protected function BODY() { parent::BODY(); ?> <div class="row"> <div class="col-lg-12"> <h1>Basic Version</h1> <p>CAEDO as it has been explained so far from the Hello World Learning Path, has been very basic. There has been no discussion of site configuration, sessions, Databases or security, not to mention performance tools like caching.</p> <p>We have all of that. And it is all al la carte. You can pick and choose what components you want to use. You can build a Page Template that has it all on every page, or you can load it in at the page level. You can also build your own classes and functions to handle even more inputs and outputs. Caedo is as flexible as posible to allow you to run global setup code for your site during the framework bootstrap. Editing the frameworks source code should not be required to add massive new functionality. This being said, editing the local framework bootstrap files needs to be done carefully. Wrong settings or broken local code will lead to a broken framework and unfriendly error messages. I suggest debugging all local framework mods alone and without a larger project running. This will make it easier to debug and identify the true sources of errors. I would also ask that you post whatever mods you create on github. You're not required to, but if its something that you needed, chances are there is someone else out there that could also benifit.</p> <p>Simplicity with incredible flexibility. One of the things I see in frameworks today, is a lack of great utility features. Features tend to be more flashy and less substantal. Caedo is different. When most frameworks take a basic page and build up, we take a basic page and build down. We offer features that are viewed as unneccesary by many frameworks. I will give a short example of what I'm talking about here.</p> <p>Suppose you have an operating site, built on some framework or CMS, and you want to move hosting companies. What do you do?</p> <p>It's a mess. A mess that will as far as I have seen always 100% of the time result in some form of downtime. Why is this? Is there just no way to do it and avoid downtime?</p> <p>Caedo can do it. Zero down time. One of the feature of Caedo's database driver is that it will allow you to specify two separate databases to execute each data request against. So two databases, operating independent of each other, running the same commands. You would migrate your database with these commands:</p> <ol> <li>Restore a backup of your production database to a new database server. The more recent the better, but yesterday's backup will work just fine.</li> <li>Add this second database to the caedo config, so inserts and updates start running against both databases. This will start to bring the new database in sync with the current</li> <li>Run the Caedo database migration tool, to see what differences there are between your databases. This tool will allow you to copy data from your old database to your new database and get them 100% in snyc.</li> <li>Run the Caedo database migration tool, multiple times until it can't find any differences. This will mean that you now have two active and distinct copies of your data, 100% in sync and you are ready to make the new database your primary database at any time.</li> <li>Not only is the database switch without downtime. It is also reversable. Suppose you are upgrading database versions, or changing cloud server sizes, and you quickly realize that there is a load issuse. How do you roll back? Easy, since you're still executing all inserts and updates on both servers, you can switch back at any time. Zero downtime, zero lost data.</li> </ol> <p>This is just a small example of how we're different. There are many more usful features like this that are usually reserved for the most expensive platforms and are now available to you free of charge in an open source project. Just ask yourself, Can you do this in you curent framework or CMS?</p> <p>Looking at the links in the menu, you will see that the one under this link is for Database. I suggest starting there and continuing down.</p> </div> </div> <?php }
protected function BODY() { parent::BODY(); // style='display: none' ?> <div class="row"> <div class="col-lg-12"> <pre id='README_md' style='display: none'> <?php print self::addDoubleSpaces(escape_html_specials(file_get_contents($this->__RootFolder . 'README.md'))); ?> </pre> <?php // set up the parse and display of the README.md file $this->__JavaScript("var converter = new showdown.Converter(); ", true, false); $this->__JavaScript("var html = converter.makeHtml(\$('#README_md').text().trim());", true, false); $this->__JavaScript("\$('#Readme').html(html);", true, false); ?> <div id='Readme'></div> </div> </div> <?php }
protected function BODY() { parent::BODY(); ?> <section class="main__middle__container"> <div class="row nothing title__block first__title__block min_height"> <div class="col-md-12"> <h2 class='center_text'>You have been logged out.</h2> <hr> <p>Notice that this page is NOT using the secure template. Using the secure template is...well, not what I would suggest. If, and this is a big "if", it works for the first load. It will fail on a page refresh. Worst case you'll be directing your user to a page that will instead of saying something like "You have logged out" it will send them to the login form. And depending on what code you added to your login page template, it could say something like "You must login to view this page". You may also have added something to save the requested page and redirect your user to that page after they have logged in. In which case you could be asking your user to login in order for them to logout. If that still sounds like a good idea to you, well, I rest my case.</p> </div> </div> </section> <?php }
protected function BODY() { parent::BODY(); ?> <div class="row"> <div class="col-lg-12"> <h1>Database</h1> <p>Databases are one of the most common ways of saving data. Since we're on PHP, mySql is pretty standard choice. Although I an doing this demo using mySql, and there are built in features for MySql, doesn't mean that it is what you have to use. This is PHP after all, and any valid PHP can be executed in a page template. You can roll you own Postgress, MSSQL, MongoDB, etc database interfaces, and they will play with Caedo like the best of friends. This is part of the reason I did the hello world examples with no database. Caedo is not database dependent, and will support any database or data storage method you choose.</p> <p>Some of the design behind how page templates are built, being very encompassing and very separate from the page files was for division of responsibility. I want it to be easy for more junior developers to contribute pages, classes and features without worring about how the nuts and bolts of the page template or the Caedo framework for that matter works.</p> <p>I wish there was a way to actually remove the use of some PHP functions in certain php pages. I've worked with junior developers that just didn't quite understand what I was talking about when I said "I want you to use the framework's database commands." They were very ingrained into the standard non-framework world, where as a developer it was their job to open a database connection.</p> <p>For obvious reasons, having developers open their own database conenctions is a terible idea. How will you store the credentials? Plain text in the top of the page?? What about testing, what if we want to point at a different database? Are we running the risk of connecting to a live production database while testing??</p> <p>This path goes into some very dark woods rather quickly. Junior developers don't always think of these things, they don't have the experance needed to see the problems. It's not their fault though, if they are fresh out of school, the consequences of connecting to the wrong database while running a homework assignment are on a different level then doing that in a business situation where there are jobs and real money sitting on the other side of that data. One simple mistake like deleting or altering production data can end careers and cost companies significant money.</p> <p>I am a strong advocate of making the right thing to do, the easiest thing to do. Because of this, I run static code analisys on all git checkins and see if any of my developers are using their own database conenctions, and I kick out that code as unacceptable. In my world, the only way to get and save data is through the authorized methods provided by Caedo.</p> <p>Beyond the safety angle. There are also other reasons why you might want to use a standardized way of getting and saving data. Logging is at the top of my list. It's pretty nice to be able to flip a switch and start seeing a streaming log of every line of SQL that is being excuted onto a database.</p> </div> </div> <?php }
protected function BODY__nukq() { parent::BODY(); $this->BodyHeader(); ?> <p>This is the alternate view. You will see this view when using the nukq.com domain name to view this page.</p> <p> <a href='http://getcaedo.com/TopicPages/Configuration.php'>Go back to the GetCaedo.com domain.</a> </p> <?php $this->BodyFooter(); }
protected function BODY() { parent::BODY(); // Logins should generally be behind SSL when not on localhost // If you want to force to SSL, this is a good place to redirect. // set this to true to redirect to SSL if not secure $UseSecure = true; if ($UseSecure) { } // Check if logged in, if so mypass this page $BypassIfLoggedIn = true; if ($BypassIfLoggedIn) { } ?> <section class="main__middle__container"> <div class="row nothing title__block first__title__block"> <div class="col-md-12"> <h2 class='center_text'>Please Login</h2> <hr> <form action='' method='post'> <div class='row center blackTDtext'> <div class='col-sm-6 text-center'>Email (caedo@getcaedo.com):</div> <div class='col-sm-6 text-center'> <input type="text" name='email' id='email' value='<?php print @$_POST['email']; ?> ' size=50> </div> </div> <div class='row center blackTDtext'> <div class='col-sm-6 text-center'>Password (CaedoRocks!):</div> <div class='col-sm-6 text-center'> <input type="password" size=50 name='password' value=''> </div> </div> <div class='row center blackTDtext'> <div class='col-xs-4'></div> <div class='col-xs-4'> <?php if ($this->UseRecaptcha) { ?> <div id='recaptcha' class="g-recaptcha padcaptch text-center center" data-sitekey="6Ld1WhYTAAAAACPQ7JuuhM_IdTvzXn5UzimTu0YQ"></div> <?php } ?> </div> <div class='col-xs-4'></div> </div> <div class='row center blackTDtext'> <div class='col-sm-5'></div> <div class='col-sm-2'> <input type="hidden" name='posted' value="true" /> <input class="btn btn-info" type="submit" value="Login"> </div> <div class='col-sm-5'></div> </div> </form> </div> </div> <div class="row nothing title__block first__title__block" style='margin-top: 50px'> <div class="col-md-12"> <hr> <hr> </div> <div class="row nothing title__block first__title__block" style='margin-top: 50px'> <div class="col-md-12"> <h2 class='center_text'>So what is going on here?</h2> <p> If you have read some of the notes I have made in other places you may have an understanding of my perspective on security. I feel that in many cases the security implemented over stripes the actual security need. This leads to extra code that needs to be maintained at best, and both a bad user experience and a less secure site at worst.<br /> <small>Yep. Less secure. Do you want people to write their password on a sticky note on their monitor? Just make them change their password every week. I guarantee it'll happen. Tightening security can reduce your security effectiveness.</small> </p> <p>Please look at the code of this page, it has notes as to what options there are. Notes are located next to the relivent code</p> <p> Here are the text excerpts:<br /> <br />I don't pretent to know your individual security requirements. <br /> You may laugh at the array method as not a "best practice", and say "Never hard code your login information" <br /> I would ask yourself if your developers have admin database access. If they do... then you're making your life complicated for no added security <br />How often are passwords changed? If this is a small site, they may never be changed. Do you really need to allow users to change their own password? Are you the user? <br />What about salting and hashing? "How could you <u>POSSIBLY</u> not salt and hash your passwords?!?!?!" Calm it down scooter. How many people are logging in here? 1 or 1 million? <br />Saying that there is a one size fits all methodology for security is ludicrous. Is this a cat forum or a banking site. Are you really saying the security plan should be the same for both? <br /> <br />So, need more? <ul> <li>You can salt and hash all your passwords... even if you keep them hardcoded</li> <li>You can connect this to a database to remove login details from the source</li> <li>You can check cookies and IP address against prior logins</li> <li>You can check prior login fails, and black list IP addresses, or lock account</li> <li>You can connect to a key store such as AWS IAM.</li> <li>You can impliment two-factor authenication here. Email based is easy to roll your own, use twilio to send a text</li> <li>It's all up to you, think about what you really need.</li> </ul> <br /> <br />I suggest checking forks of this project and check back for future versions. My guess is we will be building out many of these security options. </p> <p>Your thoughts may differ from mine. That's okay. Build whatever you think you need. Caedo supports building out NSA level secuirty if that's what you want.</p> </div> </div> </section> <br /> <br /> <br /> <br /> <br /> <?php }
protected function BODY() { parent::BODY(); if (isset($_GET['Action'])) { if ($_GET['Action'] == 'TestRedirect') { ?> <div class="row"> <div class="col-lg-12"> <h1>Redirecting Now!!!</h1> </div> </div> <?php Redirect('ExtraFunctions.php', true); } if ($_GET['Action'] == 'AutoRefresh') { ?> <div class="row"> <div class="col-lg-12"> <h1>Redirecting in 10 seconds!!</h1> </div> </div> <?php AutoRefresh('ExtraFunctions.php'); } if ($_GET['Action'] == 'TestRedirectPHP') { ?> <div class="row"> <div class="col-lg-12"> <h1>Redirecting Now!!!</h1> </div> </div> <?php Redirect('ExtraFunctions.php'); } } else { ?> <div class="row"> <div class="col-lg-12"> <h1>Extra Functions</h1> <p>There are a number of helpful functions that have been built into CAEDO. Some of these are for PHP only, some are for PHP/MySql and some are for Javascript. You can find most of these function in GlobalFunction.inc in the ##VENDOR/caedo/framework directory.</p> <p>Standard Process. Most of these functions are not complex. Don't expect the world from any of them. What they are is consistant. When you use these functions you can worry less about the underlaying PHP needed to make each one of these happen. You can instead focus on programming your actual product. I would also guess you will have fewer typos when doing these standard things. These functions have been vetted and in use in production websites. (...but who knows, there still could be bugs. If you find one feel free to submit a pull request to fix the issue.)</p> <h2>Date Functions</h2> <p>When you need to work with dates things can get complicated. Even something as simple as finding out what time it is can be far more complicated than first meets the eye. --What time is it where? Where the server is located? Where the php timezone setting is set? Where the user is? Where one of our locations is?--</p> <p>We're not so much adding new functionality to PHP as we are wrapping the existing functions. Calculating things like business days, and adding business days to date. Dealing with time, and adding say 30 minutes to a date time.</p> <h2>Redirect Functions</h2> <p>Redirection is something that most websites will use at least in a few places. We have built two functions for redirection. Javascipt redirection and PHP redirection.</p> <p>Javascript redirection is used for anytime you want the user to see the page, and they automatically direct them away, to a different page. This could be a "Success!" page, or a "You will be redirected in 5 seconds"</p> <p></p> <p> <a href='?Action=TestRedirect'>Click here to Test Redirect</a> </p> <p> <a href='?Action=AutoRefresh'>Click here to Test With 10 Second Delay</a> </p> <p>You can also redirect with PHP. This is done by sending redirect headers. The advantage of using PHP redirect is that it is much faster than a javascript redirect. Also PHP calls the exit() function after the redirect, so you don't have to worry if there is sensitive data that would be returned if the page was allowed to process. I suggest using a PHP redirect for sending un-authenticated users to a login page. You don't want ANY procssing to happen on the secured page if the user isn't authenticated. This prevents any AJAX or even constructor function or processes from being called. It litterally sends the redirect headers and kills the process.</p> <p> <a href='?Action=TestRedirectPHP'>Click here to Test redirect With PHP</a> </p> <p></p> <p></p> </div> </div> <?php } }