CMSMS | CMS Made Simple

In Part 1 I wrote about choosing a hosting package (shared/VPS/Dedicated) this part I`m writing about how to choose a webhosting company.

In my country(Holland) hosting prices vary allot, I’ve seen a couple USA hosts and it isn’t much different, only difference is that bandwidth is way cheaper in the US then it is in the Netherlands.

One of the problems with choosing the right company is that you cant always see who is behind the beautiful corporate looking website, because it just could be a 16 y/o just trying to make a quick buck, not caring about his costumers at all.

Which makes it even harder is that prices vary so much, and off course nobody wants to spent too much on something that you can get way cheaper.

The first thing for you to decide is how important is your website for you, or how much is your client willing to spent. You can get a shared hosting package for 10$ a year, but the same package costs 100$ a year somewhere else, so where is the difference? here’s a small list of things that could make this difference.

• Do they make backups on a second server
• Do they use an A brand for their hardware
• Are their spare parts on the spot in case off hardware failure
• Which datacentre are they located in, try to find reviews or opinions
• What Control panel do they use, Directadmin is cheaper then Cpanel
• Do they have phone support, or only mail support
• Do they have a 24/7 phone support when your server is down
• What is their write-off period for a server, 3 or 5 years can make a big difference

Probably the thing that impacts price the most is whether they oversell or not, and how much. I read studies from dutch webhosters that only 20 to 30 % from the sold traffic and hard disk capacity is used by their costumers. So basically they can sell 3 times what they can handle. This sometimes means that on a single shared server there are over 500 costumers, so when its a little busy on your server, serverloads get high and your website will be slow, this often resolves in new topics being created complaining CMSMS is so darn slow, which in most of the times just isn’t the case. So ask your host how much costumers share a server, or how many VPS`es are created on your server. Most good webhosters will proudly tell that they only put about 100 costumers on a shared server (depending on their server hardware). But don’t be surprised that their prices are 5 times as much as some other webhosting companies.

So finding a good hosting company depends on your needs and budget, but whatever you choose always ask for a “try before buy” package for about 48 hours and make a CMSMS installation and see how it does in daytime and nighttime. Beware that some hosters will putt these packages on empty test servers, so be sure your “try before buy” package is on the same server as when you buy your package.

Here are some other things you could use to check out a company.

• Find reviews from other costumers
• Ask about the hardware they work with
• Ask how long they exist
• Try out mail and/or phone support, is it fast enough for you
• Guaranteed uptime? then what is the compensation when they fail
• Prices to good to be true? ….they are
• Ask uptime reports from the last 6 to 12 months

I hope this will be to good use, suggestions and comments welcome!

Signex / Benjamin

Bookmark to:

I know this topic isn’t really about CMS Made Simple, but I see quite allot topics in the forums with problems that would never occur if everyone had the right web hosting company for their CMS Made Simple website.

Basically this post is split in 2 entries;

Part 1: Finding out the right solution for your website which suits your needs.
Part 2: Finding a suitable company, comparing price vs. options, testing the chosen company.

Step 1: Decide what kind of website it will be, and what kind of hosting it will need. basically this can be divided in 3 options.

1. A small personal website - Shared hosting will most likely fit your needs.
2. A corporate website (small or medium sized) - Most company websites need to be more stable a need en more secure hosting platform, but sometimes a whole dedicated server just isn’t worth it. Go for a VPS (Virtual private Server).
3. A big community/corporate website - Go for a Dedicated machine just for you.

I’ll try and sum up the pro’s and con’s about these 3 options.

(more…)

Bookmark to:

Just a quick bugfix release. The reason is was pushed out quickly was because of issues installing on Windows machines, and had to be handled immediately. It also fixes two different problems with breadcrumbs that people were reporting. We’ve thrown in a couple of extra bugfixes as well.

The ChangeLog looks like:

Version 1.0.4 "Lanai" -- Jan 23 2007
-----------------

- Fixed issue with number of queries not showing up properly at the
  end of index.php
- Fixed issues with breadcrumbs, including nodes not showing up and
  duplicate nodes showing
- Fixed the warning that showed up in the 25 to 26 upgrade script
  if you didn't have any events
- Fixed bug with installer where it doesn't write windows paths
  correctly
- Fixed issue with Search where it would mess with the letter case
  when showing the highlighted text

Thanks!

Bookmark to:

Hey Guys n Gals,

If you’re running a good install of 1.0.2 here’s the way I go about upgrading to 1.0.3. Works fine, and has been tested on both an IIS and an Apache install in the last couple of days. This update is recommended as some security issues have been fixed, and the contact form now uses Captcha which can of course limit spamming of your site.

Download the upgrade zip or tar.

Make sure that you are LOGGED OUT from your site admin!

Extract the files in the archive somewhere safe and remember where it is!

FTP, SSH or copy the files into the root directory of your site.

If you now log into your admin with your usual username and password there will be an option in the main part of the admin interface to upgrade, so click away and you should be up and running in no time!

Take care all, and enjoy 1.0.3

Ade (3dcandy)

Bookmark to:

Ok, so I keep spouting off about the goals of CMSMS 2.0. At this point, there are like 40 goals and all are equally important. You’ve heard it all before…

Oh well, I’m bringing up #41

#41: Serious, concise, functional and documented API.

What does this mean? CMSMS 1.x has an API of sorts. The module creation parts of the API are probably the most organized of the bunch. Most other parts of the CMSMS code are scattered through out smarty plugins, global functions, poorly named classes that should be called staticly, etc.

One of the things I took on early in the 2.0 development cycle was the formulation of a consistent API to work from. And honestly, the lib/classes directory was on the right track. It just wasn’t implemented as well as it could. Live and learn…

1.0.x has too many global functions for doing random things. I wanted to cut all this out. Also, there are too many $gCms->GetSomethingOperations() methods. This is stuff that can all be moved to static methods in classes.

index.php and include.php were both WAY too messy. I wanted to offload a lot of that stuff into clearly marked methods, using as much DRY (don’t repeat yourself) development as I could.

And, I wanted to “namespace” all of the CMSMS classes so that they don’t get in the way of other classes that might be used for modules, addons, etc to the system. Since PHP doesn’t use real namespacing, every class starts with Cms (CmsTemplate, CmsApplication, etc).

Because of this consolidation, I could take advantage of the autoloading feature in php5. So I get two benefits with this… no require(_once) statements littering the code, and no files loaded into memory that aren’t needed.

So, at this point, 90% of the CMSMS code has been converted to this API setup. index.php and include.php are readable, and memory usage is way down. In fact, I’ve segmented it in such a way that it could almost be used as an API for other php applications. As an example, the new installer is a totally separate application. It doesn’t use anything really CMSMS specific, instead it just includes the bare minimum and pulls out what methods it needs for the database, smarty, etc.

I’ve also documented the code as I’m going. There is still a lot more to go, but it’s coming along. We’ll be dumping doxygen docs nightly so that people will have quick access to the classes and methods. I’ve already been dumping docs of the svn builds out, though it’s not guaranteed to not change drasticly before 2.0 is released.

http://cmsmadesimple.org/api

Maybe someday we can break out the API and have a framework for other apps to use. That would be pretty slick.

Ted

Bookmark to:

Yesterday I made an entry about CMSMS getting bigger and having a fair amount of users. Now, there is also a downside to this. Getting more attention will also attract hackers, knowing when they can get into one CMSMS website they can get into a lot more.

However, the development of the core is done by a of couple great developers. I don’t think the CMS Made Simple core would get into a lot of problems when getting bigger and having more users. Also, they would be releasing patches quickly when serious security holes would occur.

But how about the modules? And I’m not talking about the much used modules as they will grow and get updated with the core system because so many people use them. But the more unknown modules which don’t get updated very often.

Those modules will probably cause potential security risks in the future, since scripting never stands still and new vulnerabilities get discovered every now and then.

Now we all know that using GPL/Open source software comes without warranties, and using it is at your own risk, but when old modules get security issues CMSMS gets blamed, or at least associated with the vulnerability. This is kinda the way Joomla got his bad name in my opinion. Joomla as a clean install combined with decent chmodding is pretty safe, but with so many 3rd party modules its hard to keep track of what’s safe to use and what’s not, maybe not for the hardcore coders between us but it is for many others.

So what would be a good way to “protect users” against the risk of using older not updated modules?

Maybe a new module category in the forge called “Not updated in the last 12 months - could have potential security risks and/or isn’t compatible with new core systems” and automatically put all the modules in there which have not been updated in the last 12 months.

I’m really interested in how other people think about the module security. Am I just paranoid or could these thoughts be potential ideas?

Drop your thoughts in the comments!

Regards

Signex / Benjamin

Bookmark to:

Yes, it’s incredibly overdue, but it’s finally released. This is basically just a bugfix and security release. It’s released in both the full download version, and also a diff installation that you can overwrite an existing 1.0.2 installation with only changed files.

The security issues were not major by any means, but it’s still good to patch XSS issues. The ones we had were non-permanent and didn’t cause any damage to your site, but they still needed addressing.

The changelog goes as follows…

Version 1.0.3 "Kauai" -- Jan 18 2007
-----------------

- Fixed several non-permenant XSS vulnerabilities
- Fixed issue with breadcrumbs plugin displaying root node multiple
  times
- Fixed issue with multiple events being entered
- Removed global references to $db from the admin and include.php
- Added a "Modify Events" permission
- Added event for "Change Group Permissions"
- Added ability to select a file for the Link content type
- Added ability to specify default boilerplate page content
- Fixed print plugin output so that it's xhtml compliant
- Added text direction to languages for suppot of languages like
  Hebrew and Arabic
- Fixed issue where 2 installs on the same domain shared login
  sessions
- Fixed issue with contact form with pretty_urls turned on
- Fixed issue with LoadStylesheets() not loading the modified date
- Changed search schema layout.  Now allows for expiration dates on
  entries
- Changed the icon for global content so that it doesn't look like
  the Gentoo logo
- Fixed issue with expanding content in the content list when user
  didn't have the Add Page perission
- Added catpcha module support to the contact_form plugin (you still
  need to manually install the Captcha module for this to work)
- Added messages when admin log is cleared
- Much much more

Enjoy!

Bookmark to:

Browsing thru the development part of the CMS Made Simple website yesterday I noticed that there are almost 100.000 downloads of the CMS Made Simple Core. With the release of 1.0.3 It cant take long before it reaches this magical number.

With the plans of CMSMS 2.0 coming with all the nice new features it can only get better. Off course it will take a long time before stable 2.0 series will be released but I cant wait for the first beta’s to be released.

So I would like to take this first blog entry for me as an opportunity to congratulate all the people that supported CMS Made Simple, whether that is with development, time in the forums, donating or just by using it.

More serious entries will follow soon!

Regards,

Signex / Benjamin

Bookmark to:

Hi all,

It has come to my attention that one of the biggest topics on the forum regarding CMSMS is a speed issue. Although 2.0 will have a page caching feature, 1.0.2 can suffer sometimes from slow page loads. To combat this, you should try uninstalling and deleting all unnecessary modules that you have in your setup. This can quite often lead to a nice speedup! Don’t forget that custom tags that are installed can slowdown page loads and also unused translations…

In the meantime, there is also a tag available which replaces the current content tag with ccontent. This caches the content and has resulted in a nice speedup on the sites I have tested it on. Thanks to cyberman for this! To download the cache tags, please goto http://dev.cmsmadesimple.org/projects/cache/ Bear in mind that you will have to alter the template and/or stylesheet that your site uses to make the cache tags work!

Right then, till the release of 2.0, bear these points in mind to keep your site nice and responsive…

Regards

Ade (3dcandy)

Bookmark to:

CMSMS 2.0 has a few main goals. One of them is adding some sorely needed features. Another is code cleanup. However, one of the major ones in my opinion is making it easier to develop modules.

One of the things that has annoyed me about the whole smarty thing with modules is that you’re writing EVERYTHING to smarty and then spitting it all back out from strings in your smarty template. It’s almost not worth it, especially when you have lines of code just to set up for translated strings. Yuck!

Anyone who has made a module or has at least looked at module code can see how tedious this is… well, it’s all about to change.

Firstly, let me show you an example of a smarty setup now. This comes directly from my News rewrite. It’s in the admin section where you edit a category. I’ve removed a few lines of code, but the premise is there..

$catid = coalesce_key($params, 'catid', '');
$category = cmsms()->news_category->find_by_id($catid);
 
$smarty->assign_by_ref('category', $category);
 
#Display template
$this->smarty->assign('parents', $this->CreateParentDropdown($id, $catid, $category->parent_id));
$this->smarty->assign('hidden', 
		      $this->CreateInputHidden($id, 'catid', $catid).
		      $this->CreateInputHidden($id,'origname',$name));
$this->smarty->assign('submit', $this->CreateInputSubmit($id, 'submit', lang('submit')));
$this->smarty->assign('cancel', $this->CreateInputSubmit($id, 'cancel', lang('cancel')));
 
$smarty->assign('action', 'editcategory');
 
echo $this->process_template('editcategory.tpl', $id, $returnid);

I’ve removed the code that saves the category that fits into the middle. I also have a CreateInputSubmit and CreateInputHidden things that will go away before the final release. However, I used this to prove a point…

Here is the associated smarty template

{validation_errors for=$category}
 
{mod_form action=$action}
	<div class="pageoverflow">
		<p class="pagetext">*{mod_label name='category[name]' value='name' translate=true}:</p>
		<p class="pageinput">{mod_textbox name='category[name]' value=$category->name size='20' maxlength='255'}</p>
	</div>
	<div class="pageoverflow">
		<p class="pagetext">{mod_label name='category[parent_id]' value='parent' translate=true}:</p>
		<p class="pageinput">{mod_dropdown name='category[parent_id]' selected_value=$category->parent_id items=$parents}</p>
	</div>
	<div class="pageoverflow">
		<p class="pagetext">&nbsp;</p>
		<p class="pageinput">{$hidden}{$submit}{$cancel}</p>
	</div>
{/mod_form}

(Again, pretend the $submit and $cancel aren’t there… that’s yet to come)

As you can see, we have smarty plugins to wrap various methods in the module API. {mod_form} for CreateFormStart, {mod_label} for CreateInputLabel, etc. They retain all of the available parameters, except that the beauty is that you don’t have to worry about passing around the $id and $return_id. It’s all handled behind the scenes now.

{validation_errors} is a slick plugin that displays errors that might occur during the validation before an ORMed object’s save() method. If save fails, validation_errors will pick up the errors and display them. This makes for very consistent error messages throughout the system. It also means that you don’t have to do any validation in your screens, just in the ORM object.

Also, notice another thing I’m doing here. category[name], category[parent_id], etc. This allows me to get all of the parameters destined to be for the category object into one hash after the form is submitted. In fact, I name them exactly the same as the parameters in the object itself. Why? Well, here is the part that saves the object… assume that I have $category already set with the find_by_id we saw earlier.

if (isset($params['category']))
{
	$category->update_parameters($params['category']);
	if ($category->save())
	{
		$this->UpdateHierarchyPositions();
 
		$params = array('tab_message'=> 'categoryupdated', 'active_tab' => 'categories');
		$this->Redirect($id, 'defaultadmin', $returnid, $params);
	}
}

Basically, we have 2 lines of code to do all of the updating of the object and saving it. update_parameters takes all of my category[] fields in the form and fills the corresponding parameters in the object, and save(), well, saves. If the save fails, then we continue on as normal, knowing that {validation_errors} will display the reason(s) why the save failed.

All in all, these changes easily reduce your code by 50%, if not more. In the case of edit_category, we went from 102 lines to 42. It’s less memory intensive, uses smarty in a more correct manner, and is just plain old faster… faster to develop and faster to run.

Bookmark to: