You may remember my last rant about people who have written their own CMS, in which my point was pretty much that people are copying a simple blog tutorial and saying it's a CMS.

In part two of this thrilling instalment¹, I revisit the topic of the custom CMS to rant about the latest craze - which is... well... writing one's own CMS. Everyone and their dog seems to want to do it. It's the thing to do to earn cool points and tell everyone how great you are. I should know, I've done it.

But what I am seeing at the moment is people who have no idea what they're doing. People who simply want to make a CMS because it's cool. When I wrote this CMS, I did it after almost 3 years of being comfortable with the language, knowing exactly what I wanted and what each function does and why. I knew the security implications involved in it, the problems I might experience, the limitations of what I had to work with, etc. I didn't even write my first script until I'd been comfortable with the language for two years. Editing, picking apart other scripts was fine, but my own script? If you ever saw PHPAskIt v1 (it's still out there, worryingly enough) you'll know I wasn't even ready then. However, I'll still admit I only wrote this CMS because I was totally jealous of Jem it was cool. :(

As you may or may not know, I have been learning Ruby on Rails for the past 6 months or so. I am fairly familiar with it at the moment but I am freely able to admit that I am not under any circumstances ready to undertake as large a project as a CMS in it. I don't know how RoR can be exploited, I don't know what sort of problems there are by using X rather than Y - I just don't know enough at the moment. I'm comfortable hacking about existing scripts and adding on little bits and pieces, but that's it.

So my point today is this: before you decide "zomg!1 I must write a CMS!1!!", ask yourself the following questions:

1. I'm going to be using PHP and MySQL. Do I have enough knowledge in these areas to make my CMS work?
2. Do I know what the limitations of my server/host/databases are?
3. Will I have access to PHP4 or 5? What's the difference?
4. Why am I writing a CMS in the first place? What do I need it to do that others out there can't?
5. What do I know about security, particularly remote file inclusion, XSS and SQL injection? How will my CMS deal with these areas?
6. I want my CMS to do X, Y and Z. Do I know how I can achieve this?

If you're unsure of the answers to any of these questions, my advice would be you're not ready yet. Keep looking at existing scripts and see how they're doing things. Search the internet for vulnerabilities in those scripts and how they are exploited to ensure it doesn't happen to you. Get friends to try and break your script as much as they possibly can. I can guarantee that some things normal internet users might do, you'll never think of - for example I found people were trying to go to non-existent tags on my site or page numbers that didn't exist and it caused my site to break.

However, don't think I'm discouraging you from writing a CMS (much :P ). A CMS is the perfect way to develop confidence in a programming language and to learn more about it than you ever could have otherwise. By all means start trying to write your own CMS and learning techniques to make it work the way you want to - but here's the important part: don't put it online. Install yourself a web server (I have XAMPP - very easy to install, has everything you need and installs in a single click. Mac OS X has built-in web server features but you can get XAMPP and other similar packages for it if you're not entirely sure how to use the built-in stuff, I must admit it's always confused me) and develop your up-and-coming CMS there; learn how to interact effectively with MySQL and all that in your own time without hacker types lurking everywhere and undoing all your hard work. I made the mistake of writing the first version of PHPAskIt online and ended up with all sorts of security issues. While I was writing the CMS, it stayed offline for 8 months because I didn't feel it was secure enough to go online - would my host tell me off for too many database queries? Would my PHP version and theirs clash?

Don't think you have to write a CMS just because "everyone else is doing it". You need to feel you can do it and that there is actually a point to doing it. If WordPress or similar does everything you need, is it really necessary? There is no shame whatsoever in using WP. The only reason I stopped using it is because it started to take over my site in ways I really didn't like and I'd modified it so much in the end that every time there was an upgrade I had to update each file individually to make sure it didn't mess with my changes. You also need to make sure you know what you're doing and why you're doing it. If you don't know the slightest bit about PHP, it really isn't worth it.

¹ *Cough* ^

Ok, here's a hypothetical situation. Let's say you're waiting at a very busy roundabout waiting to turn when suddenly your phone rings. Bearing in mind that answering your phone while driving is illegal where you are (UK), do you:

1. Answer it anyway and keep driving like everyone else seems to do. So what if it's illegal? You are teh 1337 dr1v3r and you will ttly not crash. Srsly.
2. Leave the phone til you get to somewhere you can stop then call the person back
3. Stop exactly where you are, turn your engine off, flash your hazards and answer the call

Guess which one I encountered yesterday morning, which added an extra 20 minutes to my journey. Oh yes, it's C. Some woman decided she would stop exactly where she was in the middle of the road, right next to the roundabout, so neither could anyone see what was coming nor could they get past. She just sat there and talked away for a good half an hour or so while people beeped at her and tried to squeeze round her. But nooo, we all had to wait til her oh-so-important call had finished. Sure enough, as soon as she had finished, she drove off again, completely erasing any illusions anyone might have had about her having broken down.

I mean, seriously. What about that phone call was so important that she had to stop there for 20 minutes and block everyone else off?! URGH. Some people really need a good slap. I was hoping someone would have called the police or something but then I'm not sure they would have been able to get through the blocked up traffic even if they had been called, grrr.

In other news, it appears to be Christmas next week. ... I want the person who let that happen to explain exactly what they have done with all my time.

Now before I get started, be warned that this post may offend. You are reminded that this is my opinion and that I do not claim any of my beliefs as fact or correct or the right way to go about things or anything. You believe what you want to believe; I will do the same.

 

I dislike religion. I am not singling out any particular religion here, I dislike the entire concept of religion. I don't mind those who believe in a God, but when they make it a matter of life and death I think it's taking it a bit far. Part of me thinks that God and everything to do with religion is made up; because there are things we as humans cannot explain, we have used our imaginations. We aren't certain how the Earth was created - God made it. We aren't certain how we came to be on this Earth - God made us.

I cannot stand preaching. People who tell me that God will save me if I submit myself to Him or whatever can get lost. I will not have anyone tell me how to live my life or what to believe, especially when there is no proof that living such a life is better than any other.

I am fine with those who want to use Jesus/Mohammed/[insert other deity here]'s life or the Bible/Torah/Qu'ran etc. as a guide, but following it word for word is just wrong. Would these people really have wanted you to follow their life 100% accurately? I don't think so. They would have liked you to make your own decisions and when you aren't sure about something, refer to their writings or whatever.

Because quite frankly, these people who live their lives 100% like the Bible says are no more than little bleating sheep with no mind of their own. Ask them a question and they'll have to refer to the Big Book of Rules (aka Bible) to see what they can say in answer. Despite personal feelings regarding marriage/homosexuality, I know a lot of religious people who suppress natural feelings because they "aren't allowed to feel such things". Yeah ok, whatever.

I don't think that's quite what religion is about. It's not a set of rules to live your life by, it's meant to be a guideline. Not a you-must-do-this-and-you-must-not-do-that type thing, because although some people like to be told exactly what to think and do every day, that is not my idea of fun.

By all means refer to the Bible when/if you have difficulty with something and you want to see how Jesus dealt with it or whatever, but don't consult the thing every time someone asks you a question.

But, I hear you say, "It's a choice!!1" ... Yeah, well it's not a choice I would personally make and it's not a choice that I want people to constantly remind me that they have made. I know quite a few people who, as they put it, had no direction in life before Christ. They are happy to follow every word of the Bible, but they also love to remind me of that. I accept that they have chosen their path, and I would like it if they accepted my choice not to choose their path. I never tell them how stupid they are for being religious or whatever (only jokingly, heh), because as I said, it's their choice.

Fundamentally, I believe life is for making your own discoveries and your own mistakes. I think a lot of people are brought up in a religious background where religion is not a choice, it is the way. A friend of my family's is a pastor yet he is bringing his children up completely free of religion so that they are free to make their own choices later. That is the sort of thing I want to see more of, not people who force their own choice upon others, like parents who have made a religious choice and force their children into it as well.

I don't think God would be sending people to hell if they didn't go to church 29374089732985 times a day or whatever or whether they have sex outside of marriage and all that. I think all He wants is for us, who may or may not be His creation, to live in peace with each other.

I think religion just shows how dependent people are on knowing the whys, hows, whats, wheres, etc. I know that it's difficult for some people to just deal with things as they are (and I'm one of these people - I have to know everything about everything), but I don't understand why these same people will turn to religion as the answer since there is hardly any proof to support its theories, just like the big bang and other such things. We can't know the answers to life, the universe and everything (and no it isn't 42) because we weren't there when it started. We will never have 100% proof of any theory.

How do we know that the Bible wasn't just a story told by a parent to their questioning children all those thousands of years ago? The children told other children, those who could write wrote bits down, it got passed along the generations, etc. etc. etc.

Madness, I tell you.