For informational purposes only. The administration is not responsible for its content. Free download .
Dear friends,
We present you a new version of our script DataLife Engine v.13.1 NULLED. In this release, you are expected to add support for automatic updating of plugins for new versions and a number of other improvements in the plugin system, new features have been added for more convenient work with additional fields, a new type of rating "Like and Dislike" has been added, improved search for publications in the admin panel, and much more, read more about this and more...
The following changes have been prepared and implemented:
1. Added the ability to automatically update the script in the admin panel within one version of the script, in cases where, for example, fixes for found vulnerabilities or other bugs are released. In cases where changes are made to the distribution within the same version, for example, when fixing vulnerabilities or other identified problems with the script, it will be possible to update the script in the admin panel within the current version of the script.
2. Added the ability to automatically update plugins on the site. To do this, the plugin specifies a URL to obtain information about the availability of a new version. At this URL, the plugin developer's site should return an array in JSON format, which should contain information about the current version of the plugin, as well as a link to download the current version of the plugin. For example, the given URL should return the value ("version":"2.0","url":"https://dle-news.ru/test/test.zip"). After that, when checking for updates, the site administrator will be able to find out about the availability of new versions of the plugin and update the plugins in the admin panel in one click.
3. For the plugin management system, added the ability indicate the number of replacements to be made for each search criterion in the file. For example, you need to find and replace some code in a file that occurs several times in this file, you can specify how many times this code needs to be replaced. To replace all occurrences of this code, you can leave this parameter empty, thus replacing will be performed wherever the code you specify occurs.
4. For the plugin management system, added the ability automatic deletion of additional files downloaded with the plugin in the archive if the plugin is removed from the site. To do this, the plugin parameters are added with the ability to choose whether to delete additional files or not. Thus, you can decide for yourself whether it is necessary to clean the server from additional files if it is deleted from the site, or whether they should be left.
5. For the plugin management system, added the ability use the (THEME) tag in folder names in ZIP archives. When uploading an archive through the plugin system, this tag will be replaced with the name of the template used. For example, by placing the /templates/(THEME)/test.tpl file in the archive, your template file will be placed in the template used on the site. Thus, when using complex plugins that contain sample template files, they can immediately be loaded into the desired folder containing the template used by the user.
6. For the plugin management system, added the ability use preg_replace function control characters, such as \\1, etc., in the "Find and Replace" action in the replacement string, which removes restrictions on finding and replacing some codes in DLE.
7. For additional fields of type "Image" and "Image Gallery", added the ability to assign each image separately, its own personal description, which is also used as the HTML alt attribute, when displaying these additional fields on the site.
8. For additional fields of type "Image gallery", added the ability to change the sort order of uploaded images by simply moving them with the mouse. After uploading the images, you can swap the images as you wish. Also uploaded images can be transferred to other additional fields.
9. For publications and comments, a new type of rating "Like and Dislike" has been added, which keeps separate records of both the number of likes and the number of dislikes. To do this, new tags have been added for templates for displaying publications and comments: (likes)- which displays the number of likes, (dislikes) - which displays the number of dislikes, as well as the tag text- which displays the text enclosed in the tag, if this type of rating is enabled in the settings.
10. In the settings of user profiles in the admin panel, added the ability set a list of categories in which this particular user is allowed to add publications. This will allow, for example, journalists to keep personal headings in which other journalists (or some of them) do not have the right to publish. Or vice versa - to exclude a journalist from a specific category of news, if, for example, he is incompetent in it.
11. In the settings of user profiles in the admin panel, the ability has been added set a list of trust categories to which this particular user is allowed to add publications without moderation. Such personalization will make it possible to differentiate rights much more flexibly without creating a bunch of user groups, including groups for each specific journalist.
12. For advanced search of publications in the admin panel, in the publication editing section, the ability to choose where to search is added. You can search through the entire content, you can separately by titles, short description, full description and additional fields. Also, search algorithms have been significantly improved to more correctly find publications.
13. For advanced search of publications in the admin panel, in the section for editing publications, the ability to search simultaneously in several categories to choose from has been added.
14. Added the ability for the tag cloud the use of "&" and "#" characters, which allows, for example, the use of various brand names in the cloud, for example, "H&M", etc.
15. In the script settings in the admin panel, added the ability permission for the site administration to log in to the site using social networks. When this setting is enabled, users in the administrators group can also log in to the site using their social network accounts.
16. In the admin panel, in the section for editing comments, the ability has been added searching for comments in the text. In this section, you can search for the comments you need for editing by any keywords. This makes editing comments more convenient.
17. In the admin panel, in the section for managing cross-references, the ability has been added for bulk actions on links, set the replacement to "Only in static pages", as well as "In static pages, news and comments".
18. To preview banners in the ad management section of the admin panel, Added connection of your template styles from the preview.css file. Thus, you can see a more correct design of your advertising code, if it uses classes from your template.
19. For the short news output template (shortstory.tpl) added tag usage text, which display the enclosed text in them if there are no publications according to the given criteria. Thus, you can reassign the standard system message about the absence of publications in any particular section of the site, making it unique, for example, for each section of the site. Also, these tags can be used in templates that are used for custom output of publications using the (custom ...) tag.
20. For the template of the E-Mail message that is being sent when recovering a forgotten password, the use of new tags has been added: (%losturl%), which outputs only the URL of the link to reset and generate a new password, and (%ipurl%), which displays only the URL of the link to reset the block by IP. Thus, you can separately set the design you need in the letter of these links, for example, in the form of buttons. And also you can, for example, refuse to display a link to unblock by IP if you do not use this feature on your site.
21. Improved the system for deleting categories in the admin panel. If the category being deleted contains subcategories that are also subject to deletion, then all actions for publications that contain the category being deleted will be automatically extended to publications that also contain the subcategories to be deleted. And for these publications in subcategories, the same actions will be applied.
22. For the "Filter by: IP, Login or E-Mail" module, the ability to adding blocked addresses or logins, or e-mails in whole lists at once, and not one at a time. Which significantly speeds up the process of adding, if you already have a ready-made list of what needs to be blocked.
23. For the "Filter by: IP, Login or E-Mail" module, the ability to editing existing rules. You can select and edit any rule without having to delete it and add it again.
24. For the "Filter by: IP, Login or E-Mail" module, the ability to selection of several or all added rules at the same time, and mass unlocking of these rules in one click.
25. Added support for the "Filter by: IP, Login or E-Mail" module using IPv6 addresses that can be specified to block access to the site. Also added the ability to specify IPv6 subnets for blocking.
26. Added the ability to specify IPv6 addresses in the user profile, from which authorization is allowed for the user. You can also specify not only a separate address, but also an IPv6 subnet.
27. For the module of custom sorting of publications on the site displayed by the (sort) tag, the ability to set sorting for each specific category, and not for all categories at the same time, has been added.
28. For links published in publications, added the ability to use of block elements in them, such as "p", "div", etc. This allows DataLife Engine to more accurately and correctly comply with HTML5 standards.
29. Added the ability to add new users in the DataLife Engine control panel, when working with the panel using smartphones.
30. Changes have been made to the work of tree-like comments. If the maximum nesting for replies to comments is reached, then in the case of a reply to a comment, these answers remain in the discussion thread at the maximum nesting. Previously, when the maximum nesting was reached, it was impossible to reply to a comment. Now the possibility of an answer remains in any case.
31. For additional fields of type "Cross-references", added the ability to use double quotes and ampersands in values.
32. If the template for the E-Mail message that is being sent when recovering a forgotten password, the use of the HTML format for this letter is set, then the links generated by the (%lostlink%) tag in this template will be generated in the form of a ready-made HTML code, and not just text links.
33. In the script settings added the ability to install sorting publications by default, by the number of comments. The same has been added to set up sorting criteria when browsing the catalog.
35. Changes have been made to the work of additional fields, if the field has restrictions on adding by user groups. If the value of an additional field was added by a user who has the right to do so, and subsequently the publication is edited by a user who does not have the rights to fill in this field, then the value of this field is no longer cleared, but remains the same as it was previously filled in by the user who has the right to do so. right.
36. The limit on the number of characters of the Description meta tag for categories has been increased to 300 characters. The maximum length now corresponds to the maximum length set by the Google search engine for displaying this information in search results.
37. Improved search for similar news on the site. The display of related news has become more relevant in terms of sorting the found publications.
38. Improved support for IPv6 addresses of site visitors. In some specific cases, the full address might not fit into the database. The field length is now reserved according to the RFC 4291 specification.
39. Improved formation of the og:description meta tag of the Open Graph protocol when viewing full news. The formation is more correct when using additional fields for publications as the main content.
40. Improved operation of the DataLife Engine security system, in order to more correctly check data on subdomains, on some hostings, which has a subdomain structure, in the form of subfolders of the main domain.
41. Added support for tel protocol: for links published on the site using BB tags.
42. Updated visual editors TinyMCE and Froala to current versions. Fixed a number of identified errors in these editors.
43. Problem fixed using in the additional user profile fields, fields with the "List" type, in which values \u200b\u200bare used using the "|" symbol.
44. Problem fixed when in the plugin management section, if the action on the file in the menu was changed, some characters could change incorrectly in the values specified in the fields.
45. Problem fixed, in which it was impossible to use tags for internal pages of the site, and it was allowed to use only for external sites.
46. Problem fixed, in which it was impossible to start updating the site to a new version if the site was in an encoding other than UTF-8, while the administrator's login or password contained letters written in Cyrillic.
47. Problem fixed in which a pop-up window about the receipt of new personal messages did not appear if the user independently logged out of his account on the site, and then logged into it again after some time.
48. Problem fixed when editing comments in the script control panel did not work if the TinyMCE editor was enabled in the script settings.
49. Problem fixed, which did not display the number of days during which you can add comments to the publication, if such limits were set in the script settings in the admin panel.
50. Problem fixed, in which an additional field of the "Upload file" type was not displayed on the site as a link to download the file, but was displayed as a simple tag.
51. Minor bugs in the script that were discovered and announced earlier have been fixed.
Let's talk about the menu on the dle website. More precisely, how to add your own items to the menu, or replace existing ones with new ones. Quite often, for beginners who have just installed this CMS, the question arises: “How to replace the standard menu items in the standard template with your own?” If, in wordpress, this can be done without editing the code, then in dle the situation is different, you still have to get into the code and figure it out a bit. However, there is nothing difficult in adding new items, and I hope you can see this today.
So, let's get down to business. To begin with, we need to create items that later need to be implemented in the dle menu, be it pages or categories. To do this, go to the admin panel and click on the item "list of all sections."
And then it all depends on the situation. If we need to add a link to the site category to the menu, then go to the “Categories” item, and if we need to create a page that the menu item will direct the user to, then go to the “Static Pages” item. There is no fundamental difference between them, so we will choose one of the two options, for example, "Categories".
A form for creating a new category on the site will appear. Everything is simple there. What each form field is used for, see image.
Not all fields that are described in the figure are mandatory, but only the first and second fields. And the points that I did not touch on the image do not relate to categories at all, but to global engine settings, such as dle news output settings, and also provide the ability to assign a unique template for each category separately.
After filling in the required fields, at least the first two, click on the add button. This action will create a new category on the site, a link to which we will add to the dle menu. And pay special attention to the second field, where it was necessary to register an alternative name for the category, which will be the address at which the category will be located. In my example, it will look like this: http://site.ru/primer_category/
Now, let's move on to directly adding a new item to the dle menu.
To do this, in the admin panel you need to go to the "Website Templates" section.
And then you need to select one of the two files, if a standard template is used, in which the menus on the site are registered. There are two types of menus in the standard template: this, and both horizontal and vertical. The topmenu.tpl file is responsible for the horizontal menu, and the sidebar.tpl file is responsible for the vertical menu in the left column of the site. Both of these files can be found in the left column of the Site Templates section. And when you click on one of them, the code of this file will appear in the right column.
After opening the file, we need to fix any existing item on ours. That is, change the name, in this case to the name of the category. And substitute a link to the category itself (alternative name), instead of #. That is, if I replace the “About site” item, then the menu code will look like this:
By analogy, you can change the rest of the menu items. As for the second, horizontal menu, the situation is exactly the same there. And of course, everything that you don't need can be removed. And of course, save the edited file.
If you are not sure about something, for example, that you will delete something superfluous, then just do it so that in case of unforeseen situations it can be restored.
And that's all for me.
Hello. I want to devote this topic to creating the simplest module for the popular CMS Datalife Engine. In Russia, as well as in the CIS countries, it is quite popular, but for some reason there are still no articles about this cms on Habré. I will try to correct this misunderstanding. In this article, you will learn how to make a simple module for this CMS, as well as get acquainted with the structure of the engine.
Introduction
I would like to note that the system is in demand among entertainment sites. It is understandable, the system is easy to use, has a sufficient number of modules and templates. And almost everything you need is out of the box. However, sometimes something is missing. We will try to solve this problem.Why DLE?
You will probably wonder why I chose this particular CMS. The answer is simple: a fairly logical structure of the engine itself, separation of templates from code, a fairly simple template engine, again, a fairly logical placement of everything inside - it's easy to figure out what's what. Plus, the system remains relatively light and comfortable. It is not as functional as, for example, Drupal, but still I like it.Structure
First we need to know something about the structure of the engine. You can’t create a mess on the server, so we will keep everything in our folders.Modules for the operation of the engine are usually placed in a folder /engine/modules/.
In the folder /engine/inc/ admin panel files are located.
Starting with version 8.x, it appeared to connect modules directly in the template. The template is located in the /templates/template_name/ folder. This folder contains the main.tpl file. This is the root template file, usually the main structure of the template is located in it. Usually the module can be connected like this:
(include file="engine/modules/mod_category.php")
Where mod_category.php is a file located in the /engine/modules/ category. I think this is all clear, let's move on.
Let's make a module for displaying the latest comments with caching. To do this, let's create a file in the /engine/modules/ folder and call it mod_lastcomm.php Next, I provide a code listing of this file with detailed comments.
The code
DATALIFEENGINE". This constant is defined in index.php and its TRUE value indicates that the file is included with include/require, and not just run. */ if(!defined("DATALIFEENGINE")) ( die("Hacking attempt! "); ) /* Include the api class so that we can use functions to work with the cache. */ include ("engine/api/api.class.php"); /* Try to read the information stored in the cache from name lastcomm. I recommend giving meaningful names to everything that we store in the cache. lastcomm is a file in a folder /engine/cache/, a 60 is the cache lifetime in seconds. In this case, if more time than 60 seconds has passed since the creation of the file, then we will again have to climb into the database. */ $lastcomm=$dle_api->load_from_cache("lastcomm", 60); /* Check if we have a cache or not. If not, then we climb into the database. */ if (!$lastcomm) ( /* The actual query to the database. It is executed using the $db class function. The PREFIX constant contains the prefix specified when setting the cms. The column names are named quite normally, I think there is no need to explain what they do. The query ID is stored in the $sql variable */ $sql = $db->query("SELECT comments.post_id, comments.text, comments.autor, post.id, post.flag, post.category, post.date as newsdate , post.title, post.alt_name FROM " . PREFIX . "_comments as comments, " . PREFIX . "_post as post WHERE post.id=comments.post_id ORDER BY comments.date DESC LIMIT 0.20"); /* C using the get_row() function of the $db class, we read each row from the selection results sequentially.The information is entered into the $row array with indices equal to the table field names */ while ($row = $db->get_row($sql)) ( /* If necessary truncate news title */ if (strlen($row["title"]) > 50) ( $title = substr($row["title"], 0, 50)."..."; ) else ( $title = $row["title"]; ) /* Form with link to the user profile. Similarly */ $aname=urlencode($row["autor"]); $name=" ".$row["author"] .""; /* We form the text of the comment and trim it if necessary */ $text = htmlspecialchars($row["text"]); if (strlen($text) > 1024) $text= substr($text, 0, 1024) ."..."; /* Generate a link to the news. The $config array contains all system settings. In particular, $config["http_home_url"] is the domain url. */ $newslink = $config["http_home_url"].$ row["post_id"]."-".$row["alt_name"].".html"; $hint = "onMouseover=\"showhint("$text", this, event, "");\"" ; $title = "(!LANG: ".stripslashes($title).""; /* Total entry for one comment */ $lastcomm.="From $name in news:$title
"; ) $db->free(); /* Cache the received data. To better understand the caching functions, open the file "engine/api/api.class.php" everything is perfectly commented out there */ $dle_api->save_to_cache (" lastcomm", $lastcomm); ) /* Output the result */ echo $lastcomm; ?>
Conclusion
This code is fully functional. And of course it has its drawbacks. For example, it is not checked for links - whether the CNC is enabled. Or when you click on the link to the user's profile, we immediately get to his profile, and not to the jQuery window with brief information. In general, there is something to improve. But all these things were not included here for one reason only - to prevent confusion for a beginner. I also advise you to analyze other files, such as topnews.php. If you have any questions about writing modules or about the system in general, I will be happy to answer them.That's all for me, if this topic seems interesting to someone, then I will make a series of articles about the cms Datalide Engine (DLE).
Oh yes, this is my first article on Habré, so sorry if something is wrong.
Greetings to all who dedicate their precious time to these lines.
In this article, I want to talk about ways to optimally configure the DataLife Engine server and content management system. Over 4 years of working with Internet sites and servers, I learned that security is above convenience and that it needs to be paid attention. Reservation: I do not claim ownership of anyone's intellectual property! All material is collected on the Internet.
The following steps will be described to help distribute the server load, protect it from DOS attacks, restrict access to the FTP protocol, and properly configure the DataLife Engine system.
Protecting and configuring your server.
1. Setting up the server configuration using the front-end Nginx to Apache bundle.
The advantages of such a scheme can be understood with a small example. Imagine that your Apache web server needs to service about 1000 requests at the same time, and many of them are connected to slow links. In the case of using Apache, we will get 1000 httpd processes, each of which will be allocated RAM, and this memory will not be released until the client receives the requested content.
In the case of a scheme using a front-end server, we will get significant resource savings due to the fact that after a request is received, nginx passes the request to Apache and quickly receives a response. As a result, Apache, after giving the answer to nginx, releases memory. Next, the nginx web server interacts with the client, which is just written to distribute static content to a large number of clients with little consumption of system resources.
For the correct operation of our bundle, we need a module for Apache. There is such a need for the following reason: requests to Apache come from the IP address on which nginx is running, respectively, only the IP address of the nginx server will appear in the Apache log files. Also, without using this module, problems will begin with scripts that use the visitor's IP address and the mechanism for restricting access by IP addresses using .htaccess will stop working correctly.
Installing NGINX on popular operating systems.
Red Hat Enterprise Linux 4 / CentOS 4
To install nginx on these operating systems, you need to enable an additional package repository.
Red Hat Enterprise Linux 5 / CentOS 5
To install nginx on these operating systems, you need to enable an additional EPEL package repository.
ASPLinux Server 5 / Fedora
nginx is included in the standard distribution package.
If the repositories are connected or simply not required, we execute: yum install nginx
Installing Apache.
To install Apache web server just run: yum install httpd
Install mod_rpaf.
1.
Install the httpd-devel package:
yum -y install httpd-devel
2. Download and install mod_rpaf:
We enter the directory /usr/local/src
cd /usr/local/src
Load the mod_rpaf-0.6.tar.gz file into /usr/local/src
wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
Unpack mod_rpaf-0.6.tar.gz
tar xzf mod_rpaf-0.6.tar.gz
Go to the directory in which you unpacked
We put the module in the system
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
3. Next, you need to create a mod_rpaf configuration file - /etc/httpd/conf.d/rpaf.conf and add the following lines to it:
RPAFenable On
RPAFproxy_ips 127.0.0.1 xx.xx.xx.xx yy.yy.yy.yy
where xx.xx.xx.xx and yy.yy.yy.yy are the IP addresses of your server. If there are more than two IPs on the server, add them in the same way.
service httpd restart
4. In nginx, the following lines must be specified inside the http () block:
proxy_set_header Host $host;
If these lines are specified, you do not need to append.
If nginx.conf is modified, restart nginx:
/etc/init.d/nginx stop
/etc/init.d/nginx start
5. How to check if the installed module is working?
On any of the domains that are located on your server, place the test.php file with the content:
" echo $_SERVER["REMOTE_ADDR"]; ?>"
Next follow the link where domain.tcom is your domain name. If an IP is displayed that is different from your server's IP, the module is working correctly.
nginx setup.
The following is the nginx configuration file for working as a front-end server. It is assumed that nginx will run on all interfaces on port 80, and Apache will run on interface 127.0.0.1 and port 8080. Save this configuration file in the /etc/nginx/ directory with the name nginx.conf.
user nginx;
worker_processes 10;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events(
worker_connections 20000;
}
http(
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main "$remote_addr - $remote_user [$time_local] $status "
""$request" $body_bytes_sent "$http_referer" "
""$http_user_agent" "http_x_forwarded_for"";
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
send_timeout 900;
server_tokens off;
server(
listen 80;
server_name_;
server_name_in_redirect off;
access_log /var/log/nginx/host.access.log main;
location / (
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 10m;
}
}
Apache setup.
In the Apache configuration file /etc/httpd/conf/httpd.conf find the line:
and replace it with the line:
Listen 127.0.0.1:8080
mod_rpaf setting.
Add the mod_rpaf module to your Apache configuration file. To do this, add the following line to the /etc/httpd/conf/httpd.conf file:
LoadModule rpaf_module modules/mod_rpaf-2.0.so
Then add the following lines to the same file:
RPAFenable On
RPAFsethostname Off
RPAFproxy_ips 127.0.0.1 192.168.0.1
RPAFheader X-Real-IP
Instead of 192.168.0.1, you need to put the server's IP address.
2. Server configuration to protect against dos attacks.
We enable caching of the main page in nginx for those who do not have cookies.
Add restrictions to nginx.conf:
limit_req_zone $binary_remote_addr zone=two:20m rate=2r/s;
server(
location / (
limit_req zone=two bursts=5;
}
}
}
We use tail and awk:
tail -f /var/log/nginx/access.log | grep GET / HTTP/1.1" 503
We connect the log:
tail -f /var/log/nginx/access.log | grep GET / HTTP/1.1" 503 | awk "( print $1 )"
We get the IP of machines:
iptables -A INPUT -p tcp -j DROP -s $IP
We enter the IP in the Firewall:
tail -f /var/log/nginx/access.log | grep GET / HTTP/1.1" 503 | awk "( print $1 )" | xargs -t -l iptables -A INPUT -p tcp -j DROP –s
Now let's set connlimit for iptables to limit bot connections. In the rules, we set permission for 5 connections from one IP, and 25 from the class C subnet.
DDOS attack from 16000 bots - Load average: 1.4 1.9 2.0
FTP Access Restriction
To do this, we need a .ftpaccess file. It will help to deny or allow FTP access from the specified IP addresses. Someone may ask the question: "I have a dynamic IP, how do I properly use .ftpaccess?" The answer I mean is only this: “If you need this security add-on, get a static IP from your provider. They won't ask you for a lot of money."
To create the .ftpacces file we need SSH access. You can use winscp. There can be a lot of settings in .ftpaccess, but we are only interested in one parameter. By writing these lines in the file, you will completely block access from everyone:
Deny from all
After the above, no one will be able to access the FTP. To add access permission to a specific IP, you need to specify the following parameters:
Allow from 127.0.0.1
Deny from all
Naturally, the address 127.0.0.1 is indicated as an example and must be replaced with your own.
Important! It is best to disable FTP access to absolutely everyone and connect only via SSH.
Protection of the content management system DataLife Engine.
1. Install and configure .
2. Rename the admin panel file and make a fake at the old address (www.sait.com/admin.php) when going to which the user will be blocked by prohibiting his ip in .htaccess.
Renamed? Now we create an ip.txt file in the root directory to store ip addresses. We give him and .htaccess rights CHMOD - 777.
Create an admin.php file with the following content:
$ip = getenv("REMOTE_ADDR");
$log = fopen("ip.txt", "a+");
fwrite($log, "// ".$ip."\n");
fclose($log);
$f = fopen($_SERVER["DOCUMENT_ROOT"] . "/.htaccess", "a");
fwrite($f, "\ndeny from " . $ip);
fclose($f);
Admin panel DataLife Engine
Text, for example: Your ip is in the logs, I will find you!
Fear, little one, ha ha!
"3. Let's add additional authentication in the admin center.
You need to come up with another login and password (do not use your administrative account details). The second login and password must be fundamentally different from the first. Decided? Fine! Now let's encrypt our password in md5 (you can do this on the md5encryption.com website).
Next, open admin.php (remember, we renamed it earlier and, therefore, if you named it superadmin.php, you need to open this one) and after the line:
add:
$login="enter the login you made up";
$password="and generated password in md5";
if (!isset($_SERVER["PHP_AUTH_USER"]) || $_SERVER["PHP_AUTH_USER"]!==$login ||
md5($_SERVER["PHP_AUTH_PW"])!==$password) (
header("WWW-Authenticate: Basic realm="Admin Panel"");
header("HTTP/1.0 401 Unauthorized");
exit("Access Denied");)
4. Disable unused php functions by the system.
To search for the php.ini file, create a phpinfo.php file with the text:
After searching, be sure to delete phpinfo.php!
disable_functions = allow_url_fopen, eval, exec, system, passthru, scandir, popen, shell_exec, proc_open, proc_close, proc_nice, get_current_user, getmyuid, posix_getpwuid, apache_get_modules, virtual, posix_getgrgid, getmyinode, fileowner, filegroup, getmypid, apache_get_version, apache_getenv, apache_setenv, disk_free_space, diskfreespace, dl, ini_restore, openlog, syslog, highlight_file, show_source, symlink, disk_total_space, ini_get_all, get_current_user, posix_uname, allow_url_fopen
5. Create filtering of GET and POST requests, prevent injections into the database and getting data from it.
Create a .php file with an arbitrary name and the following content:
// set to one if you want to enable query debugging
$debug = 0;
$bag_req = array("select", "eval", "echo", "UPDATE", "LIMIT", "INSERT", "INTO", "union", "CONCAT", "INFORMATION_SCHEMA", "OUTFILE", " DUMPFILE", "LOAD_FILE", "BENCHMARK", "SUBSTRING", "ASCII", "CHAR", "database", "HEX", "\\.\\/", "%00", "\\.htaccess ", "config\\.php", "document\\.cookie");
$request = serialize($_GET);
if($_GET)
{
foreach ($bag_req as $key => $value) (
{
Query found in array $value
$request";
}
}
}
if($_POST)
{
$request = str_replace("selected_language", "sl", serialize($_POST));
$urequest = urldecode($request);
$brequest = base64_decode($request);
foreach ($bag_req as $key => $value) (
if(preg_match("/$value/i", $request) || preg_match("/$value/i", $urequest) || preg_match("/$value/i", $brequest))
{
if($debug == "1") $do_debug = "
Query found in array $value, which blocks the correct operation
$request";
die("BAD REQUEST $do_debug");
}
}
}
?>
We save it on the server in any directory of the DLE system. Open the file engine/classes/mysql.php and after:
if(!defined("DATALIFEENGINE"))
{
die("Hacking attempt!");
}
connect the created file:
include_once(ENGINE_DIR."/path_to_file/name.php");
6. When using free components for DLE, be sure to get the opinion of a specialist about their reliability.
If you have any questions, please contact the search engines - all material is freely available!
Have something to add? Welcome to the discussion!
Good luck to you and your projects!
DLE or DataLife Engine is a paid CMS for managing the content of your site. CMS has a powerful system for managing news, publications, articles, users and is designed to create information portals and blogs. Thanks to the many built-in features and the use of advanced AJAX technology in the CMS, your site will consume less server resources even with a large number of visitors. In this guide, you will learn how to install DLE on Hostinger.
Before you start this guide, you will need the following:
- Access to your hosting control panel
How to Install DLE on Hostinger
Before you start installing DLE, you need to perform these steps:
Step 1 - Downloading the DLE Setup Files
Open folder upload in your FTP client and upload all files from the folder to your hosting account to the directory public_html.
THE NOTE! In this tutorial, we use FileZilla to upload files, but you can use any FTP client you like.
Step 3 — Setting File Permissions
The installation of DLE is automatic, all you have to do is set the appropriate permissions for a few separate folders and files that you have previously uploaded to your hosting account.
- First, set write permissions for the folder templates and all its subfolders. To do this, right-click on the folder templates in the FileZilla interface and select the option File Attributes...
- Next, in the window that appears, enter Numeric value 777 to change write permissions, check the box next to Redirect to nested directories and mark Apply to directories only.
- Next, you need to change permissions for all files in the folder templates, but with 666 permissions. To do this, open the folder attributes again templates and ask Numeric value 666, check the box next to Redirect to nested directories → Apply to files only.
- Do the same with folders backup, uploads, as well as for all folders inside them. Next for folders /engine/data/, /engine/cache/, /engine/cache/system/. For all specified directories, set write permissions to 777.
- Now you can start installing DLE.
Step 4 — Installing DLE on Hostinger
To start the installation, enter your domain name in the browser. If the installation window doesn't pop up automatically, add install.php to your domain name. For example, your-domain.ru/install.php.
- If everything is done correctly, you will see the DataLife Engine Installation Wizard window. Click the button Start installation.
- Next, accept the user agreement by checking the box next to I accept this agreement. Click the button to continue installation. Continue.
- In the next window, check that your server meets the required requirements and click the button Continue.
- Next, check that the file permissions you set earlier are correct. If everything is correct, click again Continue.
- In the new window, you need to fill in the details of your database and the details for your DLE site's administrator account.
- Site URL- your website address
Data for access to MySQL server.
- MySQL Server– MySQL server of your database hosting. If you are a Hostinger user, you can find the information you need in the section Databases → MySQL Databases.
- Database name is the name of your MySQL database.
- Username is the name of the user assigned to your database.
- Password– password from the user account of your database.
- Prefix– MySQL database table prefix. You can leave it unchanged.
- Database engine- it is recommended to leave the default value. InnoDB.
- 4 bytes UTF– when this option is enabled, DLE will store additional information in the database. This option may affect the performance of your site.
Data for access to the control panel.
Enter the data to access your site's control panel. Enter your real email address, it will be used to restore access to the administrator account.
Additional settings.
Enable CNC Support– enable human-readable URL. When this option is enabled, the title of the article will be displayed in the address of the article. This feature is useful for SEO optimization.
- To avoid restarting the installation or update, delete the file install.php and folder upgrade from your website directory. Click the button Continue.
Congratulations, you have successfully installed DLE for your website on Hostinger.
Conclusion
By the end of this guide, you have learned how to install DLE on hosting. Installing DLE is a fairly easy process if you have followed our step by step guide carefully. Despite the abundance of CMS today, DLE has its own characteristics and good performance.
