[RELEASE] Website based on MVC

Page 1 of 2 1 2
10/23/2018 00:12 [MXD]Takeshi#1
[Only registered and activated users can see links. Click Here To Register...]
Hello everyone, after my last presentation ([Only registered and activated users can see links. Click Here To Register...]) of how the sites around are obsolete, I want to release a "free" version of my project.

There is not really much, I worked to improve its base, but it is an idea for those who want to try working with this framework.

First of all, we need:
Code:
php >=5.6, 
OpenSSL extension, 
PDO extension, 
Intl extension
once you enable these php extensions, we need to fix our database, with small query.

Code:
ALTER TABLE PS_UserData.dbo.Users_Master
ADD CONSTRAINT PK_UID PRIMARY KEY (UserUID)
Q. why need add this "PRIMARY KEY"
A. Yii2 working with identity, so need that table have a primary key for idenity user.

then :
Code:
ALTER TABLE  PS_UserData.dbo.Users_Master
ALTER COLUMN Enpassword varchar(60)
Q. why use "Enpassword" ?
A. because yii2 uses a level of encryption and decryption, currently the unencrypted password is saved in the database, so the game will work the same.

remember to always change our sqlserver username and password,
Code:
Example folder location:
C:\xampp\htdocs\yii-advanced\common\config\main-local.php

edit:
$db_user    = 'sa';
$db_psw     = 'Shaiya123';
$db_host    = '127.0.0.1';
If everything went well, the site should show itself in front of you :)

I leave some screens of the pages already created.

Yii2 Website

Please leave a comment with your thoughts, advice, suggestions ...

■ Features
  • register
  • login
  • pvpranking
  • news
  • event
  • patch note
  • server time
  • grb time
  • slider image
  • information page
[Only registered and activated users can see links. Click Here To Register...]

Code:
ChangeLog:
V1.2:

• News
• Events
• Patch Notes
• Slider image
• Server time
• grb time countdown
• new style pure dark added

V1:

• Login
• Register
• PvP Ranking
• Information page
Download information later
10/23/2018 02:13 Wa7dani#2
Great work, looking forward to the future
10/23/2018 19:31 [MXD]Takeshi#3
Quote:
Originally Posted by Wa7dani View Post
Great work, looking forward to the future
Thanks, I wanted someone to comment on the work, with a first installation experience
10/24/2018 21:30 MC Flip#4
If you need feeback, I can help you out.

However, you might want to post intructions on what to do with those files, as it is not you typical pages and folders you slap onto a webserver and it works.

With your release I get some frontend, backend, console, vendor, etc folders. What should I do with those to get a functional site?
10/24/2018 23:07 [MXD]Takeshi#5
Quote:
Originally Posted by MC Flip View Post
If you need feeback, I can help you out.

However, you might want to post intructions on what to do with those files, as it is not you typical pages and folders you slap onto a webserver and it works.

With your release I get some frontend, backend, console, vendor, etc folders. What should I do with those to get a functional site?
to give an explanation of what the folders are for ....

Code:
Directories
The root directory contains the following subdirectories:

backend - backend web application.
common - files common to all applications.
console - console application.
environments - environment configs.
frontend - frontend web application.

inpratica the work project is divided into 2 web applications, * end, which indicate 2 different sites, frontend -> what users will see, backend -> in practice an admin panel ...

common -> is in common among the working groups, here it is good to save our model (database), because so we have the possibility to recall the function both in backend and frontend

above I wrote the php requirements, they are all extensions that need to be enabled.

Set document roots of your web server:
  • for frontend /path/to/yii-application/frontend/web/ and using the URL [Only registered and activated users can see links. Click Here To Register...]
  • for backend /path/to/yii-application/backend/web/ and using the URL [Only registered and activated users can see links. Click Here To Register...]

For Apache it could be the following:

Code:
<VirtualHost *:80>
        ServerName frontend.dev
        DocumentRoot "/path/to/yii-application/frontend/web/"
           
        <Directory "/path/to/yii-application/frontend/web/">
            # use mod_rewrite for pretty URL support
            RewriteEngine on
            # If a directory or a file exists, use the request directly
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            # Otherwise forward the request to index.php
            RewriteRule . index.php

            # use index.php as index file
            DirectoryIndex index.php

            # ...other settings...
        </Directory>
    </VirtualHost>
       
    <VirtualHost *:80>
        ServerName backend.dev
        DocumentRoot "/path/to/yii-application/backend/web/"
           
        <Directory "/path/to/yii-application/backend/web/">
            # use mod_rewrite for pretty URL support
            RewriteEngine on
            # If a directory or a file exists, use the request directly
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            # Otherwise forward the request to index.php
            RewriteRule . index.php

            # use index.php as index file
            DirectoryIndex index.php

            # ...other settings...
        </Directory>
    </VirtualHost>
Add the following lines to hosts file:
Code:
127.0.0.1 y2aa-frontend.dev
127.0.0.1 y2aa-backend.dev
if there are doubts, or something is wrong, just ask :)

I had left a documentation of Yii, so I thought these things were a little clear
10/25/2018 01:17 SnickQ#6
@[Only registered and activated users can see links. Click Here To Register...] You know that people aren't able to use it, right?
10/25/2018 16:09 [MXD]Takeshi#7
Quote:
Originally Posted by SnickQ View Post
@[Only registered and activated users can see links. Click Here To Register...] You know that people aren't able to use it, right?
well... good know, if i sell full project and install it, noone can shared....

anyway, have you been able to install it?
what have you seen, thought... more...
10/25/2018 17:00 SnickQ#8
I was try instal it as normal ASP site and and as normal site. When i clic on any php i have "Connot open this site"
But i put it into iis (7.2 php drives) i dont have xamp
10/25/2018 17:40 [MXD]Takeshi#9
Quote:
Originally Posted by SnickQ View Post
I was try instal it as normal ASP site and and as normal site. When i clic on any php i have "Connot open this site"
But i put it into iis (7.2 php drives) i dont have xamp
you do not need XAMPP, I left a configuration for xampp, if you know IIS you can easily confirm it ...

however I would like to see your mistake, and find a solution
10/28/2018 17:10 [MXD]Takeshi#10
#Bump new features - style
11/06/2018 14:16 [Admin]Divi#11
I noticed some of the fundamental security flaws that may afflict your PHP application.

To avoid it do the following steps;
  • Turn SSL on at all times
  • Hide all version numbers
  • Always keep your errors in privatelogs and away from the public
  • Disable potentially harmful functions

I’ll cover a few more potentially harmful injection attacks that you are susceptible to;
  • Shell Injection
  • eval() function
  • File Inclusion - include() or require()

Storing secure data such as the following should be given a security audit for both the sake of your visitors and for compliance;
  • E-mail addresses
  • Dates of birth
  • Credit reports & Bank account information (donation stuff)
    ... and more


Besides that, great work with that one! Keep it updated.
11/06/2018 14:45 [MXD]Takeshi#12
Quote:
Originally Posted by [Admin]Divi View Post
I noticed some of the fundamental security flaws that may afflict your PHP application.

To avoid it do the following steps;
  • Turn SSL on at all times
  • Hide all version numbers
  • Always keep your errors in privatelogs and away from the public
  • Disable potentially harmful functions

I’ll cover a few more potentially harmful injection attacks that you are susceptible to;
  • Shell Injection
  • eval() function
  • File Inclusion - include() or require()

Storing secure data such as the following should be given a security audit for both the sake of your visitors and for compliance;
  • E-mail addresses
  • Dates of birth
  • Credit reports & Bank account information (donation stuff)
    ... and more


Besides that, great work with that one! Keep it updated.
Hello and thanks for the reply.

there are different levels of debugging, and we can decide what and when to show it, for example there is a debug bar, which shows the "DEV" requests, used assets, databases in use and much more, I am releasing versions for "DEV" "so I did not remove the debugging levels.

Shell injector is possible in few cases, with the files that have been releasing there is little to inject, to say nothing, shell commands are blocked here.

the "include" or "require" is never used, it is all managed by assets


the data security currently entered is not entered xD data
12/10/2018 06:44 copain#13
Hello i mange to run the application but i always end up having file directory issue every time i go to any pages ill end up 404 ,

[Only registered and activated users can see links. Click Here To Register...]site/login

the folder site does not exist in web folder ..
12/10/2018 12:44 [MXD]Takeshi#14
Quote:
Originally Posted by copain View Post
Hello i mange to run the application but i always end up having file directory issue every time i go to any pages ill end up 404 ,

[Only registered and activated users can see links. Click Here To Register...]site/login

the folder site does not exist in web folder ..
your website does not point to the right directory

for IIS:
FIRST:
Make sure you have installed URL Rewrite on your IIS7

If you have the web.config configuration, and it is still routing to a physical directory and not to the controller/action route, it almost 100% means that your are missing URL Rewrite. Yes this is an addon that is not necessarily installed.

So go ahead, download and install it on your ISS from [Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

SECOND:
This is the web.config that is actually working. Notice that I ended with: match url=".*" and also notice that I added a line to handle images and other static content.

Code:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <configSections>
        <sectionGroup name="system.webServer">
            <sectionGroup name="rewrite">
                <section name="rewriteMaps" overrideModeDefault="Allow" />
                <section name="rules" overrideModeDefault="Allow" />
            </sectionGroup>
        </sectionGroup>
    </configSections>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Yii2 Routing that works" stopProcessing="true">
                    <match url=".*" />
                    <conditions  logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{REQUEST_FILENAME}" pattern="css|js|jpg|jpeg|png|gif|ico|htm|html" negate="true" />                            
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="index.php" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>
remember to update update code for
Code:
C:\webroot****\www\backend\web\web.config
C:\webroot****\www\frontend\web\web.config
12/10/2018 17:06 copain#15
i am using plesk in windows server 2016 the root dir is htdoc apatche,i have configure the web config to point it on my, db.. which folder or file hadles the page directory?
Page 1 of 2 1 2