Note by Apollia on Nov. 8, 2023: Please join my Patreon if you'd like to support me and my work!

My main personal website is now Apollia.org. I'm still not sure what to do with Astroblahhh.Com, so it's mostly staying as-is for now.





Go to bottom

WordsPlatz Manual

WordsPlatz is a blog software package which I, Apollia of Astroblahhh.Com, wrote mostly in PHP with a little JavaScript and MySQL.

For a brief intro, you can read this (which is just a copy of the text on the WordsPlatz home page). Please don't expect WordsPlatz to be as easy, feature-filled, fancy, or as functional as WordPress. I'm just one amateur programmer working alone, and I wrote this blog software primarily for my own personal use.

WordsPlatz is free, public domain, open source software. You are totally free to use and modify it for any purpose, even commercial purposes, without even asking permission or paying me anything. Though, of course, I joyfully welcome purchases of any item or service I have for sale on my website or in Second Life, or donations and microdonations of literally any size.

Please only use WordsPlatz at your own risk, and please don't sue me if anything goes horribly wrong. Thanks. :-)


To run WordsPlatz, you will need to either upload WordsPlatz to an actual web server which can run PHP and which has a MySQL database, or, use it on your own hard drive with web server software such as XAMPP.

I used XAMPP to develop WordsPlatz on my Windows XP computer, and XAMPP worked so identically to a regular online web server that I scarcely had to change a thing when I uploaded WordsPlatz to my website.

If you want to modify the source code of WordsPlatz, it would be wise to work on it on your local computer using XAMPP (or something similar) instead of uploading and testing scripts on your actual website, since creating bad glitches is all too easy, and crashing your web server is not likely to please your web host.


Setting up XAMPP

XAMPP is "an easy to install Apache distribution containing MySQL, PHP and Perl" for a variety of different platforms, like Windows, MacOS, Linux, and Solaris (whatever that is). (You can even install Python in XAMPP, though it took me hours to figure out how).

Apache is a type of web server software. PHP (which I used in WordsPlatz), Perl, and Python are three popular programming languages. MySQL is a type of database software, and that's one of the things that WordsPlatz uses to store data. (The other main way WordsPlatz stores data is by creating files containing all your blog posts' data in the "blogcache" folder. Instead of querying the database for all needed details about posts, WordsPlatz queries the database for only some post details, and then uses those details to to locate and import any needed blog post cache files, which provide the rest of each needed post's data).

I used JavaScript for a few convenient user-interface frills. (Perl and Python weren't used in WordsPlatz).

I've done my best to make sure WordsPlatz is safe for use on your own computer in XAMPP, and below I've shared all I know of to enhance the security of your computer's XAMPP web server software (based on what I've done with my own set-up), at least if you're using Windows. However, I know far from everything about this stuff, and there could be some horribly obvious things I'm overlooking.


You can get XAMPP for a variety of different platforms, like Windows, MacOS, Linux, and Solaris (whatever that is) at this link:

http://www.apachefriends.org/en/xampp.html

Since I only have a Windows XP computer readily available to me, these instructions are for Windows, so, if you're using another platform, you'll have to adapt the instructions somehow.

I recommend installing or unzipping XAMPP's files directly to the location "C:\xampp" on Windows.

You can start Apache and MySQL by opening the file xampp-control.exe in the directory "C:\xampp\" and clicking the Start buttons next to "Apache" and "MySql".


However, be warned that you probably should implement various measures to make sure you have some extra security - because if someone has your IP address, and there are no other safeguards, then, while Apache is running, people on the internet could literally browse some of the files you have on your hard drive. Hopefully only files in the "C:\xampp\htdocs" folder, but who knows? (Not me - I'm not some kind of internet security expert.)

One of the easier measures is to change some of Apache's configuration settings. Go to the "C:\xampp\apache\conf" folder. Make a duplicate of the httpd.conf file, so in case you mess anything up, you can go back to the original settings. Then, open httpd.conf with a text editor.

Go to the section that says:

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

You'll want to delete those last two lines, and replace them with:

    Order deny,allow
    Deny from all
    Allow from 127.0.0.1

127.0.0.1 is the "localhost" address, so, that means anyone with an IP address different than that (such as anyone on the internet) should not be able to get files. I assume this probably works, but I would never trust this 100%, because you never know how a computer might be messing things up behind the scenes, either through inadvertant glitches, or by malicious design.

Something to be wary of that I wasn't aware of until March 2009: various other .conf files, and any files named .htaccess in various directories in the XAMPP directory, can change the above rules for at least parts of your server and maybe more than just parts of it (I'm not sure). So, there are also a number of other files you should change too. We'll get to that below.

Before we leave httpd.conf, however, we should make a couple other changes. Go to the line that says:

LoadModule dav_module modules/mod_dav.so

Put a pound sign at the beginning of the line, like so:

#LoadModule dav_module modules/mod_dav.so

This makes it so the WebDAV module is turned off. WebDAV is a module for "Web-based Distributed Authoring and Versioning", which apparently allows "creating, moving, copying, and deleting resources and collections on a remote web server".

Then, go to the line that says Listen 80. Change it to Listen 127.0.0.1:80. I'm not sure what that does exactly but I think it might make it so not just any IP address can be used to attempt to get things from your web server.


Next, go to the C:\xampp\apache\conf\extra folder. Make backup copies of the files httpd-dav.conf and httpd-xampp.conf. Then, open httpd-dav.conf with a text editor.

Go to the section that says:

     Dav On
    Order allow,deny
    Allow from all

Change it to:

    Dav Off
    Order deny,allow
    Deny from all


Then, open httpd-xampp.conf with a text editor. In this file, there are numerous blocks of text that say:

        AllowOverride AuthConfig
        Order allow,deny
        Allow from all

You'll find a couple of those blocks of text under <Directory "/xampp/security/htdocs"> and <Directory "/xampp/phpMyAdmin">. Change them to:

        AllowOverride AuthConfig
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1

You'll also find a couple more of those blocks of text under <Directory "/xampp/webalizer"> and <Directory "/xampp/contrib">. Change them to:

        AllowOverride AuthConfig
        Order deny,allow
        Deny from all


Now, go to C:\xampp\mysql\bin. Make a backup copy of the file titled "My". Then, open the "My" file with a text editor. Find the text server-id = 1, and above it, add this line:

bind-address = 127.0.0.1


Next, go to C:\xampp\php. Make a backup copy of the file "php.ini". Then, open "php.ini" with a text editor. Find this line:

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

Change the last line to:

magic_quotes_gpc = Off

Sorry if anyone out there actually uses the incredibly annoying magic quotes feature for anything, but, my programs are all incompatible with magic quotes, and I'm not sure how I'd make them compatible.


Next, you should probably have a firewall. You might have to fiddle around with your firewall software to be able to use Apache at the same time you have your firewall software on.

I have Norton Internet Security 2003 and Windows XP, so these next instructions (or suggestions) won't apply to everyone. If you have Norton Internet Security, then, the first time you start Apache and MySQL, a Norton Internet Security alert should come up asking you whether to permit or block them, or if you want to manually configure access.

I picked manually configure, then blocked connections to and from any other computer, both TCP and UDP connections on all ports, and, since I'm a bit paranoid, I have it create an event log entry and show me both a Security Monitor and Security Alert message when that firewall rule is triggered. These alerts display every time I start up Apache and MySQL. And, it used to be that if I didn't do this next step, those alerts came up intolerably often, every time I did anything with Apache, like browse a web page on my computer's server.

If you have that problem, to fix that, open up Norton Internet Security, then click Personal Firewall, and click the Configure button. Then, go to the Home Networking tab. Click add, and select "Individually", then put in the localhost IP address - 127.0.0.1.

Hopefully this won't be a horrible, security-endangering move. If you're really worried, you can delete 127.0.0.1 from your Trusted Zone when you're done using XAMPP - or, you can physically disconnect your computer from the internet when you use XAMPP.

Oddly, for some reason I no longer have to have 127.0.0.1 in the trusted zone at all to avoid all those alerts. I don't know what I changed exactly that made that happen, but, yay. :-)


If you really can't figure out how to configure your firewall, or just don't trust it, a presumably safe alternative is to physically disconnect your computer from the internet and turn off your firewall software while you're running XAMPP. Remember to turn your firewall software back on before you reconnect your computer to the internet.

If you're using Norton Internet Security 2003 and somehow messed up the firewall rules when you first configured them, you can edit the rules you added by opening Norton Internet Security, clicking Personal Firewall, clicking the Configure button, and going to the Program Control tab. Apache will be listed in the programs list as "apache.exe" and MySQL will be listed as "mysqld.exe". Highlight whichever one you want to edit and press Modify, and adjust it as you wish.


One odd side effect of having Apache on while I was browsing the rest of the internet was that sometimes little web browser alert things used to pop up asking me about certificates and stuff related to "localhost". Also, if I deleted 127.0.0.1 from my Norton Internet Security Trusted Zone and still had Apache running, visiting some internet sites triggered multiple Norton Internet Security alerts.

I believe this might have been related to the fact that I use a Hosts file to block Google AdSense, Google Analytics and other nuisances - since what a Hosts file does is redirects attempts to connect to nuisance sites to some other IP address, and frequently, the IP address of choice is 127.0.0.1 - the localhost address.

So, I think, when you have Apache running - because Apache reacts whenever anything on your computer goes to http://localhost/ or http://127.0.0.1/ , Apache takes notice when the Hosts file redirects stuff to 127.0.0.1, hence possibly triggering various Norton Internet Security alerts (if 127.0.0.1 isn't in your Trusted Zone) which don't normally show up when Apache is turned off, as well as somehow causing those web browser alerts about certificates and localhost, etc.


(By the way, though this has nothing to do with setting up XAMPP, I just thought I should point out somewhere that, despite the fact that I keep putting in these links to Wikipedia articles, you should never completely trust Wikipedia, since Wikipedia can be edited by literally anyone at any time.

And, while we're on the topic of security, I'd like to also point out the excellent free (but not open source) software Spybot: Search & Destroy. Among many other things, it creates (or edits) a Hosts file for you, though you can also edit it manually.

On my Windows XP computer, the Hosts file is located at "C:\WINDOWS\system32\drivers\etc" . If you want to edit your Hosts file, I recommend making a backup copy of it before you edit it).


And, another security-related idea - a router might be helpful. A router is a physical device which you might use to share your internet connection (like probably a high-speed cable connection) amongst multiple computers in your house. As I understand it, in my currently feeble, poor, and inadequate way, any connections that try to come in from the internet have to go through the router, and somehow this can help with your security.

However, if you have a router, you should have a password on it, because otherwise, anyone who visits your IP address and puts in your router's default login details will be able to get into your router and reconfigure its settings, unless you changed the default login details.

Consult your router's manual for more details. (And in case you can't find your router's manual, you often can find the manuals of routers on the web on the manufacturer's website).


Finally, once you start running XAMPP, you might as well go to http://localhost/xampp and click the Security link, and follow the instructions to plug the various security holes that are left open by default.


By the way, I would like to caution people against just running any random PHP, Perl, or Python script they find without understanding it. Even I didn't realize this at first, when I first installed XAMPP, but:

To my surprise, these scripts, run by Apache/XAMPP, are capable of accessing, reading, writing, overwriting, and deleting information not only in the htdocs folder, but anywhere on your hard drive.

That is actually what made some features of WordsPlatz possible to use on your own computer, like the ability to output blog pages and settings files.

But, it also means scripts are potentially very dangerous. So, don't go naively running every random script or scrap of source code you find on the internet, OK?


Another thing more people should be aware of is the fact that JavaScript, as well as Java and ActiveX controls, can sometimes be exploited to do various bad things. Here's a forum thread with more information on that topic.

To avoid such problems, I like to either a) use the Opera web browser with my toolbar customized to have three checkboxes in it: "Enable plug-ins", "Enable Java" and "Enable JavaScript", which I normally leave unchecked, or b) use Firefox either with the NoScript plug-in, or with JavaScript, Java, ActiveX, Flash, etc. turned off completely.


Setting up WordsPlatz in XAMPP

When or if you have the various security issues figured out to your satisfaction - start up Apache and MySQL by opening the file xampp-control.exe in the directory C:\xampp\ and clicking the Start buttons next to "Apache" and "MySql".

Now, you should be able to reach WordsPlatz's login page by following this link:

http://localhost/wordsplatz/sitemirror/bloglogin/loginform.php

By default, you don't have to enter any login name or password, and the cookie it creates will last a very, very long time. If you'd like to change the login name and pasword, edit "blogconfig/settings-login.php". If you'd like to change the amount of time the cookie lasts, edit "bloglogin/login.php".

It's not very good security, especially if the person trying to log in is physically using your computer (meaning the WordsPlatz source code files are probably all accessible to that person if they know to look in the "C:/xampp/htdocs/wordsplatz" folder, or wherever else you're keeping WordsPlatz). But it could deter someone not very knowledgeable about computers and/or not very determined to get in.

Once you've successfully logged in, you will arrive at the Main page.


However, before you can get started using WordsPlatz, you'll first need to mess about with MySQL.

Open the source code file "blogconfig/lib-blog.php" and in the ConnectToDb function, change the user name and password to your MySQL user name and password. As for where to get your MySQL user name and password - if I recall correctly you can set your MySQL password possibly easily by following the instructions at http://localhost/security/index.php if you haven't already set a password for the MySQL root account.

Alternatively, instead of changing the user name and password used by "blogconfig/lib-blog.php", you can create a MySQL user named "insertnamehere" with the password "insertpasswordhere" and that will work fine too. :-) (You can manage MySQL user accounts from within phpMyAdmin by clicking the Privileges link).

Next, go to the software phpMyAdmin, which is a handy MySQL database manager program included with XAMPP.

In the text box underneath the text "Create new database:", type in "wordsplatz" and press the Create button.

Then, back at the Main page, click the Nuke and Make New Database link, then click the "Make New Database Tables" button.

Now, you will be able to use WordsPlatz. By default, published blog SHTML files will mostly be placed in the folder "wordsplatz/sitemirror/blog", with a few exceptions such as index.shtml, blog.shtml, and updates.shtml, which will be placed in "wordsplatz/sitemirror", and the archives for the blog post category "Site Update", which will go in "wordsplatz/sitemirror/updates".


Setting up WordsPlatz on the Web

Before you upload anything, some preparation is needed.


Now, WordsPlatz should be ready to upload. Go into the "sitemirror" folder. Select everything in the folder and upload it to the root level of your website. Be careful not to overwrite existing files and folders at the root level of your site. Then...


You should probably delete scripts you won't be needing. Here are a list of scripts that aren't usually useful to keep in your online installation of WordsPlatz:

Hopefully, WordsPlatz will be ready to use now. Go to http://yourdomainname/bloglogin/loginform.php and try to log in. I hope it works.

Warning: If you have files at the root level of your site named index.shtml, blog.shtml or updates.shtml, WordsPlatz will overwrite these files when you publish your blog.


Using WordsPlatz

Fortunately, once WordsPlatz is installed properly, using WordsPlatz isn't that complicated. There are only 3 admin operations you'll probably end up using frequently - Add Blog Post, List Blog Posts, and Publish New Posts.

The basic procedure for publishing your blog is:

  1. Create a post using the Add Blog Post form. Saving the post won't immediately publish it on your website - it will just save it in the database and create a cache file in the "blogcache" folder.

    Warning: I highly recommend that rather than composing posts within the web browser form that you work on them in an outside text editor (such as Notepad or NoteTab Light) and copy and paste them into the web browser window. (This is actually a good tip for any web browser form that you might be tempted to type a lot of text into without taking any precautions to back up your work.) There is some JavaScript that will try to rescue you from losing data you entered in the form, but in the Opera browser, it won't work when you reload the page or go back or forward.


  2. Click either Publish New Posts or Publish All Posts. (Publish All Posts creates or recreates every page of your blog, Publish New Posts creates or recreates mostly only needed pages - that is, any pages which contain posts which were last saved sometime after the date and time your blog was last published. The date and time your blog was last published is automatically stored in "blogconfig/var-lastpub.php").

    Warning: If you have files at the root level of your site named index.shtml, blog.shtml or updates.shtml, WordsPlatz will overwrite these files when you publish your blog.


If you want to browse the posts in your blog's database, you can use the List Posts function. There, you can even easily search for posts that you've given certain search tags.


Roll Back Publish Date, Recache All Posts, Update Blog, and Nuke and Make New Database will mostly come in handy for debugging, if you substantially edit the source code.

A drawback or a benefit depending on your point of view is that when creating posts in WordsPlatz, you're going to have to write any needed HTML for formatting yourself, because WordsPlatz doesn't provide a WYSIWYG editor, and it doesn't tamper with any of the text or HTML you input by obtrusively inserting paragraph breaks, or renaming or deleting or reorganizing any of your HTML tags, etc. The Add Post form provides a preview option so you can see what your post will look like.


If you ever decide you'd like to change cosmetic aspects of the admin controls of WordsPlatz, and have such things as a different color scheme, different fonts, etc., you can edit WordsPlatz's CSS file, titled "a.css", in the "adminblog" folder. Of course, I recommend making a backup copy of it before you start editing it, in case you want the old settings back.

I hope you like WordsPlatz. Again, I joyfully welcome purchases of any item or service I have for sale on my website or in Second Life, or donations and microdonations of literally any size.

http://localhost/wordsplatz/sitemirror/adminblog/00main.php



Update History

Since January 2008, I struggled off and on (mostly off) to write WordsPlatz, and finally released it to the world on January 15, 2009. It is the second major project written in PHP/MySQL/JavaScript that I've ever completed and released. Writing it was a terrible ordeal.

It uses code from other projects of mine, such as the Astrosorting Music Organization Database (AMODB) and also some unreleased projects. (Can't remember which ones exactly, though; but they pretty much all borrow code from each other).

It also uses at least a few code snippets I found on the web - the code to display how long it took to create a page (which came from http://www.developerfusion.co.uk/show/2058/), and some other things I forgot (or am too lazy to list out), which most likely came from the official PHP documentation at PHP.net.

On 1/23/2009, I made some small updates that I was too lazy to update the version number of WordsPlatz or this manual for. I made some slight changes to how RSS feeds are output, making it so the category and type of each post are put into two separate fields instead of just one field. I also fixed a problem where links in the RSS feed to posts of the category "Site Update" didn't work, and also a small, pretty harmless glitch in the tag system, in which, if you deleted all the tags of either tag type from a post, the tagmap table didn't have all the tags for that post deleted, only some of them.

WordsPlatz v1.1 was released 2/28/2009. In it, I fixed a problem I discovered while working on my web links organizer software, in which, due to some missing parentheses, sometimes subtags would mistakenly would get deleted from all blog posts instead of just the one being edited.

WordsPlatz v1.2 was released 3/23/2009. None of the code was changed - I just updated this manual file to add a bunch of new security tips I recently figured out, and also to provide instructions for turning off PHP's annoying "magic quotes" feature. I also updated the adminblog/00main.php file just to change the version number.

WordsPlatz v1.21 was released 3/30/2009. When I updated my blog on 3/30/2009, I discovered that in various places, February was erroneously replaced with March. Upon investigation I found this was the result of this annoying problem. So, to fix that, in adminblog/publishnew.php, adminblog/publishall.php, and blogconfig/lib-outputpagetext.php, I added an extra argument to every use of the mktime function - a 1, to specify a default day number.


To edit the source code, I usually used the wonderful code editing software Notepad++ v5.0.3. With its color coded text, fully customizeable colors, line numbers, bookmarks, easy indent features, etc., it really helped a lot. It is my favorite code editor.

Before I discovered Notepad++, I also used NoteTab Light a bit, which is still my favorite plain text editor, though no longer my favorite code editor.


Go to top
Last modified: Mar. 30, 2009
This page uploaded to web: Jan. 15, 2009





Note by Apollia on Nov. 8, 2023: Please join my Patreon if you'd like to support me and my work!

My main personal website is now Apollia.org. I'm still not sure what to do with Astroblahhh.Com, so it's mostly staying as-is for now.