Jump to content
xisto Community
Albus Dumbledore

Script I Am Looking For Kind of like a content management system

Recommended Posts

thats kinda weird...um i think ill try see if im able to create files remotely onto my Xisto site and hopefully rule that out then take a look at the security on the files i wrote, if i have time that is, got coursework for tomorrow :) if not ill take a look tomorrow.

Share this post


Link to post
Share on other sites

AD, you should be able to restrict the access to the directory's files via the .htaccess for the sub-directory. Add an entry to the sub-directory which denies any html pages or set the index to php only. ???

Share this post


Link to post
Share on other sites

no it wasn't spyhackers, they are script kiddies that attack small things like uest books and other things that are easy to get to.the password was not easy, many people have tried hacking this password but no one has been able to :rolleyes: (I've asked them to :) hehe)

They created a brand new index.html page, and i am guessing that a .html page overides .php because both the index.html and index.php was there and the stuff in the index.php was in tact and they put all their HTML in the index.html page

As far as I know, the order that Apache searches for index files goes like this: 1. index.html, 2. index.php.
There is a directive you can place in the .htaccess file of the particular directory that will cause Apache to change the order to one you specify. Here is thee syntax:
DirectoryIndex index.html index.php
The example I provided will match the default ordering, but by either switching the order or changing the file names altogether, you can set it up to load the page of your choice.
Reference: http://httpd.apache.org/docs/1.3/mod/mod_dir.html
Edited by michaelper22 (see edit history)

Share this post


Link to post
Share on other sites

the htaccess seems like a good idea too but the problem is that HTML files are an annoyance but a PHP file can be fatal, all they need to do is write their own CMS script and use the file creator to put it on your site and they themselves a great backdoor into the system and can delete edit and create anything they like :) That would be a pain. Ill try to bypass the secrurity and see if its possible or not, lets hope not.**EDIT**I cant find a way around the security of the PHP so to me it seems fairly secure. You could try like you said before putting the editor scripts inside a folder of their own and protecting that folder with HTACCESS. Remember to change the directory in the script though.

Edited by shadowx (see edit history)

Share this post


Link to post
Share on other sites

sorry for joining so late, but how about having one template file and storing the middle contents in seperate files in a different folder - /data/, say, and include them with a $_GET variable. That way you can have menus and stuff on one page, and only have to edit one page when changing something, and you can edit the pages after you have made them - using readdir to create a menu.... if anybody wants, I could post something in a couple days. Not trying to steal your glory, shadowx, just trying to help ;P-e

Share this post


Link to post
Share on other sites

No worries, i think what youre thinking of is a bit like the script i use on my website like a modules page eg site.com/modules.php?page=something And it will look similar to the way if you used the script i wrote for AD except instead of creating static HTML pages saved to a folder it will create dynamic pages. Id be interested to see how your one works, if you make it, compared to my version of the dynamic page idea.

Share this post


Link to post
Share on other sites

koo...I have something like it on a site I have somewhere or other, but the code needs updating, so I'll post it here when I have something working...I'm embedding ajax into it at the moment, but I don't think I'll include that... it it extremely messy...

Edited by elrohir (see edit history)

Share this post


Link to post
Share on other sites

Well, here it is.I added it to a template from dreamweaver that I played with ages ago - before switching to linux... :/ It is a little delicate, but it works after a manner.The system uses a database in the structure of the table.sql dump file. Replace the username and password values with what you want, import it through phpmyadmin or whatever tool you use for databases and it will make the table users. Edit the file /file_editor/data/main_data/top_sec_enabled/functions.php and you're all set.

Edited by elrohir (see edit history)

Share this post


Link to post
Share on other sites

I'm kinda surprised that A_D hasn't asked for a DB driven CMS yet. It might make things a bit simpler to deal with, considering that it's not dealing with raw files. Just a thought.

Share this post


Link to post
Share on other sites

well, that thing uses databases, but I wouldn't call it database driven. The reson being that mysql is rather slow on my server, and I didn't want to cause visitors pain by using them too much...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.