Restructure project for security and offline capability
- Move content outside public web root for security - Consolidate all code and assets in engine/ directory - Download Bootstrap locally for offline functionality - Update public/ to contain only entry point files - Add router.php for PHP development server security - Update README.md with new structure and setup instructions - Block direct access to content files via URL - Maintain clean separation between content and code
This commit is contained in:
42
README.md
42
README.md
@@ -33,21 +33,30 @@ CodePress is a modern, secure CMS that manages content through files instead of
|
||||
```
|
||||
3. **Start server**:
|
||||
```bash
|
||||
php -S localhost:8000 -t public
|
||||
# For Apache: Set DocumentRoot to public/
|
||||
# For Development:
|
||||
php -S localhost:8080 -t public router.php
|
||||
```
|
||||
4. **Visit**: `http://localhost:8000`
|
||||
4. **Visit**: `http://localhost:8080`
|
||||
|
||||
## Project Structure
|
||||
|
||||
```
|
||||
codepress/
|
||||
├── public/ # Web-accessible directory
|
||||
│ ├── content/ # Content files (MD/PHP/HTML)
|
||||
│ ├── assets/ # Static assets (images, icons)
|
||||
│ └── .htaccess # Security and routing
|
||||
├── templates/ # HTML templates
|
||||
├── config.php # Site configuration
|
||||
├── index.php # Main application logic
|
||||
├── public/ # Web-accessible directory (DocumentRoot)
|
||||
│ ├── index.php # Main entry point
|
||||
│ ├── .htaccess # Apache security and routing
|
||||
│ └── router.php # PHP development server router
|
||||
├── content/ # Content files (MD/PHP/HTML) - outside web root
|
||||
├── engine/ # CMS engine and assets
|
||||
│ ├── core/ # PHP application logic
|
||||
│ │ ├── index.php # CMS class and logic
|
||||
│ │ └── config.php # Site configuration
|
||||
│ ├── templates/ # HTML templates
|
||||
│ └── assets/ # Static assets (CSS, JS, fonts)
|
||||
│ ├── css/ # Bootstrap and custom CSS
|
||||
│ ├── js/ # JavaScript files
|
||||
│ └── fonts/ # Font files
|
||||
├── .htaccess # Root security
|
||||
└── README.md # This documentation
|
||||
```
|
||||
@@ -55,11 +64,13 @@ codepress/
|
||||
## Security
|
||||
|
||||
CodePress includes built-in security features:
|
||||
- **.htaccess protection** for sensitive files
|
||||
- **PHP file blocking** in content directory
|
||||
- **Content isolation** - Content files stored outside web root
|
||||
- **.htaccess protection** for sensitive files and directories
|
||||
- **Direct access blocking** - Content files not accessible via URL
|
||||
- **Security headers** for XSS protection
|
||||
- **PHP file blocking** in content directory
|
||||
- **Offline capable** - All assets (Bootstrap) stored locally
|
||||
- **Directory access control**
|
||||
- **Public directory isolation**
|
||||
|
||||
## Content Management
|
||||
|
||||
@@ -95,7 +106,7 @@ $date = date('Y-m-d');
|
||||
|
||||
### Directory Structure
|
||||
```
|
||||
public/content/
|
||||
content/
|
||||
├── home.md # Homepage
|
||||
├── about/
|
||||
│ └── company.md # About page
|
||||
@@ -115,7 +126,8 @@ Edit `config.php` to customize:
|
||||
return [
|
||||
'site_title' => 'Your Site Name',
|
||||
'site_description' => 'Your site description',
|
||||
'content_dir' => __DIR__ . '/public/content',
|
||||
'content_dir' => __DIR__ . '/../../content',
|
||||
'templates_dir' => __DIR__ . '/../templates',
|
||||
'default_page' => 'home',
|
||||
'markdown_enabled' => true,
|
||||
'php_enabled' => true,
|
||||
@@ -148,7 +160,7 @@ This project is developed for specific use cases. Contact the maintainer for lic
|
||||
|
||||
## Support
|
||||
|
||||
- **Documentation**: See `public/content/home.md`
|
||||
- **Documentation**: See `content/home.md`
|
||||
- **Issues**: Report on GitLab
|
||||
- **Community**: Join discussions
|
||||
|
||||
|
||||
Reference in New Issue
Block a user