

Ospari: PHP based Blogging software that can use Ghost themes - techvibe2
https://github.com/28h/Ospari

======
citricsquid
Quick feedback: Don't commit vendor packages to your repository, make use of
Composer ([http://getcomposer.org](http://getcomposer.org)). Separate out your
application core from the public folder, that way you don't need to rely on
your web server for security: if someone uses nginx your set up leaves them
vulnerable. Look into MVC, you have logic and display mixed together.

~~~
techvibe2
You are right. The application does not belong to public folder. My goal is to
make installation as easy as possible. Just copy the code and start to blog.
Another reason is, that you can't easily run the application in subdirectory
for example /blog/ if put the application code behind public folder.

Composer is a good Idea, but with first version we wanted to deliver one
single package for the end users. We would use composer for the next releases.

~~~
citricsquid
If you absolutely cannot separate out the public portion of the application
from the core -- which should be possible because even the worst shared hosts
allow for folders above public_html -- then you'll need to use a PHP solution
for protection the files. For example if you define a constant in index.php
and then check for that constant in included files you can prevent access, eg:

    
    
        defined('BASEPATH') OR exit('No direct script access allowed');
    

From
[https://github.com/EllisLab/CodeIgniter/blob/develop/applica...](https://github.com/EllisLab/CodeIgniter/blob/develop/application/controllers/Welcome.php)

~~~
techvibe2
You are right again. But I will complicate the installation. The PHP files are
secure, they are classes ore arrays. if you execute them nothing happens. We
have an .htaccess file in core applications folder. The .htacces file rejects
all requests.

We would provide security tips also for nginx users. Just to repeat all files
except index.php are classes ore arrays and and they don't execute any code.

------
techvibe2
By our first post on HN some users criticized us that we call Ospari open
source but no one can see our code or download Ospari. We worked hard and
released the first version today.

------
RealGeek
Could you post few screenshots of the admin panel? A functional demo of admin
panel would be even better.

~~~
techvibe2
Here is a quick screen short
[http://awesomescreenshot.com/04e2brbo81](http://awesomescreenshot.com/04e2brbo81)
We a basic and clean admin interface. Ospari uses Markdown. You have a live
preview as you type and everything is auto saved.

~~~
techvibe2
Follow us on Twitter @Ospari for updates. We would post more detailed docs in
the next days.

------
wyck
You need to write some documentation if you want to get anyone interested.

~~~
robzienert
Tests would be good, too.

~~~
ryan-allen
WordPress is doing pretty well with no tests!

~~~
wyck
WP has tests, they are not perfect but they exist.

[http://unit-tests.svn.wordpress.org/trunk/](http://unit-
tests.svn.wordpress.org/trunk/)
[https://github.com/10up/wp_mock](https://github.com/10up/wp_mock)

------
freshyill
Somebody explain why this is necessary. Ghost is open source. Why not just
uses Ghost? It also uses Ghost themes.

~~~
dangrossman
To run Ghost, you need a server to host it on, and enough knowledge to set it
up and manage it. You need some level of sysadmin skills just to understand
the install instructions.

A PHP application can be dropped on any $2/month shared hosting account over
FTP. That's the extent of the installation, and the host will support it for
you. Even cheap unmanaged shared hosts will troubleshoot setting up PHP code
for customers.

Ghost can only be set up by people that frequent sites like HN. A PHP app can
be set up by anyone. That's why over 40 million people use WordPress where
maybe 20k have used something like Jekyll.

~~~
mattkirman
While not quite the same as having FTP access Ghost do offer hosted blogs from
only $5 per month. Anyone that can set up a WordPress.com blog should find
Ghost just as easy.

~~~
jbeja
Ok, but not everyone can pay Ghost hosting plan, since "$" is not the default
and official currency in every country.

~~~
mattkirman
The Ghost Foundation is a UK organisation and I can assure you that USD is not
the default currency here. If they're willing to make the effort to accept
USD, I'm sure there are plenty of bloggers able to make the effort to pay
using it.

Regardless, USD is the de facto standard for SAAS payments (whether this is
good or bad is a discussion for another time). If you can't pay in USD then
you'll find a substantial proportion of services unavailable to you.

