We're going to look at our new homepage and from there move on to look at some of the main concepts of PHP-Nuke: blocks, modules, themes, and site security. Along the way, we're going to create the super user, a user with absolute power over our site; we will edit our first piece of content in PHP-Nuke, and begin the construction of the Dinosaur Portal.
Your New Homepage
Navigate to your site's homepage in your browser. For our newly installed PHP-Nuke site, this will be http://localhost/nuke/. You should be presented with the following screen, which we saw at the end of the last article:
Considering that we've not really done anything, this is impressive. I'm sure you won't be able to resist clicking on some of these links and seeing what PHP-Nuke has in store for us. Currently, the system is 'empty', so it has a rather cold and eerie feeling about it. Rest assured that it will start to warm up over the next few articles as we add content to the site.
By the way, if you are impressed with the features you're seeing right now, let me tell you that there are others that haven't yet been activated. Also, there are many other add-ons that we can find from various PHP-Nuke resource sites across the Internet.
Let's now talk about some of the PHP-Nuke bits that we see on the front page.
First of all, there's the look of the page. There is the banner at the top, a site logo, and a horizontal navigation bar:
The page 'body' begins below the navigation bar. You can see a three-column layout with a big chunk of information in the middle column. The page layout of a PHP-Nuke site need not always look this; the arrangement of the elements, the choice of color, text styles, and images is controlled by the theme. A different theme can be selected for the site, and immediately, the look and feel of your site is changed.
The elements that you see in the left- and right-hand columns are known as blocks:
Blocks in PHP-Nuke are little nuggets of information positioned at the sides or sometimes at the bottom of a page. They often provide 'navigation', linking to other parts of the site, and provide a report or summary of the content that is available either on your site or, possibly, on another site. Typically, many blocks are displayed on a single page.
An important block is the Modules block in the left-hand column:
This block shows a list of the active modules on your site, and is the standard navigational element of a typical PHP-Nuke site. Each entry in the above list is a link to a module on your site, and by clicking on the links the visitor is able to move between the modules.
PHP-Nuke is a modular system. Each module is like a mini website in itself, performing different tasks and working with different types of content. The PHP-Nuke 'core' provides a central mechanism for handling these modules, so that they work together sharing data and user information, and ensuring a consistent look and operation throughout your site.
In short, the modules define your site.
The good thing with PHP-Nuke is that you can add and remove modules as needed, selecting the best range of features to suit your site and its visitors. We will discuss the standard PHP-Nuke modules over the next few articles.
When viewing a page on a PHP-Nuke site, the module currently in play can be known by looking at the URL of that page. For example, if you are looking at the Downloads module, the URL will be something like this:
The part of the URL after the ? character is the query string. The query string contains variables that are separated by the & character. In the above URL, the query string contains a single variable, name, which has the value Downloads. PHP-Nuke switches between modules according to the value specified in the name variable. The other query string variables determine what else is to be displayed on that page, such as the required news story for example. (Handling these query string variables appropriately has traditionally been a security weakness in PHP-Nuke, but that is true for many other web applications).
The output of the module being currently viewed is displayed in the middle column of the web page.
A Fistful of Default Modules
Let's have a quick overview of what some of the standard modules offer:
- Home: Shows the homepage of the site. There isn't actually a Home module but some particular module is associated with the homepage. The homepage actually has the URL index.php, rather than modules.php?name=XXXX.
- Downloads and Web Links: Allow you to create and maintain categorized lists of downloadable resources or links to other sites. Possibly you have already seen the Downloads module in action when you downloaded PHP-Nuke itself from a PHP-Nuke powered site. This is another 'interactive' module—visitors can submit their own downloadable resources or links here.
- Recommend Us: Allows the visitor on your site to send a message to their friends suggesting that they come and visit your site.
- Search: Allows the visitor to search the contents of your site.
- Statistics: Provides site statistics like the number of visits to your site, the different browsers used by visitors, and the most-viewed stories on your site.
- Stories Archive: Contains an archive of past stories that have appeared on the site, arranged by month of publication.
- Submit News: Allows visitors to submit a news story to the site through a form, after which the story goes straight onto the site provided it is acceptable. The story is then said to be published.
- Surveys: Displays the results of polls that have appeared on the site. Polls can be attached to stories and other pieces of content.
- Topics: Provides a different view of the stories, this time arranged by their topic.
- Your Account: Allows visitors to your site to register and create their own accounts. All visitors that register at your site can have their own area, which is accessed through this module. They can customize their own area, including their own Journal.
That's not even all of the modules, but it's enough to give you an idea of the breadth of the functionality that PHP-Nuke offers and the kind of experience that your visitors can look forward to.
Coming back to the homepage, have a look at the message in the middle that says:
For security reasons the best idea is to create the Super User right NOW by clicking HERE
It's not everyday that we're invited to create a super user, so I think we should get on with that, especially as the word NOW is in upper case; that always suggests a sense of urgency.
Clicking on the word HERE in that message will take you to the page http://localhost/nuke/admin.php; and we can begin creating our super user.
Creating the Super User
PHP-Nuke enables visitors to your site to create their own user account, and add and maintain their own personal details. The user account is required to identify them for posting news stories, making comments, or contributing to discussions in the forums, among other activities. By registering on the site and creating a user account, the visitors are given greater freedom on the site. However, their freedom has limits.
We are about to create a special type of user, the super user. This is a registered user of the site who has almost total freedom on the site and absolute power over it. The super user can access, add, remove, and modify any part of the site, and can configure and control anything on the site. Given the nature of this power, there comes the obvious responsibility of ensuring that the identity of this user is kept a secret.
Anyone obtaining these account details will be able to do almost anything to your site, and that could be worse than it sounds, so you must ensure that these details do not fall into the wrong hands.
The super user is a site administrator, in fact, the site administrator. We will use the term administrator and super user interchangeably. It is also possible to create other, less powerful, site administrators who can manage various parts of the site, such as approving bits of content submitted by visitors.
We shall now create the super user account. As with any user account on PHP-Nuke, it will consist of a username ('nickname', as it is also known in PHP-Nuke) and a password.
On the page http://localhost/nuke/admin.php, you will be presented with a form asking you to choose a super user Nickname, the HomePage of that user, a contact Email address and a Password. The password should only contain alphanumeric characters (letters and numbers). This is how the form looks:
The super user account is not the only type of user account that can be created with PHP-Nuke. Visitors to your site can register and create their own user accounts, which make them Registered Users of your site. When creating the super user there is an option to create a registered user with the same details, although obviously that user doesn't have the extended power of the super user. This does mean that when you log in with this administrator account, you will enjoy all the personalization benefits of the standard user account.
We will create the nickname and password for the super user account now.
Do not use nicknames like admin, super user, or root for the super user; these would be the first guess of any miscreant attempting to break into your system. Also, make your password difficult to guess; make it long with a mixture of digits and letters, both upper and lowercase (definitely do not use the word password as your password!). Making the password secure is another vital step toward the overall security of your site.
In the page, we will enter dinoportmeister for the nickname, and use the password Pa2112cktXog. You can enter your own nickname and password here if you like, but make sure you remember them!
Your email address needs to go into the Email field, this is another required field. The HomePage field does not have to correspond to the address of this site; this is for informational purposes only.
The option to create a normal user with the same data will do just that, it will create a user with the same username and password as the administrator account. However, the two accounts are distinct, and changing the password for either account will not affect the other.
Click Submit and the super user is created.
Becoming the Administrator
After you have created the details for the super user, you still have to log yourself in with these details. On the admin.php page, you will find a form for entering the administrator username and password. Hopefully you haven't forgotten them already!
After entering the details here, click the Login button and you will pass over to the other side: the administration area of the site.
The admin.php page is where you need to log in to access the administration area. Whenever you want to log in as an administrator to perform some site maintenance, you do so from this page. Logging in from any other place on the site will log you 'normally' into the site, as if you were a standard visitor to the site, even if the administrator username and password is accepted.
If you think about it, this suggests that unless it has been specially customized, any PHP-Nuke site has an administrator login page at admin.php. This means that anyone intent on accessing the administrator area of that site does not have to look far to find the administrator login (of course, getting the right username and password combination is another matter). To counter this, from PHP-Nuke 7.6 onwards, if you want to rename the admin.php file, you can do so by storing the new name of the file in the $admin_file variable in the config.php file. This relocates your administrator login page.
Once you have entered the administration username and password, you will get your first taste of the administration area:
That might be more than you were expecting. We are presented with two towering graphical menus; the Administration Menu and the Modules Administration menu, the main navigation tools for the site administrator. (In versions of PHP-Nuke earlier than 7.5, these menus were one—the Administration Menu).
We'll dig into more detail about these menus in the next few articles. This is the place where you will spend most of your PHP-Nuke life, so you will need to get comfortable with it.
Before we go any further, click the Home link in the Modules block to return to the homepage of your site.
A New Welcome
When you return to the homepage, you will notice that some extra text has appeared at the bottom of the welcome message:
[ View: All Visitors - Unlimited - Edit ]
This text is evidence of the super user's extra powers. If you click on the Edit link, you can begin changing the site. The presence of the Edit link is an example of 'in-position' editing, whereby as you browse the site you can quickly edit or delete the content you see. This link is not available to normal users of the site and is a pretty neat feature of PHP-Nuke.
When you click the Edit link, you will be taken back to the administration area.
The place we're after, the Edit Message box, is actually tucked away underneath the Modules Administration menu, so you'll need to scroll down in your browser to find the Messages Administration panel.
This is the 'raw data' that made up the welcome message we saw on the homepage. This piece of content is an example of a PHP-Nuke message. This is just one of the many types of content that PHP-Nuke handles, and we'll see more over the next few articles.
Editing Text in PHP-Nuke
The large textbox containing the Content text is our first experience of editing content in PHP-Nuke. Before we go any further, it's worth taking a moment to understand what you can and cannot do when editing textbox content in PHP-Nuke.
Firstly, all the text you enter will be displayed as HTML on the site, so multiple spaces will be displayed as a single space, and breaking lines by simply pressing Enter, as if you were using a word processor, won't work. (The text will be stored in the format you enter it in but isn't displayed as you intend it to be.)
To introduce line breaks, use the <br> HTML tag. More elegant is to enclose paragraphs in <p> and </p> tags, which inserts line breaks between paragraphs. You can enclose text with <b> and </b> tags to produce bold text, <i> and </i> tags to produce italics, and <ul> and </ul> to underline text.
<p style="font-size:1000px">Big Text</p>
will be rejected. Using any of the forbidden tags will produce the following error message:
PHP-Nuke rejects these kinds of tags to avoid cross-site scripting (intriguingly acronymed XSS to avoid clashing with the CSS of Cascading Style Sheets) attacks, a traditional security vulnerability of many web applications. These restrictions are intended not only for security reasons but also to prevent people from creating disturbing-looking content through creative use of the style attribute.
These constraints aren't specific to the editing we're doing now—these rules apply wherever content is entered by a user and posted back to PHP-Nuke. Since these restrictions prevent people going overboard with the use of excessive styles, we get consistent looking pages.
The ability for administrators to use these otherwise-forbidden tags is new to PHP-Nuke 7.8.
You can add links to textbox content just as you would with HTML, through the <a> tag. You do not need to prefix links to pages on your own site with your site's domain name. In other words, if your site is at www.thedinosaurportal.com, you do not need to use a link like this to link to another page on your site:
You can simply use relative links:
There is a good reason to not hardcode your domain name into such links. If you move your site to a different domain name, such as when moving from a local version of the site to a web hosting environment, your links will still work.
Note that PHP-Nuke doesn't check any links that you add to textbox content—if the link is broken (that is, there is no longer a page at that URL), PHP-Nuke will not alert you about it.
Don't forget the closing </a> tag for links!
You can add images through the <img> tag as you normally would in HTML. However, PHP-Nuke does not usually offer you the facility to upload any accompanying images. If you want to display an image on your site in some piece of content, you must upload it yourself at some other time.
HTML Editor in PHP-Nuke 7.7
From PHP-Nuke 7.7, a WYSIWYG (What You See Is What You Get) HTML editor has been introduced, which replaces the large multi-line textboxes everywhere:
This allows the users to see their text as HTML as they type it, and provides a more familiar editing environment to work in, with buttons for adding bold, italics, and so on. The HTML editor is quite restrictive of the types of HTML that can be used in entries, and does not allow editing of the source HTML.
In PHP-Nuke 7.8, you can turn off this HTML editor by adding the highlighted line in the config.php file located in the root of our PHP-Nuke installation (we've added it underneath the definition of the site key we created in the last article):
$sitekey = "78w f7sys f89s fsd sj hjsg sdfw3p;";
The highlighted line defines a PHP constant called NO_EDITOR, and gives it the value 1. This indicates to PHP-Nuke that the HTML editor should not be used. If you change the value 1 to 0, then you will restore the HTML editor.
Throughout this article series, we have used this line to turn off the HTML editor, and our screenshots will show the standard textboxes, as found in all the PHP-Nuke versions before 7.7.
Time For Action—Changing the Welcome Message
- Change the Title field of the message from Welcome to PHP-Nuke! to Welcome to the Dinosaur Portal.
- Click in the Content field, press Ctrl+A to select all the text in that box and then press Delete. Now, in the empty box, enter the following:
The Dinosaur Portal is a site dedicated to dinosaur-related information.
Its founding principle is that...<br><br>
<i>Just because you haven't seen a dinosaur, it doesn't mean they've all
- Click the Save Changes button.
- When the page reloads, scroll down the screen to see your message listed:
- Now click on the Home link at the top of the Modules block to go back to our homepage. The new welcome message is displayed in the middle of the page:
We have edited our first piece of PHP-Nuke content: an existing message. A message is a simple type of PHP-Nuke content that is displayed (usually) at the top of the homepage, under the site banner. In this case we were editing the first message, which has special importance.
The first steps were simply entering some text into the Title and Content fields, thus populating the message with some content and replacing the existing content.
After that, we clicked the Save Changes button to persist our new content to PHP-Nuke's database. We also saw the list of current messages stored in PHP-Nuke. After entering a piece of content to be stored, PHP-Nuke will usually present you with a list of the stored content, often with links or buttons to operate on that content. For example, in the list of messages shown in the screenshot before last, you can see Edit and Delete links in the Functions column. There were a number of other options at the bottom of the Edit Message panel that we did not touch. Let's discuss them now.
Messages can be set to expire after a certain length of time, and the Expiration field can be used to set this time period. If we want our message to remain present indefinitely, we can set this value to Unlimited. (You may think Unlimited is a confusing value for the expiry date and that a value like Never is more suitable, as it is in keeping with the other values that you find in the dropdown. If so, you've had a PHP-Nuke moment).
We left the Active option set to Yes so that our message is available. Selecting No would make it disappear from the homepage, but the message itself wouldn't be deleted.
The Change start date to today? field resets the expiration 'counter'. This means that if the message is to expire, the expiry period will be calculated from the moment you save this changed version of the message, rather than being calculated from the moment the message was originally created. If a message had been previously deactivated, and you were reactivating it, the start date would automatically be set to 'today'.
The final option, Who can View This? brings us to another very important concept of PHP-Nuke sites.
Restricting User Access
Security in your PHP-Nuke site controls 'who can do what' in a particular place. There are two fundamental problems of security here:
- Authentication: The problem of deciding if the user is who they claim to be
- Authorization: The problem of what that user is able to do when browsing the website
PHP-Nuke solves the authentication problem with user accounts. It authenticate users (when necessary) by asking for a username and password combination.
PHP-Nuke solves the authorization problem by classifying the status of the visitor into one of the following:
- Registered Users: Visitors with a user account who have logged in with a valid username and password.
- Administrators: Users who are logged in with an administrator account (in other words a username and password that are valid on the admin.php page).
- Anonymous Users: People who have not logged into the site. Until a visitor registers and logs in, he or she has no identity and is hence anonymous.
- Subscribed Users: This is a special type of Registered User who has been given a special type of access, a subscription, which is valid for a certain period of time. Subscriptions are usually offered to fee-paying customers, and these users can benefit not only from exclusive access to certain parts of the site, but are also not shown adverts.
Anybody browsing the site falls into one of these categories. There is another category, which covers anybody visiting the site at all: All Visitors. Any visitor having either a user account or an administrator account, who might or might not be logged in, falls into the All Visitors. category.
There are many opportunities within PHP-Nuke to restrict access or contributions. These restrictions or 'permissions', if you like, rather than being assigned on an individual user basis are assigned to one of the above categories of users. In this way, access to parts of your site can be restricted and these restrictions can be easily managed.
Restricting access so that only visitors from a particular category can view certain content is commonplace in PHP-Nuke.
Returning to our welcome message, we were presented with these options:
- All Visitors
- Anonymous Users Only
- Registered Users Only
- Administrators Only
- Subscribed Users
We wanted everyone to see our message, regardless of who they were, so we left All Visitors selected. We will see these options again in other areas of the site when we need to restrict access to some operation of the site.
This has been a short article, since we had only one task to accomplish—changing the welcome message on the homepage. This was our first attempt at modifying the content of the PHP-Nuke site, but in doing so we were introduced to many things that we will see again in the next few articles, and which you will be using frequently as you work on your own PHP-Nuke sites.
Before we began editing the message, we created the super user account. The super user account has ultimate control over a PHP-Nuke site, and it is particularly important that this account information is kept secure.
In the role of the super user, we edited the welcome message from the homepage through a link that had appeared exclusively for that user. We had our first look at the administration area, and entered content into PHP-Nuke.
Finally, we discussed how PHP-Nuke classifies visitors to the site, and how permissions to parts of the site or pieces of content can be managed through this classification.
The next article, Managing the Site using PHP-Nuke, introduces you to the administration area of PHP-Nuke, which allows you to manage your site from the comfort of your web browser. You'll see how to configure your site, back up the database, and manage blocks and modules.
If you have read this article you may be interested to view :