I made a large improvement to the way we hash our user passwords.
When a log in is processed the username and password are submitted and the password is hashed.
password turns into something like 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 and is actually stored in the database this way.
It is then possible to use brute force to gain access to a site.
This method is commonly used in WordPress, Modules for Drupal, and Typo3.
Here is a great Info graphic on password security.
But then I started thinking of other ways this could be useful.
Currently you can add, fork ( edit ), and view raw text. I also added the ability to upload images, soon I would like to add a gallery option.
Late on I am going to add the ability to store files, multiple files will be viewable as a list or downloadable as a zip.
I have been considering ways of managing user data without requiring user accounts.
No password users an email address as a login, you receive an email with a session link.
If you were to login from another location you previous session is closed. This would make it possible to keep sensitive data private.
By tracking your friends email we can go about displaying the content in much the same manner.
I had postedÂ this questionÂ on Forrst, and it got me wondering how best to go about keeping track of an applications core version and pushing updates ( not using GIT ).
Using git would be ideal if I was the one managing a single web application. Obviously using Git would complicate things for beginner users. But its likely that Extension and Theme developers will be using some form of source control.
I then set off to build a developer portal to manage this versioning.
While working on Tentacle I needed a simple solution for testing code on a remote web server.
In the past I would work locally and syncing with FTP to the server and then tested off of the remote server, I used SVN for my source control. Within the last year I have started working locally and using Git as my main source control.
This left a bit of a gap in my process where I could no longer test on a remote server without updating it manually by S/FTP or opening terminal and manually calling a git pull.
Open terminal and manually git pull it did break up the work flow a bit so using the Dingo framework I created a very simple Git helper and gave it its own URL something like git/pull.
I then used a Github Post-Receive URL Hook found under admin/service hooks that pointed to my staging server git pull URL, every time I do a push to Github, Github will then automatically fire the URL thus triggering the pull helper.
One little note is that if you check out a dev branch on a staging server and also have a live server you would add a second URL with the same code on that liver server. One push would update both sites.
Just make sure the live server is on the right branch.
If you don’t feel like using a hook then no problem at all. Just call the URL in the browser and you will see the Git pull message.
I have been hard at work building a CMS.
Another CMS you say?
Well yes, There are plenty of good CMS solutions out there, but they all have their strengths and their downfalls.
Drupal is associated with complexity and power, WordPress is associated with Ease of use but can be complicated to leverage it correctly.
What am I trying to accomplish in making yet another CMS?
For one I want to focus on the user. Be he/she a developer, designer, writer or product owner your experience should be contextual, straightforward and above all pleasant.
The idea behind the Tentacle blog is to get feedback on new ideas past you guys.
Contact me if you would like to contribute!
I have been using a small PHP MVC Framework called Dingo Framework.
Dingo is a Rapid Development Application Framework written in PHP by Evan Byrme. Dingo allows you to create dynamic changing websites easily and quickly.
Dingo is a relatively new full featured framework at a compact size of 70KB, It supports Fancy URL’s, Access Control List, User Authentication, ORM, and simple no SQL database interaction.
Dingo is very easy to leverage, adding 3rd parties libraries is dead easy. The configuration is simple with support for multiple database connections, auto load libraries and helpers.
Try the Dingo TextMate Bundle!