PostNuke
Flexible Content Management System
News
PostNuke CMS Make E-commerce Websites Affordable
Christie had been a heavy user of the Internet for years. “I knew which sites I researched repeatedly,†Christie said. “So I started planning my site by analyzing how sites keep me coming back. Good content is the primary draw, but what else?â€
Analyzing Website Assets and Annoyances
After a few days of surfing her favorite haunts and examining sites she’d let fall by the wayside, Christie came up with a laundry list of characteristics that she liked: short, easy to remember and descriptive site name; clear focus and organization; easy navigation; free and meaty content; plus links to additional resources.
She also identified a number of annoyances that sent her running to another site: multiple broken links, signup required to access content, popup ads, outdated content, poor navigation and/or search capability. And her number one complaint—locking you onto the site by disabling the browser back button!
Website Do’s and Don’ts
Then she went one step further and read numerous articles on what other people look for. “These articles strongly influenced not only what features were incorporated, but where they are placed,†Christie said. “For example, privacy and the ability to contact a real person are top priorities for many site visitors. So I placed both in the top navigation bar for easy access.â€
She also discovered that the best sites are designed to involve visitors—to invite them to contribute content, give feedback, voice their opinions, and exchange information with and help each other. “To improve the ‘stickiness’ of the site, we expanded our plan to include a forum, polls, contributing content, free classifieds and a job bank. I also redesigned my e-newsletter tone to make it more personal, as well as to make subscribers come to the site to read the full story or fill out an opinion poll.â€
Custom Development Gone Wrong
After talking to several Web developers, Christie chose a developer offering a custom designed PHP solution using SQL databases to store thousands of stories and favorite links. However, two months into the project, it became evident that the developer didn’t have adequate programming staff to launch the site within the promised three-month schedule. Unfortunately, Christie felt she had few alternatives. “I’d already spent hundreds of hours working on the site design and adding thousands of favorite links and articles to the database—work that would be lost if I changed vendors.â€
Three months later and one week before launch, the site went down. The next day it was still offline, even the backend admin area. Then the dreaded call came: hackers had broken into the server hosting facility. “What about the backup? I asked.â€
“The last backup file was corrupted,†was the answer. A two-month old zip file didn’t match the current software version, making site restoration almost impossible—but they said they would try. “At this point, I lost all confidence in the developer—not to mention over five-thousand records I’d uploaded,†Christie said.
Searching for a New Solution
Christie wasn’t sure what to do. “I couldn’t afford the time or money to start coding the site from scratch. I knew I would be shopping for champagne on a beer pocketbook of $5,000,†Christie said. “But I didn’t want to compromise unless I had to.â€
Christie began searching online for a new developer. Soon, one of the people she contacted emailed her a slew of probing questions.
“I felt like I was taking a test,†Christie said. “But the quality of his inquiries gave me confidence this person wanted to clearly understand the scope of the project, as well as my level of expertise to manage the site.â€
Soon Christie scheduled a meeting with Scott Kroeger, owner of Hudson Avenue Technologies in Omaha NE, to discuss the challenges of launching such a complex site on a limited budget. After Christie reviewed her well-documented site map and specifications with Kroeger, he recommended a proven and supported open source content management system (CMS): PostNuke.
“Many developers start coding right away,†Kroeger said. “Since my background is in integration, I get more excited about finding open source software, figuring out how the code works and then using my technical skills and coding to make the modules work together. This way I don’t have to spend a lot of time programming from scratch and debugging code.â€
Integrating/Customizing Open Source Solutions
The two biggest challenges Kroeger faced with the PostNuke implementation were finding a site search solution and providing unique page layout capabilities for each major category or page.
“Linda wanted the flexibility of using html blocks to handle the bulk of the content,†Kroeger said. “However, PostNuke only searches major modules, not html pages. To resolve this issue, I integrated a PostNuke module called Content Express. This module provides the site with a very friendly admin interface for adding html pages and controlling the site navigation, as well as a search engine for html pages.â€
Unique block/page configuration for additional pages isn’t supported by a single PostNuke install. By examining other PostNuke site installations and reading forum discussions, Kroeger quickly figured out that multiple PostNuke installs would work around the page layout problem and provide complete control over the subsite blocks.
“A PostNuke subsite is an additional installation of PostNuke within the ‘main’ PostNuke installation,†Kroeger said. “For example, if the main PostNuke installation is installed under ‘/htdocs/postnuke’, a subsite would be installed under ‘/htdocs/postnuke/subsite1’. So my challenge was to figure out how to make all 28 installs talk to each other by modifying what database tables each subsite looked at. I configured the subsites to maintain their own block layouts—thus each major topic category or subsite/page can be laid out uniquely. Also, Content Express wasn’t built for multi-site configuration, so I had to figure out what it was doing to know how to integrate it for the multi-site solution.â€
To complete the site, Kroeger integrated free PostNuke modules to provide an ezine, forum, job bank, and banner/ad management. “Within two weeks, I was laying out pages and uploading data.†Christie said. “And by the end of two months the DoctorVAR.com site I’d dreamed about was up—within my $5,000 budget and without sacrificing one feature or requirement. The only software I had to purchase was a classified ads module and shopping cart for $59, plus a $30 theme. The rest of the software was free.â€
Kroeger added, “Because Linda had educated herself on Website design and defined the site specifications so well, I knew clearly from the start what was expected. This made my job much easier, which combined with my open source integration strategy, saved her a lot of time and money.â€
The flexibility, performance, and ease of administration of the DoctorVAR.com implementation is a testament to how robust and cost effective open source content management systems are for supporting robust e-commerce Websites.
For additional information about DoctorVAR.com visit their Web site at http://www.doctorvar.com.
Additional Resources:
DoctorVAR.com Website Content/Stickiness Articles
DoctorVar Web Presence Articles
Web Marketing & E-Commerce
http://www.wilsonWeb.com/
Apromotionguide.com - Free Website promotion tutorial
http://apromotionguide.com/
Content Express (PostNuke Module)
http://pn.arising.net/ce/
WhatsNews (PostNuke ezine module)
http://nuke-modules.gading.de/
phpAdsNew (open source ad server)
http://www.phpadsnew.com/one/
phpBB (open source bulletin board) http://www.phpbb.com/
phProfession (PostNuke job bank module) http://www.phpsolutions.co.uk/index.php
Linda Freeman is a freelance writer based in Omaha NE.
Analyzing Website Assets and Annoyances
After a few days of surfing her favorite haunts and examining sites she’d let fall by the wayside, Christie came up with a laundry list of characteristics that she liked: short, easy to remember and descriptive site name; clear focus and organization; easy navigation; free and meaty content; plus links to additional resources.
She also identified a number of annoyances that sent her running to another site: multiple broken links, signup required to access content, popup ads, outdated content, poor navigation and/or search capability. And her number one complaint—locking you onto the site by disabling the browser back button!
Website Do’s and Don’ts
Then she went one step further and read numerous articles on what other people look for. “These articles strongly influenced not only what features were incorporated, but where they are placed,†Christie said. “For example, privacy and the ability to contact a real person are top priorities for many site visitors. So I placed both in the top navigation bar for easy access.â€
She also discovered that the best sites are designed to involve visitors—to invite them to contribute content, give feedback, voice their opinions, and exchange information with and help each other. “To improve the ‘stickiness’ of the site, we expanded our plan to include a forum, polls, contributing content, free classifieds and a job bank. I also redesigned my e-newsletter tone to make it more personal, as well as to make subscribers come to the site to read the full story or fill out an opinion poll.â€
Custom Development Gone Wrong
After talking to several Web developers, Christie chose a developer offering a custom designed PHP solution using SQL databases to store thousands of stories and favorite links. However, two months into the project, it became evident that the developer didn’t have adequate programming staff to launch the site within the promised three-month schedule. Unfortunately, Christie felt she had few alternatives. “I’d already spent hundreds of hours working on the site design and adding thousands of favorite links and articles to the database—work that would be lost if I changed vendors.â€
Three months later and one week before launch, the site went down. The next day it was still offline, even the backend admin area. Then the dreaded call came: hackers had broken into the server hosting facility. “What about the backup? I asked.â€
“The last backup file was corrupted,†was the answer. A two-month old zip file didn’t match the current software version, making site restoration almost impossible—but they said they would try. “At this point, I lost all confidence in the developer—not to mention over five-thousand records I’d uploaded,†Christie said.
Searching for a New Solution
Christie wasn’t sure what to do. “I couldn’t afford the time or money to start coding the site from scratch. I knew I would be shopping for champagne on a beer pocketbook of $5,000,†Christie said. “But I didn’t want to compromise unless I had to.â€
Christie began searching online for a new developer. Soon, one of the people she contacted emailed her a slew of probing questions.
- What kind of site do you need developed?
- How did you choose PHP?
- Is an admin interface required?
- Do you need to manage banner ads?
- What are your support requirements after implementation?â€
“I felt like I was taking a test,†Christie said. “But the quality of his inquiries gave me confidence this person wanted to clearly understand the scope of the project, as well as my level of expertise to manage the site.â€
Soon Christie scheduled a meeting with Scott Kroeger, owner of Hudson Avenue Technologies in Omaha NE, to discuss the challenges of launching such a complex site on a limited budget. After Christie reviewed her well-documented site map and specifications with Kroeger, he recommended a proven and supported open source content management system (CMS): PostNuke.
“Many developers start coding right away,†Kroeger said. “Since my background is in integration, I get more excited about finding open source software, figuring out how the code works and then using my technical skills and coding to make the modules work together. This way I don’t have to spend a lot of time programming from scratch and debugging code.â€
Integrating/Customizing Open Source Solutions
The two biggest challenges Kroeger faced with the PostNuke implementation were finding a site search solution and providing unique page layout capabilities for each major category or page.
“Linda wanted the flexibility of using html blocks to handle the bulk of the content,†Kroeger said. “However, PostNuke only searches major modules, not html pages. To resolve this issue, I integrated a PostNuke module called Content Express. This module provides the site with a very friendly admin interface for adding html pages and controlling the site navigation, as well as a search engine for html pages.â€
Unique block/page configuration for additional pages isn’t supported by a single PostNuke install. By examining other PostNuke site installations and reading forum discussions, Kroeger quickly figured out that multiple PostNuke installs would work around the page layout problem and provide complete control over the subsite blocks.
“A PostNuke subsite is an additional installation of PostNuke within the ‘main’ PostNuke installation,†Kroeger said. “For example, if the main PostNuke installation is installed under ‘/htdocs/postnuke’, a subsite would be installed under ‘/htdocs/postnuke/subsite1’. So my challenge was to figure out how to make all 28 installs talk to each other by modifying what database tables each subsite looked at. I configured the subsites to maintain their own block layouts—thus each major topic category or subsite/page can be laid out uniquely. Also, Content Express wasn’t built for multi-site configuration, so I had to figure out what it was doing to know how to integrate it for the multi-site solution.â€
To complete the site, Kroeger integrated free PostNuke modules to provide an ezine, forum, job bank, and banner/ad management. “Within two weeks, I was laying out pages and uploading data.†Christie said. “And by the end of two months the DoctorVAR.com site I’d dreamed about was up—within my $5,000 budget and without sacrificing one feature or requirement. The only software I had to purchase was a classified ads module and shopping cart for $59, plus a $30 theme. The rest of the software was free.â€
Kroeger added, “Because Linda had educated herself on Website design and defined the site specifications so well, I knew clearly from the start what was expected. This made my job much easier, which combined with my open source integration strategy, saved her a lot of time and money.â€
The flexibility, performance, and ease of administration of the DoctorVAR.com implementation is a testament to how robust and cost effective open source content management systems are for supporting robust e-commerce Websites.
For additional information about DoctorVAR.com visit their Web site at http://www.doctorvar.com.
Additional Resources:
DoctorVAR.com Website Content/Stickiness Articles
DoctorVar Web Presence Articles
Web Marketing & E-Commerce
http://www.wilsonWeb.com/
Apromotionguide.com - Free Website promotion tutorial
http://apromotionguide.com/
Content Express (PostNuke Module)
http://pn.arising.net/ce/
WhatsNews (PostNuke ezine module)
http://nuke-modules.gading.de/
phpAdsNew (open source ad server)
http://www.phpadsnew.com/one/
phpBB (open source bulletin board) http://www.phpbb.com/
phProfession (PostNuke job bank module) http://www.phpsolutions.co.uk/index.php
Linda Freeman is a freelance writer based in Omaha NE.
PostNuke Security Fix (SQL injection and directory traversal)
SOLUTION
It is recommended that all admins upgrade their sites to v7.2.3 and applythe latest security fix package available right now from the locations listed below.
As a general rule of thumb we also recommend to never use the 'root' user to connect to MySQL server be it the PostNuke installation or any other application running on the web.
UPDATED PACKAGES
1. PostNuke Phoenix 0.723 (tar.gz format) http://download.hostnuke.com/pafiledb.php?action=file&id=15
Size/MD5 checksum: 1844005 606a6f45dcd232c48e2bfb37004339a6
2. PostNuke Phoenix 0.723 (zip format)
http://download.hostnuke.com/pafiledb.php?action=file&id=16
Size/MD5 checksum: 2620869 0d54b12224746bacc5258b1b9562525a
3. Security Fix for PostNuke Phoenix 0.723 (zip format) http://download.hostnuke.com/pafiledb.php?action=file&id=17
Size/MD5 checksum: 14495 a6ea89e6669c35f80a7167ecf1aafa47
4. Security Fix for PostNuke Phoenix 0.723 (tar.gz format) http://download.hostnuke.com/pafiledb.php?action=file&id=18
Size/MD5 checksum: 11785 1e5c2a2c938aba4103af1e217a37d9c7
ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke directory that replaces the current files because by doing this you are applying the security fix to the system fix and this is what is meant by "patching" your system.
CREDITS
This exploit has been originally found by pokleyzz, pokleyzz@scan-associates.net from Scan Associates (http://scan-associates.net/)and has been reported on 2003-02-24.
It is recommended that all admins upgrade their sites to v7.2.3 and applythe latest security fix package available right now from the locations listed below.
As a general rule of thumb we also recommend to never use the 'root' user to connect to MySQL server be it the PostNuke installation or any other application running on the web.
UPDATED PACKAGES
1. PostNuke Phoenix 0.723 (tar.gz format) http://download.hostnuke.com/pafiledb.php?action=file&id=15
Size/MD5 checksum: 1844005 606a6f45dcd232c48e2bfb37004339a6
2. PostNuke Phoenix 0.723 (zip format)
http://download.hostnuke.com/pafiledb.php?action=file&id=16
Size/MD5 checksum: 2620869 0d54b12224746bacc5258b1b9562525a
3. Security Fix for PostNuke Phoenix 0.723 (zip format) http://download.hostnuke.com/pafiledb.php?action=file&id=17
Size/MD5 checksum: 14495 a6ea89e6669c35f80a7167ecf1aafa47
4. Security Fix for PostNuke Phoenix 0.723 (tar.gz format) http://download.hostnuke.com/pafiledb.php?action=file&id=18
Size/MD5 checksum: 11785 1e5c2a2c938aba4103af1e217a37d9c7
ADDITIONAL INSTRUCTIONS
Place the files contained in this patch into the appropriate PostNuke directory that replaces the current files because by doing this you are applying the security fix to the system fix and this is what is meant by "patching" your system.
CREDITS
This exploit has been originally found by pokleyzz, pokleyzz@scan-associates.net from Scan Associates (http://scan-associates.net/)and has been reported on 2003-02-24.
GPL Violation Discussion
NukeLite posted this :
"This is the worse thing I saw in many time. A web site called LawMeme which topic is the LAW, copyrights and legal stuff (hosted by the Yale Law School at Yale University) that simply removed the PHP-Nuke copyright notices. I know that some people removes the copyright notice but to see this done by a LAW related site!?!?! This is a call to the those few PHP-Nuke's users that likes to remove the copyrights to think about it and try to respect the hard work that many people did for you. Not to mention that this great system is free. Nothing more... just an advice."
"This is the worse thing I saw in many time. A web site called LawMeme which topic is the LAW, copyrights and legal stuff (hosted by the Yale Law School at Yale University) that simply removed the PHP-Nuke copyright notices. I know that some people removes the copyright notice but to see this done by a LAW related site!?!?! This is a call to the those few PHP-Nuke's users that likes to remove the copyrights to think about it and try to respect the hard work that many people did for you. Not to mention that this great system is free. Nothing more... just an advice."
Updates from the Top !
Many of you undoubtedly saw the 'Open Letter' which was recently posted (how could you miss it, seeing as how it was posted everywhere), and I can assure everyone that the misunderstading at the core of that article has been thoroughly cleared up, after a lengthy IRC session. Talk about a weird homecoming... :-) (and, for what it's worth, I have never seen a weirder 'campaign' angle than the 'Free PostNuke' buttons that were part of that 'open letter'.
In context to this original situation, I would like to take a line here to extend special thanks to those of other projects, who have posted common sense messages in support - Thanks, Zoom of Envolution, and thanks MikesPub of Xaraya.
I've also noticed that some issues have been raised about potential developments and moves towards a closed development model - this is simply not true, and I can assure you that this won't happen. To those that recall both the genesis of PostNuke, as well as the recent splits into two forks a while back, the openess of the development model was at the core of all of them. We split from php-nuke mainly because of the closed development that it's author advocated. Now, why would we want to replicate that same mistake on here? I believe someone aptly stated "Those who do not learn from the past are doomed to repeat it", and while this certainly holds true for many of life's situations, it is nowhere more true than in open source projects.
So, rest assured, PostNuke will always remain *free*, and development will always remain open. That's my pledge.
Now, this doesn't mean that just about ANYONE will and can receive CVS access, and that we can have a wild committ-fest of anyone with a 'net connection. In order to maintain a certain level of sanity, development, and particularly commits to the CVS *must* be done in a controlled, orderly fashion. This means that while I advocate keeping CVS always open for anonymous check-out, and welcome submissions of fixes and patches, we *must* keep the ability to commit to core developers to prevent insanity and chaos (we've had that at one point in the past). We're working out a system that should be able to accomodate most needs. Stay tuned.
We've also had a couple of changes in the management, the absence of both of which will be felt, as PostNuke owes both a tremendous deal. Effective immediately, both Neo and MagicX have left the project to hopefully pursue life outside of the stresses that this project brings with it. Neo and MagicX were responsible for much of the enhancements, infrastructure, and site redesigns that you've witnessed after the Xaraya split, and they masterfully carried the weight of the project on their shoulders during my hiatus. As you also may know, Neo was the mastermind behind the Phoenix Rendering Engine (based on SMARTY). I fully understand the reasons behind the departures (the words 'burned out' come to mind), and while I wish them well, I also want to assure them that any help will always be only an e-mail away, and that both will be welcome back here in a heartbeat.
One of the changes is also that the NOC will not be going away, but it will change servers, and this change is going to happen this weekend. In fact, I plan on doing a minor and major overhaul of the server and infrastructure, adding a bit here, a tweak there.
Lastly, we're also readying a new security fix release, and have several incremental updates to the 0.723/0.724 codebase planned, to tide existing installations over with asked-for enhancements and minor fixes until arrival of 0.8 (née 0.725). Stay tuned for more news on those.
Finally, there will be a couple of follow-up articles, including 'openings' for help with some of the stuff planned for the immediate future. Like I said - Stay Tuned!
-Harry
P.S. Oh yeah, and for those wondering "Where the hell have you been all his time???", let me just give the short of it being "Sometimes life just takes over, and you have to beat it back down into submission again..."
In context to this original situation, I would like to take a line here to extend special thanks to those of other projects, who have posted common sense messages in support - Thanks, Zoom of Envolution, and thanks MikesPub of Xaraya.
I've also noticed that some issues have been raised about potential developments and moves towards a closed development model - this is simply not true, and I can assure you that this won't happen. To those that recall both the genesis of PostNuke, as well as the recent splits into two forks a while back, the openess of the development model was at the core of all of them. We split from php-nuke mainly because of the closed development that it's author advocated. Now, why would we want to replicate that same mistake on here? I believe someone aptly stated "Those who do not learn from the past are doomed to repeat it", and while this certainly holds true for many of life's situations, it is nowhere more true than in open source projects.
So, rest assured, PostNuke will always remain *free*, and development will always remain open. That's my pledge.
Now, this doesn't mean that just about ANYONE will and can receive CVS access, and that we can have a wild committ-fest of anyone with a 'net connection. In order to maintain a certain level of sanity, development, and particularly commits to the CVS *must* be done in a controlled, orderly fashion. This means that while I advocate keeping CVS always open for anonymous check-out, and welcome submissions of fixes and patches, we *must* keep the ability to commit to core developers to prevent insanity and chaos (we've had that at one point in the past). We're working out a system that should be able to accomodate most needs. Stay tuned.
We've also had a couple of changes in the management, the absence of both of which will be felt, as PostNuke owes both a tremendous deal. Effective immediately, both Neo and MagicX have left the project to hopefully pursue life outside of the stresses that this project brings with it. Neo and MagicX were responsible for much of the enhancements, infrastructure, and site redesigns that you've witnessed after the Xaraya split, and they masterfully carried the weight of the project on their shoulders during my hiatus. As you also may know, Neo was the mastermind behind the Phoenix Rendering Engine (based on SMARTY). I fully understand the reasons behind the departures (the words 'burned out' come to mind), and while I wish them well, I also want to assure them that any help will always be only an e-mail away, and that both will be welcome back here in a heartbeat.
One of the changes is also that the NOC will not be going away, but it will change servers, and this change is going to happen this weekend. In fact, I plan on doing a minor and major overhaul of the server and infrastructure, adding a bit here, a tweak there.
Lastly, we're also readying a new security fix release, and have several incremental updates to the 0.723/0.724 codebase planned, to tide existing installations over with asked-for enhancements and minor fixes until arrival of 0.8 (née 0.725). Stay tuned for more news on those.
Finally, there will be a couple of follow-up articles, including 'openings' for help with some of the stuff planned for the immediate future. Like I said - Stay Tuned!
-Harry
P.S. Oh yeah, and for those wondering "Where the hell have you been all his time???", let me just give the short of it being "Sometimes life just takes over, and you have to beat it back down into submission again..."
Page 50 / 277 (491 - 500 of 2763 Total)
