Restructure project for security and offline capability

- Move content outside public web root for security
- Consolidate all code and assets in engine/ directory
- Download Bootstrap locally for offline functionality
- Update public/ to contain only entry point files
- Add router.php for PHP development server security
- Update README.md with new structure and setup instructions
- Block direct access to content files via URL
- Maintain clean separation between content and code
This commit is contained in:
2025-11-19 17:05:25 +01:00
parent 277f86346d
commit 494ae7dc3b
28 changed files with 2707 additions and 102 deletions

View File

@@ -33,21 +33,30 @@ CodePress is a modern, secure CMS that manages content through files instead of
```
3. **Start server**:
```bash
php -S localhost:8000 -t public
# For Apache: Set DocumentRoot to public/
# For Development:
php -S localhost:8080 -t public router.php
```
4. **Visit**: `http://localhost:8000`
4. **Visit**: `http://localhost:8080`
## Project Structure
```
codepress/
├── public/ # Web-accessible directory
│ ├── content/ # Content files (MD/PHP/HTML)
│ ├── assets/ # Static assets (images, icons)
│ └── .htaccess # Security and routing
├── templates/ # HTML templates
├── config.php # Site configuration
├── index.php # Main application logic
├── public/ # Web-accessible directory (DocumentRoot)
│ ├── index.php # Main entry point
│ ├── .htaccess # Apache security and routing
│ └── router.php # PHP development server router
├── content/ # Content files (MD/PHP/HTML) - outside web root
├── engine/ # CMS engine and assets
│ ├── core/ # PHP application logic
│ │ ├── index.php # CMS class and logic
│ │ └── config.php # Site configuration
│ ├── templates/ # HTML templates
│ └── assets/ # Static assets (CSS, JS, fonts)
│ ├── css/ # Bootstrap and custom CSS
│ ├── js/ # JavaScript files
│ └── fonts/ # Font files
├── .htaccess # Root security
└── README.md # This documentation
```
@@ -55,11 +64,13 @@ codepress/
## Security
CodePress includes built-in security features:
- **.htaccess protection** for sensitive files
- **PHP file blocking** in content directory
- **Content isolation** - Content files stored outside web root
- **.htaccess protection** for sensitive files and directories
- **Direct access blocking** - Content files not accessible via URL
- **Security headers** for XSS protection
- **PHP file blocking** in content directory
- **Offline capable** - All assets (Bootstrap) stored locally
- **Directory access control**
- **Public directory isolation**
## Content Management
@@ -95,7 +106,7 @@ $date = date('Y-m-d');
### Directory Structure
```
public/content/
content/
├── home.md # Homepage
├── about/
│ └── company.md # About page
@@ -115,7 +126,8 @@ Edit `config.php` to customize:
return [
'site_title' => 'Your Site Name',
'site_description' => 'Your site description',
'content_dir' => __DIR__ . '/public/content',
'content_dir' => __DIR__ . '/../../content',
'templates_dir' => __DIR__ . '/../templates',
'default_page' => 'home',
'markdown_enabled' => true,
'php_enabled' => true,
@@ -148,7 +160,7 @@ This project is developed for specific use cases. Contact the maintainer for lic
## Support
- **Documentation**: See `public/content/home.md`
- **Documentation**: See `content/home.md`
- **Issues**: Report on GitLab
- **Community**: Join discussions