- General (94)
- Modules (0)
- Releases (56)
- Events (25)
- Sites (1)
- Community (25)
- Geek (9)
- Announcements (45)
- Tutorials (1)
Posted January 25, 2007 by signex
I know this topic isn't really about CMS Made Simple, but I see quite allot topics in the forums with problems that would never occur if everyone had the right web hosting company for their CMS Made Simple website. Basically this post is split in 2 entries; Part 1: Finding out the right solution for your website which suits your needs. Part 2: Finding a suitable company, comparing price vs. options, testing the chosen company. Step 1: Decide what kind of website it will be, and what kind of hosting it will need. basically this can be divided in 3 options.
- A small personal website - Shared hosting will most likely fit your needs.
- A corporate website (small or medium sized) - Most company websites need to be more stable a need en more secure hosting platform, but sometimes a whole dedicated server just isn't worth it. Go for a VPS (Virtual private Server).
- A big community/corporate website - Go for a Dedicated machine just for you.
- Its very cheap.
- Less secure, if other people use broken scripts and a hacker gets in, most of the time the whole server gets defaced.
- Less stable your websites speed can be heavily affected by other users.
- Not really flexible in most cases.
- Cheaper then a Dedicated machine, more expensive then shared hosting.
- Way more stable then Shared web hosting, you'll get guaranteed RAM(on Linux vps'es you'll also get burstable RAM) and CPU. Therefore you are not affected by other vps users on the same server.
- More Secure, if another VPS on the same server crashes because of software errors or gets hacked, you`re not affected.
- More flexibility, you can choose your own Operating System, your own Control Panel, and basically all software you need.
- You can do remote Reboots, you can get SSH access (possible on shared hosting too, but not many web hosters will let you gain access).
- Pretty expensive, you cant divide Control panel licences to multiple users also.
- Most secure option .
- Most stable option.
- You can be in total control.
- Direct Admin ( easy of use, but not many function, its cheap though)
- Plesk ( not much experience with it but don't like the interface, more expensive then Direct Admin)
- Cpanel (Lots a functions but its really expensive)
- VHCS (Open source, when I found CPanel, this wasn't a stable control panel then, but have no recent experience)
- Helm / windows only ( No experience with that one at all)
- Apache when using Linux, or IIS when using Windows
- PHP 5.x (php 4 will run with the current cmsms but cmsms 2.0 will require php 5)
- MySQL Databases (only 1 Database is required for cmsms, but make sure you get at least 3 to 5, for testing other software, or beta's.)
- PHP safe mode OFF (This isn't required but Safe Mode ON in php, I think, really is annoying, and doesn't work well with CMSMS)
- PHP Memory Limit set to at least 16MB (default is 8MB, and this works well for simple CMSMS websites, but bigger ones with lots off modules will need at least 16MB)
- PHP Max Upload set at 10M (default is 2M, find a host which is willing to set this at 10M, again this isn't required though)
- GD or Imagemagick (not really required but very handy)
Posted January 23, 2007 by Ted Kulp
Just a quick bugfix release. The reason is was pushed out quickly was because of issues installing on Windows machines, and had to be handled immediately. It also fixes two different problems with breadcrumbs that people were reporting. We've thrown in a couple of extra bugfixes as well. The ChangeLog looks like:
Version 1.0.4 "Lanai" -- Jan 23 2007 ----------------- - Fixed issue with number of queries not showing up properly at the end of index.php - Fixed issues with breadcrumbs, including nodes not showing up and duplicate nodes showing - Fixed the warning that showed up in the 25 to 26 upgrade script if you didn't have any events - Fixed bug with installer where it doesn't write windows paths correctly - Fixed issue with Search where it would mess with the letter case when showing the highlighted textThanks!
Posted January 20, 2007 by 3dcandy
Hey Guys n Gals, If you're running a good install of 1.0.2 here's the way I go about upgrading to 1.0.3. Works fine, and has been tested on both an IIS and an Apache install in the last couple of days. This update is recommended as some security issues have been fixed, and the contact form now uses Captcha which can of course limit spamming of your site. Download the upgrade zip or tar. Make sure that you are LOGGED OUT from your site admin! Extract the files in the archive somewhere safe and remember where it is! FTP, SSH or copy the files into the root directory of your site. If you now log into your admin with your usual username and password there will be an option in the main part of the admin interface to upgrade, so click away and you should be up and running in no time! Take care all, and enjoy 1.0.3 Ade (3dcandy)
Posted January 19, 2007 by Ted Kulp
Ok, so I keep spouting off about the goals of CMSMS 2.0. At this point, there are like 40 goals and all are equally important. You've heard it all before... Oh well, I'm bringing up #41 #41: Serious, concise, functional and documented API. What does this mean? CMSMS 1.x has an API of sorts. The module creation parts of the API are probably the most organized of the bunch. Most other parts of the CMSMS code are scattered through out smarty plugins, global functions, poorly named classes that should be called staticly, etc. One of the things I took on early in the 2.0 development cycle was the formulation of a consistent API to work from. And honestly, the lib/classes directory was on the right track. It just wasn't implemented as well as it could. Live and learn... 1.0.x has too many global functions for doing random things. I wanted to cut all this out. Also, there are too many $gCms->GetSomethingOperations() methods. This is stuff that can all be moved to static methods in classes. index.php and include.php were both WAY too messy. I wanted to offload a lot of that stuff into clearly marked methods, using as much DRY (don't repeat yourself) development as I could. And, I wanted to "namespace" all of the CMSMS classes so that they don't get in the way of other classes that might be used for modules, addons, etc to the system. Since PHP doesn't use real namespacing, every class starts with Cms (CmsTemplate, CmsApplication, etc). Because of this consolidation, I could take advantage of the autoloading feature in php5. So I get two benefits with this... no require(_once) statements littering the code, and no files loaded into memory that aren't needed. So, at this point, 90% of the CMSMS code has been converted to this API setup. index.php and include.php are readable, and memory usage is way down. In fact, I've segmented it in such a way that it could almost be used as an API for other php applications. As an example, the new installer is a totally separate application. It doesn't use anything really CMSMS specific, instead it just includes the bare minimum and pulls out what methods it needs for the database, smarty, etc. I've also documented the code as I'm going. There is still a lot more to go, but it's coming along. We'll be dumping doxygen docs nightly so that people will have quick access to the classes and methods. I've already been dumping docs of the svn builds out, though it's not guaranteed to not change drasticly before 2.0 is released. http://cmsmadesimple.org/api Maybe someday we can break out the API and have a framework for other apps to use. That would be pretty slick. Ted
Posted January 19, 2007 by signex
Yesterday I made an entry about CMSMS getting bigger and having a fair amount of users. Now, there is also a downside to this. Getting more attention will also attract hackers, knowing when they can get into one CMSMS website they can get into a lot more. However, the development of the core is done by a of couple great developers. I don't think the CMS Made Simple core would get into a lot of problems when getting bigger and having more users. Also, they would be releasing patches quickly when serious security holes would occur. But how about the modules? And I'm not talking about the much used modules as they will grow and get updated with the core system because so many people use them. But the more unknown modules which don't get updated very often. Those modules will probably cause potential security risks in the future, since scripting never stands still and new vulnerabilities get discovered every now and then. Now we all know that using GPL/Open source software comes without warranties, and using it is at your own risk, but when old modules get security issues CMSMS gets blamed, or at least associated with the vulnerability. This is kinda the way Joomla got his bad name in my opinion. Joomla as a clean install combined with decent chmodding is pretty safe, but with so many 3rd party modules its hard to keep track of what's safe to use and what's not, maybe not for the hardcore coders between us but it is for many others. So what would be a good way to "protect users" against the risk of using older not updated modules? Maybe a new module category in the forge called "Not updated in the last 12 months - could have potential security risks and/or isn't compatible with new core systems" and automatically put all the modules in there which have not been updated in the last 12 months. I'm really interested in how other people think about the module security. Am I just paranoid or could these thoughts be potential ideas? Drop your thoughts in the comments! Regards Signex / Benjamin
Posted January 18, 2007 by Ted Kulp
Yes, it's incredibly overdue, but it's finally released. This is basically just a bugfix and security release. It's released in both the full download version, and also a diff installation that you can overwrite an existing 1.0.2 installation with only changed files. The security issues were not major by any means, but it's still good to patch XSS issues. The ones we had were non-permanent and didn't cause any damage to your site, but they still needed addressing. The changelog goes as follows...
Version 1.0.3 "Kauai" -- Jan 18 2007 ----------------- - Fixed several non-permenant XSS vulnerabilities - Fixed issue with breadcrumbs plugin displaying root node multiple times - Fixed issue with multiple events being entered - Removed global references to $db from the admin and include.php - Added a "Modify Events" permission - Added event for "Change Group Permissions" - Added ability to select a file for the Link content type - Added ability to specify default boilerplate page content - Fixed print plugin output so that it's xhtml compliant - Added text direction to languages for suppot of languages like Hebrew and Arabic - Fixed issue where 2 installs on the same domain shared login sessions - Fixed issue with contact form with pretty_urls turned on - Fixed issue with LoadStylesheets() not loading the modified date - Changed search schema layout. Now allows for expiration dates on entries - Changed the icon for global content so that it doesn't look like the Gentoo logo - Fixed issue with expanding content in the content list when user didn't have the Add Page perission - Added catpcha module support to the contact_form plugin (you still need to manually install the Captcha module for this to work) - Added messages when admin log is cleared - Much much moreEnjoy!