protected function BODY()
{
parent::BODY();
?>
<div class="row">
<div class="col-lg-12">
<h1>Basic Version</h1>
<p>CAEDO as it has been explained so far from the Hello World Learning Path, has been very basic. There has been no discussion of site configuration, sessions, Databases or security, not to mention performance tools like caching.</p>
<p>We have all of that. And it is all al la carte. You can pick and choose what components you want to use. You can build a Page Template that has it all on every page, or you can load it in at the page level. You can also build your own classes and functions to handle even more inputs and outputs. Caedo is as flexible as posible to allow you to run global setup code for your site during the framework bootstrap. Editing the frameworks source code should not be required to add massive new functionality. This being said, editing the local framework bootstrap files needs to be done carefully. Wrong settings or broken local code will lead to a broken framework and unfriendly error messages. I suggest debugging all local framework mods alone and without a larger project running. This will make it easier to debug and identify the true sources of errors. I would also ask that you post whatever mods you create on github. You're not required to, but if its something that you needed, chances
are there is someone else out there that could also benifit.</p>
<p>Simplicity with incredible flexibility. One of the things I see in frameworks today, is a lack of great utility features. Features tend to be more flashy and less substantal. Caedo is different. When most frameworks take a basic page and build up, we take a basic page and build down. We offer features that are viewed as unneccesary by many frameworks. I will give a short example of what I'm talking about here.</p>
<p>Suppose you have an operating site, built on some framework or CMS, and you want to move hosting companies. What do you do?</p>
<p>It's a mess. A mess that will as far as I have seen always 100% of the time result in some form of downtime. Why is this? Is there just no way to do it and avoid downtime?</p>
<p>Caedo can do it. Zero down time. One of the feature of Caedo's database driver is that it will allow you to specify two separate databases to execute each data request against. So two databases, operating independent of each other, running the same commands. You would migrate your database with these commands:</p>
<ol>
<li>Restore a backup of your production database to a new database server. The more recent the better, but yesterday's backup will work just fine.</li>
<li>Add this second database to the caedo config, so inserts and updates start running against both databases. This will start to bring the new database in sync with the current</li>
<li>Run the Caedo database migration tool, to see what differences there are between your databases. This tool will allow you to copy data from your old database to your new database and get them 100% in snyc.</li>
<li>Run the Caedo database migration tool, multiple times until it can't find any differences. This will mean that you now have two active and distinct copies of your data, 100% in sync and you are ready to make the new database your primary database at any time.</li>
<li>Not only is the database switch without downtime. It is also reversable. Suppose you are upgrading database versions, or changing cloud server sizes, and you quickly realize that there is a load issuse. How do you roll back? Easy, since you're still executing all inserts and updates on both servers, you can switch back at any time. Zero downtime, zero lost data.</li>
</ol>
<p>This is just a small example of how we're different. There are many more usful features like this that are usually reserved for the most expensive platforms and are now available to you free of charge in an open source project. Just ask yourself, Can you do this in you curent framework or CMS?</p>
<p>Looking at the links in the menu, you will see that the one under this link is for Database. I suggest starting there and continuing down.</p>
</div>
</div>
<?php
}
protected function BODY()
{
parent::BODY();
// style='display: none'
?>
<div class="row">
<div class="col-lg-12">
<pre id='README_md' style='display: none'>
<?php
print self::addDoubleSpaces(escape_html_specials(file_get_contents($this->__RootFolder . 'README.md')));
?>
</pre>
<?php
// set up the parse and display of the README.md file
$this->__JavaScript("var converter = new showdown.Converter(); ", true, false);
$this->__JavaScript("var html = converter.makeHtml(\$('#README_md').text().trim());", true, false);
$this->__JavaScript("\$('#Readme').html(html);", true, false);
?>
<div id='Readme'></div>
</div>
</div>
<?php
}
protected function BODY()
{
parent::BODY();
?>
<section class="main__middle__container">
<div class="row nothing title__block first__title__block min_height">
<div class="col-md-12">
<h2 class='center_text'>You have been logged out.</h2>
<hr>
<p>Notice that this page is NOT using the secure template. Using the
secure template is...well, not what I would suggest. If, and this is
a big "if", it works for the first load. It will fail on a page
refresh. Worst case you'll be directing your user to a page that
will instead of saying something like "You have logged out" it will
send them to the login form. And depending on what code you added to
your login page template, it could say something like "You must
login to view this page". You may also have added something to save
the requested page and redirect your user to that page after they
have logged in. In which case you could be asking your user to login
in order for them to logout. If that still sounds like a good idea
to you, well, I rest my case.</p>
</div>
</div>
</section>
<?php
}
protected function BODY()
{
parent::BODY();
?>
<div class="row">
<div class="col-lg-12">
<h1>Database</h1>
<p>Databases are one of the most common ways of saving data. Since
we're on PHP, mySql is pretty standard choice. Although I an doing
this demo using mySql, and there are built in features for MySql,
doesn't mean that it is what you have to use. This is PHP after all,
and any valid PHP can be executed in a page template. You can roll
you own Postgress, MSSQL, MongoDB, etc database interfaces, and they
will play with Caedo like the best of friends. This is part of the
reason I did the hello world examples with no database. Caedo is not
database dependent, and will support any database or data storage
method you choose.</p>
<p>Some of the design behind how page templates are built, being very
encompassing and very separate from the page files was for division
of responsibility. I want it to be easy for more junior developers to
contribute pages, classes and features without worring about how the
nuts and bolts of the page template or the Caedo framework for that
matter works.</p>
<p>I wish there was a way to actually remove the use of some PHP
functions in certain php pages. I've worked with junior developers
that just didn't quite understand what I was talking about when I
said "I want you to use the framework's database commands." They were
very ingrained into the standard non-framework world, where as a
developer it was their job to open a database connection.</p>
<p>For obvious reasons, having developers open their own database
conenctions is a terible idea. How will you store the credentials?
Plain text in the top of the page?? What about testing, what if we
want to point at a different database? Are we running the risk of
connecting to a live production database while testing??</p>
<p>This path goes into some very dark woods rather quickly. Junior
developers don't always think of these things, they don't have the
experance needed to see the problems. It's not their fault though, if
they are fresh out of school, the consequences of connecting to the
wrong database while running a homework assignment are on a different
level then doing that in a business situation where there are jobs
and real money sitting on the other side of that data. One simple
mistake like deleting or altering production data can end careers and
cost companies significant money.</p>
<p>I am a strong advocate of making the right thing to do, the easiest
thing to do. Because of this, I run static code analisys on all git
checkins and see if any of my developers are using their own database
conenctions, and I kick out that code as unacceptable. In my world,
the only way to get and save data is through the authorized methods
provided by Caedo.</p>
<p>Beyond the safety angle. There are also other reasons why you might
want to use a standardized way of getting and saving data. Logging is
at the top of my list. It's pretty nice to be able to flip a switch
and start seeing a streaming log of every line of SQL that is being
excuted onto a database.</p>
</div>
</div>
<?php
}
protected function BODY__nukq()
{
parent::BODY();
$this->BodyHeader();
?>
<p>This is the alternate view. You will see this view when using the nukq.com domain name to view this page.</p>
<p>
<a href='http://getcaedo.com/TopicPages/Configuration.php'>Go back to the GetCaedo.com domain.</a>
</p>
<?php
$this->BodyFooter();
}
protected function BODY()
{
parent::BODY();
// Logins should generally be behind SSL when not on localhost
// If you want to force to SSL, this is a good place to redirect.
// set this to true to redirect to SSL if not secure
$UseSecure = true;
if ($UseSecure) {
}
// Check if logged in, if so mypass this page
$BypassIfLoggedIn = true;
if ($BypassIfLoggedIn) {
}
?>
<section class="main__middle__container">
<div class="row nothing title__block first__title__block">
<div class="col-md-12">
<h2 class='center_text'>Please Login</h2>
<hr>
<form action='' method='post'>
<div class='row center blackTDtext'>
<div class='col-sm-6 text-center'>Email (caedo@getcaedo.com):</div>
<div class='col-sm-6 text-center'>
<input type="text" name='email' id='email'
value='<?php
print @$_POST['email'];
?>
' size=50>
</div>
</div>
<div class='row center blackTDtext'>
<div class='col-sm-6 text-center'>Password (CaedoRocks!):</div>
<div class='col-sm-6 text-center'>
<input type="password" size=50 name='password' value=''>
</div>
</div>
<div class='row center blackTDtext'>
<div class='col-xs-4'></div>
<div class='col-xs-4'>
<?php
if ($this->UseRecaptcha) {
?>
<div id='recaptcha'
class="g-recaptcha padcaptch text-center center"
data-sitekey="6Ld1WhYTAAAAACPQ7JuuhM_IdTvzXn5UzimTu0YQ"></div>
<?php
}
?>
</div>
<div class='col-xs-4'></div>
</div>
<div class='row center blackTDtext'>
<div class='col-sm-5'></div>
<div class='col-sm-2'>
<input type="hidden" name='posted' value="true" /> <input
class="btn btn-info" type="submit" value="Login">
</div>
<div class='col-sm-5'></div>
</div>
</form>
</div>
</div>
<div class="row nothing title__block first__title__block"
style='margin-top: 50px'>
<div class="col-md-12">
<hr>
<hr>
</div>
<div class="row nothing title__block first__title__block"
style='margin-top: 50px'>
<div class="col-md-12">
<h2 class='center_text'>So what is going on here?</h2>
<p>
If you have read some of the notes I have made in other places you
may have an understanding of my perspective on security. I feel
that in many cases the security implemented over stripes the actual
security need. This leads to extra code that needs to be maintained
at best, and both a bad user experience and a less secure site at
worst.<br /> <small>Yep. Less secure. Do you want people to write
their password on a sticky note on their monitor? Just make them
change their password every week. I guarantee it'll happen.
Tightening security can reduce your security effectiveness.</small>
</p>
<p>Please look at the code of this page, it has notes as to what
options there are. Notes are located next to the relivent code</p>
<p>
Here are the text excerpts:<br /> <br />I don't pretent to know
your individual security requirements. <br /> You may laugh at the
array method as not a "best practice", and say "Never hard code
your login information" <br /> I would ask yourself if your
developers have admin database access. If they do... then you're
making your life complicated for no added security <br />How often
are passwords changed? If this is a small site, they may never be
changed. Do you really need to allow users to change their own
password? Are you the user? <br />What about salting and hashing?
"How could you <u>POSSIBLY</u> not salt and hash your
passwords?!?!?!" Calm it down scooter. How many people are logging
in here? 1 or 1 million? <br />Saying that there is a one size fits
all methodology for security is ludicrous. Is this a cat forum or a
banking site. Are you really saying the security plan should be the
same for both? <br /> <br />So, need more?
<ul>
<li>You can salt and hash all your passwords... even if you keep
them hardcoded</li>
<li>You can connect this to a database to remove login details from
the source</li>
<li>You can check cookies and IP address against prior logins</li>
<li>You can check prior login fails, and black list IP addresses,
or lock account</li>
<li>You can connect to a key store such as AWS IAM.</li>
<li>You can impliment two-factor authenication here. Email based is
easy to roll your own, use twilio to send a text</li>
<li>It's all up to you, think about what you really need.</li>
</ul>
<br /> <br />I suggest checking forks of this project and check back
for future versions. My guess is we will be building out many of
these security options.
</p>
<p>Your thoughts may differ from mine. That's okay. Build whatever
you think you need. Caedo supports building out NSA level secuirty
if that's what you want.</p>
</div>
</div>
</section>
<br />
<br />
<br />
<br />
<br />
<?php
}
protected function BODY()
{
parent::BODY();
if (isset($_GET['Action'])) {
if ($_GET['Action'] == 'TestRedirect') {
?>
<div class="row">
<div class="col-lg-12">
<h1>Redirecting Now!!!</h1>
</div>
</div>
<?php
Redirect('ExtraFunctions.php', true);
}
if ($_GET['Action'] == 'AutoRefresh') {
?>
<div class="row">
<div class="col-lg-12">
<h1>Redirecting in 10 seconds!!</h1>
</div>
</div>
<?php
AutoRefresh('ExtraFunctions.php');
}
if ($_GET['Action'] == 'TestRedirectPHP') {
?>
<div class="row">
<div class="col-lg-12">
<h1>Redirecting Now!!!</h1>
</div>
</div>
<?php
Redirect('ExtraFunctions.php');
}
} else {
?>
<div class="row">
<div class="col-lg-12">
<h1>Extra Functions</h1>
<p>There are a number of helpful functions that have been built into
CAEDO. Some of these are for PHP only, some are for PHP/MySql and
some are for Javascript. You can find most of these function in
GlobalFunction.inc in the ##VENDOR/caedo/framework directory.</p>
<p>Standard Process. Most of these functions are not complex. Don't
expect the world from any of them. What they are is consistant. When
you use these functions you can worry less about the underlaying PHP
needed to make each one of these happen. You can instead focus on
programming your actual product. I would also guess you will have
fewer typos when doing these standard things. These functions have
been vetted and in use in production websites. (...but who knows,
there still could be bugs. If you find one feel free to submit a pull
request to fix the issue.)</p>
<h2>Date Functions</h2>
<p>When you need to work with dates things can get complicated. Even
something as simple as finding out what time it is can be far more
complicated than first meets the eye. --What time is it where? Where
the server is located? Where the php timezone setting is set? Where
the user is? Where one of our locations is?--</p>
<p>We're not so much adding new functionality to PHP as we are
wrapping the existing functions. Calculating things like business
days, and adding business days to date. Dealing with time, and adding
say 30 minutes to a date time.</p>
<h2>Redirect Functions</h2>
<p>Redirection is something that most websites will use at least in a
few places. We have built two functions for redirection. Javascipt
redirection and PHP redirection.</p>
<p>Javascript redirection is used for anytime you want the user to see
the page, and they automatically direct them away, to a different
page. This could be a "Success!" page, or a "You will be redirected
in 5 seconds"</p>
<p></p>
<p>
<a href='?Action=TestRedirect'>Click here to Test Redirect</a>
</p>
<p>
<a href='?Action=AutoRefresh'>Click here to Test With 10 Second Delay</a>
</p>
<p>You can also redirect with PHP. This is done by sending redirect
headers. The advantage of using PHP redirect is that it is much
faster than a javascript redirect. Also PHP calls the exit() function
after the redirect, so you don't have to worry if there is sensitive
data that would be returned if the page was allowed to process. I
suggest using a PHP redirect for sending un-authenticated users to a
login page. You don't want ANY procssing to happen on the secured
page if the user isn't authenticated. This prevents any AJAX or even
constructor function or processes from being called. It litterally
sends the redirect headers and kills the process.</p>
<p>
<a href='?Action=TestRedirectPHP'>Click here to Test redirect With
PHP</a>
</p>
<p></p>
<p></p>
</div>
</div>
<?php
}
}
