Skip to first unread message
Andrew Brookes
Dec 31, 2016, 11:58:45 AM12/31/16
to Fat-Free Framework
if there is please add this one :
https://github.com/captain-sensible/myweb its basically a clone of a B.S.W.S (bog standard web site) http://ghanalug.org
Since one way of learning code is to take apart somebody else's code somebody starting with f3 might get ideas.
One concept came to mind- Wordpress etc is in demand because none coders/users just want something to download & run. What if there was a lean ready to go web built on f3?
https://github.com/captain-sensible/myweb its basically a clone of a B.S.W.S (bog standard web site) http://ghanalug.org
Since one way of learning code is to take apart somebody else's code somebody starting with f3 might get ideas.
One concept came to mind- Wordpress etc is in demand because none coders/users just want something to download & run. What if there was a lean ready to go web built on f3?
Summer White
Jan 1, 2017, 3:46:47 AM1/1/17
to Fat-Free Framework
I'm not exactly sure the question you are actually asking. Can you please elaborate.
If you are asking for a list of example applications, copied from the documentation under the main user guide:-
I've never heard of the acronym B.S.W.S and a google search for it resolves nothing. Where did you pluck that from or did you make it yourself =\? Wordpress is generally called a CMS (Content management system).
If you are asking for a list of example applications, copied from the documentation under the main user guide:-
I've never heard of the acronym B.S.W.S and a google search for it resolves nothing. Where did you pluck that from or did you make it yourself =\? Wordpress is generally called a CMS (Content management system).
"lean ready to go web built on f3?"
What do you mean by this? The demo examples are a good starting point but in the end there are many ways to skin a cat with F3.
Thank you for sharing your GIT repo with us. Did you want us to critique it?
Thank you for sharing your GIT repo with us. Did you want us to critique it?
Andrew Brookes
Jan 1, 2017, 10:31:48 AM1/1/17
to Fat-Free Framework
Hi Summer thanks for replying
i'm waiting for my kebabs cooked on coal pot here in Ghana ,Africa so thought would do a quick reply.
Yes basically was asking for list of examples.
Not sure where i got BSBW from but my N.E UK background working with ex-cole miners gave me some rich vocabulary.
Your right of course W.P cam be thought of as a CMS, my thinking was from a different perspective. I'm thinking that none coders just want something they can download & use with minimum tweaks. My visions of a BSWS would be static pages , blog facility & forum.The concept would be that if this sort of web idea was put together using f3 ,without unnecessary bloat then the take up (if wanted) & therefore use & exposure to F3 could be huge.
Critique- its a bit rough at the minute but maybe month or so down road
Anatol Buchholz
Jan 1, 2017, 5:02:24 PM1/1/17
to f3-fra...@googlegroups.com
Hey Andrew,
unfortunately I cannot provide a list you asking for. But have a look at this thread.
You will find some stuff which is on github as well.
By the way if you like to make it easier for starters to learn
F3 by looking at your code it would be nice if you format/align it.
(In my editor sublimetext I use phptidy sure your editor will have an option as well ;)
Andrew Brookes
Jan 24, 2017, 4:37:34 PM1/24/17
to Fat-Free Framework
Hi Anatol i'll start tidying up sometime this week
Summer have a look anytime your at a loose end !
I don't know much about hacking but was worried about config values in config.ini to hackers . Salt can be moved outside web root
ran Wapiti it & got
Wapiti vulnerability report for http://localhost:8000
Date of the scan: Tue, 24 Jan 2017 20:56:41 +0000. Scope of the web scanner : folder
Summary
| Category | Number of vulnerabilities found |
|---|---|
| Cross Site Scripting | 0 |
| Htaccess Bypass | 0 |
| Backup file | 0 |
| SQL Injection | 0 |
| Blind SQL Injection | 0 |
| File Handling | 0 |
| Potentially dangerous file | 0 |
| CRLF Injection | 0 |
| Commands execution | 0 |
| Resource consumption | 0 |
| Internal Server Error | 0 |
I only really intend this for SME's in 3rd world like Ghana where they just want a basic web but If anybody can spot security flaws i could learn from it
Anatol
Jan 26, 2017, 2:59:12 AM1/26/17
to f3-fra...@googlegroups.com
Dear Andrew,
I did a quick test but could not login with admin/admin. It says the user does not exist?
Maybe it would be good to change the README in case there are further install steps needed.
Anyway I scanned your code a bit and would suggest some improvements.
1. Use csrf protection on your login form.
2. If I scanned your code correctly you do not sanatize the POST input and sometimes output data "raw" in your views. This could be a danger for XSS attacks. I would suggest to sanatize every User input.
- https://github.com/captain-sensible/myweb/blob/888976f68ece7d996dcd1c1e5f92d811b120a2d4/api/controllers/Blog.php#L55
- https://github.com/captain-sensible/myweb/blob/f361124412642bc33ddfe595b1838d7668c244b9/ui/blogArticle.htm#L74
- https://fatfreeframework.com/3.6/views-and-templates#DataSanitation
3. As you said the main purpose of this project is to give other users code for learning:
- Format your Code, the spaces are not really readable:
- Take into account following PSR-1 and PSR-2
- I haven´t looked at it, but Rayne one of the board members commits to this project which looks like full of useful "best practices"
- Comment your Code
I hope this helps a bit.
– anatol
Andrew Brookes
Jan 26, 2017, 7:11:46 AM1/26/17
to Fat-Free Framework
Anatol -
thats a great help, thank you very much ! will work through it.
On the log in i was playing around on localhost , then forgot to change it back before updating at gtihub.
Current pass is user: admin
pass: Englishman
just tried it & it works
Nuwanda
Mar 19, 2017, 2:44:19 AM3/19/17
to f3-fra...@googlegroups.com
I'm a Wordpress developer and I think the point of WP has been missed here.
WP abstracts away nearly all PHP code by providing a) an admin and templating system, and b) by providing a vast set of functions that makes writing plugins easier.
WP was once a mere CMS but is now considered a true PHP framework due to that abstraction. The REST API has moved that further so that frontend development can be truly abstracted from the WP backend.
My point is that to create a similar abstraction on top of F3 would be to lose any advantage F3 has over something like WP. It's really just a matter of how much abstraction a particular framework achieves.
One of the hardest things to create for any site is the backend. As coders we can create very efficient things but the backend is always the big deal, allowing our users to create content and control the function of the site. Wordpress does that supremely well. It gets (and has gotten) to the point that you can use something like F3 to create a routing and frontend solution that uses WP's admin interface as a backend, including its user/permissions system.
And frankly there's nothing WP can't do since every website is just a frontend connected to a database with an attached admin interface. That's why every time I'm presented with a job I automatically use Wordpress. Why wouldn't I? If a similar CMS was written in F3 I wouldn't be using it because of F3, I'd be using it because it offered better tools, which Wordpress already does. It doesn't even come down to speed since modern delivery systems make everything as fast as anything else.
I love F3, but only because it's lean and allows me to code closer to native PHP. But I have to think of my users and development time. And for that reasons WP is my go-to solution.
The reason Laravel, Slim, Phalcon, etc. enjoy vastly more popularity than F3 is because they offer more abstraction, more tools. But the fundamental problem remains: creating a backend for your users. And that's the reason I like F3 over them: it gives me more control over the code without the learning curve. But I still need to do the hard work of the backend regardless.
WP abstracts away nearly all PHP code by providing a) an admin and templating system, and b) by providing a vast set of functions that makes writing plugins easier.
WP was once a mere CMS but is now considered a true PHP framework due to that abstraction. The REST API has moved that further so that frontend development can be truly abstracted from the WP backend.
My point is that to create a similar abstraction on top of F3 would be to lose any advantage F3 has over something like WP. It's really just a matter of how much abstraction a particular framework achieves.
One of the hardest things to create for any site is the backend. As coders we can create very efficient things but the backend is always the big deal, allowing our users to create content and control the function of the site. Wordpress does that supremely well. It gets (and has gotten) to the point that you can use something like F3 to create a routing and frontend solution that uses WP's admin interface as a backend, including its user/permissions system.
And frankly there's nothing WP can't do since every website is just a frontend connected to a database with an attached admin interface. That's why every time I'm presented with a job I automatically use Wordpress. Why wouldn't I? If a similar CMS was written in F3 I wouldn't be using it because of F3, I'd be using it because it offered better tools, which Wordpress already does. It doesn't even come down to speed since modern delivery systems make everything as fast as anything else.
I love F3, but only because it's lean and allows me to code closer to native PHP. But I have to think of my users and development time. And for that reasons WP is my go-to solution.
The reason Laravel, Slim, Phalcon, etc. enjoy vastly more popularity than F3 is because they offer more abstraction, more tools. But the fundamental problem remains: creating a backend for your users. And that's the reason I like F3 over them: it gives me more control over the code without the learning curve. But I still need to do the hard work of the backend regardless.
Andrew Brookes
Mar 26, 2017, 1:57:42 PM3/26/17
to Fat-Free Framework
Hi Nuwanda,
thanks for joining this thread!
You have to understand my perspective to understand where i'm coming from.I'm now back in the UK but just came back from West Africa -sorry for the delay there has been family matters to attend to.
If you are a Wordpress developer thats great - because you know what your doing, and help clients who in a nutshell don't know what they are doing.
. My aim however ,for an "adaptation" of use of f3 is for people learning code particularly in 3rd world Countries like Ghana , (i.e not professional developers) and also something fairly stripped back that maybe small to medium enterprises might use & be edited by PHP coders with maybe limited abilities. If you look at php classes in say application controllers of my use of f3 its just basic OOP fairly crude native PHP- thats fine because my aim is just for any PHP coder to understand it. I had a look at Wordpress PHP "jesus whats going on" - i don't understand it quite frankly ,so theres not a cats chance in hell of most PHP coders in Ghana understanding it either.
In Ghana i met a guy who took 10 years to get to the level of using a PHP framework similar to F3; significantly apart from me he had not met anyone in 10 yrs in Ghana who was anywhere near his ability.
My instinct from experience in Ghana is that its better to go for something you have a chance of fully understanding than go with the herd & use something thats more voluminous & therefore would take longer to know inside out.
Here's an example : http://presidency.gov.gh/wp-content/uploads/2017/02/ I would never make it easy for the world to have access to all the photos i uploaded , since one day i upload something i don't want the world to see. However this guy & his team have gone for Wordpress & obviously don't fully understand how to use it.
This guy happens to have a lot of resources at his disposal in fact he is the President of Ghana . Basically if the guy at the top of the tree can't get it right , not much chance of anybody else in Ghana either.If they had someone like you that would be fine but believe me they don't.
Nuwanda
Mar 26, 2017, 6:04:13 PM3/26/17
to f3-fra...@googlegroups.com
If your goal is teaching people how to code, then raw PHP is the way to go.
If your goal is turn-key productivity, then something like Wordpress is the way to go.
F3 sits in the middle. But I don't think it's necessarily the best thing for learning how to code since what you're teaching is the abstraction that F3 represents, not the actual language it is written in. It would be like teaching a child how to run before they could walk. I say stick to raw PHP for enabling learners. That way they understand the fundamentals which makes learning ANY framework, be it F3 or Wordpress or Laravel, etc., much easier.
Your example site: images by definition are public. That is, the are already visible on the site. That you can see the public uploads folder means nothing since those images are already public via links in various places. The error in showing a raw directory listing is aesthetic, not a security risk. This is not the fault of Wordpress. Frankly, you have more chance of exposing sensitive data as a beginner writing raw PHP than you do using a robust framework, but in the end, nothing will save you from your own inexperience. If I could only give someone a few hours training and then tasked them with creating a basic site with authentication, uploads and form submissions, it would be far safer for them to use Wordpress than writing their own code. But the bottom line is that no beginner should be creating sites that handle sensitive data regardless of what programming tool they use.
If your goal is turn-key productivity, then something like Wordpress is the way to go.
F3 sits in the middle. But I don't think it's necessarily the best thing for learning how to code since what you're teaching is the abstraction that F3 represents, not the actual language it is written in. It would be like teaching a child how to run before they could walk. I say stick to raw PHP for enabling learners. That way they understand the fundamentals which makes learning ANY framework, be it F3 or Wordpress or Laravel, etc., much easier.
Your example site: images by definition are public. That is, the are already visible on the site. That you can see the public uploads folder means nothing since those images are already public via links in various places. The error in showing a raw directory listing is aesthetic, not a security risk. This is not the fault of Wordpress. Frankly, you have more chance of exposing sensitive data as a beginner writing raw PHP than you do using a robust framework, but in the end, nothing will save you from your own inexperience. If I could only give someone a few hours training and then tasked them with creating a basic site with authentication, uploads and form submissions, it would be far safer for them to use Wordpress than writing their own code. But the bottom line is that no beginner should be creating sites that handle sensitive data regardless of what programming tool they use.
Reply all
Reply to author
Forward
0 new messages