Guest bradyjfrey Posted March 10, 2007 Share Posted March 10, 2007 I've heavily recoded/hacked Cube Cart here to merge both in style and design of wordpress. All template code has been redesigned to be proper semantic (I still don't get why all the templates are worthless divs and spans with tags, it's not accessible and not a search engine benefit, just code bloat), with Coupon/Gift card and product rating mods. Express Registration will come soon. The email subscription portion has been turned off for a customized Wordpress merge that can sync with it's blog posting. The admin section has been stripped to a leaner code so I can restyle not only the login page, but the whole system (I'll try and upload graphics), which is what I did for wordpress too. Both engines feed off each other's mysql so that I can add products to wordpress, and vice versa (similar to what I did with http://delightfulhealth.com, but that was done via javascript). I adjusted the home latest products page to allow for adding to cart buttons right on the index - this was one of the larger complaints I got when I did older stores (http://pinkpinstripes.com for example), and customarily I add it now. I should note by stripping all that xhtml code bloat my file sizes cut down by a quarter, and I've had an easier time styling by tag than by redundand classes or id's. The end result is a pretty Wordpress and CubeCart system: http://www.kamalaspa.com/store/ http://www.kamalaspa.com I'm sure I'll find some IE CSS bugs shortly, but I'll iron those out soon. The WP admin system is set in black, the store admin is set in pink - all css and most icons where changed, a few menu items adjusted, and the quick search moved up: http://dotfive.com/bf/kspapicture1.png (login) http://dotfive.com/bf/kspapicture2.png (main admin) http://dotfive.com/bf/kspapicture3.png (product admin) http://dotfive.com/bf/kspapicture4.png (gateway admin) Feedback or comments is always appreciated, thank you! Quote Link to comment Share on other sites More sharing options...
burgensteen Posted March 10, 2007 Share Posted March 10, 2007 The http://www.kamalaspa.com/store/ shopping cart doesnt lign up in an 800px wide screen + (just my personal opinion) I dont like scrolling horizontaly, so on an 800px screen its not realy worknig for me. The design though is excellent, fresh and clean looking. Burgensteen Quote Link to comment Share on other sites More sharing options...
Guest midwest Posted March 10, 2007 Share Posted March 10, 2007 Very Nice Design. I feel relaxed as soon as it appears. No viewing problems here. Running IE7 on WinXP. This is probably one of the best looking sites using CC I have run accross. I may have to hire you for one of my projects sometime midwest :D Quote Link to comment Share on other sites More sharing options...
Guest bradyjfrey Posted March 10, 2007 Share Posted March 10, 2007 The http://www.kamalaspa.com/store/ shopping cart doesnt lign up in an 800px wide screen + (just my personal opinion) I dont like scrolling horizontaly, so on an 800px screen its not realy worknig for me. The design though is excellent, fresh and clean looking. Burgensteen I'm sorry it causes problems for you in a low resolutions:( This was a hard issue for me, I've been running statistics on this site with my http://haveamint.com/ for the past year, and our 800px screen users are actually less than 5%. So the debate was to either go fluid (which I didn't feel fit this design) or push the bar and go with a larger screen size... I opted for the latter, not as a slight to my low res users, but so I could expand on the content and look and feel. If it becomes a growing issue, I'll revisit the design dimensions and look for a work around - thank you for the design compliments:) Very Nice Design. I feel relaxed as soon as it appears. No viewing problems here. Running IE7 on WinXP. This is probably one of the best looking sites using CC I have run accross. I may have to hire you for one of my projects sometime midwest Thank you for the compliments, I'm glad the design is relaxing and appreciate the support! Quote Link to comment Share on other sites More sharing options...
Guest Posted March 12, 2007 Share Posted March 12, 2007 WOW, this design is beautiful!!! Nothing wrong with it at all, however there is something non-design related and thats the 2 links for store and site management. A little bit a security issue and users will know exactly where your admin panel is and all they have to do is suss out the passwords. Quote Link to comment Share on other sites More sharing options...
Guest devstudent Posted March 12, 2007 Share Posted March 12, 2007 Wow, that design does look good to the eye, glad I don't have the horizontal scrolling issue on my screen, that is a very annoying issue, but the fix for it is simple, buy a new modern monitor. I'd be embarassed to even admit I was using an 800 wide monitor. Not sure what you mean with your question I still don't get why all the templates are worthless divs and spans with tags I'm not sure which templates your talking about, but do know some people can really get carried away with wrapping everything on a page in a div tag, this usualy isn't the person, but rather a sign that they have used a WYSIWYG editor to create the page, programs like DreamWeaver wrap absolutely everything in div tags. It could be worse though, I've seen new developers just discovering how to use css files give absolutely everything on the page an id and refernce it in their css file, it looks crazy to see people when you see them using css for even their paragraph tags or line breaks its a little over board. I would have to ask though, why on earth would you incorporate wordpress into your web site? Do you ever read the content at the Security Focus web site? My goodness it seems like every single day there are at least 2 or more new exploits being released for wordpress. I'm going there right now just to see what new exploit for attack is available today for wordpress, I haven't even looked yet and yet I'd be willing to bet the farm there are at least 2 new ones listed today already, and the day is still young yet I might add! I'm back, nope, you didn't just win my farm in a bet... Looks like three new exploits against wordpress just released into the wild, 2 of which are even flagged as critical! Typical for wordpress issues and exploits though... Under just normal newly listed exploits, not even critical, today we have... Wordpress Post.PHP Cross-Site Scripting Wordpress Multiple Cross-Site Scripting Vulnerabilities Then under critical alerts we have these... CRITICAL: WordPress Blogging Software Backdoor This one is enough, the source code for WordPress version 2.1.1 was altered to contain a backdoor. They don't even have their own source code locked down so a back door was added into it and this got released out to everyone from wordpress. Check back again tomorrow and I gurantee wordpress will have at least 2 more vulnerabilities in its security exposed by that time. I'm sorry it causes problems for you in a low resolutions:( This was a hard issue for me, I've been running statistics on this site with my http://haveamint.com/ for the past year, and our 800px screen users are actually less than 5%. Here's a friendly suggestion, your too busy running statistics on your site looking at what resolution monitor people are using and it's distracting you from checking statistics on the vulnerabilities your exposing yourself to by poorly choosing applications your running on your server. You should strongly consider getting wordpress off your site unless your charging a client per patch fees to patch poorly secured software every single day. Thats not a wise way to go, the problem with security patches is the problem will always exist long before the patch is released, and thats even if a patch gets released. If not for yourself or your client, then at least for the sake of your customers who risk having all of their personal information when making purchases at your web site vulnerable. Quote Link to comment Share on other sites More sharing options...
Guest devstudent Posted March 12, 2007 Share Posted March 12, 2007 One more thing I forgot to ask, why on earth would youo put direct links to your admin control panel right on the front page of your web site, or anywhere on your web site for that matter, that's just further asking for trouble and certainly has no reason or business being there like that. Quote Link to comment Share on other sites More sharing options...
Guest bradyjfrey Posted March 12, 2007 Share Posted March 12, 2007 I would have to ask though, why on earth would you incorporate wordpress into your web site? Do you ever read the content at the Security Focus web site? My goodness it seems like every single day there are at least 2 or more new exploits being released for wordpress. I'm going there right now just to see what new exploit for attack is available today for wordpress, I haven't even looked yet and yet I'd be willing to bet the farm there are at least 2 new ones listed today already, and the day is still young yet I might add! I'm back, nope, you didn't just win my farm in a bet... Looks like three new exploits against wordpress just released into the wild, 2 of which are even flagged as critical! Typical for wordpress issues and exploits though... Under just normal newly listed exploits, not even critical, today we have... Wordpress Post.PHP Cross-Site Scripting Wordpress Multiple Cross-Site Scripting Vulnerabilities Then under critical alerts we have these... CRITICAL: WordPress Blogging Software Backdoor This one is enough, the source code for WordPress version 2.1.1 was altered to contain a backdoor. They don't even have their own source code locked down so a back door was added into it and this got released out to everyone from wordpress. I've got a system to deliver patches to the engine, something I cooked up prior to being a http://2006.wordcamp.org/sponsors/ - I'm well aware of the weaknesses that the system has - and so do all custom CMS engines (and I've built many). The difference being like most open source software, this one has many eyes to let me know about the vulnerabilities. Here's a friendly suggestion, your too busy running statistics on your site looking at what resolution monitor people are using and it's distracting you from checking statistics on the vulnerabilities your exposing yourself to by poorly choosing applications your running on your server. You should strongly consider getting wordpress off your site unless your charging a client per patch fees to patch poorly secured software every single day. Thats not a wise way to go, the problem with security patches is the problem will always exist long before the patch is released, and thats even if a patch gets released. If not for yourself or your client, then at least for the sake of your customers who risk having all of their personal information when making purchases at your web site vulnerable. That friendly suggestion came off a bit aggressive, and is an assumption as to how much I've merged the two engines - I'll assume myself that I read that tone a little harsh, and that's not your intention:). Regardless, the merge does not compromise the integrity of CubeCart, and again, I have a system do deliver patches to the engine - WP will be staying where it is. In this case, I'm also the root for the server and oversee all their server requirements as needed worldwide with a team of consultants; because of their clientele, this will be an ongoing development process. So while I appreciate the friendly warning and advice, that assumption comes from someone who's only seen the front end of the site; not much basis to assume the application was 'poorly' chosen. Again, though, I like dissent, and don't take my cross debate as personal - how else will we improve if we don't debate. One more thing I forgot to ask, why on earth would youo put direct links to your admin control panel right on the front page of your web site, or anywhere on your web site for that matter, that's just further asking for trouble and certainly has no reason or business being there like that. That I completely agree with actually:) Thank you for the reminder, I left that on for the developers testing only. Quote Link to comment Share on other sites More sharing options...
Guest bradyjfrey Posted March 12, 2007 Share Posted March 12, 2007 I'm not sure which templates your talking about, but do know some people can really get carried away with wrapping everything on a page in a div tag, this usualy isn't the person, but rather a sign that they have used a WYSIWYG editor to create the page, programs like DreamWeaver wrap absolutely everything in div tags. It could be worse though, I've seen new developers just discovering how to use css files give absolutely everything on the page an id and refernce it in their css file, it looks crazy to see people when you see them using css for even their paragraph tags or line breaks its a little over board. Forgot to note - I agree on all levels, I've had to train people off their dated habits, but disagree that it's not the person's responsibility, or I should say the persons fault. Regardless if it's a wysi or an ancient CMS, the end result is their responsibility to the product, and just like a painter in my trade needs to understand the technicals of brush strokes to color theory, code is just as much the persons responsibility. The default templates that CC supplies are a bloated mess of <span id="aheader">; blatantly unsemantic and seems irresponsible from a coding perspsective. Those are just teaching poor habits to some of these new developers/coders, and it seems like a shame - so my opinion was based off the two default junks I saw with the CC install. Quote Link to comment Share on other sites More sharing options...
Guest devstudent Posted March 12, 2007 Share Posted March 12, 2007 I fully appolagize if that came across as harsh, it certainly wasn't intended that way, it's no fault of yours, I get that often, its a deficiency in my writting style that I never seem to be able to successfully work around. I guess some people walk a certain way and can't help it, I write a certain way and can't seem to help it. I assure you though I'm not a harsh intent kind of person. I seem to be reading into your reply though that your using wordpress due to a personal commitment to that project and dispite all the known problems with it the commitment you have to it is over ridding the decission to seek alturnative solutions to why you would be using it in the first place. I guess in my mind I look at that like if I decided I wanted to become a healthy organic vegetable farmer and decided to buy a lot of land for my farm, spent the season planting and harvesting and then later discovered the land I had invested all of my time and money into had formaly been used as a illegal toxic waste site and 2 feet under my soil were 55 gallon drums leaking a glowing spuge, that it would make for a good time for me to resurvey my available options and come up with a different game plan. I could continue planting on the toxic land and just not eat the vegetables myself, that wouldn't be very responsible to my customers nor would it imply sound moral judgement on my part. I could pay millions to have the land decontaminated, though I'd never recover these millions in tomatoe sales so that wouldn't make much sense. I could also count my losses, scrap the land and seek new land for my farm, this time with more experience and knowledge into what to look out for before making my investment. The point I guess is just because you have invested time and commitment to something doesn't alwways mean continuing on with that investment is always the best approach. Sometimes you just have to accept the fact that your trying to work with toxic sludge and seek out new, better alternatives. Having the ability to install on the fly patches is like trying to use a band aid to treat a decapitation victim. The problem with that is the cycle of the vulnerability process. Exploit gets discovered > exploit gets deployed > knowledge of the exploit spreads > customers complain to vendor of a problem > vendor sits on complaints until confirmed > a new patch for the problem goes into development > new patch is hopefully tested to not introduce worse problems > patch gets released to customers > patch hopefully gets found and installed by customers. There in lies the problem with your being up to date on the patches approach, despite the complexity of your deployment of such. Notice where in the chain of problems described above that your fixing the problem at. Its always going to be after the fact that the problem is already out there, known and in use. By the time you get your patch and have it installed the initial problem could have already been out there for months and your security could have already been very well comprimised. It offers the same false sense of security that anti virus software offers for desktop users. The viri are released into the wild and affect people long before being discovered and the signature is discovered and released as an update to the anti viri software. Once a person is infected the question always seems to be, "weren't you running anti virus software?". Just because your patching vulnerabilites, after the fact, by no means should you have any sense of security to a problem. Security should involve a multi tiered approach to the problem. While you can't protect yourself or your clients from the unknown, you can at least begin the process by making better choices from the start, or adapting your past choices to accomidate better new decissions. In the case of wordpress in particular, it seems obvious that the decission to utilize it in an ecommerce environment would be a very bad choice just based on its history of issues with exploits and constant vulnerabilities. While wordpress may be sufficient to use for a general web site that isn't collecting personal data and credit card processing, I don't think it displays any degree of responsibility to deploy it in an ecommerce type environment. I just personaly of course don't feel there is any place in the ecommerce environment for a security approach of feeling there is safety in numbers like a pack animal or herd of zebras who know at least one or two zebras in the herd are going to be taken out by lions and only hope it isn't them. Your patch approach is the same basic concept, you know the lions are out there watching the herd and your just in hopes that you can run from the watering hole faster than the other zebras in the herd. In an ecommerce environment I just don't understand why you would purposely expose yours own reputation, your clients reputation, and the personal data of customers to the web site like that by not just permitting, but embracing an application that is known to have daily new vulnerabilites to it. You seem to be a highly skilled developer so I guess it just seems shocking to me that you would make such a choice is all. Quote Link to comment Share on other sites More sharing options...
Guest bradyjfrey Posted March 12, 2007 Share Posted March 12, 2007 I fully appolagize if that came across as harsh, it certainly wasn't intended that way, it's no fault of yours, I get that often, its a deficiency in my writting style that I never seem to be able to successfully work around. I guess some people walk a certain way and can't help it, I write a certain way and can't seem to help it. I assure you though I'm not a harsh intent kind of person. No worries, I get that too - sometimes it's the tone that can come when explaining an angle:) I seem to be reading into your reply though that your using wordpress due to a personal commitment to that project and dispite all the known problems with it the commitment you have to it is over ridding the decission to seek alturnative solutions to why you would be using it in the first place. Not necessarily - I saw this development as a few options for me: 1) I create my own custom CMS in PHP - but I may just make my own cart then 2) I create my own custom CMS in RoR - but then same thing 3) I create my own custom CMS in Python - same thing 4) I merge Django with PHP and do a little cross hyrbrid job, which I debated for fun Wordpress has it's vulnerabilities - but I see their daily vulnerabilities more so on the exposure of the engine to the world; that opinion maybe contrary to some of my other beliefs, since I love my Unix/Linux and Mac over PC, and don't think their security issues are based off exposure, more so bad coding. Do you think WP uses some poor coding and development habits that make it more prone compared to other publication engines? That I would love to have a discussion about and would welcome more vocal conversation from the two of us! The point I guess is just because you have invested time and commitment to something doesn't alwways mean continuing on with that investment is always the best approach. Sometimes you just have to accept the fact that your trying to work with toxic sludge and seek out new, better alternatives. I agree with this statement - though the exploits have not made it feel like toxic sludge (albeit I've seen others that do). Exploits are a common scenario in web applications to me. Just because your patching vulnerabilites, after the fact, by no means should you have any sense of security to a problem. Security should involve a multi tiered approach to the problem. While you can't protect yourself or your clients from the unknown, you can at least begin the process by making better choices from the start, or adapting your past choices to accomidate better new decissions. In the case of wordpress in particular, it seems obvious that the decission to utilize it in an ecommerce environment would be a very bad choice just based on its history of issues with exploits and constant vulnerabilities. Just a note (and maybe where this confusion is coming from) - there's a lot here that I'm not describing for security purposes - but the databases are severed, my comments about 'feeding' off each other were elusive for a reason:). WP can pull product information, not anything else. Even the newsletter engine is severed from CC (I almost used PHPList, but I think I had the same feelings of that app that you have of WP!), it does not pull client information of that manner, or anything that would run over SSL. Wordpress, if you have the link still, is adjusted to run it's own admin over SSL too, but again, different engine - it does not split hairs in the way you may think I'm describing... which I didn't get until I saw your last post. Quote Link to comment Share on other sites More sharing options...
Guest devstudent Posted March 14, 2007 Share Posted March 14, 2007 Ha ha ha, your fun to talk with! Do you think WP uses some poor coding and development habits that make it more prone compared to other publication engines? That I would love to have a discussion about and would welcome more vocal conversation from the two of us! I'd say there are some bad habits in there somewhere if a new release for it was just made public and last week was discovered it had been hacked and had a back door inserted into it. Granted that wasn't so much the fault of the application itself as to how those bad development habits played a role in the problem. I wish I had the time to discuss wordpress with you all day long, just because your fun to talk to, certainly not because I have an interest in ever using wordpress. Unfortuneately though I have one of those professors at school who thinks overloading us with homework for my Java class is somehow a good thing, and midterms are only 2 weeks away. I hate working with Java, it's one of those forced classes I had to take which I suppose makes it even worse. Quote Link to comment Share on other sites More sharing options...
Guest bradyjfrey Posted March 16, 2007 Share Posted March 16, 2007 I hate working with Java too - I hate managing servers where I've had to deal with Java apps... except wildfire (now called openfire) - great web app that's Java based for Jabber. Well if you ever want to talk shop, feel free to email me at brady dotfive.com or or my chats - http://dotfive.com/contact/ always enjoy talking shop with other developers:) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.