Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
On 1/8/2014 10:02 AM, Kent Borg wrote: All a visitor has to do is add *?logged_in=1* to the end of the URL and they will have access. While this may seem obvious, it is an extremely common problem with PHP scripts. I think that kind of problem only occurs with GET variables, and it's why I avoid using them. Bill -- Bill Horne William Warren Consulting http://www.william-warren.com/ 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
On 01/08/2014 10:26 AM, Greg Rundlett (freephile) wrote: Since you're going with regular HTML, I'd recommend taking a look at the "HTML5 Boilerplate" setup. intro: http://www.sitepoint.com/introduction-html5-boilerplate/ home: http://html5boilerplate.com/ slides: http://www.slideshare.net/michaelenslow/intro-to-html5-boilerplate It's not a framework, but rather the basic elements to get professional results right away. Glancing at the intro, it looks very interesting. I might have to find the time to play with it, it looks like it is a light weight summary of how to use HTML 5 and CSS, etc., in a sensible way. Cool. -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
(Apologies, I saw this thread after the discussion about exporting and converting MediaWiki.) Since you're going with regular HTML, I'd recommend taking a look at the "HTML5 Boilerplate" setup. intro: http://www.sitepoint.com/introduction-html5-boilerplate/ home: http://html5boilerplate.com/ slides: http://www.slideshare.net/michaelenslow/intro-to-html5-boilerplate It's not a framework, but rather the basic elements to get professional results right away. ~ Greg Greg Rundlett On Tue, Jan 7, 2014 at 6:46 PM, Bill Horne wrote: > On 1/6/2014 11:30 PM, Bill Horne wrote: > >> Thanks for reading this. >> >> I'm a member of the Big-8 Board, which decides what Usenet groups are >> created and deleted. We have both technical and non-technical members, and >> we've been using MediaWiki for the board's website (http://www.big-8.org/) >> until now, but we have to move the site to a new server which doesn't offer >> it. >> > > Thanks to all for your help: I've just gotten off the phone, and the > decision has been made to go in a different direction. We have a volunteer > who wants to learn "native" HTML, and so we'll be setting up a "static" > site without a CMS. > > I appreciate your time and advice. > > Bill > > -- > Bill Horne > William Warren Consulting http://www.william-warren.com/ > 339-364-8487 > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
On 01/08/2014 12:35 AM, Eric Chadbourne wrote:
What do you mean by variables being public to the internet? Nobody
can directly access them from what I understand. Sanitize in and out
you should be fine no?
I don't remember the details, and I only just glanced at php, a long
time ago.
Googling about a bit I think it might have been something like the
problem described here
http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/
Securing your variables
In most versions of PHP, you can access the value of a variable before
it is initialized. Consider this simple example:
if ($password == $the_password) {
$logged_in = 1;
}
if ($logged_in == 1) {
// secure stuff
}
All a visitor has to do is add *?logged_in=1* to the end of the URL
and they will have access. While this may seem obvious, it is an
extremely common problem with PHP scripts.
The best way to prevent this is to always make sure variables are
declared before they are used. For this example, you can just add the
following line at the top of the file:
$logged_in = 0;
Now the variable cannot be reset by a user since it is being declared
before use.
In other words, the easiest way to use a variable in php is to just
start using it, no declaration required, and as far as php is concerned,
whether you initialize it is up to you. But from a security perspective
the two cases are very different.
This might have changed since then, too.
I might have had other gripes, but it is possible I saw this and said:
what a dangerous language and moved on.
-kb
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
j...@trillian.mit.edu wrote: > I had a similar case recently. I've helped a few nonprofits build web > sites, and several have started off looking into Drupal, Joomla, etc. > After a month or so of this, with nothing working, I've combined a > few scripts that I've collected or written anew with a few of their > designs for the pages they want, and in a week or two they were > happey with the results. > > ...they've looked at HTML manuals, and run terrified from the > incomprehensible technical gobbledy-gook that they saw. HTML is this > horrible stuff that mere mortals don't stand a chance of > understanding, right? > > Then I show them the effect of wrapping them in a simple > ...wrapper, and adding tags between paragraphs. It's funny that back in the days before CMSs we accomplished the two most important features they offer - separating the appearance of a site from the content, and making it user friendly to add/edit content - with some primitive tools that seem to have disappeared. The first objective was accomplished with frames. And then later when frames were shunned, with (Apache) server includes[1]. Server includes didn't gain much traction, as they were quickly eclipsed by PHP, Cold Fusion, ASP, Mason, and other templating languages, that offered much more functionality, but usually at the expense of requiring a programmer or "web designer." The other objective was accomplished with GUI HTML editors. For a while there, there were actually some decent competitors to Microsoft Front Page, including a few open source tools[2]. As developers we hated most of these (mostly Front Page) for the ugly HTML they generated, because sooner or later we'd be faced with making modification to the HTML outside the tool. These days the ugliness is still there, being generated by most CMSs, we just don't have occasion to look at it. The CMSs seem to have killed off the market for HTML editors, but it looks like the successor to the Mozilla Composer is still being updated[3]. I don't think there is any significant benefit to having content producers learn HTML, if they can find a suitable HTML editor. I imagine today with the help of CSS and something like server side includes, you could create a pretty functional poor man's CMS, where your non-technical content producer creates a new page by doing something like: 1. create a new directory named after the content title. 2. copy some boilerplate files to the directory, which might include an index.html with the server include directives, and an empty context.html file. (Steps 1 and 2 could be implemented with a shell script.) 3. load the content.html file into their GUI HTML editor and add content. The content then doesn't need to have any presentation markup. Headers, footers, and navigation all come from the server includes, and can be updated site-wide by editing in one place. Content styling comes from the site-wide CSS included by the boilerplate index.html. The user only has to concern themselves with the simple structural markup in content.html. -Tom 1. http://httpd.apache.org/docs/2.2/howto/ssi.html 2. http://en.wikipedia.org/wiki/Nvu 3. http://bluegriffon.org/pages/Download -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
Hi Kent, What do you mean by variables being public to the internet? Nobody can directly access them from what I understand. Sanitize in and out you should be fine no? Thanks. On Tue, Jan 7, 2014 at 6:55 PM, Kent Borg wrote: > On 01/07/2014 06:46 PM, Bill Horne wrote: >> >> Thanks to all for your help: I've just gotten off the phone, and the >> decision has been made to go in a different direction. We have a volunteer >> who wants to learn "native" HTML, and so we'll be setting up a "static" site >> without a CMS. > > > More secure than using fancier stuff. > > I know when I once learned a little about php I was shocked to learn that by > just following ones nose tons of dangerous things could happen. I forget, > but I think all variables default to being public to the internet unless the > programmer remembers mark them otherwise. Or something scary like that. > > -kb > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss -- Eric Chadbourne 617.249.3377 http://theMnemeProject.org/ http://WebnerSolutions.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
That sounds like a great idea. HTML won't get you hacked. Less work on your end. On Tue, Jan 7, 2014 at 6:46 PM, Bill Horne wrote: > On 1/6/2014 11:30 PM, Bill Horne wrote: >> >> Thanks for reading this. >> >> I'm a member of the Big-8 Board, which decides what Usenet groups are >> created and deleted. We have both technical and non-technical members, and >> we've been using MediaWiki for the board's website (http://www.big-8.org/) >> until now, but we have to move the site to a new server which doesn't offer >> it. > > > Thanks to all for your help: I've just gotten off the phone, and the > decision has been made to go in a different direction. We have a volunteer > who wants to learn "native" HTML, and so we'll be setting up a "static" site > without a CMS. > > I appreciate your time and advice. > > Bill > > -- > Bill Horne > William Warren Consulting http://www.william-warren.com/ > 339-364-8487 > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss -- Eric Chadbourne 617.249.3377 http://theMnemeProject.org/ http://WebnerSolutions.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
Bill Horne wrote: | On 1/6/2014 11:30 PM, Bill Horne wrote: | > Thanks for reading this. | > | > I'm a member of the Big-8 Board, which decides what Usenet groups are | > created and deleted. We have both technical and non-technical | > members, and we've been using MediaWiki for the board's website | > (http://www.big-8.org/) until now, but we have to move the site to a | > new server which doesn't offer it. | | Thanks to all for your help: I've just gotten off the phone, and the | decision has been made to go in a different direction. We have a | volunteer who wants to learn "native" HTML, and so we'll be setting up a | "static" site without a CMS. | | I appreciate your time and advice. | Bill Heh. For some reason, I'm reminded of that classic cartoon showing all the ways that various "experts" designed and built their interpretation of what the customer wanted, which was a tire hanging on a rope from a tree branch. I had a similar case recently. I've helped a few nonprofits build web sites, and several have started off looking into Drupal, Joomla, etc. After a month or so of this, with nothing working, I've combined a few scripts that I've collected or written anew with a few of their designs for the pages they want, and in a week or two they were happey with the results. But the fun part is after that, when we were discussing what they really need, and why my stuff was still too complex. Finally, I've persuaded a few of the orgs' members to try my idea that they learn a bit of HTML. Of course, they've looked at HTML manuals, and run terrified from the incomprehensible technical gobbledy-gook that they saw. HTML is this horrible stuff that mere mortals don't stand a chance of understanding, right? But I persuaded them to try a few experiments. I start them with a few plain-text docs that look like the pages they want, and show them that these "work" when put on the web, but cause problems on various screens. Smart phones are nice for this demo. Then I show them the effect of wrapping them in a simple ... wrapper, and adding tags between paragraphs. "Hey, that's really simple; why didn't anyone tell us that?" Then I show them a few more tags, , , and then the all-important tags. And they're off and running, building some of the pages they want. I keep emphasizing that they should just learn it "one tag at a time". The result has been that the orgs' web sites are now run by a few of their members that have learned just enough HTML to do the job. I have to teach them a bit about debugging a page, of course. And some of them have even started to learn basic CSS. Their sites are often rather impressive to interested visitors. I attribute this to the fact that they're mainly concerned with getting their information online, and view HTML as a tool to make it readable on visitors' screens, whatever size they might be. This won't work for every org, of course. Some of them actually need wordpress or drupal or whatever. But a fundamental problem is that people often don't know what they need, and are prone to being taken in by people who want to sell them the ultimate solution to all the world's Web problems. So maybe what we need is a reliable way to determine when static pages with simple markup are sufficient, and when we need a high-powered Solution to complex marketing problems. But I don't know how to translate people's amorphous desires into requirement specs. I suspect nobody does. -- -- _' O <:#/> John Chambers + /#\ | | ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
On 01/07/2014 06:46 PM, Bill Horne wrote: Thanks to all for your help: I've just gotten off the phone, and the decision has been made to go in a different direction. We have a volunteer who wants to learn "native" HTML, and so we'll be setting up a "static" site without a CMS. More secure than using fancier stuff. I know when I once learned a little about php I was shocked to learn that by just following ones nose tons of dangerous things could happen. I forget, but I think all variables default to being public to the internet unless the programmer remembers mark them otherwise. Or something scary like that. -kb ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress? (Solved)
On 1/6/2014 11:30 PM, Bill Horne wrote: Thanks for reading this. I'm a member of the Big-8 Board, which decides what Usenet groups are created and deleted. We have both technical and non-technical members, and we've been using MediaWiki for the board's website (http://www.big-8.org/) until now, but we have to move the site to a new server which doesn't offer it. Thanks to all for your help: I've just gotten off the phone, and the decision has been made to go in a different direction. We have a volunteer who wants to learn "native" HTML, and so we'll be setting up a "static" site without a CMS. I appreciate your time and advice. Bill -- Bill Horne William Warren Consulting http://www.william-warren.com/ 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
Bill Horne wrote: > ...we've been using MediaWiki for the board's website > ...but we have to move the site to a new > server which doesn't offer it. > > So, the question is "What's the best compromise between ease-of-use, > learning curve, and maintainability if we have to choose between > Joomla, Drupal, or WordPress"? I can't answer the latter question, as I have limited experience with maintainability for Joomla and WordPress. (Though I hear that although WordPress is less capable, the reason for its rise in popularity is the easier use and maintainability.) I will, however, in the tradition of answering the question you didn't ask, suggest the idea of using Wikispaces, as we do for BLU (and boston.pm.org). It's free or cheap, hosted, so no maintenance, still a wiki, so a model familiar to your users, and in my opinion has a better UI and markup language than Mediawiki. (Though in some ways is less powerful.) A CMS tends to be a better bet if your priority is site design (appearance), while a wiki is better if you are more concerned with doing collaborative document editing. It should be possible to write a markup converter to go from Mediawiki to Wikispaces. One may even already exist. As a plan B, you can highlight formatted text in your Mediawiki site and paste it into the Wikispaces' rich text editor, preserving the formating. (You'll still need to fix up the internal links.) -Tom -- Tom Metro The Perl Shop, Newton, MA, USA "Predictable On-demand Perl Consulting." http://www.theperlshop.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
On 1/7/2014 12:24 PM, Daniel Barrett wrote: On January 6, 2014, Bill Horne wrote: ...we've been using MediaWiki for the board's website (http://www.big-8.org/) until now, but we have to move the site to a new server which doesn't offer it. So, the question is "What's the best compromise between ease-of-use, learning curve, and maintainability if we have to choose between Joomla, Drupal, or WordPress"? Have you considered not switching platforms? I would think the cost of moving all your mediawiki content to a new platform and retraining all your users would far exceed the price of a managed VPS on www.linode.com or www.hostdime.com, where you can install mediawiki yourself and keep doing what you're doing. You didn't say how many users you have, but I run mediawiki on a cheap shared VM at www.hostdime.com (about $5/month) just fine. Thanks for the suggestion: it's always important to ask "why change?", but that question was answered by my ISP's terms of service: the site has been stable for a while, but right now, it's sharing the 12GB of space on my virtual machine at prgmr.com, and I need to lighten up the disk load, so I'm jumping at the chance to find it a new home. The new site has 300 GB of space and unlimited bandwidth, so it's a keeper on that basis alone: it's already paid for, which is a big plus in a volunteer organization, and has professional support available should something happen which I or the other members can't fix. Alas, it offers the three options I mentioned, but /not/ Mediawiki. There are several utilities available to convert Mediawiki format to WordPress, so that's a possibility, or (although it would mean a lot of work) the board could set up a fixed HTML site and forego a CMS altogether. Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
FYI, I did a google search for LetoDMS, and I found another one called SeedDMS that states > SeedDMS is the continuation of LetoDMS because it has lost its main > developer. On Jan 7, 2014, at 1:03 PM, Richard Pieri wrote: > Daniel Barrett wrote: >> Have you considered not switching platforms? I would think the cost of >> moving all your mediawiki content to a new platform and retraining all >> your users would far exceed the price of a managed VPS on > > MediaWiki, and Wikis in general, have a spate of problems that make them not > terribly useful for document management. > > I've gotten some experience with a few actual document management systems > since the last time this came up. That's document management, not content > management. > > The first is called DocDB. I wouldn't wish this on anyone. It's awful, but > the scientific community loves it so that's what I'm running. > > I looked at a few others and my top choice is LetoDMS. It's easy to install > (aptitude install letodms), simple to configure, is agnostic to file types, > does versioning, doesn't use any unique or custom markup. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
Daniel Barrett wrote: Have you considered not switching platforms? I would think the cost of moving all your mediawiki content to a new platform and retraining all your users would far exceed the price of a managed VPS on MediaWiki, and Wikis in general, have a spate of problems that make them not terribly useful for document management. I've gotten some experience with a few actual document management systems since the last time this came up. That's document management, not content management. The first is called DocDB. I wouldn't wish this on anyone. It's awful, but the scientific community loves it so that's what I'm running. I looked at a few others and my top choice is LetoDMS. It's easy to install (aptitude install letodms), simple to configure, is agnostic to file types, does versioning, doesn't use any unique or custom markup. -- Rich P. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
On January 6, 2014, Bill Horne wrote: >...we've been using MediaWiki for the board's website >(http://www.big-8.org/) until now, but we have to move the site to a new >server which doesn't offer it. >So, the question is "What's the best compromise between ease-of-use, >learning curve, and maintainability if we have to choose between Joomla, >Drupal, or WordPress"? Have you considered not switching platforms? I would think the cost of moving all your mediawiki content to a new platform and retraining all your users would far exceed the price of a managed VPS on www.linode.com or www.hostdime.com, where you can install mediawiki yourself and keep doing what you're doing. You didn't say how many users you have, but I run mediawiki on a cheap shared VM at www.hostdime.com (about $5/month) just fine. -- Dan Barrett dbarr...@blazemonger.com ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
I use Drupal. It is easy to start and there is a lot you can do. > Thanks for reading this. > > I'm a member of the Big-8 Board, which decides what Usenet groups are > created and deleted. We have both technical and non-technical members, > and we've been using MediaWiki for the board's website > (http://www.big-8.org/) until now, but we have to move the site to a new > server which doesn't offer it. > > So, the question is "What's the best compromise between ease-of-use, > learning curve, and maintainability if we have to choose between Joomla, > Drupal, or WordPress"? > > The new site has 300 GB of disk and unlimited data transfers, but I > don't have shell access, just an ftp upload account. > > I appreciate your help! > > Bill > > -- > Bill Horne > William Warren Consulting > 339-364-8487 > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
On 1/7/2014 12:52 AM, Eric Chadbourne wrote: I was updating a client's site that used an old version of joomla and there was no upgrade path that I could find. Total pain in the butt. Drupal is OK but isn't as polished as Wordpress IMHO. I would probably go Wordpress. I really like the way the admin screen is set up. All three are pretty easy to hack on. This site needs ease-of-use, and its content changes slowly, so we don't need a high-end CMS. I know that Drupal and Joomla are a steeper learning curve than WordPress, but I wondered if they offer some feature that is essential for having multiple contributors revising the site on a regular basis. How many hits do you get? About 1,000/day. Do you need any specific features? No, our content is very stable, so there's not a lot of change month-to-month. The only thing I'm hoping for is a way to import the old material from Mediawiki, but that's a one-time effort anyway. The ongoing need is for non-techies to use it with minimal fuss. Of course, security is a concern, but that's so with every CMS. You only have an FTP account? Well that sucks. Some kind of shared hosting? A user site on a network solutions server. Bill -- Bill Horne 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
I was updating a client's site that used an old version of joomla and there was no upgrade path that I could find. Total pain in the butt. Drupal is OK but isn't as polished as Wordpress IMHO. I would probably go Wordpress. I really like the way the admin screen is set up. All three are pretty easy to hack on. How many hits do you get? Do you need any specific features? You only have an FTP account? Well that sucks. Some kind of shared hosting? Good luck! On Mon, Jan 6, 2014 at 11:30 PM, Bill Horne wrote: > Thanks for reading this. > > I'm a member of the Big-8 Board, which decides what Usenet groups are > created and deleted. We have both technical and non-technical members, and > we've been using MediaWiki for the board's website (http://www.big-8.org/) > until now, but we have to move the site to a new server which doesn't offer > it. > > So, the question is "What's the best compromise between ease-of-use, > learning curve, and maintainability if we have to choose between Joomla, > Drupal, or WordPress"? > > The new site has 300 GB of disk and unlimited data transfers, but I don't > have shell access, just an ftp upload account. > > I appreciate your help! > > Bill > > -- > Bill Horne > William Warren Consulting > 339-364-8487 > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss -- Eric Chadbourne 617.249.3377 http://theMnemeProject.org/ http://WebnerSolutions.com/ ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
Thanks for reading this. I'm a member of the Big-8 Board, which decides what Usenet groups are created and deleted. We have both technical and non-technical members, and we've been using MediaWiki for the board's website (http://www.big-8.org/) until now, but we have to move the site to a new server which doesn't offer it. So, the question is "What's the best compromise between ease-of-use, learning curve, and maintainability if we have to choose between Joomla, Drupal, or WordPress"? The new site has 300 GB of disk and unlimited data transfers, but I don't have shell access, just an ftp upload account. I appreciate your help! Bill -- Bill Horne William Warren Consulting 339-364-8487 ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
