ZoneCMS: PDO / SECURE / MODERN [PlusEMU - FULL SUPPORT]

[Zaka]

Hello everyone! I have been working on this cms for a while now, and I decided it's time to get some feedback and maybe some input on features you would love to see.

What have been done so far?

+ Pages: Index, Register, Maintenance, Me, Settings, Profile etc (prints down below)
+ AdminCP - This CMS comes with it's own "housekeeping", no it's not really responsive yet.
+ Works 100% for AzureSharp, haven't tested it for PlusEmu yet but it should work in theory.
​

What needs to be done?

- Search function for users on the me page
- Missing settings for profile, you can currently only change your password
- AdminCP still have some features that needs to be implemented​

NOTICE! I've done so much more than this list says, but I couldn't bother to write it all down.

Now before you guys go all ham about projects being discontinued and such. This is a project I have been working on a little bit now and then, but I am almost done, and I didn't want to put this thread up until I was finished with the cms to a stage where I could release a working version if I later decide to end the development.

There is no ETA for this CMS and I wont be updating very frequently because I like to work at different times and make many small changes here and there. So please bare with me! My intention is to get this released in about a month or so, I promise to release the cms in current state if I decide to stop the development. That way other developers can finish what I started, but for now I will continue this development on my own.

This cms is powered by PDO and MySQL. Passwords are encrypted with blowfish. I am very finicky when it comes to security, so I don't leave anything to chance.

This cms will be released under a common creatives license, which entitles you to do whatever with the cms privately and commercially, as long as proper credits are given.

Images of some pages

Spoiler

Staff Page

Hall of Fame

Profiles

AdminCP

AdminCP - Login (only if you want to directly login to the AdminCP)

Maintenance page

Me page

Menu

Spoiler: Code snippets

Database class

You must be registered for see images attach

System class

You must be registered for see images attach

Example of how userInfo can be used with arrays to fetch multiple columns in one go

You must be registered for see images attach

Users class

You must be registered for see images attach

Please don't hesitate to come with further suggestions! Keep it relevant, please don't ask any questions that are already answered in this post.

NOTICE! The images provided in this post is the cms as it's state when I created this thread, further updates are posted along the thread as it goes, images included.

Demo: coming soon

UPDATE 2017-02-09 01:55
----------------------------------
I have now implemented CSRF protection in the CMS, both one-per-form and one used on any form.
In the global.php file we use both setCSRFToken() and setCSRFFormToken() and this can only be done once, doesn't matter how many times you have it in your code, nothing else will happen, but it needs to be in a global file that is required in every script or it needs to be added manually to every script you want CSRF protection in.

As I said earlier you can either use a global CSRF token or a specifik token for each form, this is easy done by adding an input in your form

// For global CSRF key
echo $sys->getCSRFToken();

// For specifik form
echo $sys->getCSRFFormToken('/scriptname.php');

These values are added to the value="" field in the hidden input. And to check it on server side you simply do

$CSRFToken = $sys->getCSRFFormToken('/scriptname.php');

if (isset($_POST['csrf_token']) && hash_equals($CSRFToken, $_POST['csrf_token'])) {
    // Run your script
} else {
    // Wrong CSRF, something fishy going on
}

for specifik form or

$CSRFToken = $sys->getCSRFToken();

if (isset($_POST['csrf_token']) && hash_equals($CSRFToken, $_POST['csrf_token'])) {
    // Run your script
} else {
    // Wrong CSRF, something fishy going on
}

for global CSRF token. But you must remember, whatever you choose to use on the input field, must also be the one you are checking against server-side.

I also finished the general settings page with switches, it updates automatically on change with AJAX and has a small delay to avoid spam.

Spoiler: Image

TIP: I don't post all updates here, the updates are posted further in the thread as it goes, I just felt this update was a bit important.

Sincerely,
Zaka

 

[Benn]

I day 7/10 for creativity but the colours are very dull. IMO you should create a lighter theme. The orange headers don't work well with black backgrounds. I reckon if you was to change the colours, edit with the CSS a little, you could pull of a very unique CMS.

 

[Zaka]

I day 7/10 for creativity but the colours are very dull. IMO you should create a lighter theme. The orange headers don't work well with black backgrounds. I reckon if you was to change the colours, edit with the CSS a little, you could pull of a very unique CMS.

Thanks for the feedback! I'm making it in a way where it will be easy for people to create different themes for the cms, but I will think about that. I might just add a second light theme to come with it.

 

[BIOS]

Not sure if I like the design, colour scheme doesn't seem to go well.

Although HK doesn't look too bad. Noticed your search query was "%as", how is that setup? It's not being passed directly to the LIKE operator, is it?

Any snippets of code, back-end preferably?

 

[Xylo]

NO HERBICIDE ORANGE PLS. Looks nice though, I'm interested to see what this project turns into. Good luck.

 

[Zaka]

Not sure if I like the design, colour scheme doesn't seem to go well.

Although HK doesn't look too bad. Noticed your search query was "%as", how is that setup? It's not being passed directly to the LIKE operator, is it?

Any snippets of code, back-end preferably?

Since I use PDO and prepared statements I seperate data from the actual operation. The searchbar basically works as follows:
%as - search for every username which ends with as
za% - search for every username starting with za
%as% - search for every username containing as

As for code snippets, I prefer not to share any code snippets at the moment since stuff are still going back and forth, but I might show share something, if you can be a bit more specific which part you would like to see.

NO HERBICIDE ORANGE PLS. Looks nice though, I'm interested to see what this project turns into. Good luck.

At the moment I run with these colors and focus on the back-end instead. I will have time to add some different themes with different colors when I have finished the more important parts. Also I've been thinking a lot about the advantages and disadvantages with a template system like RevCMS vs PhoenixPHP. And so far I have decided to follow something more like PhoenixPHP where the "themes" consist of just visuals such as images, css, js etc. And if someone wants to remake bigger parts of the cms later they can just do that and release it based on ZoneCMS just like they do with everything else.

Is this a good or bad idea? I know templates are much cleaner and easier to work with front-end, but at the same time, you lose so much dynamics using a template.

EDIT: What colors would you like to see instead of the orange?

 

[BIOS]

Since I use PDO and prepared statements I seperate data from the actual operation. The searchbar basically works as follows:
%as - search for every username which ends with as
za% - search for every username starting with za
%as% - search for every username containing as

As for code snippets, I prefer not to share any code snippets at the moment since stuff are still going back and forth, but I might show share something, if you can be a bit more specific which part you would like to see.


At the moment I run with these colors and focus on the back-end instead. I will have time to add some different themes with different colors when I have finished the more important parts. Also I've been thinking a lot about the advantages and disadvantages with a template system like RevCMS vs PhoenixPHP. And so far I have decided to follow something more like PhoenixPHP where the "themes" consist of just visuals such as images, css, js etc. And if someone wants to remake bigger parts of the cms later they can just do that and release it based on ZoneCMS just like they do with everything else.

Is this a good or bad idea? I know templates are much cleaner and easier to work with front-end, but at the same time, you lose so much dynamics using a template.

EDIT: What colors would you like to see instead of the orange?

That's a good start, I'd personally still opt-in for a drop-down list which would be an improvement for UX also. For e.g: a drop-down item with the text "Beginning with.." etc.

Any snippet would be fine, just kinda hard to form a viewpoint on the development with this little information.

 

[Zaka]

That's a good start, I'd personally still opt-in for a drop-down list which would be an improvement for UX also. For e.g: a drop-down item with the text "Beginning with.." etc.

Any snippet would be fine, just kinda hard to form a viewpoint on the development with this little information.

I get what you mean, thank you for the advice. I will look into that!
I can upload some code snippets later when I feel that the worst has past.

Keep it coming guys, I love the feedback I've been given so far!

 

[MayoMayn]

Not my kind of taste, but good luck with this!

Sent from my SM-G928F using Tapatalk

 

[Zaka]

Not my kind of taste, but good luck with this!

Sent from my SM-G928F using Tapatalk

Thanks! Well any feedback you might have, just spit it out, I'm open to all constructive criticism.

 

[Haid]

Not much to go on really! Would be nice to see some code snippets when you feel it's ready enough to share; it's the most important part after all.
As far as your style goes the block colour pallette is way off, you at least need a more vibrant orange if you want to use that dark blue. Header is far too plain, logo should probably be within the container with an online box to be "standard" habbo-ish. Really like the hall of fame page styling nice to see a different layout.

Overally nice to see something new, bit of work on the theme and it could be a decent release if it makes it that far!
Good luck.

 

[MayoMayn]

Thanks! Well any feedback you might have, just spit it out, I'm open to all constructive criticism.

New text font definitely. I'll give some once something pops into my head [emoji14]

Sent from my SM-G928F using Tapatalk

 

[Zaka]

Not much to go on really! Would be nice to see some code snippets when you feel it's ready enough to share; it's the most important part after all.
As far as your style goes the block colour pallette is way off, you at least need a more vibrant orange if you want to use that dark blue. Header is far too plain, logo should probably be within the container with an online box to be "standard" habbo-ish. Really like the hall of fame page styling nice to see a different layout.

Overally nice to see something new, bit of work on the theme and it could be a decent release if it makes it that far!
Good luck.

Have been playing around with some colors, which one do you think would work best with the background? Maybe different colors for each box?

 

[Blasteh]

Reminds me of BrainCMS (staff page) but a whole lot nicer. BrainCMS is just ugly overall. Good luck with this!

 

[Zaka]

Reminds me of BrainCMS (staff page) but a whole lot nicer. BrainCMS is just ugly overall. Good luck with this!

Thank you! I don't know how BrainCMS staff page looks like, but from what I've read, there was a lot of problems with that cms overall.

 

[Blasteh]

Thank you! I don't know how BrainCMS staff page looks like, but from what I've read, there was a lot of problems with that cms overall.

And BrainCMS is so badly coded that I'm nearly puking.

Sent from my SM-G928F using Tapatalk

Agreed, hopefully this turns out better. It'd be amazing to see something worthwhile come into this community.

 

[Zaka]

I have edited the main post and added some code snippets. Hope they will do for now, I'm embracing every feedback I can get, afterall, this will be for you guys.

 

[MayoMayn]

I dont understand, why not just make connect() a constructor, so you dont have to literally use it in every function you do?
I'mma provide an example in a few seconds.

 

[Zaka]

I dont understand, why not just make connect() a constructor, so you dont have to literally use it in every function you do?
I'mma provide an example in a few seconds.

I know what you mean, I was having some issues which I later solved, but I never changed it to a constructor after that. But as I said this code still has lots of tweaks going on. But thanks for pointing that out, I appreciate it.

 

[MayoMayn]

I know what you mean, I was having some issues which I later solved, but I never changed it to a constructor after that. But as I said this code still has lots of tweaks going on. But thanks for pointing that out, I appreciate it.

public function __construct(array $mysql) {
       try {
           $this->pdo = new \PDO(
               'mysql:dbname='.$mysql['database'].';host='.$mysql['hostname'].';charset='.$mysql['charset'],
               $mysql['username'],
               $mysql['password']
           );
           $this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
           $this->pdo->exec("SET `time_zone` = '{$this->timeZone()}';");
       } catch(PDOException $e) {
           die($e->getMessage());
       }
   }

   public function __destruct() {
       // Destruct the connection to DB once finished
       try {
           $this->pdo = null;
       } catch(PDOException $e) {
           die($e->getMessage());
       }
   }

This is what I use to construct and destruct the connection.