Pluck Improvements

I took a quick look at a couple pages of Pluck. First thing I noticed was code bloat. There is unnecessary repetitive code. Second thing I noticed is there is no separation of html and code (Logic from Presentation). I don’t know anything about pluck or the programmer. Just my initial observations.

Wrong topic. This discussion should be elsewhere.

  1. Bloat - Pluck have some age, so some things are rather in old styled writen down. But could you be more specific? Mabey some examples?

  2. Code separation - Pluck is writen in structura php so how could you want to separate html and php? But of you are talking about html / css separation this is done. Check https://github.com/pluck-cms/pluck/wiki/Theming-guide Structure of theme is as simple as it is posible.

You can try to speparate php and html in good way only if you are writing in oo (objec oriented) php. Otherwise it is rather imposible.

Wrong topic. This discussion should be elsewhere.

Where exactly whould you like to talk about Pluck?

You can try to separate php and html in good way only if you are writing in oo (objec oriented) php. Otherwise it is rather imposible.

This is absolutely WRONG!

Lets take editpage.php for example. The entire code from line 85 to 138 could be in /templates and then included in editpage.php

1. Bloat - Pluck have some age, so some things are rather in old styled writen down. But could you be more specific? Mabey some examples?

In admin.php from lines 62 to 285 you have repeated “include_once (‘data/inc/header.php’);” THIRTY TWO times. Since every single case has it, you only need to do it ONCE right before you start your switch.

2. Code separation - Pluck is writen in structura php so how could you want to separate html and php?

You ALWAYS want to seperate presentation from logic. It doesnt mater one bit whether it is procedural or oop.

I havent found where it is used yet, but the following tells me there are problems:

[php]if (isset($_GET[‘var1’]))
$var1 = $_GET[‘var1’];
if (isset($_GET[‘var2’]))
$var2 = $_GET[‘var2’];
if (isset($_GET[‘var3’]))
$var3 = $_GET[‘var3’];
if (isset($_GET[‘var4’]))
$var4 = $_GET[‘var4’];
if (isset($_GET[‘var5’]))
$var5 = $_GET[‘var5’];

//Some POST-variables for general use.
if (isset($_POST[‘cont1’]))
$cont1 = $_POST[‘cont1’];
if (isset($_POST[‘cont2’]))
$cont2 = $_POST[‘cont2’];
if (isset($_POST[‘cont3’]))
$cont3 = $_POST[‘cont3’];
if (isset($_POST[‘cont4’]))
$cont4 = $_POST[‘cont4’];
if (isset($_POST[‘cont5’]))
$cont5 = $_POST[‘cont5’];
if (isset($_POST[‘cont6’]))
$cont6 = $_POST[‘cont6’];
if (isset($_POST[‘cont7’]))
$cont7 = $_POST[‘cont7’];
if (isset($_POST[‘cont8’]))
$cont8 = $_POST[‘cont8’];
if (isset($_POST[‘cont9’]))
$cont9 = $_POST[‘cont9’];
if (isset($_POST[‘cont10’]))
$cont10 = $_POST[‘cont10’];[/php]

Pluck uses sha512 for password encryption. Should be using bcrypt. The app is not responsive, so it will not view properly on small devices (Not mobile friendly).

admin.php calls for require_once (‘data/settings/token.php’); but token.php does not exist there.

There is much more. No time to go through it all.

I split the topic for discussion, removed it from the Pluck Logo Thread.

Lets take editpage.php for example. The entire code from line 85 to 138 could be in /templates and then included in editpage.php In admin.php from lines 62 to 285 you have repeated "include_once ('data/inc/header.php');" [u][b]THIRTY TWO[/b][/u] times. Since every single case has it, you only need to do it [u][b]ONCE[/b][/u] right before you start your switch.
Good suggestions.
You [b]ALWAYS[/b] want to seperate presentation from logic. It doesnt mater one bit whether it is procedural or oop.

Yep, but you don’t always want to do a ground up rewrite, especially on working software. An OO version was started and abandoned.

The previous example cited is a two second cut and paste.

  1. Cut those lines, place them in an aptly named /templates file & folder
  2. Type an “include_once”’ where you cut #1. All done…

It also uses Xhtml doc type. Would be better to go html5. A search and replace could have it updated in a minute.

I will write more later. Now i just wanted to write only one info… Its not always a good idea (admin.php and inlude… header). I have seen this code and think about it some time ago. But there are two difrent cases. Logout, when you will have header already send problem :slight_smile: and a redirect case. The same problem as above.

But of course you are right in this “You ALWAYS want to seperate presentation from logic. It doesnt mater one bit whether it is procedural or oop.” But I will write it a little difrent: "You always WANT to seperate presentation from logic. It doesnt mater one bit whether it is procedural or oop.

For contX and varX POST/GET variables - check the code data/inc/security.php file.

Why we should use bcrypt and sha512 is wrong?

Best regards.

I was talking about topic only. Now after moved to “Pluck Improvements” its ok.

This file is created after instalation, by data/inc/security.php file. As you can see, code: require_once (‘data/inc/security.php’); is called in login.php in the begening, just after session_start();

Thanks to you I began to think how to override it. Not in Pluck 4.7.2 (witch I want to release soon) but for sure in Pluck 4.8.

Why we should use bcrypt and sha512 is wrong?

The answer to this is best served by doing some homework on the subject. Google is your friend on this one.

Its not always a good idea (admin.php and inlude... header). I have seen this code and think about it some time ago. But there are two difrent cases. Logout, when you will have header already send problem :) and a redirect case. The same problem as above.

Please provide an example of what you mean. Also, on the logout, I did notice there was something unusal going on there but did not dig into it as of yet. It points to a function redirect(‘index.php’, 0); which is very convoluted for a simple task such as logging out.
The function:
[php]function redirect($url, $time) {
//Replace & with &.
$url = str_replace(’&’, ‘&’, $url);

//Then, urlencode the entire url.
$url = urlencode($url);

//Then undo that for ? chars.
$url = str_replace('%3F', '?', $url);
//And undo that for = chars.
$url = str_replace('%3D', '=', $url);
//And undo that for & chars.
$url = str_replace('%26', '&', $url);
//And undo that for / chars.
$url = str_replace('%2F', '/', $url);
//And undo that for : chars.
$url = str_replace('%3A', ':', $url);

//Finally generate the metatag for redirecting
echo '<meta http-equiv="refresh" content="'.$time.'; url='.$url.'" />';

}[/php]

To logout, it is as simple as unsetting the login session. logout.php:

[php] session_start();
session_unset(); //remove all the variables in the session
session_destroy(); // destroy the session
die(header(“Location: ./login.php”));[/php]

All the code for magic quotes should not even be there. Magic quotes is Deprecated. The app should require a current version of Php. Why would you want to support old Php? Same thing with the code for Register Globals

Sponsor our Newsletter | Privacy Policy | Terms of Service