For the past few weeks, I've been working on a PHP/MySQL CMS of my own.
It's very lightweight and nothing too fancy. I have used it a couple of times with clients in the past to allow them to update their own site.
However, I know it has it's flaws, and I wonder if any kind gents could take a look at it and perhaps show me where I'm going wrong(code efficiency/modularity, security etc.). I'm looking to use OOP for a new CMS I'm working on.
Do NOT use short tags, always use the full <?php & ?>. This promotes much better cross server compatibility and means your doesn't go pop when it encounters XML tags.
Try to separate the code from the HTML, you don't need to use OOP to do this, although it becomes much easier when you do. Try a few MVC tutorials, there are plenty about, although only a few which don't use OOP.
Implement a few functions to save yourself repeating code, for example, in a few of the pages you have many database calls for data. This leads to variables like $sql, $sql2, $res, $res2 etc.., create a function like queryDatabase($sSQL) which would return an array.
I didn't look at much of it tbh, but heres a few things I noticed.
Line ends viewed in vim on win32 all end with ^M which is a nuisance for me.
Some require paths seem to be inside the document root, you should have all includes in an includes folder which should be enabled with some global setting.
I know it isn't OOP-based, but you don't use PDO
I didnt look at much else after that, sorry.
It all depends what this cms is for, you aren't distributing it are you?
This is all wrong:
includes should be agnostic about the location of the include file, except its relationship to the main include_path ini directive.