Nettorio 0.1 alpha

[eluser]Sbioko[/eluser]
Hi all! I want to make another contribution to the CI community! It will be done on my birthday, January 26. So, why I created this topic? I want to share the process of development of the real CMS. So, what's done at the moment:

-UTF8 Compability
-HMVC(modules)
Each module contains own controller, models, helpers, assets and views.
-Implemented database, output and partial cache(xCache, memcached, eAccelerator, APC, native)
-Filters & Actions(like in Wordpress)
-Attacks journal
Wow! What's this? :-) Every time, when your site will be under attack(XSS, DDOS/DOS), you will be informed about this. You will see an IP of hacker, time of the attack, memory usage statistics and the URL of the page.
-Memory limitation
You will be able to limit your memory usage to prevent DDOS/DOS attacks.
-Global variables
You can define as many global variables, as you want. Developers can use them in any part of CMS.
-Security class
-Pages module
This allows you to create multilevel pages. Each pages can have multiple child pages.

Roadmap for 0.1 alpha:
-reCaptcha integration
-Blog module(posts, comments, ratings, categories, search, rss)
-Google analytics/Akismet integration
-Users(registration, signing in, etc)
-Search engines pinging
-Sitemap generating
-Pretty URL's in any language.
-Themes
-Trash(contains all deleted items. Ability to restore them)
-Restore points
-Anti spam/bad words filters
-Scanner(scanes all files for unsafe code)


If you have some questions or wishes, ask me in this topic!

[eluser]Blaze Boy[/eluser]
looks promising ...
i need to know how do you detect the DDOs/DOS attacks and how do you catch the XSS attacks as well...
i think your CMS will be great ... you didn't say what is the road map of this application

[eluser]ardinotow[/eluser]
Any pre-release version?

[eluser]brianw1975[/eluser]
To be honest I've not got any real hopes of the DDos being really reliable in preventing your server from being completely hammered by someone who really wants to, besides your host should be doing DDoS prevention before the traffic even gets to your server; going further, how are you going to monitor a real DDoS attack without installing any binaries to monitor the ethernet device? Or are you just going to put in some kind of recording system to count the number of times a visitor hits your site inside of a few seconds? What about the attacker calling for images to be loaded a hundred bazillion times? Php won't monitor that unless you put in some kind of .htaccess rule to route all images through a pseudo-proxy php file to serve the images, but that will only eat up more CPU and memory than just serving out the image.

How will the memory limitation work? I could see this being very detrimental to performance is not handled correctly, esp in high traffic sites. What about requests using AJAX methods? Ajax requests, when programmed incorrectly can make multiple multiple calls to a server, usually unintentionally by a user.

You are also planning on putting some 3rd party programs in your package - is this wise? I mean, what about people who can't install it or don't have the ability to install it on their server (e.g. APC, eAccelerator)? Or don't use an OS that supports it or they can't compile it for their host? (Windows for example).

By Filters and Actions do you mean an Event dispatch and listening system that goes above and beyond what CI already has?

UTF8 compatibility -- What is this going to do to the CI Core, will the users be stuck waiting on you to update core files when a new version of CI is released?

And what do you mean by Global Variables? What will make your implementation any easier or better than using an actual PHP global var?

Not trying to be a stink face, just asking questions that rub away the polish to reveal some things that make you wanna go huh?

[eluser]Sbioko[/eluser]
ardinotow, sorry, but now I can't give you a pre-release version. 0.1 will be on 26 January.
brianw1975, Thank for the good list of questions! :-)

To be honest I’ve not got any real hopes of the DDos being really reliable in preventing your server from being completely hammered by someone who really wants to, besides your host should be doing DDoS prevention before the traffic even gets to your server; going further, how are you going to monitor a real DDoS attack without installing any binaries to monitor the ethernet device? Or are you just going to put in some kind of recording system to count the number of times a visitor hits your site inside of a few seconds? What about the attacker calling for images to be loaded a hundred bazillion times? Php won’t monitor that unless you put in some kind of .htaccess rule to route all images through a pseudo-proxy php file to serve the images, but that will only eat up more CPU and memory than just serving out the image.

The DDOS/DOS protection is the testable function. Maybe, I'll remove it in the following versions. It checks the current memory usage and comparing it with the normal statistics.

How will the memory limitation work? I could see this being very detrimental to performance is not handled correctly, esp in high traffic sites. What about requests using AJAX methods? Ajax requests, when programmed incorrectly can make multiple multiple calls to a server, usually unintentionally by a user.

In the admin panel you put(for example) in memory limitation field 64M, that means 64 megabytes. Everytime, on start up of CI script checks current memory usage and compares it to granted memory usage.

You are also planning on putting some 3rd party programs in your package - is this wise? I mean, what about people who can’t install it or don’t have the ability to install it on their server (e.g. APC, eAccelerator)? Or don’t use an OS that supports it or they can’t compile it for their host? (Windows for example).

Excuse me, but who says that I want to put in my CMS third party programs? :-) Do you mean cache library. This is only wrapper for APC, eAccelerator, memcached, xCache caching engines. Cache library makes it easier to access them.

By Filters and Actions do you mean an Event dispatch and listening system that goes above and beyond what CI already has?

No, do you mean hooks? As I said, filters and actions in my CMS are the same as in wordpress. WordPress Plugin API.

UTF8 compatibility—What is this going to do to the CI Core, will the users be stuck waiting on you to update core files when a new version of CI is released?

As I understood, the new version of CI will be not tomorrow. I think, updating on CI 2.0 will be about 30 minutes.

And what do you mean by Global Variables? What will make your implementation any easier or better than using an actual PHP global var?

Global variables declare Administrator of the site. They can be for example, current title of the site, email address or something else.

Not trying to be a stink face, just asking questions that rub away the polish to reveal some things that make you wanna go huh?

Criticism is normal. I like your questions :-)

Blaze Boy, I'll add the roadmap for 0.1 some minutes later. And about your question, look at my post before.

[eluser]Sbioko[/eluser]
Today, I finished writing the Blog module. It has posts, comments, search, categories. Here is some code for you:

Code:

// Adding some post.
$this->bloglib->add(array(
    'title' => 'Awesome title!',
    'short_content' => 'Here is my post!',
    'full_content' => 'Here is my post! I wrote it in Nettorio!',
    'meta_title' => 'More informative title', // Title, which will be displayed in the <title> tag
    'meta_keywords' => 'Some, keywords, for, our, post',
    'meta_description' => 'Very impressive tutorial!',
    'author' => 'Administrator',
    'category_id' => 1,
    'comments_allowed' => 1, //Sure, we want to allow users to add comments
    'url' => 'awesome-title'
));
$post = $this->bloglib->get_object('id', 1); // Getting object of post with ID = 1
// And here is some tasty things
$post->make_sticky(); // This method makes our post "sticky"
$post->inc_views(); // Incrementing views counter
$post->inc_rating(); // Incrementing post's rating
// Now, we want to edit it
$post->edit(array(
    'title' => 'New awesome title!'
));
$post_output = $post->as_array(); // For our view files. Example: $this->load->view('page', array('post' => $post_output));
// And deleting
$post->delete();

This is easy as you see? Do you like it?

[eluser]Sbioko[/eluser]
Does anybody want to ask something?

[eluser]Sbioko[/eluser]
Hello guys, I'm seeking for a designer for my project! You will need to do is: admin panel interface and blog design(posts, pages, comments). Thank you.

[eluser]Sbioko[/eluser]
Currently I want to publish great news. I almost finished backend and frontend part of CMS. And, this is not the main news, in the 0.1.1 version you will see a Social Network module! It includes PM's, Photogalleries, Blogs, etc... Hope, You'll like it! You can always say, what module do you want to see in my CMS.

[eluser]Sbioko[/eluser]
As I promised, 26th January, at my birthday, I will release my CMS. But, it will be done sooner. I just want to represent you all the functionality of it! Hope, it's okay!