im thinking of creating a very basic cms system so my clients can easily edit the content on their website. im thinking using php and mysql will be the best bet.

is there any tips, advice, possible problems to look out for, simple cms systems i could look at, tutorials, basically anything you think might be of use to me before i start

thanks, flex

I've created a few "CMS's" before, and it's tough work. You really need to know what you're going to do before you do it.

• Have a plan
  • There's no use in writing a CMS from scratch if you have nowhere to start. Make it structured & organized, so it can easily be looked back upon and changed.

The *biggest* problem you *will* encounter will be security. If a user can easily break in, your whole website could be compromised.

I see you are making a CMS to perhaps install onto an already-created website. This, I find very interesting, as it would provide, but also require *extreme* flexibility. A few ideas that come to mind:

• Auto Editing
  • A specified div (ie 'content') could be turned into a textarea when in 'edit' mode, and various other things. These all would be set at the top of the page.
  • Whilst in 'edit' mode, there could be a little frame at the top of the website to set some values, for example: the element that contains the content, and the element that contains the title, etc.
  • When saving the edited page, it could merely take the value of all the inputs and overwrite the previous value in the text file with the new one. This could easily be done in PHP by using an easy combinations of file_get_contents, fopen, fwrite (write & truncate), and str_replace.
• Admin Panel
  • An admin panel to, in short, allow the creation of new files using a given template.

A great resource for learning how to do this sort of thing, and where I am getting some of my ideas is webs.com. I used to use them back when I was completely focused on content and not programming. It's the other way around now, but it would be interesting to see that sort of editor implemented in a real, already working website.

I highly encourage this new project of yours, despite what other users might think. Some might say to "just use WordPress", but that wouldn't fit your needs. From my understanding, you need to *create your own CMS* that would help edit *pre-make websites*, ie websites that already exist.

A short while ago, I wrote a little project for members of Tycoon Talk to post their CMSs. If you'd like a nice resource of what *I* think a CMS *should* have, check out this thread.

Good luck! Don't hesitate to ask questions. You should see the amount of questions I had when creating my first (albeit crappy) CMS!

-Scott

You can also use wordpess for basic application.It will be most easier.

Why reinvent the wheel?

WordPress, Joomla, Drupal.
Take your pick.

By reinventing the wheel, we learn new things. Often, mistakes are what formulate ideas, and if you've ever watched Inception, "Ideas can come to grow inside you, and even change who you are".

Just kidding about the Inception reference, but you get the idea. It's a learning experience, and even though the OP will learn how incredibly difficult it IS to create a fully working CMS, they will learn quite a lot doing so. Advanced file management, MySQL usage, script efficiency, etc.

For example, before I did my first *ahem* 3 'CMS'-s, I had no idea I'd find the line of a file that has variable content, and change that variable content while still keeping the file and other content intact. Now that's pretty easy, because I've tried, failed multiple times, and learned what TO do and what NOT to do.

[/ramble]

Quote:

Originally Posted by Physicsguy

By reinventing the wheel, we learn new things. Often, mistakes are what formulate ideas, and if you've ever watched Inception, "Ideas can come to grow inside you, and even change who you are".

Just kidding about the Inception reference, but you get the idea. It's a learning experience, and even though the OP will learn how incredibly difficult it IS to create a fully working CMS, they will learn quite a lot doing so. Advanced file management, MySQL usage, script efficiency, etc.

For example, before I did my first *ahem* 3 'CMS'-s, I had no idea I'd find the line of a file that has variable content, and change that variable content while still keeping the file and other content intact. Now that's pretty easy, because I've tried, failed multiple times, and learned what TO do and what NOT to do.

[/ramble]

I appreciate the point about all experimentation being a valuable learning exercise. But I would counter with 2 arguments:

1) The OP wants to create a CMS for "clients" to use. Frankly, I can't endorse experimenting with code at a client's expense. As a personal side project by all means, but don't sell something half baked to a trusting customer.

2) The trend in the web world these days is away from bespoke systems. A growing percentage of the top million sites on the web are switching to tried and proven open source projects like WordPress, Joomla, Drupal etc.
(source: Matt Mullenwegs last 'State of the Word' presentation).

There is a hell of a lot to learn about all of those CMS so I'd suggest the time would be better spent by choosing one and get to learn it inside out.
Since I've started using CMS I almost NEVER have to write a MySQL database query from scratch because those systems have built in functions to do that and a lot of other things.

Quote:

Originally Posted by TWD

1) The OP wants to create a CMS for "clients" to use. Frankly, I can't endorse experimenting with code at a client's expense. As a personal side project by all means, but don't sell something half baked to a trusting customer.

Ah, I forgot about that. Agreed, it would be bad for business to release something unstable for trusting customers.

Quote:

Originally Posted by TWD

2) The trend in the web world these days is away from bespoke systems. A growing percentage of the top million sites on the web are switching to tried and proven open source projects like WordPress, Joomla, Drupal etc.
(source: Matt Mullenwegs last 'State of the Word' presentation).

This, as I would take it, is bad news. All of the current web developers that are hired to do what they do will be outsourced and outdone by free solutions that are better. The problem with that is that all websites will eventually look the same. This is great for consistency, but unique websites would be outlawed for not following standard procedure.

Quote:

Originally Posted by TWD

There is a hell of a lot to learn about all of those CMS so I'd suggest the time would be better spent by choosing one and get to learn it inside out.
Since I've started using CMS I almost NEVER have to write a MySQL database query from scratch because those systems have built in functions to do that and a lot of other things.

Some people like using pre-built CMSs, because it speeds up their content writing (what's important). I'm a pure developer, and by no means a writer, so I'm not worried about that stuff.

Having written my own CMS, I would suggest ...




... Don't!!

Quote:

Originally Posted by Physicsguy

This, as I would take it, is bad news. All of the current web developers that are hired to do what they do will be outsourced and outdone by free solutions that are better. The problem with that is that all websites will eventually look the same. This is great for consistency, but unique websites would be outlawed for not following standard procedure.

I dont agree.
I think it's a misconception that all WordPress sites "look the same".
The WordPress front end, after all, is defined in a theme layer, which can be skinned to look however you want. Same with Drupal, Joomla and probably most CMS.
Each year there is a "Do-it-with-Drupal" conference, where , just to showcase how versatile the system is, they reconstruct well known websites like Flickr, Netflix, Facebook etc using nothing more than Drupal.
Each of these sites can be recreated pixel perfect, so "look and feel" is totally flexible.

And in terms of functionality, Well WordPress has some 15,000 plugins and counting, Drupal and Joomla have thousands also. So there is plenty of scope for both designers AND developers to do their thing in the CMS world.

And dont forget that each of these projects has hundreds of thousands of users doing continuous security testing and feedback, something you'll never achieve with a "roll-your-own" CMS.

I just think its a bad idea to reinvent the wheel. Life is too short for that.

Quote:

1) The OP wants to create a CMS for "clients" to use. Frankly, I can't endorse experimenting with code at a client's expense. As a personal side project by all means, but don't sell something half baked to a trusting customer.

No balls at all. The fact is if you want to build a website which is an experience for a user, you probably want it to become a website with a million users. Now if you want to do THAT, then follow my advice. Anyone here who does not want to do that, I suggest go with what all the cynics here said. Do something predictable and small-time.

If you want to be big what you'll have to do is give up this tomfoolery where you restrict yourself to trying to build a cms for your users, not for any of the reasons stated. Indeed, if you have nothing better to do, certainly do it: I recommend trying it in several languages, for starters, to figure out which one will cover all the bases you need covered in the longrun.

Your choice of sql is predictable. Investigate using Linux servers, coding in C++ and other CGI languages (avoid php) and think about looking for more advanced database structures and systems than sql. Read "the backrub" document for ideas.

So what you should be doing is going backwards a step and deciding whether you want to build websiteS which reach millions of people. If so, NOTHING on your site should have a brand name like joomla, facebook, twitter, youtube, wordpress, etc. Your site is YOUR corporation, not theirs, keep them out. Your development has to be of the highest quality. I think that anyone who in such a casual way wishes to build a cms for his/her clients is someone who has what it takes to pursue that goal. Keep it up, lad. And ignore all brandnames, that's all I can say. Find a language or two which can give you proper development control, and stick with Linux for security reasons. Don't be scaremongered out of being somebody.

When you have absolute developmental control over your web developents, and can make a lot of money just like that (which is easy if you do what I said) then you can pay people like the 3 cynics above things like 10k a head to build websites for you, as I myself plan slash scheme to do fairly soon. ;-)

In the meantime, go write some cms's for your punters, watch em break, rebuild em, fix em, suffer and bleed for em and later on it will all be very useful military training for the frontline of electronic financial/commercial developmental warfare.

I don't know how you can give such specific advice for making something as general as a "website with a million users".

Quote:

think about looking for more advanced database structures and systems than sql

Non-relational databases tend to be fairly specialized. Using one for the sake of using one is going to hurt your application and slow down development. Also, I wouldn't call NoSQL DBMSs 'advanced'. They're just different.

Quote:

Investigate using Linux servers

Why? Depending on how you develop your application the OS might be completely transparent.

Quote:

avoid php

Again, why?

Quote:

NOTHING on your site should have a brand name like joomla, facebook, twitter, youtube, wordpress

There are tons of sites you wouldn't even know are built with wordpress unless you went digging around in the source code. I'm guessing the same is true of Joomla, but I don't personally use it. Facebook, twitter and youtube aren't CMSs. If you're referring to services like facebook connect, then not letting users know you're using it kind of defeats the purpose.

Quote:

can make a lot of money just like that (which is easy if you do what I said)

I'm not seeing the connection here. Someone could easily spend years reinventing the wheel (in C++ on a linux server without a relational DB for reasons that aren't clear). Your end product isn't going to be inherently better and there is a decent chance that someone will write a plugin for a general purpose CMS in the span of a week that does the same thing as your custom CMS. How does this equate to making lots of money?



There is nothing wrong with creating a custom solution from scratch. Just don't expect someone to pay you to do it unless you have a specific problem that a general purpose CMS doesn't handle well.

Quote:

"...go write some cms's for your punters, watch em break.."

I'm sure your clients will be thrilled by that approach.
Good luck.

Quote:

Originally Posted by TWD

Quote:

I'm sure your clients will be thrilled by that approach.
Good luck.

I think that may have been the message behind the comment,

Quote:

Originally Posted by chrishirst

I think that may have been the message behind the comment,

it was, it was

Quote:

Originally Posted by NullPointer

I don't know how you can give such specific advice for making something as general as a "website with a million users".

Quote:

Non-relational databases tend to be fairly specialized.

oh do they, well ner ner ne ner ner to me.

Quote:

Using one for the sake of using one is going to hurt your application and slow down development. Also, I wouldn't call NoSQL DBMSs 'advanced'. They're just different.

just assume what you like about what I mean. I build bespoke databases to handle millions of queries simultaneously out of the tools god gave me, ie an OS, languages and my brain. i do it so that i leave NO part of the scaleability in the hands of the world's hierarchies which insists that to have giant scalability with mainstream tools you pay for the expensive crap. i build data structures which do wild things. if he has some imagination he could do that too. just because you want to do it your way doesn't mean he should not find out about my way. your way is documented AD NAUSEAM, so why not assume he already knows everything you're going to tell him - if not just say RTFM. it's the same thing., as for me, i'm givin him perls.

Quote:

Why? Depending on how you develop your application the OS might be completely transparent.

i said to INVESTIGATE it. why? because it's a very popular choice. he should investigate it. WHY are you telling him not to? are you a believer in closed minded behaviour?

Quote:

Again, why?

becauise it's rubbish and i see about 500 php hackers in action EVERY DAY. i see 1 perl hacker every 5 months. that's WHY.

Quote:

There are tons of sites you wouldn't even know are built with wordpress unless you went digging around in the source code. I'm guessing the same is true of Joomla, but I don't personally use it. Facebook, twitter and youtube aren't CMSs. If you're referring to services like facebook connect, then not letting users know you're using it kind of defeats the purpose.

access logs, data integrity, not being a slave to corporations
if you want to be mr big you do not work for other people
just because YOU do not ever want to be big does not mean
that is what the lad here wants to be taught or should be told
are his options. he has the ambition to be big, something i fear
not everyone present could DREAM of having, but the dream is itself
ambition. anyway, peas are nice. ask john major.

Quote:

I'm not seeing the connection here. Someone could easily spend years reinventing the wheel (in C++ on a linux server without a relational DB for reasons that aren't clear). Your end product isn't going to be inherently better and there is a decent chance that someone will write a plugin for a general purpose CMS in the span of a week that does the same thing as your custom CMS. How does this equate to making lots of money?

stop saying "reinvent the wheel" - it's a meaningless cliche. lots of money comes from doing things well. working hard at being a skilled developer doing tonnes of stuff until he's amazing will make him rich. knowing how to build anything brilliant overnight, combined with other (unrevealed) skills, makes you REALLY RICH, so i can pay my friends 10k each for just job 1 for my corporation. ie developers. who are underpaid, god dammit, and now it's OUR time. but anyway. i continue with the fun job of debugging your post...

Quote:

There is nothing wrong with creating a custom solution from scratch. Just don't expect someone to pay you to do it unless you have a specific problem that a general purpose CMS doesn't handle well.

when did i say someone should pay you, me or the dog to do it? i did not because i don't believe they should what i believe is that someone who does it my way gets VERY good at development and your way you get very good at quoting manuals

in fact if you read my code, i said clearly that i think a cms is worth 5cents. that if someone paid him for it they should not pay him more than 5 cents, EVER, to use the cms. so you hgot me sooo wrong. better debug your ideas about me!


but no hard feelings. sorry i didn't answer question 1. sensitive information. maybe over a coffee.

hope my code runs on your machine now, NP

Quote:

Originally Posted by Aunt5ally

I build bespoke databases to handle millions of queries simultaneously out of the tools god gave me, ie an OS, languages and my brain. i do it so that i leave NO part of the scaleability in the hands of the world's hierarchies which insists that to have giant scalability with mainstream tools you pay for the expensive crap. i build data structures which do wild things.

To be honest I'm having trouble discerning your meaning. Are you saying that you built a DBMS from scratch because you don't trust the "mainstream" ones? What kind of data structures are you talking about and what sort of "wild things".

Quote:

Originally Posted by Aunt5ally

i said to INVESTIGATE it. why? because it's a very popular choice. he should investigate it. WHY are you telling him not to? are you a believer in closed minded behaviour?

I'm not telling him not to. I happen to use a linux server myself. If you're going to give someone advice you should qualify it with an explanation. I constantly see people shouting that linux servers are better or more secure than windows, but I never see anything empirical backing it up. I'm not convinced that a site on a windows server is automatically worse off than a site on a linux server.

Quote:

Originally Posted by Aunt5ally

becauise it's rubbish and i see about 500 php hackers in action EVERY DAY. i see 1 perl hacker every 5 months. that's WHY.

This has nothing to do with PHP. You could create an insecure application in perl just as easily as you could in PHP. The reason you see so many more vulnerabilities in PHP apps is because there are a lot more of them. PHP also tends to attract a lot of beginners.

You can write bad code in any language.

Wild things like the same kind of search power as things like Google. Phenomenal pattern matching capability and amazing speed. I'll have to just show it to you some time, maybe you'd have good ideas about new ways to develop it. I first built it many years ago but recently began reimplementing it in numerous new contexts and have been adding many many new levels of sophistication to it. I strongly believe that the search engines I am in the process of creating right now will prove just as precise as Google, although they do not clash with google in terms of market. These search tools I am building are for niches, although a niche can be a market of 200M people, naturally.

PHP is a language which makes it easy to leave security holes and most people DO leave them. You can write off the danger and blame those developers but if it was MY team I'd tell them to watch their back and try to use tools which keep them safer. Besides, php gives you zero grounding for commandline and server admin skills, and anyone who wants to go around building cms systems ought to take THAT road, NOT the road of downloading what the manuals tell him. Anyway, php has its uses, I don't deny that, but it should be used about 5% the amount it is used and CGI, above all with C++, ought to be the predominant language, if we care about our overall professionalism as a commercial society, imo. Still, clearly we are going to have to agree (or not) to differ on our opinions of the "hypertext preprocessor" system which, imo, breaks the law of not preprocessing data on the wrong side of the security wall.

Anyway, here's the obvious point - I watch hackers try and break into php on servers round the clock and what they seek is the names of KNOWN, LEGITIMATE, GENERIC php scripts rolled out to the masses. They seek the names of tonnes of these things. Why? Because they have lists of their vulnerabilities. So if so much mainstream php is full of danger, how can what you say be a good way to protect our community of developers from the crackers and the foreign militaries? Most commercial websites our way are now targets and if people use easy tools to make themselves comfortable they will find the discomfort of being hacked even HARDER to cope with. At least those who learn hard languages can face those troubles with a little more confidence. Hacking is surging these days. It is more and more important to know how weak php is, above all if you use it. But that's just my opinion, man.

Relevantly, I have just now almost finished a 'crawl' generating 2.7 million lexical patterns out of a collection of 4000 phrases, this enables me to set up a very precise pattern matching system for those 4000 phrases, which are descriptions of certain items being looked up.

I can't see how I would know how to do any of this, either the languages or the structural development, if I was using things like php and sql all my life.

The next phase of what I'm doing is so much fun. It's taken 3 weeks to crawl that data, it is a very very precise crawl which involves a lot of computation for every single result. It could not be run as a normal script, it had to be written to be able to run in tiny little increments, so that it can be scheduled to run across the day for as many weeks as it took.

The processing work a lot of people force onto sql and onto a search's live activity is best done in advance using the backend of servers. If you steer clear of knowing how to make that sort of stuff you'll always be under the thumb of those who know how - eg Google knows how, clearly. I'm ready to believe Google does not use much php. Does it use ANY? I'm open to believing they may use it sometimes. Presumably less than 1 to 5% of the time.

Even the "experts" get it wrong from time to time, I've recently been involved in tracking down two "phishing" attacks and code injection attacks aimed at a well known payment gateway (not paypal).
One site was hosted by us which is how we found the problem, the other was a fairly well known UK retailer.

There was/is a flaw in the code that allows attackers to inject a function into a file that handles the credit card details which, under certain conditions it allows the CC details to sent to a remote site via a CURL request. If the conditions were not met an email suggesting a card payment error had occured and required "validating" at an exact replica of the two websites payment pages had been built on .co.cc and .co.cz hosts.
These were shutdown with hours of it being reported and we've sent our findings to the gateway provider.

In both cases the site owners were under the impression that SSL "secured" the server from such things, they were a bit gobsmacked when I explained that only the communication is encrypted not the actual data once it was received and decrypted on the server.