General question about development and contributions

[VOOM108]

Hi @ilosuna and all,

first of all I would like to say that this CMS is the lightweight solution I have been looking for for use on all kinds of future procects, especially due to the Bootstrap-integration that adds responsive options en masse... :)

Is the project still active?

I have started to like the CMS and while testing I have fixed issues and extended functions to my liking.

For now the CMS runs nicely, has current Bootstrap and runs with PHP 5.7. Anyhow if I start making production sites with this I would like to have some hope that (what I consider) low level things will get fixed and updated, like new Bootstrap etc.

If there is some activity and common interest I would also like to contribute fixes and functions; I have no prior experience with Github workflow though.

What may be of interest:

• I fixed some typos in german lang file and would continue to look through it
• I made TinyMCE show the page like it will really look by adding bootstrap.css to content_css
• I have started to include more complex Bootstrap HTML as Templates to be included via the editor with previews and will continue to add what I need
• I have activated TinyMCE for other textareas (e.g. sidebars) with reduced interface

Maybe things like that could be perfected by community-effort.

What I miss most concerning basic options is a better variety of menu-styles and levels. I tried the Dropdown-patch by @sim2github but I would like to have options within the Admin-Interface.

Then, this has been mentioned somewhere here, would be some better workflow for images. I can choose an image from uploaded files with the normal editor and they will be inserted with some markup that does not render in the WYSIWYG, on the other hand I can insert an image by URL in TinyMCE that will show up nicely, but I would have to know the URL first. The Markup does not even show the full path so switching back and forth is no fun when working with images.

In my imagination it should not be so hard to include file upload and selection from the library within TinyMCE. Even simpler the filepicker in the codeeditor could probably be made to produce complete HTML in order to make it show up in the WYSIWYG... (?)

Liebe Grüsse!

Andreas

[VOOM108]

Further solutions found so far: I switched to TinyMCE 4.3.2 by changing the CDN-URL to: define('WYSIWYG_EDITOR', '//tinymce.cachefly.net/4.3/tinymce.min.js');

4.3 supports dragging and dropping images into the editor, if allowed in init: paste_data_images: true, plus: add plugin "paste"

This is at least helpful for small images, as they get included into the HTML with base64. Solutions for uplpoading as files to the server found here: https://www.tinymce.com/docs/get-started/upload-images/ I could not get to work yet. But it can be done, I am sure... :)

[VOOM108]

Found more of my questions answered and further solutions :)

• There was a contribution to include image-selection from server-folder with "insert image" button in TinyMCE - works well! In addition I added a link to the Filemanager to the wysiwyg-editor to open in new page for quick access. In combination uploading and inserting is a breeze.
• A whole bunch of Tiny-Plugins make life a lot easier. My current setup:
  plugins: [ "advlist autolink lists link image imagetools anchor code hr template paste autoresize charmap textcolor colorpicker preview searchreplace visualblocks fullscreen" ],
  toolbar: "searchreplace | forecolor backcolor | styleselect | bold italic | removeformat | hr | bullist numlist | link unlink | image | charmap | code | template | visualblocks | fullscreen preview ",
• I could not get anything right with the standard menue-handling, thus I contructed a menu manually as a gcb and included it in the template for all pages. This one is fixed and reacts to the selected bootswatch theme. Search is included in the navbar. Only drawback is that I cannot use php in gcb so class=active cannot be added.
• With the navbar fixed on top the admin-navbar got in the way so it is fixed-bottom now.
• Updating Bootstrap is no issue at all, as I now know ;)

At this point I am pretty sure I will use this cms for production... :)

[jacobm001]

How did you go about updating Bootstrap?

[VOOM108]

In /cms/config/definitions.conf.php just update the version number in the definitions of bootstrap.js and bootstrap.css like that:

define('BOOTSTRAP', '//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js'); define('BOOTSTRAP_CSS', '//maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css');

[sim2github]

Hi. Maintainer has long time been not active. Looking on network activity graph can be assumed that the @TKr still try support the project by collecting not merged PRs. May be in his fork you can find partners to fix your problems.

[VOOM108]

Thanks for pointing that out. I am just installing that branch next to my "playground version" as I need more visual environment to understand what has been changed and done. At least for more difficult coding questions I will head there. BTW sim2Github your implementation of Ace has really improved this for me :))

[VOOM108]

At first look what has been done over there I have either already patched together or discarded, while some of the changes I did to the script are missing, so there is for now no advantage in using the TKr-Code for me. Anyway I am happy the cms is not dead altogether. :)

[sim2github]

I close all opened by me issues and PR and delete my fork about year ago. I use this CMS inproduction last time 6 years ago. Since then, much has changed in PHP: PSR, composer, huge amount of micro-frameworks (like Slim, F3) ...

[VOOM108]

I have tried many CMS during the last few weeks and I always come back to this because of the easy o f use and extendability; I can easily upgrade components and need not wait for someone to release and upgrade etc. What you say now about core vulnerabilities does worry me though so I will have a look at RiteCMS. As for composer etc. any project that depended on composer I could not get to work with my hosting even though they claim to be compatible. I'd - for my line of work - rather be sure that a project I create on server X will work on comepletely different server Y, hence flatfile e.G..

[VOOM108]

Looking at RiteCMS I don't like the changes they have made to the Admin GUI etx. I would rather implement the core security changes to the basecode - do you think that would be very hard to do?

[sim2github]

They dont change admin GUI - they support phpsqlitecms v2. Phpsqlitecms v3 migrate on github from googlecode and technicacly changer frontend and backend interface with bootstrap usage. RiteCMS is only use 5 years old interface but fixing new core sequrity issue. U can use diff tool to see what difference in core of this projects.

[VOOM108]

Thank you, I begin to understand. ;) But there are so many differences between the two branches that I have no clue what would need to be done to implement the security-patch to the v3-master. I have already mailed the riteCMS-People for help to learn about that.

At the moment I am trying to restrict the filemanager to allow only secure filetypes and have the upload-folder not execute scripts at all; as that is something RiteCMS has not changed as far as I can see... With my half-knowledge of programming it is more of finding scraps of code on the net and then trial and error about how to get it to work...

[sim2github]

If you use apache - add to folder .htaccess with:

RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off

[VOOM108]

Thanks :) Ray from RiteCMS has answered and I think I have made the relevant changes to close the exploit. (I compared the two versions of Rite before and after they closed the exploit and applied those changes to the files in v3 accordingly) He also stated that the filemanager is secure enough if the login is secured by the patch. Still I would rather like to put some more restrictions into the fm like excluding filetypes or limiting filesize but that is sth. I can manage myself. I also tried including another filemanager-script with more features (Encode Explorer) let's say it worked but was not as pretty as I would prefer it to be... ;) I might tackle that later once more...

[VOOM108]

Say, would you be interested to issue a fork with all your additions (Ace etc.) and the security-fixes from RiteCMS and some other stuff I have more or less nicely included by now? Also I would like to know if the security fixes work. (There is only one file where I had to improvise because the code had changed significantly because of bootstrap)

On top of that I would like to integrate Encode Explorer more seamlessly, maybe even instead of the internal filemanager. It has much more robust security features, but still comes in one php-file. To integrate all that would have to be done would be to pass on the status as admin to the explorer that has it's own login for uploads and deletions. Plus of course some visual stuff (I could do that) and adding the PSC-Admin-Menu when logged in.

Another interesting "project" that goes over my head for now would be a better standard-menu for the default-template. For now I have included a fixed nav-bar into the template, thus I cannot fill it via the menu-GUI, also active menues and submenus need to be declared by some php I included in the default.tpl

[sim2github]

Im not interest in this project anymore. It hard to extend and support.

[VOOM108]

I see, thank you for your honesty. Is there a CMS-Project you would recommend at the moment?

[sim2github]

I think WordPress is holding a leadership position. This is a best choice for beginners. Huge amount of documentation, examples, plug-ins (commercial and free), themes, etc.

[VOOM108]

I know all the "big ones". I used Wordpress a lot; I am looking for sth. very lightweight, just a basic backend for bootstrap-powered websites, preferably without database-server needed. Using SQLite with the option to install on MySQL seems like the perfect scalable solution. So what I am looking for is: Bootstrap-based, solid but lightweight, "portable". Big frameworks in the background tend to scare me off, especially when it is about really small and lightweight to be sites.

[ghost]

I was with the same problem, phpsqlitecms current version has security problems that have not been addressed, and I don't have that know-how to solve them, this CMS seems abandoned, and theme editing is not something for me. Fortunately I now finally found a replacement for phpsqlitecms, called: GetSimpleCMS, that is also available here on GitHub. You do need to keep it current since security problems have been found in several previous versions and may be found in the current or future ones. Is not the same thing (for example their is only one user account, maybe with plugins is possible I don't know) but is similar in concept enough that I feel comfortable to use and recommend... maybe is enough for some of you, and is being updated regularly.

[VOOM108]

Hi thanks for the recommendation! :) Will have a look at it.

I did find a way to fix the security flaws of phpsqllite and tweaked it to my liking with Bootstrap-Updates, a cool editor etc. - but then never got around to use it in a production environment.

An application that is actually still supported and developed is of course a better choice. In this context I have no need for user management... So... :)

[ghost]

The same here, for uses where is only one person using it is probably more than enough, specially if is just some presentation web site. That GetSimpleCMS also doesn't use databases so most web hosts can use it, and is probably more easy to transfer the website between hosting company's, at least for people without much know-how.

Unfortunately the developers of this phpSqlLiteCMS seem to not care about it now, and the security vulnerabilities stay there for people like me that don't understand how to code php and other languages.

I still have one web site using phpsqlitecms but has not been hacked until now... I did protect the admin folder with user name and password and IP restriction for several years), and the whole web site with Content Security Policy on the .htaccess to reduce the surface for attacks. But I will eventually migrate.

[oleteacher]

@VOOM108

I did find a way to fix the security flaws of phpsqllite and tweaked it to my liking with Bootstrap-Updates, a cool editor etc. - but then never got around to use it in a production environment.

Would it be possible for you to share your fixes / improvements?

Like to use phpsqlitecms in little classroom project and having your fix / improvements to compare with official release, be a great study for the students.

Thanks in advance.

[VOOM108]

What I could do is give you the files, if I still finde them; I have not used it since and can't recall any more even what the security flaw was about. ;)

[oleteacher]

Thanks @VOOM108

Understand it has been a while, if you find them that would be great.

[oleteacher]

@VOOM108

What I could do is give you the files, if I still finde them;

I will assume that the files are long lost:( Thanks anyway for at least trying.

[wolffe]

I have forked this repository and fixed all fatal errors. phpSQLiteCMS now works on PHP 8+.

There are still issues, but I would like to restart work and contributions are more than welcome.

https://github.com/wolffe/phpsqlitecms