| Author |
Message |
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
 Posted:
Fri Mar 26, 2004 2:04 pm |
|
I have been rethinking my total approach to my Nirvana. Let me toss another thought out here. My Nirvana was to develop an entire framework that you could basically plug Nuke into or many other 'models'. With the recent plethora of exploits I am thinking smaller for the time being but still keeping the larger scope in mind. I am proposing that we slice-n-dice the critical areas of phpnuke and fix them (great revelation, huh?). What I mean is we take security as a 'slice'. Now, we develop a security plug-in (yes, I love that phrase!). Nuke code writers could choose to plug in to this layer or not. Whereby this does not interrupt the sad state that nuke now has. What this layer would do is that it will more properly handle security issues and then pass back only cleansed information/messages to the calling module/block. The beauty in this approach? It will be written in such a way that it is still independent of nuke so I can still use it in PHP-Portal (Nirvana). We can do the same with Database, Authentication (ldap anyone?), etc. |
| |
|
|
|
sixonetonoffun
Spouse Contemplates Divorce
Joined: Jan 02, 2003
Posts: 2496
|
| Posted:
Fri Mar 26, 2004 8:44 pm |
|
That should make the masses breathe a little easier.
But I'm still protesting PHPNuke by not using it wink*
Can't wait to see more. |
| |
|
|
|
|
webdev1
New Member
Joined: Feb 17, 2004
Posts: 4
|
| Posted:
Sun Mar 28, 2004 12:21 am |
|
I have to say I completely agree with all of your concerns. I had several PHP-Nuke sites (Raven, thanks for the KISSQ, its great). But I'm now changing them all to CPG-Nuke, the security and speed improvements were just to much to overlook.
I understand there are others, Raven, NC, NSN, etc, but I must say I think CPG-Nuke is on the right path in the major rewrite of the core PHP-Nuke files that DJMaze and team have done. CPG-Nuke is now working with the Dreamlite Team who have created a OSCNukeLite Module for CPG-Nuke, you can see a demo at cpgnuke.com.
I would appreciate some feedback if this is not a path we should all join and build one great Nuke successor, I believe with CPG-Nuke daily security updates are a thing of the past. Also, they are kicking around ideas for a name change on the cpgnuke.com forums, so if forces were joined you could put in your name ideas. (Raven I followed your link here from nukecops.com, so I reposted here as well as this is an important thread). |
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
karakas
Hangin' Around
Joined: Feb 20, 2004
Posts: 29
|
| Posted:
Sun Mar 28, 2004 5:15 am |
|
Where can I read more on the security model of CPG-Nuke? |
| |
|
|
|
webdev1
|
| Posted:
Sun Mar 28, 2004 9:33 am |
|
|
|
|
|
Raven
|
| Posted:
Sun Mar 28, 2004 9:54 am |
|
Thanks for the info but I'd like to move a CPG discussion to a thread of its own. So if you would please do an edit, copy, and paste to a separate thread, I will then delete this one or you can edit this post and just put a link to the new thread. Also, I have read the security link and unfortunately there are some flaws and misassumptions in this coding. This is not an attack but he has made misassumptions similar to how php functions as I have pointed out in other posts of his. That's not to say that his methods may not work, but there are better and more secure ways to do some of those things. Thanks.
Discussion for CPG-Nuke moved here:
http://www.ravenphpscripts.com/postt1243.html |
| |
|
|
|
|
webdev1
|
| Posted:
Fri Apr 02, 2004 8:17 pm |
|
| karakas wrote: | | Where can I read more on the security model of CPG-Nuke? |
Hi Karakas,
This is not realy a security issue but, the CPG-Nuke Team finaly did something no-one has done before with any Nuke version. A descriptive and good documentation to understand and use the internal functions of CPG-Nuke/PHP-Nuke.
It fully explains what the functions in the selected file do, and a explanation of all variables that can be passed to that function. The help docs are mostly generated for CPG-Nuke but it will explain a lot about PHP-Nuke as well.
This will help all module and add-ons developers how to use the CMS's so they know where security problems could occur.
http://www.cpgnuke.com/index.php?name=Source_Docs |
| |
|
|
|
|
demianturner
New Member
Joined: Apr 06, 2004
Posts: 2
|
| Posted:
Tue Apr 06, 2004 3:24 am |
|
| Raven wrote: | I never cease to be amazed at timing! Somebody already stole my vision http://seagull.phpkitchen.com  Not really. They've been at it alot longer. I never even knew it existed. It just reaffirms my committment to my vision. |
hi raven - just to confirm i've never seen your site, heard of MCP, or stolen anything. Seagull has been in development for around 2 years, and has nothing to do with nuke or other procedural projects. we use MVC, as do thousands of other projects, and the project's only really distinctive feature is the validate/process/display workflow used.
good luck with your project 
cheers
demian |
| |
|
|
|
|
Raven
|
| Posted:
Tue Apr 06, 2004 5:28 am |
|
Thanks demian. As I said, you guys had been at it for a lot longer and it was just a tongue-in-cheek comment about 'stealing'. Hope you understood that . How did you happen to stop by? |
| |
|
|
|
|
demianturner
|
| Posted:
Tue Apr 06, 2004 5:46 am |
|
sure i understood ... the magic of referers  |
| |
|
|
|
|
Raven
|
| Posted:
Wed Apr 07, 2004 10:41 am |
|
Since this thread has pretty much run its course, I have decided to lock it down. Feel free to open up another one if needed. The project is still alive and being worked. I am looking at many things that many of you have pointed out, suggested, etc. To that end, I have placed a pdf document for you to download, if you desire, that is this entire thread. I needed this to be able to easily review the thread to extract the requirements that were discussed here. Here is the link to the pdf http://www.ravenphpscripts.com/public/RavenFork.pdf |
| |
|
|
|
|
Raven
|
| Posted:
Thu Apr 08, 2004 7:48 am |
|
One other important note. I had identified a Lead Team, if you will, that is to work with me on the concept and design. I am trying to lock down that they are still interested. Obviously, their reply will weigh in heavily. But, I wanted you all to know where this is. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 19, 2004 12:11 am |
|
I am back to the sole Lead Team member. I still beleive in this but have been very focused on other things up to now - my dad's health, Sentinel, my job status. The only one that has settled down is Sentinel as we are preparing for the v2.0 release .
Anyway, I have unlocked this thread to see where everyone else's head is at. Are we still as empassioned as before? Is it still needed? Or is it basically one man's dream? Or, do we reshape the vision, scale it back?  |
| |
|
|
|
|
paranor
Worker
Joined: Aug 28, 2003
Posts: 227
|
| Posted:
Mon Jul 19, 2004 10:27 am |
|
I switched to Mambo. |
| |
|
|
|
|
Raven
|
| Posted:
Mon Jul 19, 2004 10:29 am |
|
| paranor wrote: | | I switched to Mambo. |
 |
| |
|
|
|
|
sixonetonoffun
|
| Posted:
Mon Jul 19, 2004 11:59 am |
|
I think people would rather get the most from whats available. If that means a custom distribution for the time being so be it. If all the keys fall into place for something more so much the better! |
| |
|
|
|
|
Muffin
Client
Joined: Apr 10, 2004
Posts: 649
Location: UK
|
| Posted:
Wed Aug 04, 2004 7:14 am |
|
Raven, I'd like you to write a new program from scratch, all you and your great team on here together I mean.
Forget Nuke, make the new program similar but 'your's'.
Capable of allowing Nuke plugins if you will, or any other similar program.
You and the others on here are far too talented to waste your time trying to make a silk purse out of a pigs ear, but somehow you succeed doing it with Nuke.
Maybe a base script for a functioning site, ie; security, database, etc, but with lots of plugins of it's own and the capability of allowing third party plugins like the existing Nuke ones.
As for message forums, I prefer Invision to phpBB, so maybe allowing for more varied forums to be used.
I wish I was more techy to contribute more to this, but maybe my ideas might help (or not lol) as a layman end user. |
_________________
Classic Mini rules the bends & bends the rules!
[img] |
|
|
|
|
CodyG
Life Cycles Becoming CPU Cycles
Joined: Jan 02, 2003
Posts: 714
Location: Vancouver Island
|
| Posted:
Wed Aug 04, 2004 8:43 am |
|
I agree. I want plug-in heaven too. Anyone ever hear of doors?
I've been nuking for a couple of years now and I'm always dreaming up the next thing nuke needs. Because there is no such thing as nuke heaven, I've looked at other CMS too. But here I am, still finessing nuke. Would I love to see nuke evolve? Of course I would!
Has it evolved recently? Yes, due to the leadership and wisdom of *them*, you know who you are, and more remarkably *despite* the collapse of FB into scripting silliness and out of control ego.
Sentinel is a manifestation of survival, don't you think? It's adaptation to kiddie planet, and whatever is out there who play nasty.
If you really wanted to get pessimistic then you could assume that FB's f-ups and the NC afters were a big enough blow to kill off the entire community, scattering nukers to the winds of forks, wannabees, newideas, and a hundred other major egos.
I prefer to be more positive. Having faith in the fact that a new nuker is born every minute and that Raven is exactly right : without a plan the future is only dreamware. Plans are all good. The only hard part is getting to the best plan.
As for the future of a groovy nuke fork ... "If the keys fall into place ..." How do you know them until you have a plan to build the house? |
_________________
"We want to see if life is ubiquitous." D.Goldin |
|
|
|
|
tag
Regular
Joined: Dec 18, 2003
Posts: 53
Location: Worldwide
|
| Posted:
Tue Aug 10, 2004 7:05 pm |
|
strange...
A friend of mine is building a new website... said he wanted a site Like phpnuke but NOT phnuke or the others.... even knowing I run a support site for phpnuke, I'm hardly a programer but I started on it and a few got excited when they seen it - even tho there is notmuch there.
But I already get the idea that people are going off on their own.. I see NS this NSN that, I see xoops and postnuke, and some others i see GZ.... ohhhhhhhh....
But there was never a final answer on this forum to what YOU Raven are going to do - even tho you may be doing it already, nor have I actually seen any of the long term sites like you guys phpnuke-uk.com or others say nothing about supporting a different one or not,
When I was 12 I downloaded phpnuke my first version was 5.6 i think. Im 14 now. Francisco Burzi - even tho I am sure he is not pro american, gave me the chance do make something and design stuff as a 12 year old would. because of that i got many web sites now, all of them different all of them .com .org or .net i never had a subdomain... but what I am getting at - is that all this sounds coolio....
better security
more customization
but how about ease of use for the little kid --- or even old man that just start how about the fact that i can build themes for anything if i no the calls... but what about them?
One the things that bug me so much is taht all of us want a little something to pay for our sites... but now people chargeing for poop CMS, they charging for themes - Im not saying that is right... I guess Im saying that maybe it shouldnt have happen. I always wanted a theme generator easy to use for everyone - put title pic/# here put block pic/# here etc and a few other things like that.
I just now started getting into php --- but what about the webmaster, that kid or old man that just want to ahve fun - or make money...
And why on earth hasnt anyone made a commitmet to this so far... and if they have where are their names and homepages supporting such stuff?
Raven I follow you and mikey and Telli a long time, I followed Zhen and I followed Chatserv I was fine with the community until protector came out and ban me for using quotes in a search.... It dont matter what portal I use, it does matter if those guys that makeing support the community or themselves.
I am interested yes
But I want to know who gonna support it
the theme sellers?
the block sellers?
The module sellers?
or the people that care about other people
thats why we all need to see names
This is the first post since march
thats enough time with a crew to build anything |
| |
|
|
|
|
Raven
|
| Posted:
Tue Aug 10, 2004 7:13 pm |
|
There is no 'crew' - that's the MAIN problem. I do not have the time to do the design and code alone. There are many who have talents in the support areas, but not in the initial foundational design and code. What I write, I support. You see Chat and Bob and Six and many others here also. That's why it's still - nowhere. I have done some preliminary things, but the person who was going to help me had other things that came up and we felt that this just wasn't the best time to delve into this. Sorry if this has dissappointed people. It's not dead; I think about it all the time. It's just no longer a priority. |
| |
|
|
|
|
tag
|
| Posted:
Tue Aug 10, 2004 9:15 pm |
|
That leaves me with a choice to start on my own and ask for help or join someone else... so if anyone interested in having me on their development team let me know
Im good with database stuff
and above average with themes and graphics
and excellent at html
and ok with php
and good with RDS RSS
I got to know your site, how you treat people and stuff like that
and what you plans are and what you see in the cms future
cause its gonna be awesome
Tag |
| |
|
|
|
|
rainy
New Member
Joined: Aug 25, 2004
Posts: 17
|
| Posted:
Sat Aug 28, 2004 7:44 pm |
|
Wow.
LOOOOOOOOOOOOONG read.
I'm sorta new to this stuff. I'm a wanna be programmer type that loves to learn - even if I'm cussing the whole way lol.
I just wanted to add in my 2 cents (have we made it past a buck yet?) I guess for what it is worth.
I have like well, way too many sites. LOL. There are things I really enjoy about nuke and mambo. One thing I agree with is that not enough attention has been put on security and the core.
I've wondered why someone didn't just start from the ground up and just rewrite the thing with an eye towards security since php as a language can be failry secure (I'm just an infant learning this stuff). Why it wasn't easier to do things like customize, add on, organize, etc. Workarounds are cool, better than nothign, but it floored me that I crawl my through through all these forums with you wonderful programmers and I rarely ever heard someone mention with any seeming seriousness that they might be willing to do such a thing.
I am excited at the thought of someone doing exactly that.
I agree function and retaining the core is of essence as well as designing it with security in mind. There have been SO many great points and thoughts brought up here - could one not simply address them all - or is that my little pipedream? lol.
As an artist and as someone that has around 25+ sites - I disagree about themes not being really important, they are - just not ranked in the same column but in a second column along the first - if that image makes any sense to anyone else but me lol.
Search engines picking up sites IS important too. Again I don't think this would be ranked in importance in the other two previous "columns" but rather alongside of them.
People NEED sites to look different - it's important to the owner, and to those that go there. It's branding, it's familiarity, it's standing out, its marketing.
People NEED sites that are secure and stable at the CORE.Whether they are learned enough to know this or not.
People NEED their sites to be found to grow and sometimes to exist.
People need to be able to more easily customize too, I agree. I am giddy at some of what Raven has proposed so far - I WANT TO HELP!! But I doubt I have anything really I could offer - I'd be happy to back this is any way I could though. I am good at QA, I have the uncanny ability to go into betas and break em if they CAN be broken lol. Which helps me learn to fix them and by doing so, start to understand how it works and functions - it's sorta how I learn, I sit down and tear it apart and then put it back together.
I only learned as much as I know about nuke because I first found a very very very badly corrupted download. I didn't know enough to be intimidated, so I spent 3 months tearing the thing apart and fixing it piece by piece, learning as I went. Eventually I just got a working version lol, but what I learned by fixing has helped me a lot.
It has fired me to learn more. But I'm a baby next to you guys. But I can maybe be a sort of a bridge between the programming gurus, and the flat out newbie to everything.
As for themes, mtechnik seems to be hands down one of the absolute BEST (yeah I'm totally biased - he's one of the only guys I'd actually PAY for a theme I'd usually just hammer out my own) - maybe talking to him about seeing if he'd be interested in considering the themes part would be a good idea? I'm sure he'd have a lot of value and things to bring to the table.
I'd pay for this fork, portal, or whatever you choose to designate it as. I like people being able to code addons.
I think some of the most used add-on mods tend to be calendars, instant messaging abilities, chat rooms (flashchat seems to be one the best I've found so far), top lists, rotating banners, galleries, donation blocks, off the top of my head - I know there are others. And I hate the fact that the forums search and the other searches on nuke seem to not really work all that well.
Keeping those kinds of add-ons in mind I think would be a good thing. Or adding them in. I'd would TOTALLY pay for a version that had all that stuff added in, and I know I'm not alone by any means out there - it's needed, it's wanted, we are all just waiting for those to code it, or trying to learn to code so we can maybe code it so we could have it.
I think if you take what everyone loves about nuke and then address what everyone HATES about nuke, you would guarantee that people would LOVE it and would support it.
I know I don't remotely have to offer what most of the other posters here have to offer, and that my focuses might not be on the same level as you guru type coders, but I am learning, and I think I do offer some insight into what the beginning and intermediate web owners are looking for and hoping to find.
That's my two cents anyway.
And Chat? You are so not lame, your answers on the various forums you pop onto have helped me learn and fix so many d*** things - you have helped me and countless others immeasurably. Actually I see a LOT of names that have helped a LOT of people over the years. SO just because one never hears this as much as they *should* ...
THANK YOU!
You all ROCK. Honestly you do. |
| |
|
|
|
|
Raven
|
| Posted:
Sat Aug 28, 2004 8:32 pm |
|
Thanks rainy. I will definitely keep you in mind should I ever find time to do this and do it right. |
| |
|
|
|
|
rainy
|
| Posted:
Wed Sep 01, 2004 9:53 pm |
|
Well Im still learning, and I have SOOOOOO far to go before I'm remotely having a real clue lol.
But I would love to see more security - and I'd love to help in whatever small way a little wannbe geekazoid like me could help. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Wed Sep 22, 2004 8:15 am |
|
Raven, I didn't know this thread existed when I posted my "Dream" comments to another forum. I am pasting that post into this thread here - hope you do not mind - I also have a lot more thoughts on what a good CMS tool should do (what? requirements?  - ). I hope you will not mind me providing a few of them as I think of them. My problem is that I am always running into new ideas...  so I don't ever get them organized enough to just make one post.
Here is my orignal post:
~~~~~~~~~~~~~~~~~~~
A CMS tool that actually is designed with also the Site Admin in mind in terms of user / account / group / permission management in mind. I am trying to wade through the various "hacks" out there for giving the Admin control over who gets access to what and nothing I find is truelly geared for true management of these things.
I would think that a well-designed cms/portal system would have these administrative functions around permission management:
- Management of User Groups (new, change, delete)
- Management of User activation (either manual or automatic)
- Management of Users to User Groups (should be allowed to have multiple groups assigned to a user, should be admin assigned unless automatic activation is desired). *** This is the piece that I cannot find anywhere along with multiple user group permissions on modules / blocks / etc. (I think only Forums has it somewhat).
- Management of User Groups to Permissions for ALL modules and blocks, including Forums (i.e, basically every function and feature should be User Group aware.
- The Union of a user's User Groups determines permissions on each of these (i.e., a user could be a member of multiple groups and the show/hide of modules/blocks and other functions should look at the entire union of groups to determine function.
- User login and new user creation should be SSL enabled (preferences switch would be nice). The login block should also have a "security policy" and/or "privacy policy" links/text.
I am sure that I can come up with more details behind every one of these. I am so frustrated in my search of phpNuke "hacks" to do these things and am coming up way short. I am not looking to have a self-running, somewhat anarchist type web site: I want a nice family / friend Portal that will allow users to participate in the site's content and fun, but not have the site run "amuck" with unwanted visitors. I was hoping that phpNuke would be able to serve that "bill". I guess if I had only ONE type of user, I could probably make due with just the Account Activation hack, but was hoping to do more with the site.
I may have to learn PHP, mySQL and more about phpNuke and re-write it myself... Is there something out there that would fit this "bill"?
montego
~~~~~~~~~~~~~~~~~~~~~~
After thinking about some of the previous posts, if the security model is properly objectized and that almost every object is "aware" of that model, it could be quite easy and very powerful to control the user experience throughout the entire Portal with a few "switches" and "user groups".
More to come....
I'd be glad to help out wherever I can. I have done alot of programming in my career, but never with PHP. I pick up new languages quickly and with some good code standards and a few templates, I can come up to speed rather quickly. My strengths, however, are around overall user experience design, analysis and design, data modelling and user documentation. If you feel any of this to be of use, count me in for 4 - 6 hours per week. I would also be willing to chip in some  each month (not much, but it would be consistent month-after-month).
Regards,
montego |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
