Posts Tagged snowcms
I’m Back!
Posted by Ian in News and updates on July 26th, 2011
So I got back Sunday from camping — and sunburned, as usual — and I have resumed work on SnowCMS, but I have yet to commit anything.
Right now I am working on a new class called Extractor which will do what one might think: extract files, such as zips, tarballs and gzipped tarballs without having to detect the compression method used manually.
Additionally I have created an Extraction interface which may be implemented to support the extraction of other compression methods.
With this new Extractor class I also worked on updating the current Zip and Tar classes to add a new method called read. This new method allows files to be retrieved from the compressed file without having to decompress the entire package. This individual file may be returned or saved to a specified file.
This may sound insignificant (or that I am going off-track from what I have been working on lately), but it allows the process of installing and updating themes and plugins more efficiently.
Currently a package (theme or plugin) is extracted to make sure the package can actually be extracted and to make sure that the package is valid (e.g. a real theme or plugin), then its status is checked. If the status check finds that the package is not approved the user must choose to continue with the installation, if they do the page is refreshed and everything up to this point is redone, but the status returned is ignored. Now the compatibility of the package is checked and if it isn’t compatible the user is once again asked to continue with installation anyways, if so the process is once again repeated.
This means the package could be extracted up to three different times (the extracted package is removed on each page load in case the user leaves the page). This needs to occur to make sure the compressed package can be decompressed and to make sure the right files exist and to check its compatibility with the system.
Now that files can be extracted individually the package does not need to be extracted over and over again, making the process much more efficient.
Just thought I’d let you know 
SnowCMS 2.0 Alpha 2 and Alpha 3 to be Merged
Posted by Ian in News and updates on July 7th, 2011
Hey there, everybody!
I just committed revision 1036, which finishes the conversion to the new theme system, kind of.
The road map currently shows that this would indicate that an alpha 2 update would be right around the corner… Well, that has changed.
You see, I feel as though that many core components of the system are still — to put it bluntly — pathetic. These components include such things as: the plugin installer, updater, and manager, the theme viewer, installer, and updater, and the system updating mechanism. Interesting, last I checked, that’s just about everything!
Due to this, I have decided to move the road map around (haven’t done it yet, but will tomorrow) and merge the alpha 2 and 3 release together, and along with that, alpha 2 will be the release to include the new control panel theme I showed off a few days ago. The reason that the new theme will be included in alpha 2 is because I plan to change around the look and feel of these “cruddy” components, and I see no point on doing that if a new theme will be used which may then require some more tweaks.
In case you are wondering what the 2.0 beta milestone will contain, because it seems somewhat pointless in terms of planned updates, it is something I have yet to add to the road map as well. I will talk more about this as the time comes, but 2.0 beta will bring an overhaul to the log in system, which will no longer use a cookie containing a member ID and salted & hashed password, but an authentication token, which will completely removed any traces of your password in any form from cookies (along with being seen in clear text when logging in, if JavaScript is enabled).
Sorry about that! Though its not as if many have downloaded SnowCMS anyways 
A Sneak Peak at SnowCMS 2.0 Beta’s New Control Panel
Posted by Ian in News and updates on July 4th, 2011
Hey everybody! Yesterday I decided to take a little break from copying and pasting code (switching over to the new theme system), but I still wanted to work on something that had to do with SnowCMS.
I figured that I would work on the new control panel layout slated to be released with SnowCMS 2.0 beta, and now that I am done with the HTML aspect I decided to give everybody a peak. Check it out:
New Log In
Now you will no longer receive an error asking you to go to another page to log in, just to come back again. With 2.0 beta you will be able to log right into your account from the authentication page, if need be (if you are logged in, your user name will be filled in already, and all you will need to do is enter your password).
Redesigned Home Layout
The new starting page for the control panel takes a lot of queues from the current design as seen in SnowCMS 2.0 alpha, but I thought a little reorganization was needed, especially thinking about the possibility of people having a massive amount of plugins adding functionality and other settings within the control panel… So I decided to show navigation options in two places: the sidebar and in the middle with the icons.
As you can see, I also moved “News from SnowCMS” to a more prominent location, instead of having it crammed into the sidebar as it is now.
Right below the header, and above the middle content of the site, there is now a bar which contains two things: a link tree and notifications. Now navigating back out of “corners” in the control panel will be much easier as the link tree will allow you to jump up, if there is one (there will be a new addition to the API to allow plugins to integrate with this).
More Prominent Notifications
Right now in SnowCMS 2.0 alpha notifications are only displayed on the start page of the control panel, which is fine, but it seems logical to be able to view these notifications regardless of location within the control panel.
With 2.0 beta, all a user needs to do to view these notifications is to click “Notifications” on the right side of the link tree, which will then display a window containing current notifications.
I have yet to decide what exactly plugins will be able to display in this notifications area (presumably text and a link), so all I can show you right now is “No Notifications!”
Hope You Like What You See
Well, I hope you like what you see! I certainly look forward to reaching the 2.0 beta milestone, as we will become feature complete at that point, and we will be very close going “gold,” when I can start building plugins (and others, of course — they can be created now, it’s just that a lot things may change until then) to show off what SnowCMS is capable of doing.
Till next time, be sure to follow us on Twitter @SnowCMS, check out our Google Code Project website, along with registering at the SnowCMS Dev Forum.
An update on progress, and the domain renewed
Posted by Ian in Developer updates, News and updates on June 20th, 2011
If anyone was paying attention (which I know no one was…) you may have noticed that the snowcms.com domain had expired, and of course the website then showed a lovely GoDaddy renewal notice. I apologize about that! The domain expired right in the sweet spot where I couldn’t renew it.
Anyways, I just thought I would give an update on the development status of SnowCMS v2 alpha 2, and I have actually been working on it even when the domain was down.
We are actually very close to the completion of SnowCMS v2 alpha 2, in terms of stages. There are three stages, and two of them are already completed. I have started on the third stage, but I there is still quite a bit left to do.
The third stage is converting the system over to the new theme setup, which no longer involves calling theme()->header() and theme()->footer(), but instead calling theme()->render() instead. By doing this, embedded HTML will be removed from the core system and into separate template files, which can be easily replaced by plugins if required.
Follow us on Twitter!
Posted by Ian in News and updates on June 10th, 2011
If you want to be kept up-to-date with all things SnowCMS, you should go ahead and follow us on Twitter, @SnowCMS.
I will still be posting updates to this blog, but I will be posting more tidbits more often on the Twitter account.
Thanks for your interest in SnowCMS!
I know I have said it before, but I’ll say it again…
Posted by Ian in Developer updates on February 26th, 2011
I know, I know… Previously I said we were really close to releasing a preview of SnowCMS v2, but this time, we are really really close.
What do I have left to do?
- Some tweaks to the theme control panel, such as making the theme files checked against the security database (to see that they are safe), and to check for and apply updates to a theme.
- Remove AJAX from the plugin updater.
- Leverage the simple notification system: currently there is a way for plugins to display simple notifications in the control panel sidebar, but SnowCMS itself does not take advantage of this feature. I will make it so when there is a system update, plugin update, or theme update, you will see a notification that there is some sort of update available.
Hopefully we really are close this time, as I am really looking forward to getting SnowCMS out to the web to demonstrate what it is capable of!
Now we really are getting close!
Posted by Ian in News and updates on June 20th, 2010
As of last night, I have committed r991, which completes plugin management. That means now plugins can be installed, uninstalled, enabled, disabled and updated… Something I have been waiting to complete for quite some time
So now we are really close! I hope to have an alpha release soon… You can always discuss at the SnowCMS Dev Forum.
Sorry about the lack of new posts!
Posted by Ian in Developer updates, News and updates on January 31st, 2010
I apologize for the lack of posts lately. I have yet to post anymore tutorials on how to use some of SnowCMS’s tools, like how I did with the API class. But don’t worry, although I have not been that active posting here, I have been fairly busy working on SnowCMS.
I recently completed a new tool for SnowCMS, the Form class. The Form class allows you to create forms (if you didn’t notice) that can then be hooked into via the API and changed, without you needing to do any extra effort, you simply make the Form how you want to, and then display it. Right before the form is displayed (or processed), the API runs a hook which allows the modification of the form, from adding, changing and removing fields. In fact, currently the registration form uses this Form class, and the very first SnowCMS plugin hooks into the form and adds a CAPTCHA verification image. It’s very simple to do!
For the time being, I need to get some sleep (it is 12:15AM at the time of this post), but I hope to soon create a more in depth guide to the creation of forms using the Form class.
Cya soon!
Keeping your credentials secure
Posted by Ian in Developer updates on January 20th, 2010
One big goal of SnowCMS is providing a secure system, but of course, who wouldn’t want that? In order to keep that system secure, user credentials also need to be kept secure, because if someone gets a hold of that information, especially of a member who has powers, your site would likely become compromised.
So how do we keep your password secure? For starters, the password kept in the members database is salted with your username and then encrypted using SHA1. By salting your password, it helps prevent the use of rainbow tables (You know, those sites that have databases with plain text strings and their encrypted counterpart). Then there is logging in, when you submit your credentials through the log in form, your password gets salted with your supplied username, hashed using SHA1, then salted with a randomly generated string which is done by the server. Your plain text password is deleted before the form is sent to the server. Now, this only will occur if you have JavaScript enabled, of course. Once the hashed password is sent to the server, it takes out your members row, and salts (The last salt generated) the hashed password in the database and hashes it, then compares it to the one received from you. If they match, that means your password is correct.
Securing your password before being sent to the server might seem a bit overkill, but it can be very useful. As you never know, someone could be logging POST data, which would contain your log in credentials. All they would get would be your encrypted password which is salted with a randomly generated string. The only way they could ever use that password to log in to your account would be if the server were to generate the same random string, which is highly unlikely.
There are two ways that SnowCMS keeps your password from ever being seen by human eyes, but there is still one more. Cookies! No, not those kind, the Internet kind. With every page load, your browser sends the cookies to the server, where they can then be used to identify whether or not you are logged in. Instead of sending your password just with your username salting the password, there is also a randomly generated hash in the database that salts your password in the cookie… Just in case
Not all people have access to SSL, which would stop such possible attacks, which is why we at SnowCMS have decided to use such tactics to protect not only the system itself from security issues, but also the people who use our system as well.
Just a reminder, the SnowCMS Dev Forum is now open to the public, if you are interested in having part in the development, or just like to see what is happening, you should come and join us.
Till next time, cya!
Lots of pondering going on
Posted by Ian in Developer updates on July 29th, 2009
Right now Myles and I are pondering about quite a few things to put into SnowCMS.
Mod system
Of course SnowCMS will have a modification system, and the dev team and I were thinking about how to do it. Some systems have a sort of API system, where basically every so often, the system will call on some kind of hooks are integrated for developers to latch on to. But there is not much power. Sure it would be simple for use to make, and then updating SnowCMS powered sites would be a snap, we don’t want to take the easy way out
Other systems allow you to modify all the files themselves. It can be a little more complicated, but it also poses a threat to users if they were to install malicious modifications. Probably pretty unlikely, but hey! It can happen…
Another way is super easy. Not having one at all. Of course, we wouldn’t do that. We have come to a unanimous decision to have file based editing for the modification system. Oh, and did I mention modifications are referred to as ‘flakes’?
Mod security
As I mentioned about allowing people to modify the sources of the system can be dangerous. So how are we as developers going to combat that?
Pretty simple, well, at least simple in concept. What will happen is people will be able to submit modifications to our site (Eventually we will have a modifications database, of course!) and once the team has reviewed it (Either developers, or maybe a modification team) and approved the modification to be done well and doesn’t do anything bad, the file will have its hash taken (SHA-1, most likely) and stored in a publically accessible way (In a database and can have the data retrieved). Now once the modification is uploaded to your site, and once your about to install it, your system will hash the file and send it off to SnowCMS.com. We (well, the server…) will then take that hash and check to see if it exists and is approved in our database. If it is, you will see a message saying the modification is safe and has been approved by the SnowCMS team.
A pretty good idea. Because if that modification which you uploaded to your site was changed in any way, it won’t be in our database. Simple, but darn effective =P.
Updating
Since SnowCMS will feature a modification (flake) system, updating will be pretty straight forward. Once SnowCMS goes gold, whenever an update is out (Like 1.0.1) we will have those updates put into a flake package. That way even when you have modifications installed, you should be able to update pretty easily with little to no errors. But of course, in the beta and RC stage, you will not be able to update via this system due to the major amount of code changes that will occur. Sorry!
BBCode
Like I talked about in previous posts, I certainly hope by either public beta release or when 1.0 goes gold, we will have the new BBCode parser complete. Still working on it.
Well, a lot of information about SnowCMS v1.0. Until next time, see ya! XD.