[PHP][DEV] ShadowCMS

[Dayron1234(2)]

SHADOWCMS
Shadow Developments​

Hello everyone you may know me by Dayron1234 which is my regular account and I'm here to bring you a development of a CMS I'm creating partly from scratch. I'm still learning PHP and as I go I create the pages and start coding.ShadowCMS is a new CMS I will be working on until I finish.There will be updates included in this thread so no need to worry. My estimated time that it will be released is at least from 2 - 3 weeks.

FAQ:

Question:
Is this CMS gonna be free?

Answer: All my projects I work on is free and have no license of any kind.

Question: When will this CMS be released?

Answer: About 2 - 3 weeks, but it mostly depends if I work everyday but I might goof of sometimes .

Question: Is there gonna be a live demo of this CMS?

Answer: There will be a live demo of the CMS.

If I missed any and you want me to put it up please post.

Goals
Red - Not started
Green - Finished
Yellow - Started

• Login
• Register
• Me
• News
• Comments
• Control Panel

We will keep you updated when we started on a new page, ect...

 

[brsy]

What Emu will this be compatible with?

 

[Julio Milian]

Nice will keep daily check up on thread! 8)

 

[Dayron1234(2)]

Sorry this won't be compatible with any emulator because I just want to test my PHP skills with just a basic, lame CMS lol. Maybe the next version will be compatible with an emulator.

 

[Markshall]

The fact that this has no screenshots makes me a bit sceptical.

 

[Dayron1234(2)]

I can show you some coding snippets? Here is my register.php:

<?php
/*##############################################
  #            Shadowcms             #
  #                 © 2011                     #
  #                Devbest                     #
  #                                            #
  ##############################################
*/
  
//Database Info
$dbhost = "localhost"; // Default is localhost
$dbname = "shadowcms"; //Database
$dbuser = "root"; // Default is root
$dbpass = "PASSWORD"; //phpmyadmin password

//Connecting to database yay!
mysql_connect($dbhost, $dbuser, $dbpass) or die ("Could not conenct: ".mysql_error());
mysql_select_db($dbname) or die (mysql_error());

//Getting started with the real script
$name = $_POST['name'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = md5($_POST['password']); //Passwords are now secured with MD5

$checkuser = mysql_query("SELECT username FROM users WHERE username = '$username'");
$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0) {
  echo "Sorry but this username is already registered according to our database records.";
  unset($username);
  exit();
}

// No errors right? Lets insert it into our database
$query ="INSERT INTO users(name, email, username, password) VALUES('$name', '$email', '$username', '$password')";
mysql_query($query) or die (mysql_error());
mysql_close();

echo "You have successfully registered";
?>

I would love to hear any tips from M0nsta since you are a PHP coder

 

[Benden]

Why not put the connection info in a seperate file?

 

[Dayron1234(2)]

I was thinking of that smartyguy but I was to lazy lol. I will do it in a sec thanks for reminding me to dam. Much easier for other people so they don't have to edit it.

Ehhh I'm 99% done with my login page but something came up?

I get this error

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\login.php on line 27

Here is my login script:

<?php
/*##############################################
  #            Shadowcms              #
  #                 © 2011                     #
  #                Devbest                     #
  #                                            #
  ##############################################
*/

//Database Info
$dbhost = "localhost"; // Default is localhost
$dbname = "shadowcms"; //Database
$dbuser = "root"; // Default is root
$dbpass = "password"; //phpmyadmin password

// Connecting to database yay!
mysql_connect($dbhost, $dbuser, $dbpass) or die ("Could not connect: ". mysql_error());
mysql_select_db($dbname) or die (mysql_error());

session_start();
$username = $_POST['username'];
$password = md5($_POST['password']);

$query = "SELECT * FROM users WHERE username = ’$username’ and password=’$password’";
$result = mysql_query($query);

if(mysql_num_rows($result)!= 1) {
  $error = "Failed login";
  include "login.htm";
}
else
{
  $_SESSION['username'] = "$username";
  include "me.php";
}
?>

 

[Benden]

I'm no genius but try replacing mysql_num_row with mysql_fetch_assoc
I got no idea if it will work but it just sounds right

 

[Dayron1234(2)]

I'm using that to get the user details and checking if they are right and if not they will just be incorrect but I will try that.

 

[Rilax]

Looks nice, hope to see the final product. Also could you include what makes it stand out? 8)

 

[Dayron1234(2)]

Nothing actually makes it stand out... Anyways new updates !!!

UPDATE: I have now got rid of the warning on the log in page I just want to do something in the database and think of new ideas.

 

[Jo$h]

You should make a CMS that works with an emulator.

 

[Dayron1234(2)]

To much work for me.. I'm just doing basic stuffs to this CMS. Maybe if I get better at PHP I can do that... Other then that thanks for your feedback.

 

[Dayron1234]

UPDATE: I have re-done everything, Login is 100% working, Register is 100% (I needa put a theme on it ect...), Me page is not so great but it will do for now, logout is 100% aswell, and news system will come later on.

Sorry for the delay

 

[Benden]

good too hear

 

[Markshall]

This is very insecure from what I've seen in the snippets of code you have provided above.

Make sure you use strip_tags() around $_POST and $_GET variables to prevent XSS injections and hacking. When working with MySQL around $_POST and $_GET, use mysql_real_escape_string() to prevent SQL injections.

I'm not trying to be a jerk, I'm just trying to help you keep your projects secure and stable.

Anyway, good luck with it.

 

[RastaLulz]

It's nice to see that you are learning PHP, Dayron. The script itself is very basic, but we all have to start somewhere. I look forward to seeing you progress.

Also, I agree with what Mark said. You should always take into consideration exploits (sql injection, xss, etc) when coding. I personally like to bind the paramaters for SQL, and use the htmlentities() function to counter act XSS.

 

[Markshall]

It's nice to see that you are learning PHP, Dayron. The script itself is very basic, but we all have to start somewhere. I look forward to seeing you progress.

Also, I agree with what Mark said. You should always take into consideration exploits (sql injection, xss, etc) when coding. I personally like to bind the paramaters for SQL, and use the htmlentities() function to counter act XSS.

Binding parameters for SQL? How do you mean? I've never tried that before.

 

[RastaLulz]

Binding parameters for SQL? How do you mean? I've never tried that before.

It's done with mysqli, instead of the normal mysql functions.

Example:

<?php

$db = new mysqli('host', 'user', 'pass', 'db');

$db->prepare('UPDATE dogs SET bone = ? WHERE meal = ?');

$db->bind_param('is', 1, 'dessert');

$db->execute();