Hello,
I started working on a projet a while ago but I dont have qualifications, but i wished it to be released between september and december ( i won't be able to pay before september). Right now I'm just wondering about the cost.
it's a whole thing (many plugins),
It's for a muslim community so it needs extensive moderation (validate private messages, reading freichat's messages -so I can ban the bad users-, ability to ban on ip, ability to check a user as "trustable"-VIP- so no private's message's validation required etc, blocking friendship between men and women). I will choose some women to be moderators and I wished only women moderators to be able to check women's member profiles plus private messages etc. And men moderators to check men member's profile plus private message etc.
It needs a new Islamic theme (draws allowed but I find arabic calligraphy perfect with some pictures). I want the theme to be as beautifull as oxwall. I also need the ability to customize the header for each member.
It also needs some new plugins like to make it as friendly to use as facebook (but i don't want it to be a facebook copy- people doesn't leave facebook to find the same elsewhere) like music database so when one like a music one can choose a cd jacket from the database so the jacket appears on his profile. The same about moovies and books. And some database about schools and mosquees (each music, book, mosquee should be related to a page that we can fill and maybe allow the user to fill). I need to get good youtube integration -don't know if there are free plugins about it-.
I also need privacy. Means that all content should be as easily set "private" or "friends only" as with facebook. I need to allow the user to choose wheither or not he wants to appear within the search module, or if he wants to be found with his mail adress or mobile number. I also need the user to be able to make friend list and to choose who can access a content by setting "allowing this friendlist" with the ability to exept one from the list or to choose one single person without quoting a list.
I at last need security. And this is my real priority. SO all the plugins above should be written properly and if there were some lack of security in elgg then i wished to get some plugin to fix it.
I guess i said all. I think that a plugin is around 30$. So I don't expect thousand dollars projects. Aw I should have begin by that I don't plan spending a thousand euro in it. I really don't know how it could cost. But more than 500€ will definitely won't be for me (i don't have a company, it's a free project). So if there were some interesting free plugin, just tell me so i won't pay for something already available. If this project for that cost is not possible then just tell me too. I don't know what to expect from my poor qualifications and the few euros i'll get soon.
thanks
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
For starting with coding an Elgg plugin it should be enough to know a little bit about php and html. I also don't think that it helps to learn "coding" or a programming language separately / before starting on a real project (though you should not start with a too complex project). If you try to learn a programming language first without some real exercise you will have forgotten most details again already before you apply them.
Ajax and Javascript are surely a bonus but it's not really necessary for starting with developing an Elgg plugin. More important is to understand some basic concepts and the general built-up of an Elgg plugin and how its integrated within Elgg core (what are actions and views, extending and overriding of views, start.php with an init function, the manifest.xml, pagehandlers). There are several ways how you can start:
Regarding the private messages (prevent messsages between certain users / read messages of other users): by default anyone can send private messages to any other user on Elgg. Friendship is not mandatory to be able to send someone a message as the "Send message" menu entry is useable for any logged-in user on any profile page. But it's of course possible (via a plugin) to change this to "show the menu entry only if the logged in user is a friend of the other user". There's also a plugin available for Elgg 1.7 that allows users to prevent non-friends from sending them messages (http://community.elgg.org/plugins/475802/1.0/messages-controls). This plugin will likely need some modifications to work on the current Elgg 1.8 but it can also be used as a basis to change the "user can prevent non-friends from messaging" to "non-friends can't send messages to each other on the whole site".
Reading messages of others: currently every user can only access his/her own inbox (I think not even an admin can access the inboxes of others for privacy reasons). But you could write a plugin that has no such restrictions. The plugin could display a page with a input field for a username and on entering a username it could display (same look as an inbox) the messages of this user. A menu link accessible for admin on profile pages could display the messages page directly without entering a username. There's also a plugin called "Login As" that allows you to see the site like the other user would see it (http://community.elgg.org/plugins/570566/1.4/login-as). Of course, only admins can switch to another user's identity. But this switch is visible on the site, i.e. for other users it will look like as the member you switched into is currently logged in on the site.
By default, Elgg knows only admins and normal users but no moderators. But there are plugins available that allows you to create your own "roles" (type of accounts). "Moderator" could be one type of role. The basis for this is the role framework (http://community.elgg.org/plugins/847275/1.0.4/roles). Some more plugins provide some more roles functionality without the need for you to define them yourself:
http://community.elgg.org/plugins/1580093/1.0.2/roles-ui
http://community.elgg.org/plugins/847281/1.0.0/moderators-for-roles
http://community.elgg.org/plugins/1101885/1.0.0/access-collection-management-for-roles
http://community.elgg.org/plugins/847310/1.0.0/group-administrators-for-roles
http://community.elgg.org/plugins/852866/1.0.1/roles-for-profile-manager
The roles plugins available here on the site are unfortunately not in any case the latest versions available. So, it makes sense to check for newer version of them on github (on the plugins' pages are links to the corresponding github repos).
thanks very much.
I'm thinking about something. You are true, there are really many valuables free plugins for my website. But most are not or won't be upgrade sometime. It is a security problem. SO if my main concern is about security (a social network should be concern about security since all the data are private and valuable) then should I limit myself to the official elgg plugin untill I really can be sure to get always upgraded plugins (for free or from hiring)?
Also I wanted to know if elgg did a security audit for the framework, as i planned to do one maybe. I want to create that social network for people, i won't do this if it may harm them.
up
Elgg core fixes security issues as soon as they are reported - meaning there are no known security issues unfixed right now. I don't know if some people do security audits especially for Elgg. But there are people who report them like developers of 3rd party plugins (preferred way is to not report them in public here on the site or at github to allow for fixing them first).
Security issues in plugins are maybe less of an issue. Of course, a badly coded plugin might introduce some security issues and therefore it might be safer to not install any 3rd party plugin blindly. But it also depends on what the plugin does exactly to be able to say if there are any risks for security to be expected in the first place. Generally speaking, a plugin not updated since a certain time does also say nothing about its security. A good developer might publish a plugin that does not need to be updated all the time but is safe right from the start and also does not cause any issues when a new Elgg version is released.
I can only suggest to test out Elgg and additional plugins to be able to judge on your own. Some plugins will offer functionality you might not want to go without on your site. Not using them now just because they might not get updated in the future seems not a good reason to go without them because nobody can give you any guarantee today that a plugin will get supported for many years to come. On the other hand you might think carefully about installing countless plugins on your site. You can test them on a test installation of course, but then you should consider if it makes sense to install them on your production site. Are they really worth installing or do they provide only some gimmick that might not be of much use in the long term? Too many features on your site might also confuse your members and they might not use most of them if there's no real need for them.
thanks @iionly .
may I know what main functions are risky? if the plugin deals with the server info it's risky, such as form?
Theoretically any plugin can be risky, unless you do a code review you don't *really* know what it's doing. This is true of any platform.
Consider a plugin that for all intents and purposes is perfectly written, except it includes one line
or
The plugin can do everything it's supposed to, but have something stupid like that and you'd never know without reviewing the code. There's no guarantee of anything with any such software. If you're not doing your own code reviews it's a trust game. Use software from trusted sources/developers. Rely on code reviews from other people who know what they're doing. Likely the source is available on github or whatever, and most people aren't that dumb. Most of the time any such risk is due to ignorance moreso than malice, and can be fixed with education. Long story short - there's no way to answer 'what main functions are risky', and potentially all functions are risky in the wrong hands.
Thank you very much. I see what you mean.
I will check all usefull plugins then ask on general discussion if it's a good security choice.
thanks to all.
- Previous
- 1
- 2
- Next
You must log in to post replies.