[WEBSITE]A minecraft styled blog written in PHP/HTML

iceage32

New Member
Jul 29, 2019
10
0
0
Hey guys,
So this is a repost of my last thread because someone abused the admin and published not allowed content so now I am happy for the warning :)
But for those who didn't seen my last thread(Think a lot didn't).This is a blog like CMS thingy written by me in PHP/HTML.More simply a website.I will update this as often as I can but I'm just a student ,I have schools so I can't do this all the time.I spent a whole weekend on the v0.2 but finally is done :)

Download:
http://adf.ly/FkI6N

How to install:
First of all you upload the files to your webhost.
Access yourwebsiteadress/install/index.php
Fill in the database form and register your admin account
Delete the install folder via FTP
Change config.php file in config folder to your database details.

Screenshots:
http://imageshack.us/g/59/sc1ji.png/

Demo:
http://5.175.209.46/

Changelog:
V0.2
  • Added login system
  • Added dynmap support (edit your config file)
  • Rewrited admin page
  • Delete posts and pages(No way to edit yet)
  • Added comments to posts(Just for registred members)
  • Made a semi-automated install script
V0.1
  • Initial release
Copyright:
You are allowed to change thing in the source for yourself but don't redistribute it.For any other actions you need my permission.

Donate:
Donating to me isn't possible.Only way to help me is to download it.Ehh maybe if someone would be so good that send's me a gift code I won't refuse it :)

Help me:
You can help me by sending feedback.Also I would like someone as a designer to make more themes :)
 
  • Like
Reactions: mr_vit

CTMiner

New Member
Jul 29, 2019
26
0
0
Wow! I saw the last version of this and I must say that it's coming along very nicely. Continue the great work!

--
PS: It's interesting to see this because I'm working on a modular CMS right now that is intended for one-size-fits-all-and-if-you-don't-want/need-it-just-delete-it kind of thing.
 

iceage32

New Member
Jul 29, 2019
10
0
0
I'm glad you like it.

PS: If you want we coulde ask each other for things about our CMSes
 

QueWhat

New Member
Jul 29, 2019
497
0
0
I like this. I was thinking of creating a blog for my server since it will most likely grow after I increase slot size after FTB 1.4.5 Ultimate is released. I might end up using this after all (with a few tweaks by me, especially on the CSS). I'll let you know if I end up using it and will provide a link for you to look at it. Of course, I'll leave the credit at bottom.
 

iceage32

New Member
Jul 29, 2019
10
0
0
If you want contact me and we can make it how you like it :)Also please give me work :) Gimme ideas how and what I should do :) I will try to do them.I will put a To Do list on the main post so everyone can se what is already suggested.
 

CTMiner

New Member
Jul 29, 2019
26
0
0
I would be glad to collaborate with you, it's just that I don't want to feel like I'm giving you all my ideas, or that I'm copying you. Also, I'm horrible as CSS (well, not quite, but I'm not good). The other difference is that I restarted from scratch (kind of), so I'm a bit behind you. PM me if you need any help.

Tip: Use .htaccess and automate remapping so your.blog/page1 would just load your.blog/index.php?page=page1 but it would still say your.blog/page1

EDIT: Here are some more todos:
  • Make the editor (Use SQL UPDATE)
  • Are passwords hashed? If not, hash them. Also, add configurable SALT if it's not there
 

mr_vit

New Member
Jul 29, 2019
11
0
0
Good work man. If U need some help (like questions or ideas) - message me here or pm. I have no time to code for U, unfortunately. But will gladly hint/consult U if U need smth.
 

Rob

New Member
Jul 29, 2019
108
0
0
Hey, Please increase the security you are using when taking the data a user has entered. I made an account called test on your demo site but using mysql injection I can look in putting the following and be logged in

username: test'#
password: any thing you want ;)

I suggest you look in to PDO and binding params into your mysql statments along with preg_replace to remove non alphanumeric characters just for added security. PM me if you would like any help :D

Rob
FTB Web Team.
 
  • Like
Reactions: QueWhat

iceage32

New Member
Jul 29, 2019
10
0
0
If I understand correctly you are suggesting to add more criteriums for special characters in username and password,is that right?I will do my beast about security too but this is my first CMS so I dont really know security thing yet :p But thank you for reply, good to see someone's feedback who is a web developer :)But I will look up in google for mysql and php security
 

CTMiner

New Member
Jul 29, 2019
26
0
0
Rob, wouldn't s filter with returning work? So you could say filter to just alphanumeric characters, and if it is false, then error?
 

Rob

New Member
Jul 29, 2019
108
0
0
Rob, wouldn't s filter with returning work? So you could say filter to just alphanumeric characters, and if it is false, then error?

Yes using $a preg_replace("/[^A-Za-z0-9 ]/",'', $b); would work to just leave safe characters.
 

CTMiner

New Member
Jul 29, 2019
26
0
0
I think the filter_var() way is better because that way you could also warn the user before creating an account without the characters, so if they did it as a joke and made it "$l0w:p0k3|O|" then they wouldn't just get "l0wP0k3O", they could change it to something they wanted. I guess it really comes down to preference.
 

Rob

New Member
Jul 29, 2019
108
0
0
For useablity you would really want to write some JS which return a message on every key press so the user gets live feed back it see if the input in vaild.
 

CTMiner

New Member
Jul 29, 2019
26
0
0
Some browsers don't have JS enabled, and you can also use inspect element to get around JS disabling the submit button. Again, preference. Both work, just in different ways.
 

Zjarek_S

New Member
Jul 29, 2019
802
0
0
I don't think there is any reasonable reason to restrict characters in password, just use normal method of interaction with database (for example PDO) and don't execute person input ever. It is a pain for users of password managing programs to change rules of password generation. Also don't use md5 for password storage, use crypt() function with CRYPT_SHA256/512 or CRYPT_BLOWFISH with appropriate number of rounds and use openssl for salt in case database gets leaked (due to for example SQL injection).