Custom Made CMS
Moderator: General Moderators
-
CoolAsCarlito
- Forum Contributor
- Posts: 192
- Joined: Sat May 31, 2008 3:27 pm
- Contact:
Custom Made CMS
I have a custom made CMS project that I helped establish and was looking to see if I could get someone to scan over the 8 or so files and just critique them all to see if they undertand the CMS as a whole and each page. It isn't huge by any means but it wouldn't work to post all 8 page posts in here. Please PM if you would be able to just scan over them and tell me what you think.
Re: Custom Made CMS
You can post it here. Using the code tag automatically contracts the data so it won't take up loads of space (until we click "expand").
-
CoolAsCarlito
- Forum Contributor
- Posts: 192
- Joined: Sat May 31, 2008 3:27 pm
- Contact:
Re: Custom Made CMS
Code: Select all
<?php
ob_start("ob_gzhandler"); // cache system
require "backstageconfig.php";
require "backstagefunctions.php";
if ((!empty($_POST)) && (isset($_POST['action'])))
{
$action=$_POST{'action'};
}
else
{
$action="mainmenu";
}
if ((isset($_POST['uname'])) && (isset($_POST['pword'])))
{
$uname=$_POST{'uname'};
$pword=md5($_POST{'pword'});
validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
$action="mainmenu";
}
elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword']))))
{
require_once "backstage_libs/login.php";
login($admincssfile,$fed,$url);
}
else
{
$uname=$_COOKIE["uname"];
$pword=$_COOKIE["pword"];
validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
if (isset($_POST['newdefaultcharacterid']))
{
$newdefaultcharacterid = (integer)$_POST["newdefaultcharacterid"];
$query = "UPDATE
efed_handler
SET
default_char_id = '$newdefaultcharacterid'
WHERE
login = '$uname' and
fed_id = '$fedid'";
mysql_db_query($dbname, $query) or Die (mysql_error());
}
}
$query = "SELECT
h.id as userid,
h.surname as surname,
h.firstname as firstname,
h.isadmin as isadmin,
newscat.id as defaultcategoryid,
bio.id as defaultcharacterid,
bio.style_id as styleid,
bio.username as defaultcharacterusername,
bio.charactername as defaultcharactername,
styles.name as style
FROM
efed_handler as h
LEFT JOIN
efed_bio as bio
ON
(
h.default_char_id = bio.id and
bio.fed_id = '$fedid'
)
LEFT JOIN
efed_list_styles as styles
ON
(
bio.style_id = styles.id and
bio.fed_id = '$fedid'
)
LEFT JOIN
efed_list_newscategory as newscat
ON
(
h.default_news_id = newscat.id and
newscat.fed_id = '$fedid'
)
WHERE
h.login = '$uname' and
h.password = '$pword' and
h.fed_id = '$fedid'";
$result = mysql_query ($query);
while ($row = mysql_fetch_assoc($result))
{
$fieldarray=array('userid','surname','firstname','isadmin','defaultcharacterid','defaultcharacterusername','defaultcharactername','defaultcategoryid','styleid','username','style','charactername');
foreach ($fieldarray as $fieldlabel)
{
if (isset($row[$fieldlabel]))
{
$$fieldlabel=$row[$fieldlabel];
$$fieldlabel=cleanquerydata($$fieldlabel);
}
}
}
if ($action != "logout")
{
headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums);
}
else
{
headercode($fedid,$admincssfile,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
}
// print "<center>\n";
switch ($action)
{
case "mainmenu":
mainscreen();
print "</div>\n";
footercode();
break;
case "login":
require_once "backstage_libs/login.php";
login($admincssfile,$fed,$url);
break;
case "handler":
if ($isadmin == "1")
{
require_once "backstage_libs/handler.php";
handler($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$ip);
}
break;
case "character":
require_once "backstage_libs/character.php";
character($fedid,$uname,$pword,$userid,$dirpath,$isadmin,$admincssfile,$dbname,$sortorderarray,$iframe,$defaultcharacterid,$styleid,$defaultcharacterusername,$heatmetersenabled,$heatmeters);
break;
case "newscategory":
if ($isadmin == "1")
{
require_once "backstage_libs/newscategory.php";
newscategory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$targetarray);
}
break;
case "news":
require_once "backstage_libs/news.php";
news($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcategoryid,$ip,$defaultcharacterid,$defaultcharactername);
break;
case "content":
if ($isadmin == "1")
{
require_once "backstage_libs/content.php";
content($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "template":
if ($isadmin == "1")
{
require_once "backstage_libs/template.php";
template($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "biolayout":
if ($isadmin == "1")
{
require_once "backstage_libs/biolayout.php";
biolayout($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "quotes":
require_once "backstage_libs/quotes.php";
quotes($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
break;
case "alliesrivals":
require_once "backstage_libs/alliesrivals.php";
alliesrivals($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$numalliesrivals,$defaultcharacterid,$defaultcharactername,$defaultcharacterusername);
break;
case "roleplay":
require_once "backstage_libs/roleplay.php";
roleplay($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
break;
case "champions":
if ($isadmin == "1")
{
require_once "backstage_libs/champions.php";
champions($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "title":
if ($isadmin == "1")
{
require_once "backstage_libs/title.php";
title($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "titlehistory":
if ($isadmin == "1")
{
require_once "backstage_libs/titlehistory.php";
titlehistory($uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "division":
if ($isadmin == "1")
{
require_once "backstage_libs/division.php";
division($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "eventname":
if ($isadmin == "1")
{
require_once "backstage_libs/eventname.php";
eventname($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname);
}
break;
case "eventbooker":
if ($isadmin == "1")
{
require_once "backstage_libs/eventbooker.php";
eventbooker($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
}
break;
case "submitmatch":
require_once "backstage_libs/submitmatch.php";
submitmatch($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
break;
case "submitseg":
require_once "backstage_libs/submitseg.php";
submitseg($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
break;
case "resultscompilation":
if ($isadmin == "1")
{
require_once "backstage_libs/resultscompilation.php";
resultscompilation($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
}
break;
case "resultsediting":
if ($isadmin == "1")
{
require_once "backstage_libs/resultsediting.php";
resultsediting($uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url);
}
break;
case "menustructures":
if ($isadmin == "1")
{
require_once "backstage_libs/menustructures.php";
menustructures($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url);
}
break;
case "arenas":
if ($isadmin == "1")
{
require_once "backstage_libs/arenas.php";
arenas($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
}
break;
case "manageapplications":
if ($isadmin == "1")
{
require_once "backstage_libs/manageapplications.php";
manageapplications($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
}
break;
case "directory":
if ($isadmin == "1")
{
require_once "backstage_libs/directory.php";
directory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
}
break;
case "logout":
SetCookie ("uname", "");
SetCookie ("pword", "");
require_once "backstage_libs/login.php";
login($admincssfile,$fed,$url);
break;
default:
print "Default Screen<br />";
footercode();
break;
}
exit;
?>
-
CoolAsCarlito
- Forum Contributor
- Posts: 192
- Joined: Sat May 31, 2008 3:27 pm
- Contact:
Re: Custom Made CMS
Another file to scan through. That's all I'll post until I hopefully get some responses.
Code: Select all
<?php
ob_start("ob_gzhandler"); // cache system
require_once "backstageconfig.php";
require_once "backstagefunctions.php";
require_once "backstagefunctions_custom.php";
if (isset($_GET['routine'])) {$routine=$_GET{'routine'};}
if (isset($_GET['bookingid'])) {$bookingid=$_GET{'bookingid'};}
if (isset($_GET['titleid'])) {$titleid=$_GET{'titleid'};}
if (isset($_GET['menuid'])) {$menuid=$_GET{'menuid'};}
if (isset($_GET['countryid'])) {$countryid=$_GET{'countryid'};}
if (isset($_GET['matchid'])) {$matchid=$_GET{'matchid'};}
if (isset($_GET['bioids'])) {$bioids=$_GET{'bioids'};}
if (isset($_GET['remove'])) {$remove=$_GET{'remove'};}
if (isset($_GET['type'])) {$type=$_GET{'type'};}
if (isset($_GET['fieldid'])) {$fieldid=$_GET{'fieldid'};}
if (isset($_GET['getenabled'])) {$getenabled=$_GET{'getenabled'};}
switch ($routine)
{
case "match":
if ((isset($_COOKIE['uname'])) && (isset($_COOKIE['pword'])))
{
$uname=$_COOKIE["uname"];
$pword=$_COOKIE["pword"];
validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
}
else
{
die;
}
if ($bookingid != "0")
{
print "<select name=matchid class=dropdown>";
$query = "SELECT
ecm.id as getmatchid,
ecm.name as getmatchname
FROM
efed_content_matchseg as ecm
WHERE
ecm.type = 'match' and
ecm.booking_id = '$bookingid' and
ecm.title_id = '$titleid'
ORDER BY
ecm.sortorder";
$result = mysql_query ($query);
while ($row = mysql_fetch_assoc($result))
{
$getmatchid = $row['getmatchid'];
$getmatchname = $row['getmatchname'];
print "<option value=\"".$getmatchid."\">".$getmatchname;
}
print "</select>\n";
break;
}
else
{
print "Select an event with matches";
}
break;
case "menu":
menusystem($menuid);
break;
case "arenas":
print "<select name=arenaid class=dropdown><option value=0>- Select -";
$query = "SELECT
ela.id as getarenaid,
ela.city as getarenacity,
ela.arena as getarenaname,
ela.capacity as getcapacity
FROM
efed_list_arenas as ela
WHERE
ela.country_id = '$countryid'
ORDER BY
ela.arena";
$result = mysql_query ($query);
while ($row = mysql_fetch_assoc($result))
{
$fieldarray=array('getarenaid','getarenacity','getarenaname','getcapacity');
foreach ($fieldarray as $fieldlabel)
{
if (isset($row[$fieldlabel]))
{
$$fieldlabel=$row[$fieldlabel];
$$fieldlabel=htmlentities($$fieldlabel);
}
}
print "<option value=\"".$getarenaid."\">".$getarenaname." - ".$getarenacity;
}
print "</select>\n";
break;
case "getmatch":
displaymatch($matchid,$dirpath,$resultsheadshots);
displaycredits($matchid);
break;
case "appearances":
$appearances=explode(":", $bioids);
$appearances=array_unique($appearances);
print "<ul>\n";
foreach($appearances as $bioid)
{
if ((isset($remove)) && ($remove == $bioid)) { continue; }
if ($bioid > "0")
{
if ($type == "1")
{
print "<li><a href=\"#\" onClick=\"setCompetitor('".$bioid."'); return false;\">Remove</a> : ".getcharactername($bioid)."</li>\n";
}
elseif ($type == "2")
{
print "<li><a href=\"#\" onClick=\"setInterferences('".$bioid."'); return false;\">Remove</a> : ".getcharactername($bioid)."</li>\n";
}
}
}
print "</ul>\n";
break;
case "featuring":
$featuring=explode(":", $bioids);
$featuring=array_unique($featuring);
print "<ul>\n";
foreach($featuring as $bioid)
{
if ((isset($remove)) && ($remove == $bioid)) { continue; }
if ($bioid > "0")
{
print "<li><a href=\"#\" onClick=\"setFeaturing('".$bioid."'); return false;\">Remove</a> : ".getcharactername($bioid)."</li>\n";
}
}
print "</ul>\n";
break;
case "fieldenable":
if ((isset($_COOKIE['uname'])) && (isset($_COOKIE['pword'])))
{
$uname=$_COOKIE["uname"];
$pword=$_COOKIE["pword"];
validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
}
else
{
die;
}
$query = "UPDATE
efed_list_fields
SET
enabled = '$getenabled'
WHERE
id = '$fieldid' and
fed_id = '$fedid'";
mysql_db_query($dbname, $query) or Die (mysql_error());
if ($getenabled == "1")
{
print "<a href=\"#\" onClick=\"ajaxpage('backstageajax.php?random=".rand()."&routine=fieldenable&fieldid=".$fieldid."&getenabled=2','".$fieldid."');return false;\">Yes</a>";
}
elseif ($getenabled == "2")
{
print "<a href=\"#\" onClick=\"ajaxpage('backstageajax.php?random=".rand()."&routine=fieldenable&fieldid=".$fieldid."&getenabled=1','".$fieldid."');return false;\">No</a>";
}
break;
}
exit;
?>
Re: Custom Made CMS
Just a couple of things regarding the first code.
Firstly, perhaps you could cut down on a lot of the brackets? For example, change:
to
Secondly, use an encryption other than MD5 for the password:
Firstly, perhaps you could cut down on a lot of the brackets? For example, change:
Code: Select all
elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword']))))Code: Select all
elseif (!isset($_COOKIE['uname']) && !isset($_COOKIE['pword']))Code: Select all
$pword = hash('sha256', $_POST['pword']);-
CoolAsCarlito
- Forum Contributor
- Posts: 192
- Joined: Sat May 31, 2008 3:27 pm
- Contact:
Re: Custom Made CMS
That is some great stuff. Anything not neccessarily problematic but would be more efficient on loading time or just straight up proper coding?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Custom Made CMS
What kind of critique are you looking for?
Looks like you may have SQL injection exploits, hard to tell without being able to step through the code line for line. There doesn't appear to be any seperation of conerns, have you considered looking into using a framework such as codeignitor, cakephp or zend to assist you architecting software according to some standard?
Cheers,
Alex
Looks like you may have SQL injection exploits, hard to tell without being able to step through the code line for line. There doesn't appear to be any seperation of conerns, have you considered looking into using a framework such as codeignitor, cakephp or zend to assist you architecting software according to some standard?
Cheers,
Alex
-
CoolAsCarlito
- Forum Contributor
- Posts: 192
- Joined: Sat May 31, 2008 3:27 pm
- Contact:
Re: Custom Made CMS
What do you suggest?
-
CoolAsCarlito
- Forum Contributor
- Posts: 192
- Joined: Sat May 31, 2008 3:27 pm
- Contact:
Re: Custom Made CMS
Anybody want to mention anything else that I should do differently in my code?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Custom Made CMS
Using a different CMS?What do you suggest?
If that is not an option, or you are looking to learn, then I suggest using PDO and prepared statements and parameter binding so you do not have to worry about SQL injection. Google it, it'll take a while to learn.
Cheers,
Alex