417

HelloWorld! - A Light & Secure CDS for PHP

This is the Content Display System (CDS) that we use to give each page on this website the same layout without having to duplicate the layout code for every page. It's different than a CMS in that its only purpose is to securely include HTML or PHP files into a singular layout file. It doesn't include a WYSIWYG editor or anything fancy like that, and it doesn't use a database.

Too many websites are vulnerable to Remote File Inclusion because their developers implement something like HelloWorld! without considering security. HelloWorld! has been released into the public domain to help solve this problem. It was designed with security as the top priority and has been thoroughly tested.

Features

Download

HelloWorld Source Code on GitHub

System Requirements

Using HelloWorld!

Setup

  1. Upload: Download HelloWorld! using the link above, extract the archive, and upload it to the root directory of your domain. Make sure you upload all three .htaccess files (/.htaccess, /pages/.htaccess, /libs/.htaccess). The leading period means "hidden file" in unix-like operating systems, so they are easy to miss. If .htaccess files are turned off, you can use <Directory> entries in the apache master configuration (see the apache documentation for more details).
  2. Change $MASTER_HOST and $ACCEPTED_HOSTS: These variables are located in libs/URLParse.php. $MASTER_HOST specifies the domain name of your website. If a request is made to HelloWorld! with a URL containing a different domain name, the user will be redirected to the same file on the $MASTER_DOMAIN domain. $ACCEPTED_DOMAINS is an array of domain names for which the user should not be redirected to $MASTER_HOST. This is useful if you have development and production servers with different names.
  3. If you are installing to a subdirectory...

    If you are installing HelloWorld! to a subdirectory of the web root, then you must edit /libs/URLParse.php and set the $DIRS_TO_IGNORE constant to the number of directories in the URL that should be ignored, and edit .htaccess, replacing "/index.php" with the full path to HelloWorld's index.php on the local filesystem.

    For example, if you are installing HelloWorld! to the local folder /var/www/example.com/this/is/a/folder/ which is accessible via the URL http://example.com/this/is/a/folder/, then set $DIRS_TO_IGNORE to 4 and change the RewriteRule line in .htaccess to:

    RewriteRule . /var/www/example.com/this/is/a/folder/index.php [L]

    You will also have to edit the navigation menu in index.php to use absolute URLs. For example:

    <div id="navbar">
        <a href="http://example.com/this/is/a/folder/">Home</a>
        <a href="http://example.com/this/is/a/folder/about.htm">About</a>
        <a href="http://example.com/this/is/a/folder/skadlfjasdklfjsdklaf">404 page</a>
    </div>
  4. Test: Visit your domain to make sure HelloWorld! is working properly. You should see something like this. Click the navbar links to make sure everything works.
  5. Change default title and META tags: In libs/URLParse.php, find $DEFAULT_TITLE, $DEFAULT_META_DESC, and $DEFAULT_META_KEYWORDS, and change them to something suitable to your website.
  6. Change $FORCE_HTTPS: If your website supports SSL/TLS and you want insecure connections to automatically redirect to secure connections, set the $FORCE_HTTPS variable in libs/URLParse.php to true.

If you have any difficulties getting HelloWorld! set up, contact me, and I'll be glad to help.

Adding Pages

To add a page, you need to do two things:

  1. Create a file containing the page contents.
  2. Add the page to the page information array.

All page content files go inside the /pages/ folder. There is no correlation between the URL to access the page and the location of the page content file in /pages. You can organize the files in /pages any way you like. The URL is set by the page information array.

For example, if we want to add a contact information page, we first create the file /pages/contact.html:

<h2>Contact Information</h2>

<p>Phone number: 555-1234</p>

Then, to make this page accessible from the web, we must add it to the page information array. To edit this, open /libs/URLParse.php. Search for "$PAGE_INFO", and you should find something like this:

    private static $PAGE_INFO = array(
            "" =>           array(
                P_FILE => "home.html",
                ),
            // Handles /index and /index.htm
            "index" =>      array(
                P_RDIR => "",
                ),
            "index.html" =>  array(
                P_RDIR => "",
                ),
            "index.php" =>  array(
                P_RDIR => "",
                ),
            "about" =>      array(
                P_FILE => "about.html",
                P_TITL => "About Page",
                P_METD => "About HelloWorld CMS.",
                P_METK => "about",
                ),
            );

Add another element to the array for the contact page as the following code demonstrates:

    private static $PAGE_INFO = array(
            "" =>           array(
                P_FILE => "home.html",
                ),
            // Handles /index and /index.htm
            "index" =>      array(
                P_RDIR => "",
                ),
            "index.html" =>  array(
                P_RDIR => "",
                ),
            "index.php" =>  array(
                P_RDIR => "",
                ),
            "about" => array(
                P_FILE => "about.html",
                P_TITL => "About Page",
                P_METD => "About HelloWorld CMS.",
                P_METK => "about",
                ),
            "contact" => array(
                P_FILE => "contact.html",
                P_TITL => "Contact Page",
                P_METD => "Contact Information",
                P_METK => "contact",
                ),
            );

You're probably wondering the strings are for. The "contact" string in the first highlighted line specifies the URL of the page without the .htm extension. In this case, it is "contact" so the page URL will be http://example.com/contact.htm. The P_FILE string is the path to the file containing the page body. It is relative to the /pages directory. In this case, the P_FILE string is referring to the /pages/contact.htm file we made earlier. The P_TITL string is the title of the page (usually displayed in the web browser's title bar). The P_METD string specifies what to put in the META description tag. P_METK specifies what to put in the META keywords tag. When any of P_TITL, P_METD, or P_METK are not specified, the default value is used.

After you have added the page content file and added the page to the page information array, you can edit index.php to add the URL to your navbar (if you have one).

Removing Pages

To remove a page, delete its file in /pages and remove its entry from the page information array in libs/URLParse.php

Modifying Pages

To modify a page, modify its file in /pages. That's it!.

Editing the Layout/Theme

All requests are processed by index.php, and the page body is included into it. So to edit the website layout/theme, edit index.php accordingly. Just be sure that the method call URLParse::ProcessURL(); comes before any HTML code. The method call URLParse::IncludePageContents(); is what includes the page body.