Custom Made CMS

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
CoolAsCarlito
Forum Contributor
Posts: 192
Joined: Sat May 31, 2008 3:27 pm
Contact:

Custom Made CMS

Post by CoolAsCarlito »

I have a custom made CMS project that I helped establish and was looking to see if I could get someone to scan over the 8 or so files and just critique them all to see if they undertand the CMS as a whole and each page. It isn't huge by any means but it wouldn't work to post all 8 page posts in here. Please PM if you would be able to just scan over them and tell me what you think.
MichaelR
Forum Contributor
Posts: 148
Joined: Sat Jan 03, 2009 3:27 pm

Re: Custom Made CMS

Post by MichaelR »

You can post it here. Using the code tag automatically contracts the data so it won't take up loads of space (until we click "expand").
CoolAsCarlito
Forum Contributor
Posts: 192
Joined: Sat May 31, 2008 3:27 pm
Contact:

Re: Custom Made CMS

Post by CoolAsCarlito »

Code: Select all

<?php
	ob_start("ob_gzhandler");  // cache system

	require "backstageconfig.php";
	require "backstagefunctions.php";

	if ((!empty($_POST)) && (isset($_POST['action']))) 
	{
		$action=$_POST{'action'};
	} 
	else
	{
		$action="mainmenu";
	}

	if ((isset($_POST['uname'])) && (isset($_POST['pword'])))
	{
		$uname=$_POST{'uname'};
		$pword=md5($_POST{'pword'});
		validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
		$action="mainmenu";
	}
	elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword']))))
	{
		require_once "backstage_libs/login.php";
		login($admincssfile,$fed,$url);
	}
	else
	{
		$uname=$_COOKIE["uname"];
		$pword=$_COOKIE["pword"];
		validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);

		if (isset($_POST['newdefaultcharacterid']))
		{
			$newdefaultcharacterid = (integer)$_POST["newdefaultcharacterid"];
			$query = "UPDATE
					efed_handler
				SET
					default_char_id = '$newdefaultcharacterid'
				WHERE
					login = '$uname' and
					fed_id = '$fedid'"; 
			mysql_db_query($dbname, $query) or Die (mysql_error());
		}
	}

	$query = "SELECT
			h.id as userid,
			h.surname as surname,
			h.firstname as firstname,
			h.isadmin as isadmin,
			newscat.id as defaultcategoryid,
			bio.id as defaultcharacterid,
			bio.style_id as styleid,
			bio.username as defaultcharacterusername,
			bio.charactername as defaultcharactername,
			styles.name as style
		FROM
			efed_handler as h
		LEFT JOIN
			efed_bio as bio
		ON
			(
				h.default_char_id = bio.id and
				bio.fed_id = '$fedid'
			)
		LEFT JOIN
			efed_list_styles as styles
		ON
			(
				bio.style_id = styles.id and
				bio.fed_id = '$fedid'
			)
		LEFT JOIN
			efed_list_newscategory as newscat
		ON
			(
				h.default_news_id = newscat.id and
				newscat.fed_id = '$fedid'
			)
		WHERE
			h.login = '$uname' and
			h.password = '$pword' and
			h.fed_id = '$fedid'"; 
	$result = mysql_query ($query); 
	while ($row = mysql_fetch_assoc($result))
	{
		$fieldarray=array('userid','surname','firstname','isadmin','defaultcharacterid','defaultcharacterusername','defaultcharactername','defaultcategoryid','styleid','username','style','charactername');
		foreach ($fieldarray as $fieldlabel)
		{
			if (isset($row[$fieldlabel])) 
			{ 
				$$fieldlabel=$row[$fieldlabel];
				$$fieldlabel=cleanquerydata($$fieldlabel);
			}
		}
	}

	if ($action != "logout")
	{
		headercode($fedid,$admincssfile,$userid,$isadmin,$defaultcharacterid,$defaultcharacterusername,$defaultcharactername,$surname,$firstname,$action,$dirpath,$folder,$headshot,$bioheadheight,$bioheadwidth,$surname,$firstname,$forums);
	}
	else
	{
		headercode($fedid,$admincssfile,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
	}
	// print "<center>\n";

	switch ($action)	
	{
		case "mainmenu":
			mainscreen();
			print "</div>\n";
			footercode();
			break;

		case "login":
			require_once "backstage_libs/login.php";
			login($admincssfile,$fed,$url);
			break;

		case "handler":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/handler.php";
				handler($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$ip); 
			}
			break;

		case "character":
			require_once "backstage_libs/character.php";
			character($fedid,$uname,$pword,$userid,$dirpath,$isadmin,$admincssfile,$dbname,$sortorderarray,$iframe,$defaultcharacterid,$styleid,$defaultcharacterusername,$heatmetersenabled,$heatmeters);
			break;

		case "newscategory":
			if ($isadmin == "1") 
			{
				require_once "backstage_libs/newscategory.php";
				newscategory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$targetarray); 
			}
			break;

		case "news":
			require_once "backstage_libs/news.php";
			news($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcategoryid,$ip,$defaultcharacterid,$defaultcharactername);
			break;

		case "content":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/content.php";
				content($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "template":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/template.php";
				template($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "biolayout":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/biolayout.php";
				biolayout($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "quotes":
			require_once "backstage_libs/quotes.php";
			quotes($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
			break;

		case "alliesrivals":
			require_once "backstage_libs/alliesrivals.php";
			alliesrivals($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$numalliesrivals,$defaultcharacterid,$defaultcharactername,$defaultcharacterusername);
			break;

		case "roleplay":
			require_once "backstage_libs/roleplay.php";
			roleplay($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$defaultcharacterid,$defaultcharactername);
			break;

		case "champions":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/champions.php";
				champions($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "title":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/title.php";
				title($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "titlehistory":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/titlehistory.php";
				titlehistory($uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "division":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/division.php";
				division($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "eventname":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/eventname.php";
				eventname($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname); 
			}
			break;

		case "eventbooker":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/eventbooker.php";
				eventbooker($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); 
			}
			break;

		case "submitmatch":
			require_once "backstage_libs/submitmatch.php";
			submitmatch($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
			break;

		case "submitseg":
			require_once "backstage_libs/submitseg.php";
			submitseg($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot);
			break;

		case "resultscompilation":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/resultscompilation.php";
				resultscompilation($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot); 
			}
			break;

		case "resultsediting":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/resultsediting.php";
				resultsediting($uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); 
			}
			break;

		case "menustructures":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/menustructures.php";
				menustructures($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$headshot,$url); 
			}
			break;

		case "arenas":
			if ($isadmin == "1") 
			{ 
				require_once "backstage_libs/arenas.php";
				arenas($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url); 
			}
			break;

		case "manageapplications":
			if ($isadmin == "1") 
			{
				require_once "backstage_libs/manageapplications.php";
				manageapplications($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
			}
			break;
		
		case "directory":
			if ($isadmin == "1") 
			{
				require_once "backstage_libs/directory.php";
				directory($fedid,$uname,$pword,$userid,$isadmin,$admincssfile,$dbname,$dirpath,$url);
			}
			break;
			
		case "logout":
			SetCookie ("uname", "");
			SetCookie ("pword", "");
			require_once "backstage_libs/login.php";
			login($admincssfile,$fed,$url);
			break;

		default:
			print "Default Screen<br />";
			footercode();
			break;
	}
	exit;
?>
CoolAsCarlito
Forum Contributor
Posts: 192
Joined: Sat May 31, 2008 3:27 pm
Contact:

Re: Custom Made CMS

Post by CoolAsCarlito »

Another file to scan through. That's all I'll post until I hopefully get some responses.

Code: Select all

<?php
	ob_start("ob_gzhandler");  // cache system
	require_once "backstageconfig.php";
	require_once "backstagefunctions.php";
	require_once "backstagefunctions_custom.php";
	if (isset($_GET['routine'])) {$routine=$_GET{'routine'};}
	if (isset($_GET['bookingid'])) {$bookingid=$_GET{'bookingid'};}
	if (isset($_GET['titleid'])) {$titleid=$_GET{'titleid'};}
	if (isset($_GET['menuid'])) {$menuid=$_GET{'menuid'};}
	if (isset($_GET['countryid'])) {$countryid=$_GET{'countryid'};}
	if (isset($_GET['matchid'])) {$matchid=$_GET{'matchid'};}
	if (isset($_GET['bioids'])) {$bioids=$_GET{'bioids'};}	
	if (isset($_GET['remove'])) {$remove=$_GET{'remove'};}	
	if (isset($_GET['type'])) {$type=$_GET{'type'};}	
	if (isset($_GET['fieldid'])) {$fieldid=$_GET{'fieldid'};}	
	if (isset($_GET['getenabled'])) {$getenabled=$_GET{'getenabled'};}	
	
	switch ($routine)	
	{
		case "match":
			if ((isset($_COOKIE['uname'])) && (isset($_COOKIE['pword'])))
			{
				$uname=$_COOKIE["uname"];
				$pword=$_COOKIE["pword"];
				validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
			}
			else
			{
				die;
			}
			if ($bookingid != "0")
			{
				print "<select name=matchid class=dropdown>";
				$query = "SELECT
						ecm.id as getmatchid,
						ecm.name as getmatchname
					FROM
						efed_content_matchseg as ecm
					WHERE
						ecm.type = 'match' and
						ecm.booking_id = '$bookingid' and
						ecm.title_id = '$titleid'
					ORDER BY
						ecm.sortorder"; 
				$result = mysql_query ($query); 
				while ($row = mysql_fetch_assoc($result))
				{
					$getmatchid = $row['getmatchid'];
					$getmatchname = $row['getmatchname'];
					print "<option value=\"".$getmatchid."\">".$getmatchname;
				}
				print "</select>\n";
				break;
			}
			else
			{
				print "Select an event with matches";
			}

			break;
		case "menu":

			menusystem($menuid);

			break;
			
		case "arenas":
				print "<select name=arenaid class=dropdown><option value=0>- Select -";
				$query = "SELECT
								ela.id as getarenaid,
								ela.city as getarenacity,
								ela.arena as getarenaname,
								ela.capacity as getcapacity
							FROM
								efed_list_arenas as ela
							WHERE
								ela.country_id = '$countryid'
							ORDER BY
								ela.arena";
				$result = mysql_query ($query); 
				while ($row = mysql_fetch_assoc($result))
				{
					$fieldarray=array('getarenaid','getarenacity','getarenaname','getcapacity');
					foreach ($fieldarray as $fieldlabel)
					{
						if (isset($row[$fieldlabel])) 
						{ 
							$$fieldlabel=$row[$fieldlabel];
							$$fieldlabel=htmlentities($$fieldlabel);
						}
					}
					
					print "<option value=\"".$getarenaid."\">".$getarenaname." - ".$getarenacity;
				}					
				print "</select>\n";
		
			break;

		case "getmatch":
			displaymatch($matchid,$dirpath,$resultsheadshots);
			displaycredits($matchid);
			break;
			
		case "appearances":
			$appearances=explode(":", $bioids);
			$appearances=array_unique($appearances);
			print "<ul>\n";
			foreach($appearances as $bioid)
			{
				if ((isset($remove)) && ($remove == $bioid)) { continue; }
				if ($bioid > "0") 
				{
					if ($type == "1")
					{
						print "<li><a href=\"#\" onClick=\"setCompetitor('".$bioid."'); return false;\">Remove</a> : ".getcharactername($bioid)."</li>\n";
					}
					elseif ($type == "2")
					{
						print "<li><a href=\"#\" onClick=\"setInterferences('".$bioid."'); return false;\">Remove</a> : ".getcharactername($bioid)."</li>\n";
					}
				}
			}
			print "</ul>\n";
			break;
			
		case "featuring":
			$featuring=explode(":", $bioids);
			$featuring=array_unique($featuring);
			print "<ul>\n";
			foreach($featuring as $bioid)
			{
				if ((isset($remove)) && ($remove == $bioid)) { continue; }
				if ($bioid > "0") 
				{
					print "<li><a href=\"#\" onClick=\"setFeaturing('".$bioid."'); return false;\">Remove</a> : ".getcharactername($bioid)."</li>\n";
				}
			}
			print "</ul>\n";
			break;

		case "fieldenable":
			if ((isset($_COOKIE['uname'])) && (isset($_COOKIE['pword'])))
			{
				$uname=$_COOKIE["uname"];
				$pword=$_COOKIE["pword"];
				validate($fedid, $uname, $pword, 0, 0, $cookiedomain, $cookiepath, $admincssfile);
			}
			else
			{
				die;
			}		

			$query = "UPDATE
					efed_list_fields 
				SET
					enabled = '$getenabled'
				WHERE
					id = '$fieldid' and
					fed_id = '$fedid'"; 
			mysql_db_query($dbname, $query) or Die (mysql_error());

			if ($getenabled == "1")
			{
				print "<a href=\"#\" onClick=\"ajaxpage('backstageajax.php?random=".rand()."&routine=fieldenable&fieldid=".$fieldid."&getenabled=2','".$fieldid."');return false;\">Yes</a>";
			}
			elseif ($getenabled == "2")
			{
				print "<a href=\"#\" onClick=\"ajaxpage('backstageajax.php?random=".rand()."&routine=fieldenable&fieldid=".$fieldid."&getenabled=1','".$fieldid."');return false;\">No</a>";
			}
			
			break;
	}
	exit;
?>
MichaelR
Forum Contributor
Posts: 148
Joined: Sat Jan 03, 2009 3:27 pm

Re: Custom Made CMS

Post by MichaelR »

Just a couple of things regarding the first code.

Firstly, perhaps you could cut down on a lot of the brackets? For example, change:

Code: Select all

elseif ((!(isset($_COOKIE['uname']))) && (!(isset($_COOKIE['pword']))))
to

Code: Select all

elseif (!isset($_COOKIE['uname']) && !isset($_COOKIE['pword']))
Secondly, use an encryption other than MD5 for the password:

Code: Select all

$pword = hash('sha256', $_POST['pword']);
CoolAsCarlito
Forum Contributor
Posts: 192
Joined: Sat May 31, 2008 3:27 pm
Contact:

Re: Custom Made CMS

Post by CoolAsCarlito »

That is some great stuff. Anything not neccessarily problematic but would be more efficient on loading time or just straight up proper coding?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: Custom Made CMS

Post by alex.barylski »

What kind of critique are you looking for?

Looks like you may have SQL injection exploits, hard to tell without being able to step through the code line for line. There doesn't appear to be any seperation of conerns, have you considered looking into using a framework such as codeignitor, cakephp or zend to assist you architecting software according to some standard?

Cheers,
Alex
CoolAsCarlito
Forum Contributor
Posts: 192
Joined: Sat May 31, 2008 3:27 pm
Contact:

Re: Custom Made CMS

Post by CoolAsCarlito »

What do you suggest?
CoolAsCarlito
Forum Contributor
Posts: 192
Joined: Sat May 31, 2008 3:27 pm
Contact:

Re: Custom Made CMS

Post by CoolAsCarlito »

Anybody want to mention anything else that I should do differently in my code?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: Custom Made CMS

Post by alex.barylski »

What do you suggest?
Using a different CMS? :)

If that is not an option, or you are looking to learn, then I suggest using PDO and prepared statements and parameter binding so you do not have to worry about SQL injection. Google it, it'll take a while to learn.

Cheers,
Alex
Post Reply