What this system does…
our system is an automated backlinking software, first it creates email address with gmail or other providers, automatically creates the email address, verifies the account.

our system uses major search engines like google, bing, yahoo etc to find results from forums, directory’s, blogs, video sites and so much more.

and will automatically sign-up for the forum, edit the user profile and show your url as the signature with custom links.

everything in the system is plug-in based so if you wish too add support for another directory, blog, forum etc you can just drop an plug-in into the system and will load automatically on next launch.

after searching for sites you wish to sign-up, sites page ranks, keywords are also taken into effect so you have more of an chance to have your site page rank improved

as this software still in development but we are seeking for anyone interested in using this software as we have nearly completed our automated forum sign-up & profile system.

watch our blog as we are still working on this product, if you wish to be added too the beta group either send us an message at www.dazzlemods.com or email us at dazzle.cms@gmail.com

Dazzle cms team here and thought i post some updates as were near the completion of our framework stage, alot of major changes are in progress mostly everything we are creating right now is seperate from dazzle cms

but we manage to come up with an registry system not only that php files, json, xml, ini even serialize functions has built in plugin baseed framework

atm we currently working on extending the framework with an ftp based framework, files and folders, chmod, chown using ftp, sftp or ssh2

so what does this all mean, you can store all settings in files, not only keeps less stored in the database but also makes everything perform faster and php will be able to handle more instances per database connection.

from using this framework from editing config files, to json encoding , xml, ini or even re-encode serialization strings. as soon as all our test cases are complete and functions on this next class  we begin implementing this into our Registry system and we will begin the first change over in the cms

try keep an eye on this blog as we update this regularly

that means your arrays that you load settings from your json encoded strings, your ini, xml and even php classes can be read in our filesystem

we have completed the filesystem and we are just testing everything is working as we all know things may of worked when we started this framework but could stop working so we are puttign together some test cases but these are not just there for us to be able to test all the features without the cms

but also show you in simple terms how to use our framework when you start developing modules.

we did release 2 betas last year and i was unhappy with some of the system core for many reasons i did have alot of hardcoded functions until i had x feature i was looking for now i have some of the basic features working my main goal is to get everything that really should be in classes as i really dont like cloning the same function over and over or the system looking like phpnuke in its code so we are going to start code cleanup this will not be an long process at all as we will be building about 5 new frameworks over the next 2 weeks which we hope to be completed and we can ship public betas as i will feel after i changed this that nothing big or major going to change in the files or the database.

as this has been an long process to where i have everything now once the new framework is ready our job will be to rewrite all of the admin modules as alot of these were just backported from phpnuke as the system was inspired by phpnuke, i wanted to keep that feel about the system from an admin point of view so each of these modules will be rewritten complely using out classes for example , using our template engine, any design will go though our template engine, to there will be complete control of every aspect of the system.

even we don’t officially have any modules with the cms as soon as we have our few basic modules news, forums, downloads these were developed in the early beta but no longer work with our current beta so we will have to rewrite alot of these to make them work again and we need to implement some of our web2 features from ajax powered forms .

our goal is to have an cms that’s easy to use , thats built apon php5 easy to anyone to create modules and add new features with very little coding

we even do have plans for an module thats creates features for you with no coding just using our form classes position the forms, textareas we do plan to have the cms released and in the final versions by this summer and plan to enter the cms for google summer of code for 2010

we keep you updated on our progress so you can see whats going on at the dazzle cms development keep an eye on our blog as we will try update this more regularly

almost an complete rewrite plus more filters for different types of data

here an example of how to use our version

//creates the object

$filter =& input::get_instance();

// some xss string

$description = ‘<A HREF=”http://www.gohttp://www.google.com/ogle.com/”>XSS</A>’;

// strips the tags or converts them to plain text

$description = $filter->clean($description, ‘string’);

please note there is no docs for these scripts as they have been designed for dazzle cms but can work in your projects too.

docs will come later when we give our scripts there own home as this is just our development blog.

all we ask is you give us credit and link us too www.dazzlecms.com

The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.12:

• Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
• Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
• Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
• Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check, identified by Stefan Esser. (CVE-2009-4143, Stas)
• Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Key enhancements in PHP 5.2.12 include:

• Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
• Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
• Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
• Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
• Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
• Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
• Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
• Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
• Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
• Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
• Fixed bug #49098 (mysqli segfault on error). (Rasmus)
• Over 50 other bug fixes.

Security Enhancements and Fixes in PHP 5.3.1:

• Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
• Added missing sanity checks around exif processing.
• Fixed a safe_mode bypass in tempnam().
• Fixed a open_basedir bypass in posix_mkfifo().
• Fixed bug #50063 (safe_mode_include_dir fails).
• Fixed bug #44683 (popen crashes when an invalid mode is passed).

Key Bug Fixes in PHP 5.3.1 include:

• Fixed crash in com_print_typeinfo when an invalid typelib is given.
• Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection.
• Fixed crash when instantiating PDORow and PDOStatement through Reflection.
• Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support).
• Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined).
• Around 100 other bug fixes

This article is intended for PHP programmers and HTML designers interested in applying a new technique for web development – PHP templating. Advanced knowledge of PHP programming and HTML is assumed.

Smarty3 Overview

The theoretical web development process is that: first the designer makes the interface, and breaks it down into HTML pieces for the programmer then the programmer implements the PHP business logic into the HTML.

That’s fine in theory, but in practice, from my experience, the client frequently comes with more requirements, or maybe more modifications to the design or to the business logic. When this happens , the HTML is modified (or words rebuilt ) programmer changes the code inside HTML.

The problem with this scenario is that the programmer needs to be on stand-by until the designer completes the layout and the HTML files. Another problem is that if there is a major design change then the programmer will change the code to fit in the new page. And that’s why I recommand Smarty. Smarty is a templating engine for PHP.

You can download it from http://www.smarty.net or svn checkout http://smarty-php.googlecode.com/svn/branches/Smarty3Alpha/

The installation process is very simple. Just read the documentation and follow up the instructions.

So what is Smarty ? Smarty is a set of PHP classes that compile the templates into PHP scripts. Smarty is a template engine and a very useful tool for designers and programmers.
Smarty for Designers

Designers work with HTML files. To work with Smarty, you work with template files. These files are are made up of static content but combined with Smarty mark-up tags. All the template files have a .html or .tpl extension. The Smarty template tags are enclosed within { and } delimiters or custom delimiters which can be defined or bypassed in the class.

Let’s consider the basic structure of a web page. There is a header, a middle part, and a footer. A template file that includes the header and the footer looks like this:

{include file=”header.tpl”}
<form name=”form1″>
Label1 <input type=”text” name=”text1″>
<input type=”submit” value=”submit”>
</form>
{include file=”footer.tpl”}

All the templates should reside in a single template directory. After calling a template for the first time, the compiled template will reside in templates_c.

Smarty language is very poweful. All the variables that come from PHP are identified in Smarty with {$Variable_Name} (we precede them with a $ sign). So if we have a variable in PHP that is called $MyName, then to print it in Smarty you have to write something like:

<html>
<body>
Welcome, {$MyName} <br>
</body>
</html>

The power of Smarty lies also in its flexibility. You can insert IFs and LOOPs into the template. The syntax for IF is:

{if <condition> }
html code
{else}
html code
{/if}

Let’s say you have a dynamic menu based on links. Depending on the link you click, you go to a specific page. So you get from PHP a variable $Menu with a integer value, depending on the page you are. The template looks like :

{if ($Menu == 1) }
Option 1
{else}
<a href=”option1.php”>Option 1</a>
{/if}
{if ($Menu == 2)}
Option 2
{else}
<a href=”option2.php”>Option 2</a>
{/if}

For coding a loop let’s suppose you get an array like the following from PHP :

<table>
<tr
{section name=user loop=$userID}
{if $smarty.section.user.iteration is odd}
bgcolor=#efefef
{else}
bgcolor=#ffffff
{/if}
>
<td> ID = {$userID[user]}  </td>
<td> Name = {$name[user]}     </td>
<td> Address = {$address[user]} </td>
</tr>
{sectionelse}
<tr>
<td>
There is no user.
</td>
</tr>
</section>
</table>

Iteration is an internal counter for Smarty. It helps us to know the current iteration of the section. I use this internal variable to make alternate row colors in the table by checking if current iteration value is odd or not.

An alternative for LOOPS is FOREACH which is used to loop over a single associative array.

<foreach from=$users item=current_user>
Name = {$current_user}
<foreachelse}
No user available.
</foreach>

The main difference between SECTION and FOREACH is that for SECTION you can start from a specific value, and can also set a step for the iteration, whereas for FOREACH you have to loop over all values.
Smarty for Programmers

The advantage for programmers is that they write the code in a PHP file without having to mix the instructions with HTML. Furthermore, if the designer changes the layout of a page the programmer doesn’t have to change the code to suit the new layout since the functionalities won’t change. You do your work in your files, assign to the templates all the values needed to print on the site and go out for a beer. You won’t get phone calls asking you to change a bit of code because the designer changed the layout and now a set of internal errors cropped up.

In the PHP file you need to include the Smarty class require ‘Smarty.class.php’. After that you need to instantiate the smarty with $smarty = new Smarty.

To assign a variable to the template you need to $smarty->assign(‘UserName’, ‘John Doe’). After everything is finished you call the method to display the template $smarty->display(‘index.tpl’).

A sample code looks like this (index.php) :

<?php
require ‘Smarty.class.php’;
$smarty = new Smarty;

$smarty->assign(‘Username’, ‘John Doe’);
$smarty->display(‘index.tpl’);
?>

The template (index.tpl) looks like this:

<html>
<body>
Welcome {$Username}
</body>
</html>

You can also create an array in PHP an pass it to the template:

$tmp = array ( ‘UID’=> ’10′,  &’Name’ => ‘John Doe’, ‘Address’=>’Home address’);
$smarty->assign(‘info’, $tmp);

Sample Script

This script connects to a local database and select all the products from the ‘Products’ table. Then it passes all the values to the template, which prints them on the screen.

INDEX.PHP

<?php
require ‘Smarty.class.php’;
$smarty = new Smarty;

$hostname = “localhost”;
$dbUser = “sqluser”;
$dbPass = “sqlpass”;
$dbName = “sqldb”;
// connect to the database
$conn = mysql_connect($hostname, $dbUser, $dbPass) or die(“Cannot connect to the database”);

mysql_select_db($dbName);

$sql = “SELECT product_id, info FROM products ORDER BY product_id ASC”;
// get all the products from the table
$res = mysql_query($sql);
$results = array();
$i=0;
while ($row=mysql_fetch_array($res)) {
$tmp = array(
‘product_id’ => $r['product_id'],
‘info’=> $r['info']
);
$results[$i++] = $tmp;
}
// pass the results to the template
$smarty->assign(‘results’, $results);
// load the template
$smarty->display(‘index.tpl’);
?>

INDEX.TPL

<html>
<body>
Here’s a table with the results: <br>
<table cellpadding=1 cellspacing=0 border=0 width=100%>
{section name=nr loop=$results}
<tr {if $smarty.section.nr.iteration is odd} bgcolor=”#efefef”{/if}>
<td width=15%>
<nobr><a href=&#8221;show-product.php?id={$results[nr].product_id}”>Press here</a>

<td width=29%><a href=”show.php?id={$results[nr].prodID}”
{popup inarray=$smarty.section.nr.iteration}
>{$results[nr].info}</a></td>
</tr>

{sectionelse}
<tr><td align=”center”><br><b>no product </b> <br> </td></tr>
{/section}

</table>

<br>

Here’s a select with the results: <br>
<select name=”mys”>
{section name=nr loop=$results}
<option value=”{$results[nr].product_id}”>{$results[nr].info}</option>
{/section}
</select>

</body>
</html>
Summary

Smarty is a great tool for both designers and developers. By using Smarty you can reduce the site development and maintenance times. If you are a developer you no longer need to mix PHP code with HTML code. Just take care of business logic and leave the HTML to the designer.

I determined best practice pointed us to subversion access through web_dav_svn -> web_dav -> apache2 (https://). This brought authentication away from centralized auth and allowed fine grained control over the access granted via htpasswd and .htaccess files. It allowed us to restrict unsecured access and redirect http to https, and encrypt using SSL. It kept us from having to work ssh onto windows for each developer, instead we could have a simple eclipse/subclipse plugin access demonstrated and from that point they were able to customize on their own.

What I wanted was:

* untar subversion-1.6.6 and subversion-deps-1.6.6 in /apps/src (they layer over each other)
* first build and install the -deps apr and apr-util into /apps/local
* then build apache2 against /usr/local/apr and /usr/local/apr-util
* install apache2
* build and install serf
* remove serf, apr, and apr-util subdirectories and source code from within subversion-1.6.6
* build 1.6.6 against apxs in apache, without Berkeley DB, without neon, and specifying /usr/local/apr, /usr/local/apr-util, and /usr/local/serf
* install and test

process

* create subdirectory /apps/src, place all tarballs in this directory
* untar subversion & subversion-deps version 1.6.6 (these tar onto each other)
* cd subversion-1.6.6/apr
* ./configure –prefix=/usr/local/subversion/apr
* make && make install
* cd ../apr-util
* ./configure –prefix=/usr/local/subversion/apr-util –with-apr=/usr/local/subversion/apr
* make && make install
* cd ../neon
* ./configure –prefix=/usr/local/subversion/neon
*
* apache2: untar httpd-2.2.14
* ./configure –prefix=/usr/local/subversion/apache –enable-dav –enable-dav-fs –enable-dav-lock –enable-expires –enable-headers –enable-info –enable-logio –enable-proxy –enable-rewrite –enable-unique-id –with-apr=/usr/local/subversion/apr –with-apr-util=/usr/local/subversion/apr-util –enable-so –enable-mods-shared=all
* make && make install

This way apache2 builds against apr and apr-util compatible with subversion 1.6.6
and then build subversion against it as well..
* ln -s /apps/apache2_2.2.14 /apps/apache2
* compile and install serf
* ./configure –-prefix=/usr/local/subversion/serf –with-apr=/usr/local/subversion/apr –with-apr-util=/usr/local/subversion/apr-util
* make && make install
* remove serf, pr and apr-util from subversion

compile subversion

./configure –prefix=/apps/svn –with-ssl –with-libs=/usr/local/ssl –without-berkeley-db –with-apxs=/apps/apache2/bin/apxs –with-openssl=/usr/local/ssl –without-neon –with-serf=/usr/local/serf –with-apr=/usr/local/apr –with-apr-util=/usr/local/apr-util

make && make install

test:

/usr/local/subversion/svn/bin/svnadmin create /usr/local/subversion/repository

chown subversion:subversion /usr/local/subversion

chown -Rv subversion.subversion /usr/local/subversion

root@dedicated[/bin] $

no core dump…

ONWARD to configure and test apache2 and subversion…
httpd.conf:

* change all references to apache2_2.2.14 to apache2 (makes the httpd.conf generic rather than subject to needing a migration after a point release upgrade…)
* change port 80 to a non-priveliged port (8080)
* check for
o LoadModule dav_module modules/mod_dav.so
o LoadModule dav_module modules/mod_dav.so
o LoadModule ssl_module modules/mod_ssl.so
* add in ServerName hostname.domain.com:8443 Some of the apache level sanity validation requires a statement of the local host.
* add in SSL stuff (this IS httpd from source – the default httpd.conf had the ssl-module load statement, but no explicit SSL configuration

#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# =================================================
# SSL/TLS settings
# =================================================

Listen 0.0.0.0:8080
Listen 0.0.0.0:8443

SSLEngine on
#SSLOptions +StrictRequire

#<Directory />
# SSLRequireSSL
#</Directory>

SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

SSLMutex file:/apps/apache2/logs/ssl_mutex

SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

SSLSessionCache shm:/apps/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600

SSLPassPhraseDialog builtin
SSLCertificateFile /apps/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /apps/apache2/conf/ssl.key/server.key

SSLVerifyClient none
SSLProxyEngine off

<IfModule mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
</IfModule>

* create ssl certificate (self-signed). I installed in /apps/apache2/conf/ssl.crt and ssl.key, naming the .crt and ,key files for the server hostname and then symbolically linking them to the generic “server.crt” and “server.key”.
* restart apache2 and test https://host:8443/ – you should get the “It works!” apache test page, thus validating the SSL certificate and setup from a browser level
*
* parent directory for svn

<Location /svn>
DAV svn
SVNParentPath /apps/repos
</Location>

Would it be more efficient to store the array as JSON or as a PHP serialized array in this text file? I’ve looked around and it seems that in the newest versions of PHP (5.3), json_decode is actually faster than unserialize.

I’m currently leaning towards storing the array as JSON as I feel its easier to read by a human if necessary, it can be used in both PHP and JavaScript with very little effort, and from what I’ve read, it might even be faster to decode (not sure about encoding, though).

Does anyone know of any pitfalls? Anyone have good benchmarks to show the performance benefits of either method?

as we start looking at getting more developers working beside us im sure they post some of there status updates too.

as up until now the project has been off / on for some time

but now has been under constant development for a few months now

all our old code that we start back when we first started the project was when php 5 was released and now its been slowly updated and written how php 5 code should be and now does require php 5.3 but this could change to atleast 5.2 as im thinking of implementing some wrappers for the 5.3  code

the project itself has been alot inflused by phpnuke, & nuke-evolution and the whole reason behind this is for a while i worked with phpnuke and even worked with the developer of phpnuke when phpnuke 7.7 was released

and so much i wanted to change about phpnuke but i had no control of major core changes which i really wanted todo with phpnuke for sometime

so what i did was to rewrite how phpnuke functions and make everythign better and easier to use

for example the biggest part of control of an CMS is design wanted to be able to design every aspect of the portal this means chaneg the looks and feel of the modules as well as the site

so smarty was used as our template engine so smarty is wrapped into our template engine but it goes behond templates almost every aspect is assigned into smarty from form elements , as for the form elements you can control the html type too as some elements only work under a particlar version of doctype for example xhtml / html 4.0.1 & the new html5

every major class this includes sessions, users, database, templates, filesystem etc are all plugin based you can extend any of the classes just by writing an new class and dropping it right into the plugin folder or into the modules class folder for example if its only used by the module you created

as soon we tied up the core features and frozen the feature releases we will post full complete list but we will post up an summary shorly

~Dazzle Development Team~