Wordcraft 0.9.1 available

There are several key changes in Wordcraft 0.9.1. The two big things are:
  • Tokens on post forms in the admin to help ward off CSRF attacks.  
  • Database schema updates automated.
The first comes as a result of us doing the same work on Phorum recently.  I realized I needed the same protection in Wordcraft.  The second was done out of neccesity as I changed the datetime fields in the database schema into int fields.  Not sure why I ever made them datetime fields.  Unix timestamps are much easier to work with.  It saves many strtotime() calls and will make eventual time zone settings much easier to implement.

In addition to those two big ones, there were some notable small ones:
  • HTML 4.01 validation fixes
  • Ensuring UTF-8 on all encoding function calls
  • Protection against hitting the back button when writing a post (most annoying on Macs as the back button and the beginning of line keystroke is the same).
And there were other a few other bug fixes.

I will or course need many more testers and users before I can ever declare this software as stable.  If you need a simple blog, give it a try.

About Wordcraft
Wordcraft aims to be a simple, lightweight blogging application.  Wordcraft is written exclusively for PHP 5+ and MySQL 5.0+ using only the PHP mysqli extension, UTF-8, and HTML 4.01 to achieve that simpleness.

Wordcraft 0.7 available

I am happy to announce Wordcraft 0.7.  There are two big changes in this release.  On the front end, I added a simple search.  It just uses a LIKE clause.  But, I figure a lot of blogs never reach 1,000 posts.  Even at 10,000 posts, a LIKE would not be too bad.  On the backend, I have switched the post editor to TinyMCE. YUI's editor is decent, but it needs polish.  Perhaps my time with Wordpress just made me more familiar with it.  TinyMCE does save XHTML.  I put some code in the PHP side to use Tidy if it is available to convert it to HTML 4.01, which I prefer.

Also in this release:

  • Fixed an XSS issue in tag.php.
  • Fixing a parsing issue with anchor tags when doing pingbacks.
  • Fixed an error when the remote site can not be contacted.
  • Fix for pingbacks with nice URLs enabled. Was blocking pingbacks.

Wordcraft 0.6 available

I am pleased to announce the release of Wordcraft 0.6.  I have been using it for a month or so now and I am learning some things.

I had been having trouble logging in lately from multiple places.  So, instead of trying to work on the built in session handling I had written, I took my own advice (use stuff that exists) and just switched to PHP sessions.  All the cookie stuff is worked out and I can get a lot done with just a little work.  PHP sessions make me a little nervous.  If you have lots of applications installed on the same site that use them, you can get some odd behavior.  But, why reinvent the wheel right?

I have found myself wanting to save a post while working on it.  To do that before, I would have to uncheck the Published box.  To solve this, I changed the behavior of the Save button.  When pressed it now saves the post, but with the published flag set to 0.  This lets you save a post while working on it quickly.  I then added a Publish button to the post form.  The Publish button will save the post with the published flag set to 1.  If a post is already published, you just get an Update button that will save whatever is set in the form.

From a code perspective, I have made all the code use the same array for user data.  I had a separate one for the core, one for the template and one for the admin before.  That was getting complicated.  So, they all just use the same one now.

The last thing I did was add meta refresh tags to the admin success pages.  I like having a success page to tell me something worked.  But, I really want it to move along after it is done.  It does that now.  It is set to 3 seconds.  I may knock that down a bit.  That 3 seconds starts after the page is fully loaded.  So, it can be more like 5 or 6 if stuff has to load.

Wordcraft 0.5 available

Well, I blogged about Wordcraft the other day.  I have just been running live on the software for 4 days now.  Well, that post had no URI associated with it.  It took me two days to figure this out.  Oops.  Welcome to eating my own dog food.  So, running this live with actual users (and a host of bot spam attempts) I am learning a lot and making a lot of commits.  So, I may very well roll once or twice a week for the first few weeks.

So, with that, I have packaged 0.5.  There are 15 changes in this package.  Some features, but mostly bug fixes.  So, if you could use a simple blog, give it a try and help me debug it.  If you do, please use the Google Code issue tracker.  Maybe I can figure out how to have those things emailed to me.

Wordcraft, a simple PHP blogging application

So, a while back, not sure when, I was listening to the P3 Podcast and Paul mentioned his dislike for Wordpress.  He said he wished there was a simple blogging application.  I am probably misquoting him horribly.  It was an idea that I had been tinkering with.  So, I started on Wordcraft in my spare time.  Like super spare time.  That time between the kids going to bed and me falling  asleep.  So, it took a while to get it to a usable state.

Up until now, I have used Wordpress.com for my blogging.  It works quite well.  You can get started quite quickly and it does what most people need.  My wife uses Blogger for our family blog.  It is, IMO, not as nice as Wordpress.com in some ways.  But, it does allow you to edit your styles (for free) and such which is nice.

So, why would I want to reinvent the wheel?  I am a control freak and rarely run other people's code.  I know, it is a character flaw.  I am working on it.  So, what did I come up with?

I had some goals when I started on this.

  1. Keep it simple.
  2. Focus on what I am good at doing.

Keeping it simple

I use MySQL.  I didn't try to make it work with every possible database.  In fact, it only uses the mysqli PHP extenstion.  The few objects (CAPTCHA) are all PHP 5 objects.  I don't plan to worry about PHP 4.  The templates don't use a template language.  They use plain old PHP.  The are scoped to protect template authors from global scope.  There are only 6 files required to make a new template.  There are just 589 lines of code in the forward facing scripts.  The admin has 2,446.

What am I good at doing?

I write PHP/MySQL code that has to work fast for a living.  It is what I get paid to do.  I am not a designer.  I am not a spam catching wizard.  I don't write cool javascript widgets.  So, I focused on the PHP/MySQL parts of the code.  For templates, I used designs that are released under the Creative Commons license.  I use Akismet and the CAPTCHA libraries from Phorum for spam catching.  I used the YUI Rich Editor for the admin where I needed a WYSIWYG widget.  I even link to the YUI sources that are hosted by Yahoo.  No sense taking on that bandwidth or storage.

So, what does it do you ask?  Well, here are some of the features:

  • WYSIWYG editing via YUI.
  • Comments with optional CAPTCHA and/or Akismet.
  • Custom pages can be created.
  • Tagging of posts
  • Custom publish dates
  • Automatic Pingback support
  • Friendly URL support with mod_rewrite
  • 5 Templates in first release.  Easy to build more.
  • Email notifications to authors

There are some things missing of course.  Internationalization of both the admin and templates is a big one.  There is no current search engine for blog posts.  There is no "blog roll" type of feature.  There is no date based archive.  And I am sure there is more missing.  And I am sure there are bugs.

But, if you would like to try out yet another PHP application, I welcome you to give it a try.  The code is hosted at Google Code.  It is a BSD licensed application.