Comments allowed and more under the bonnet work
With some reservations I have enabled the comments facility, although it is a pre-moderated system, so your comments won't appear on the site until they have been checked first. I'm not keen on encouraging comment spam and I'm not naive enough to think that it won't be abused, either for spamming purposes or for the immature whims of some of the children that grace the Internet.
Behind the scenes, I've built up more of an administrative interface for managing and creating articles, as well as the admin interface for approving comments to articles. I'll be spending some more time on this and also adding the facilities to manage the CMS as a whole, including the ability to easily add or remove categories, designate features like the GeoURL feature and have it linked into the CMS, archive articles and manage archives and probably some template oriented functions.
I don't need many features to run this site easily and I'm always only too happy to do things the technical way, rather than setting up some forms and handlers to do it easier. However, I may one day allow this system to be used by other site owners, as it is shaping up to be similar to several blogging systems, although I don't like to think of it in that way. User Journals and a messageboard system are still planned before I top the system off, with a fully functioning forum system with PM facility already in my code library.
Anyhoo, if you've got something worthwhile to contribute as a comment, then please feel free to post it to the relevant article. The comment form is very self explanatory and allows basic HTML formatting of your comments. I'll see how this goes for now and maybe adjust moderation and other aspects of it all, depending on how things go. I think the next thing to do is find willing testers for the account options, but I've still got some mileage to go in my own tests of the authentication system, so that won't be for a week or two, if I do need external testers.
User authentication framework almost ready
As I mentioned above, I have a secure user authentication framework or overall mechanism, which is undergoing some heavy testing. I'm hoping that it will prove very secure and more than adequate for user accounts on general purpose web sites and blog / journal type sites. It makes use of strong encryption algorithms and short lifespan tokens and also handles privileges well, forcing a manual authentication when priveleges need to be escalated. I do not entertain the idea of using server side sessions and insist that users allow the use of cookies, which are specific to the site. If they won't allow that then they don't get access, which I think is more than a reasonable term of usage.
I'm at a stage where I am happy with the robustness and integrity of my authentication system and have begun to implement it into various facets of the CMS, for administrative purposes. Once I am fully satisfied with it, then I'll begin rolling out user specific features that need a user account, which is likely to start off with allowing unmoderated comments for users whose identity and motives I am confident about. It probably won't really happen until I have the server arrangement back as it should be, with the Poweredge 1400SC handling database provision and might even get it handling all the encryption and decryption, depending on feasibility. The current set up is not performing very well at all, because the database is being accessed using a horribly slow drive controller and there may also be some memory usage issues. Once it is all switched back to having the 1400SC doing database work, everything will speed right back up again.
More logging and alerting
I've also rewritten the logging and alerting functions and the system is now intelligent enough to flag up certain activities as suspicious. I'm hoping it doesn't raise too many false positives and confident that it won't miss anything important. When I'm happy about its performance and effectiveness, I'll expand on it to include other detection patterns, such as aliases, where a user will attempt to use the same service under two or more different identities. None of it is snooping as such, just methods of detecting inappropriate usage. These mechanisms will really come into play when the forum system is in place, which is where account duplicity is most likely to occur. A database of networks and ISPs is also being built, over time, to assist in these measures.
Although the forum stroke messageboard system is the next big feature planned for this CMS, I have just finished a neat module. It creates charts of the most read articles and those sites who send the most unique visitors this way. It has taken the place of the Introduction article, when no article is specified. It also includes the most recent articles posted. Once comments start being posted, I'll do something similar for that, too. Probably along the lines of articles most commented to, which seems the best way of doing it.
I'm nearing the end of testing of my authentication mechanisms and once I'm happy with them, I'll drum up a user profile system. This will mean that accounts can be started up on here, which is more in readiness for the forum / messageboard system I plan to implement. However, in the shorter term, this also means that I can start allowing some trust to users who have shown that they have good intentions and allow them to post comments unmoderated. As I've already mentioned, I'm not in any rush at the moment, as I want to get the fast database server back online before I go unleashing some of the more system intensive processes and functions. I'm quite excited about the forum part, as I think it is going to be something a little special in the way it works and serves the people who will use it. It draws on my own experience of forums, as a user, a creator and an administrator of them. Considering my criticisms of a certain broadcaster, it will definitely be the time to put my money where my mouth is and show what I can do and the understanding I have of these things.
Comments to this article
Post a comment:
| 
| 
Deleted wrong comment queue whilst spring cleaning the db. Probably not too much of a loss as I haven't updated anything on here for some time. Apologies to comment posters.