Project suReality - ReSpawN

ReSpawN · 01-28-2008, 04:55 PM

Project suReality is the working title of my CMS system. I'm going to create it for the experience and of course to be sold to customers. Therefor it has to be somewhat flawless and that is where you guys come in!

I've been around talkPHP for a while now and I've grown quite fond of so to speak. I've learned a lot from the people that post here. Especially the articles from Wildhoney, Alan, Rendair and Salathe did me good. And of course, I've leaned a lot from the introduction to OOP by TcAdereas (hopefully spelled alright).

Let's get back to the subject here. I'm, as I just have written, working on my CMS. To not spam this board, I am going to ask my questions in this topic, so that other people that are interested in making their own as well, can read all about it in here.

I started off in an other topic but I couldn't change the subject, so I am simply going to refer to it.

The best way to start off building a CMS; Thread.

While asking the questions and building my CMS, I will expand the list somewhat to help other guys find their way in this topic.

Let the question asking begin huh? I hope I did this right.

ReSpawN · 01-28-2008, 04:59 PM

First off, I wanted to secure my CMS against hackers and script kiddies using a license system. There are a couple of ways to do this, I recon. But I have yet to find the right way to take this up.

Way #1;
Thought about connection to a master-slave database. My own database therefor being the master, and the copy of suReality being the slave. The key would then have to be stored in my own database and unaccessible from the outside. First off, I don't think that that's possible, but hey, what the heck.

Way #2;
Creating a large deposit of codes, encoded into base64 about 5 times. Easy hackable, but yet they would know how to. I think the eregi will take up too much time, so that's not very smart as well.

Well, I've got some other small idea's but they are not worth mentioning. Does anyone have an other perspective on this idea? I want to incorporate the function into every home-build module and script so that you would really have to buy large - separate - modules.

Can't wait to sink my teeth into this one, but as it stands now, I am alone on this one. I hope you guys can offer some insight.

Alan @ CIT · 01-28-2008, 05:10 PM

In reality, the only way you could realisticly prevent people sharing your application is to use a licence manager / encoder such as Ioncube or Zend Encoder. This would deter your average user who wants to share it with their friend but wouldn't do much against "professional" sharing groups as both Ioncube and Zend Encoder can be decrypted back to the original source using various grey-market tools.

Alternativly, you could take the vBulletin approach which is to reactivly respond to pirated copies of your application. Ie, a user reports that they think that your script is being run illegally on Example Web Page, you then check this website against your licence database and take action as needed (ie, send them a DMCA notice and hope for the best).

It's a sad truth nowadays that if large companies such as Microsoft are unable to prevent their software from being shared with their vast resources, small companies like us have no chance

Alan

ReSpawN · 01-28-2008, 05:37 PM

Alan, what you're talking about there, makes a lot of sense. I've heard of the Zend Encoder (your blog and all, love it by the way) but I'm new to IonCube. I recon both need an pre-installed plugin on the server to decrypt, the encrypted data? Some of the more cheaper hosts do not have that ability. As shame as it is, I cannot depend on a encoder that has to be paid for since it might kill my selling rates.

On the other hand, the vBulletin approach is pretty well known to me. I've used vBulletin in the past but my database crashed and I've never gotten back around to putting my old site up (SpiraDesigns).

As I see it know, there is simply not a simple way to secure your CMS against copying. I trust that against my hopes, my CMS will not grow that popular. So for now, I will push the idea of a license system to the back of my head and start off with something else. Maybe a wider template class.

Thanks for the answer.

xenon · 01-28-2008, 07:28 PM

There isn't a bullet proof licensing system or such for web applications.

About way #1 of yours. You may want to take a look at SOAP and XML-RPC. I think it's easier that way instead of hardcoding your database access credentials into the user's system. Of course, by deleting a couple of lines of code, you are not constrained by anything anymore, but for the legitimate user, that doesn't matter, because he doesn't know how to do it.

Orc · 01-28-2008, 09:35 PM

Quote:

Originally Posted by xenon

There isn't a bullet proof licensing system or such for web applications.

About way #1 of yours. You may want to take a look at SOAP and XML-RPC. I think it's easier that way instead of hardcoding your database access credentials into the user's system. Of course, by deleting a couple of lines of code, you are not constrained by anything anymore, but for the legitimate user, that doesn't matter, because he doesn't know how to do it.

There is a brilliant Licensing system for PHPCow, which Gamespot, and all those other clustered sites use. People still try to crack the system, or null as you call, yet it doesn't work.

That goes for cPanel too..

Alan @ CIT · 01-28-2008, 09:43 PM

PHPCow uses Zend Encoder as far as I'm aware, not sure about Gamespot and doesn't cPanel use a C/Perl mixture for its code rather than PHP?

Alan

ReSpawN · 02-08-2008, 06:14 PM

Project suReality

MySQL Class [100%]
Email Handeling Class [50%]
Session & User Management [0%]
Module Management [0%]
Template Class [30%]

TlcAndres replied to my question about where to start with a Cache Class. First off, what is that supposed to be?

Second, I am currently developing my own template class but so far it's going pretty crappy. I've used a class with functions calling up a document where the layout is defined, and which includes an other file as well.

PHP Code:


			
       function constructFooter() {
                global $systemCore, $config, $db, $pageStart;
                if (file_exists('templates/'.$systemCore['system']['template'].'/general.footer.php')) {
                    require_once('templates/'.$systemCore['system']['template'].'/general.footer.php');
                } else {
                    echo 'Could not retrieve general.footer.php';
                }
            }

As you can see, I have to globalise some of the functions my system uses in order to make it work propperly. Is this the best way or can somebody please give me an example to use?

TlcAndres · 02-08-2008, 08:44 PM

By a cache class I meant a class that works in tangent with the template class to store the finished products into a cache folder, for example.

template:

Quote:

run through template class

PHP Code:


			
<html><head><title><?=t_titleFetch();?></title></title></head></html>

the cache class then just stores it into the appropriate folder heirarchy, optimally the cache class would also handle the storing of sql results which stay pretty much the same.

Also, functions preferably do not output any messages and the such.

ReSpawN · 02-09-2008, 08:00 PM

Thanks mate, I am still figuring out if I want to use a template class. For now, I can going to create and expand my other classes. Thanks again.

ETbyrne · 02-10-2008, 02:34 AM

This sounds cool, just one question. What's your CMS going to do? Just curious.

TlcAndres · 02-10-2008, 02:47 AM

From the looks of his classes, it appears to be a joomla-ish type CMS.

ReSpawN · 02-10-2008, 10:41 AM

Quote:

Originally Posted by TlcAndres

From the looks of his classes, it appears to be a joomla-ish type CMS.

You're good. Try to guess how much money I have in my wallet.

Seriously, he's correct. It's your everyday basic and advanced system. For bloggers, basic websites, business websites and I am also going to focus on gamers (live teamspeak and such).

TlcAndres · 02-10-2008, 05:02 PM

Good luck mate, my own CMS is under construction and testing.

ReSpawN · 02-10-2008, 08:44 PM

Very nice, if you need help or if you've got something to show, post!

codefreek · 02-12-2008, 05:14 AM

ReSpawN there is a thing you could do to your licence problem ;)

you can code in the cms a CMD close tag, or so on or a like admin accses
that you only now and then if you see a person use your script when they havent payed for it or so on..

Then you can close them down ;)

many ppl's do like this,

Hope this helps out ;)
keep up the good work :D

and ty for this topic :)

ReSpawN · 02-12-2008, 11:14 AM

Yep, there will be an global admin for sure, so I can access every version and release of my CMS. It would be nice if I could sell modules separate but I recon that'll take a lot of coding. When I start coding my modules, I will first code my license system.