Table of Contents

This page in: English - Deutsch - Español - Français - Italiano - Lietuvių - Nederlands - Norsk - Polski - Русский - Svenska - Tiếng Việt - عربي - 日本語简体中文

How to Tutorials

Here's the place for tutorials. If you have created such one please post it here or a link or ask in forum for uploading to main server.

Over the time, you have tried to keep some harmony among your pages. A templating feature in your HTML editor may have helped. But this tool has reached its limits : you can't easyly reorder the navigation, nor add new web features. Your pages begin to visualy diverge and it is a pain to maintain links.

Now you want a 21st century web site : a content management system taking care of templates, menus, links and other things like sitemap and RSS for you. You would like content updating be easy without knowledge of FTP or HTML/CSS. So you would like to motorize your old site with CMSms, strengthem its visual rendering and keep its search engines' rankings. Welcome, read on.

Step 0

Discover, try and select CMSms:

Firstly you should select CMSms among other CMS products. CMSms must fit your needs and you need to feel it suitable for you. In order to do this :

Review its features and compare with other products. Read some product advocacy from happy users.
Make your own opinion about it : try it on a fake hosting (may be play with it on your laptop with XAMPP). Install the sample content, which includes a tutorial. Try to modify/add pages content, templates/layout, menus, themes... Do you find it simple enough ? Is it intuitive for you ?
After you have choosen CMSms, check its hosting requirements and select an approriate hosting provider.

Step 1

Install CMSms on your production hosting:

So you have a internet domain for your site, say domain.net. Your old plain HTML pages are available at domain.net/aboutus.html, domain.net/products.html, domain.net/solutions.html etc. And your old home page is domain.net/index.html. This name "index.html" is the default of the webserver as its configuration states :

DirectoryIndex index.html (example with Apache)

You are going to install CMSms which is PHP software. The webserver now needs to respond to it. Update your webserver configuration like this :

DirectoryIndex index.html index.php (still an Apache example)

This means that when domain.net/ is requested, the webserver will first look for domain.net/index.html (and still serve your home page) then for domain.net/index.php and then answer 404 not found if none is available. Hopefully your hosting provider already has set up this for you. As you are moving from the HTML site to the PHP one, it is important to have the indexes in this order, so you can build your CMSms PHP site while still broadcasting the old HTML one. When you are finished building, deleting (or renaming) your old index.html will switch your webserver to the new PHP powered site.

The idea is to migrate in the background and to switch when ready :

Once you meet the hosting requirements, install CMSms following the guide.
Keep your static pages along for the moment.
Check the CMSms install is working. (you can copy/add a page/template/style sheet and modify it...)
Check the old HTML site is still available. (domain.net/aboutus.html, domain.net/products.html, domain.net/solutions.html etc are still available)
You can start to customize the dynamic site with themes.
You need to activate external (webserver's mod_rewrite) pretty URLs. See the optional settings in the install guide.

Step 2

Move your content:

Now it is time to start "replicating" one simple static page and then to treat all of them.

For example domain.net/aboutus.html :

Log in the admin.
In the content, create a new page.
Important : give it the "aboutus" alias.
Set its title from the old static page's title.
Copy the content of you old static page and paste it in the new page.
Assign a template to the new page.
(Backup and) delete the old aboutus.html file on the webserver.
Browse to domain.net/aboutus.html to see the new dynamic content responding.

Check that links like domain.net/products.html still serve old static files and that links to and from the new dynamic page works. Then you can wait 2-3 weeks and see how search bots have responded to the change. If they treat it like the static file it has replaced, you can go on moving the content while keeping your URLs (and your ranking) thanks to aliases.

Lastly you move index.html's content, delete the file and thanks to pretty URLs the Net still sees your home as index.html.

Step 3

Enjoy new features:

You have now a dynamic site. You are able to manage more pages (and several editors) and keep harmony thanks to templating. But you get more than that :

Menus are dynamic. You can customize them with Menu Manager.
The map of your site is generated by a simple {sitemap} in any template.
Play with the News module and export an RSS feed.
Try other modules : RSS, Front End Users, AdSense...

How to install on a non dedicated database

You have web hosting with PHP and a database. You need to share your database with some other software you'd like to host beside CMSms.

No problem : CMSms prefixes its tables/objects in the database. You can even change the "cms_" prefix during installation to have several installations of CMSms sharing your database. Each installation has its own "config.php" file with reflects the prefix and other settings.

How to install CMS Made Simple using cPanel

cPanel is a control panel used by many hosts, this guide is intended to provide a basic start for newbies using it.

Step 1

Configuring a database:

First of all, you need a database, and the rights to use it:

go in MySQL Databases
create a database (Current Databases section)
create a user (Current Users section)
assign to the user all database privileges (Add Users To Your Databases section)

Step 2

Preparing files:

Now it’s time to use the cPanel File Manager. There are some things you should know about it:

the “CMS Document root” (as seen from the webserver) is different form the “Path to the Document root” you type in the browser, this means the writing /public_html/ won’t appear in the URL
you have to upload pages in the /public_html folder if you want browsers to be able to see them
to display options for a file (or folder) you need to click on its name
to enter a folder, you need to click on the icon on its left

Let’s upload the .zip (or .tar.gz) file downloaded on your PC from the CMS Made Simple website:

open the File Manager
enter the /public_html/ folder
click the Upload button
click Browse... and select the file
click Open and...wait some minutes
when the file is uploaded, a message will appear.

Well, decompress the archive:

click on its name, options will appear on the right
click on the Extract option
as decompression is finished, a log window appears (close it)
refresh the File Manager page to see the new folder (click on the / public_html / link at the top)

As you can see, the new folder has a pretty complex name (public_html/cmsmadesimple-1.x).

You'll better give it a simpler name:

click on its name to display options
click on the "Rename this folder" function
use "cms" as the new name

You are almost ready to install your CMS:

go into the folder we just renamed (public_html/cms)
click on the the "Create new file" link (it’s between folders and files)
name the new file config.php

Step 3

Running the installation:

What's left ? Well, running the installation:

open a new page in your browser
type the URL to run the installation, it will be something like www.sitename.hostname.com/cms
follow the steps (on a step you'll be asked for some MySQL details: if you don’t remember them, look in the MySQL Database section of your cPanel)

How to move your CMSms installation to a new server (1)

It is a simple, four step process to move your installation from one server to another.

Step 1

Clear the Cache:

Login to admin, go to Site Admin/Global Settings and clear the cache. This reduces the number of files you need to copy.

Step 2

Move the Database:

Using PhpMyAdmin, or any other database management software, create a backup/export of your CMSms database. Use this backup/export to create/import a new database on the new server.

Step 3

Copy the Files:

Using your FTP software, copy all of the files from your old site to your new site. Remember to check the permissions for the folders on the new site to ensure they are set correctly, i.e. all cache, uploads and any other folders or sub-folders that need to be writeable, are writeable.

chmod 775 tmp; \
chmod 775 tmp/templates_c; \
chmod 775 tmp/cache; \
chmod 775 uploads; \
chmod 775 uploads/images; \
chmod 775 modules

Step 4

Modify config.php:

In the config.php file, find the Database Settings, Path Settings and Image Settings sections and update them with the paths and settings applicabe to the new server.

Note: (update neeltje57) The path settings are not always that obvious. In your FTP-client it might show something like '/cmsmadesimple' but the real path on the server might be something like e.g.: '/home/content/n/e/e/username/html/cmsmadesimple'. If you have the wrong path, look at the error-message when you try to access your site, that will hint you to the real path settings.

How to move your CMSms installation to a new server (2)

In this howto path to pages is /var/www/cmsmadesimple and username for the database is USER, password is PASS and database host is HOSTNAME. ssh is used to connect to servers and sftp to move files between.

old server means the original and new server is the target server.

clear the cache by clicking the "Clear" button in "Site Admin/Global Settings" (and maybe set a site down message)
ssh to old server
create tar ball of the files (without tmp/) and database

  cd /var/www/cmsmadesimple
  mysqldump -u USERNAME -h HOSTNAME -p DATABASENAME > dump.sql
  cd ..
  tar -zcf backup.tar cmsmadesimple/*

copy tarball to new server

  sftp USER@NEWSERVER
  put backup.tar

close connection to old server (the old server still works like it used to as nothing has been modified there)
open connection to new server (the copied file most probably is in your $HOME so lets copy it to right place)

  cp backup.tar /var/www/
  cd /var/www/
  tar -zxf backup.tar
  cd cmsmadesimple
  mysql -u USERNAME -h HOSTNAME -p DATABASENAME < dump.sql

(after this you can delete dump.sql)

  FAVORITEEDITOR config.php

you need to change database settings and all paths (in this example paths are the same for both servers)
verify the tmp/ and tmp/cache folders are empty, writeable and belong to the correct user.
login to new server admin and clear cache and unset site down message

Hopefully everything works!

How to Secure CMSMS system - Small Guide

This guide is a brief summary of all security hints found digging in CMSMS forum, wiki and other website. This guide won’t be exaustive, is open to wide contributions, and could be subject to errors, please add your feedback.

System Settings (unix like)

Keep your system always update (use cron to notify new system update via mail).
Run your apache system in chrooted-jail mode.
Use strong password for root, and never login as root, use sudo.
Login remotely to server only via secure tunnel (SSH).
Protect your server with a firewall/DMZ and monitor all access with SNORT.
Install only needed software and remove all unneeded services/software/daemon.
Expose only needed ports (80, 443), not others.
If you want to install a db manager tools like phpmyadmin, rename default program directory with a fake name (eg. "/pma39xRlklkLK3d") and protect directory with .htaccess and .htpassword (find more on apache website and other nice site.

Check often apache logfile (access.log and error.log) and system log files.
Backup is your last chance. So backup, backup and then backup again. Make a full backup of your system. You can use a tools that build a bootable image of your HDD (or a copy of your virtual server image file). Backup often your mysql dump and your CMSMS files (/images, /uploads and other specific). Use a rotate schema for backup

Note: for paranoid users: create mutiple backup copy and keep the medium in separate places far away from each other.

PHP settings

Use these minimal security settings in your php.ini

  disable_functions = exec, show_source, shell_exec, system, popen, proc_open, proc_nice, ini_restore, passthru,dl
  expose_php = Off
  display_errors = Off
  log_errors = On
  register_globals = Off
  allow_url_fopen = Off
  allow_url_include = Off

Note: The first row should be commented out only during some particular module operations that require to use those functions.

Note: The first row may disable form handling and admin related functionality. If you experience problems do not include 'popen' and 'passthru' in disable_functions.

Note: allow_url_fopen = Off may cause some internal functions to stop working.

If you haven't special needs while running PHP, you can uninstall all unnecessary/additional PHP modules (e.g. CLI). Some functions (like GD) will stop to run, so make some tests before removing all.
Remove unused extension directive in php.ini
Check php.ini file permission and file owner for your specific system.

Apache Settings

Create if not exist a file in your root CMSMS installation named .htaccess with this section:

RewriteEngine On

#option to remove directory listings in all folder (avoid publishing unwanted contents)
Options -Indexes


# Deny access to config.php
# This can be useful if php ever breaks or dies
# Use with caution, this may break other functions of CMSms that use a config.php
# file.  This may also break other programs you have running under your CMSms
# install that use config.php.  You may need to add another .htaccess file to those
# directories to specifically allow config.php.

<Files "config.php">
    order allow,deny
    deny from all
</Files>


# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]

#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]

#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]

#OR if the URI contains a "<script>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#OR if the script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

#OR if any script is trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]

#OR if the URI contains UNION
RewriteCond %{QUERY_STRING} UNION [OR]

#OR if the URI contains a double slash
RewriteCond %{QUERY_STRING} // [OR]

#OR the request contains /proc/self/environ (LFI hack)
RewriteCond %{QUERY_STRING} proc\/self\/environ [OR]

#OR if the URI contains a *
RewriteCond %{QUERY_STRING} \*

#then deny the request (403)
RewriteRule ^.*$ - [F,L]

# End URL Filtering


# No sense advertising what we are running
ServerSignature Off

# HTTP response header forced to be "Server: Apache" only
# Sometimes this istruction must be saved inside httpd.conf or apache.conf or sites-enabled instead of .htaccess
ServerTokens Prod

CMSMS Settings

Use a strong password for admin login
Never use "admin" or "administrator" as CMSMS admin username. Use a different nickname. Pay attention if you post some news article with admin account, the name is exposed. Read how to replace the username with user account information http://forum.cmsmadesimple.org/index.php/topic,38663.0.html
Rename admin directory with a fake name (e.g. "admin39xRlklkLK3d"). Don’t use a name easy to guess. Remember to change also /config.php with your new name $config['admin_dir'] ="admin39xRlklkLK3d"

Protect admin directory with a password. Many host provider offers a way to do this in their webpage. If you are enabled by your host provider modify apache SSL config using this setting:

  <Directory /var/www/ admin39xRlklkLK3d>
    AuthName "Protected Area"
    AuthType Basic
    AuthUserFile /var/www/ admin39xRlklkLK3d /.htpasswd
    require valid-user
  </Directory>

here /admin39xRlklkLK3d /.htpasswd

  youruser:yourencryptedpassword

Force logging in your CMSMS system using SSL. To achieve this use this settings:

in your admin directory create this file:

/admin39xRlklkLK3d /.htaccess

  # force all access to /admin to SSL protected page
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You will also need to tweak config.php to support Admin over SSL:

# To make SSL Admin work - see http://forum.cmsmadesimple.org/viewtopic.php?f=3&t=48912&hilit=Force+admin+over+ssl
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') {
  $config['root_url'] = 'https://your_site.example.com';
}

Check permission of config.php file.

While installing or upgrade should be 777. As soon as these tasks end, lower file permission to 444 or if it works to 440. If you haven’t SSH access to your server use your FTP or Filemanager via Control Panel (e.g. Plesk)

Check permission of /tmp directory.

Try to lower permissions of this directory and related subdir. You can try step by step from 775 to 755 to 750.

Check permission of /uploads directory.

Same as above. Check if your website works fine uploading some images and trying to display in your browser http://www.example-site.com/uploads/images/images.jpg

In Global Settings of CMSMS use 002 as umask for creating thumbnail.

Don’t expose your CMSMS release number in your site, especially in homepage!!!

If you forget to upgrade your system to latest release all the world will know (thanks google Smiley). If you want to tell people CMSMS is running your site, show that text as a picture so crawlers do not recognize it.

Protect your /lib directory

create an /lib/.htaccess file with this code

  order deny,allow
  deny from all
  allow from 192.168.0.0/24 #your admin network
  # allow files .js in /lib avoiding errors related to js calling e.g. tag {startExpandCollapse}
  <Files ~ ".*\.js$">
    Order deny,allow
    Allow from all
  </Files>

Another option for that could be

  order deny,allow
  deny from all
  <Files ~ ".*\.css|.*\.js|.*\.gif|.*\jpe?g|editor.php|thumbs.php|images.php|editorFrame.php$">
  Order deny,allow
  Allow from all
  </Files>

Protect your /tmp directory

create an /tmp/.htaccess file with this code

  <Files *.php>
    Order deny,allow
    Deny from All
  </Files>

Protect your /uploads directory

create an /uploads/.htaccess file with this code

  <Files *.php>
    Order deny,allow
    Deny from All
  </Files>

Mysql dump

Mysql Dump needs access to the mysqldump utility.

Not all hosting compagnies allow use of the mysqldump utility. Check with technical support of your hosting compagny or with your system administrator.

Path to MySQL binaries

The module will try to find for you the path to MySQL binaries, but it will not succeed on all systems. You may need to enter it by yourself. For assistance finding the full path, contact your system administrator.

On UNIX its usually /usr/local/bin

Another try is /usr/local/mysql/bin

Dump and restore parameters

Unless you really know what you are doing, it's best to keep the dump and restore parameters Mysql Dump has choosen for you at install.

UTF8

You may have a non-UTF8 database containing UTF8 data. Normally, MySQL servers run using the latin1 character set by default. So, even if the content of your CMSMS pages are encoded in UTF8, the database should still be exported and restored with the --default-character-set=latin1 switch.

To convert a database to UTF8 after upgrading to MySQL 4.1

(for advanced users only)

Create an empty file in the backups folder. Name it dummy.sql.
Save the database in a file name stripped.sql while stripping the charset with those dump parameters :

--opt --verbose --default-character-set=latin1 --skip-set-charset

Reset the CMSMS database's charset to UTF8 by loading the dummy.sql file with :

--execute="DROP DATABASE cms_dbname; CREATE DATABASE cms_dbname CHARACTER SET utf8 COLLATE utf8_general_ci;"

Note: use the real name of your CMSMS database in place of cms_dbname

Finally, restore stripped.sql using

--default-character-set=utf8

Hardcoded settings

You'll find several switches at the beginning of the MysqlDump.module.php file :

  /****** CONFIGURATION *****/
  	
  // Set to true if you want to disable checks on install (default = false)
  var $no_checks_on_install = false;        
  
  // Turns off additional info on execution (default = false)
  var $safe_mode = false;
  
  // Folder where to backups will be created under admin/ (default = backups)
  var $backupDirectory = 'backups';
  	
  // Get only tables with prefix set in config.php (default = true)
  var $only_tables_with_CMSMS_prefix = true;
  
  /***** DO NOT MODIFY BELOW ****/

Tips and tricks

Transfering a dataset from a local server to an online free web hosting server

Many free Web hosting servers still use the obsolete MySQL 4.0 engine. Therefore, to create a backup on a local server equipped with MySQL4.1 or newer that will successfully be restored on a MySQL4.0 server, you need to use the --default-character-set=latin1 --compatible=mysql40 switches.

Note: Don't use --default-character-set=utf8 with --compatible=mysql40. It defeats the purpose of doing backward compatibility since MySQL4.0 does't read utf8 natively.

phpMyAdmin

Mysql Dump can restore backups made with phpMyAdmin, and the other way around.

FAQ: I get warnings about some mkdir, touch or chmod permissions denied...

For the module to work, you need to change permissions of the following files and directories on the server :

 
  chmod 777 admin/backups
  chmod 777 modules/MysqlDump
  chmod 666 modules/MysqlDump/dump-verbose.txt

What is the difference between Mysql Dump and the Database Backup module?

Database Backups exports the content in a proprietary format, not compatible with phpMyAdmin and other standard MySQL restore tools. The data types are not saved, but reconstructed using MySQL import defaults. Some modules, such as the News module, are adversly affect by that.

MySQL uses external, perfectly standardized backup programs. The backup files can be restored with most SQL compatible systems (ANSI, MySQL 3.x, 4.x, 5.x, PostgreSQL, Oracle, msSQL, DB2). However, because the module relies on external programs, you need to have those utilities available on your system, which is usually the case, unless your site is hosted on some restricted free Web hosting server.

Testing alpha builds

It is strongly advised to do a clean install before testing any new experimental version of Mysql Dump or reverting back to an official stable release.

Clean install

Uninstall the old version of Mysql Dump from CMSMS's menus (Extension->Modules->Uninstall)
Move all your backup file out of admin/backups to somewhere safe.
Delete the backups folder inside /admin
Delete the MysqlDump folder inside /modules
[Download] a new test version of Mysql Dump
Unzip the MysqlDump folder and all its content into /modules
Run the install procedure from inside CMSMS (Extension->Modules->Install)
Copy the backups saved at step 2 back inside admin/backups

How to properly and completely backup your installation of CMS Made Simple

The following is what I think the complete list of things that must be backed up manually (if you are paranoid, or are planning on deleting the original directory soon, you might consider FTP downloading absolutely all files off your site other than the database):

database export (several times and several versions). Also note database prefix.
uploads folder
list of modules that you have installed, plus any custom settings. This is easy to backup by saving the html page after you view the "Modules" page of Admin.
templates and stylesheets (these are included in the database, but saving them to a text file for backup is a good idea)
config.php (for any custom settings that you have made)
.htaccess (any custom changes)
favicon.ico both file AND the setting for its location will not transfer with the database transfer
robots.txt (any custom changes)
Web site title (you specify this again on step 5)
Version of CMSMS used
Any custom folders on your server that CMSMS did not put there.

How to transfer your website to another server

From my experience, I have found that the easiest transfer procedure is a comprehensive backup of your old installation according to the article above, followed by a fresh install of the latest version on the new server, and followed by transfer of just backed up data from the article above. This reduces the number of files transferred, reduces chance for error, creates a good backup in the meanwhile, and ensures that you have the newest version of CMSMS on your new server.

This page in: English - Deutsch - Español - Français - Italiano - Lietuvių - Nederlands - Norsk - Polski - Česky - Русский - Svenska - Tiếng Việt - عربي - 日本語简体中文