phpbb's one) or you can do lots with special functions etc. I have to say that it's very useful (it was for what I had to do with actually...)

@thomas
Okay, i don't want to say that all are doing this... but, at least since web guys started to care about security, we see this schema (Joomla!, PHPBB etc.)

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: ReplyQuote


Sorry, only registered users may post in this forum.