NT NC how much would it cost?

Hello,

I started working on a projet a while ago but I dont have qualifications, but i wished it to be released between september and december ( i won't be able to pay before september). Right now I'm just wondering about the cost.

it's a whole thing (many plugins),

It's for a muslim community so it needs extensive moderation (validate private messages, reading freichat's messages -so I can ban the bad users-, ability to ban on ip, ability to check a user as "trustable"-VIP- so no private's message's validation required etc, blocking friendship between men and women). I will choose some women to be moderators and I wished only women moderators to be able to check women's member profiles plus private messages etc. And men moderators to check men member's profile plus private message etc.

It needs a new Islamic theme (draws allowed but I find arabic calligraphy perfect with some pictures). I want the theme to be as beautifull as oxwall. I also need the ability to customize the header for each member.

It also needs some new plugins like to make it as friendly to use as facebook (but i don't want it to be a facebook copy- people doesn't leave facebook to find the same elsewhere) like music database so when one like a music one can choose a cd jacket from the database so the jacket appears on his profile. The same about moovies and books. And some database about schools and mosquees (each music, book, mosquee should be related to a page that we can fill and maybe allow the user to fill). I need to get good youtube integration -don't know if there are free plugins about it-.

I also need privacy. Means that all content should be as easily set "private" or "friends only" as with facebook. I need to allow the user to choose wheither or not he wants to appear within the search module, or if he wants to be found with his mail adress or mobile number. I also need the user to be able to make friend list and to choose who can access a content by setting "allowing this friendlist" with the ability to exept one from the list or to choose one single person without quoting a list.

I at last need security. And this is my real priority. SO all the plugins above should be written properly and if there were some lack of security in elgg then i wished to get some plugin to fix it.

I guess i said all. I think that a plugin is around 30$. So I don't expect thousand dollars projects. Aw I should have begin by that I don't plan spending a thousand euro in it. I really don't know how it could cost. But more than 500€ will definitely won't be for me (i don't have a company, it's a free project). So if there were some interesting free plugin, just tell me so i won't pay for something already available. If this project for that cost is not possible then just tell me too. I don't know what to expect from my poor qualifications and the few euros i'll get soon.

thanks

  • For starting with coding an Elgg plugin it should be enough to know a little bit about php and html. I also don't think that it helps to learn "coding" or a programming language separately / before starting on a real project (though you should not start with a too complex project). If you try to learn a programming language first without some real exercise you will have forgotten most details again already before you apply them.

    Ajax and Javascript are surely a bonus but it's not really necessary for starting with developing an Elgg plugin. More important is to understand some basic concepts and the general built-up of an Elgg plugin and how its integrated within Elgg core (what are actions and views, extending and overriding of views, start.php with an init function, the manifest.xml, pagehandlers). There are several ways how you can start:

    • reading the sections about development at http://docs.elgg.org/wiki/Main_Page and the (new) http://learn.elgg.org/en/latest/index.html. You might also try to work through the tutorials,
    • there's an Elgg book (http://www.packtpub.com/elgg-18-social-networking/book or http://www.amazon.com/Elgg-Social-Networking-Cash-Costello/dp/1849511306/) that not only explains how installing and maintaining an Elgg site works but contains also information about customizing your site (by writing simple or even more complex plugins). Maybe a printed book works also better for you than an online doc.
    • Study the code of plugins. Start with very simple plugins. You will soon notice some very basic structure within the files and directories, i.e. each plugin has a very similar skeleton. More complex plugins will have more files and directories but the basic structure is still the same. Study the code in detail, i.e. try to understand each single line (that why you should really start with a small plugin). Soon you will recognize also some often used functions of the Elgg API. There are few functions that are often used (and of course quite a number more that occur for specific purposes like creating menus, input fields or for more specific data handling). Every Elgg function with its parameters is explaines also at http://reference.elgg.org/. If you want to code some functionality on your own, it can help to search for an existing plugin that might offer some similar functionality. So, you can take this plugin as a reference. Especially at starting developing Elgg plugins it's much easier trying to modify some existing code to achieve your goal instead of starting completely on your own.
    • Play with the code, play with your local test site. You do not have to follow some strict plan but you can also try to modify something just to see what your modification will result in. That's what a test site is really good for. No one else needs to access it. Therefore, it's not too bad if you break it sometimes. You can also learn of your mistakes. And a local test site will also not cost you anything. Even at a later time when you might have already started with your real site on a public server you still can use the test site to try out new things in your own code or to test out new plugins.

    Regarding the private messages (prevent messsages between certain users / read messages of other users): by default anyone can send private messages to any other user on Elgg. Friendship is not mandatory to be able to send someone a message as the "Send message" menu entry is useable for any logged-in user on any profile page. But it's of course possible (via a plugin) to change this to "show the menu entry only if the logged in user is a friend of the other user". There's also a plugin available for Elgg 1.7 that allows users to prevent non-friends from sending them messages (http://community.elgg.org/plugins/475802/1.0/messages-controls). This plugin will likely need some modifications to work on the current Elgg 1.8 but it can also be used as a basis to change the "user can prevent non-friends from messaging" to "non-friends can't send messages to each other on the whole site".

    Reading messages of others: currently every user can only access his/her own inbox (I think not even an admin can access the inboxes of others for privacy reasons). But you could write a plugin that has no such restrictions. The plugin could display a page with a input field for a username and on entering a username it could display (same look as an inbox) the messages of this user. A menu link accessible for admin on profile pages could display the messages page directly without entering a username. There's also a plugin called "Login As" that allows you to see the site like the other user would see it (http://community.elgg.org/plugins/570566/1.4/login-as). Of course, only admins can switch to another user's identity. But this switch is visible on the site, i.e. for other users it will look like as the member you switched into is currently logged in on the site.

    By default, Elgg knows only admins and normal users but no moderators. But there are plugins available that allows you to create your own "roles" (type of accounts). "Moderator" could be one type of role. The basis for this is the role framework (http://community.elgg.org/plugins/847275/1.0.4/roles). Some more plugins provide some more roles functionality without the need for you to define them yourself:

    http://community.elgg.org/plugins/1580093/1.0.2/roles-ui

    http://community.elgg.org/plugins/847281/1.0.0/moderators-for-roles

    http://community.elgg.org/plugins/1101885/1.0.0/access-collection-management-for-roles

    http://community.elgg.org/plugins/847310/1.0.0/group-administrators-for-roles

    http://community.elgg.org/plugins/852866/1.0.1/roles-for-profile-manager

    The roles plugins available here on the site are unfortunately not in any case the latest versions available. So, it makes sense to check for newer version of them on github (on the plugins' pages are links to the corresponding github repos).

  • thanks very much.

    I'm thinking about something. You are true, there are really many valuables free plugins for my website. But most are not or won't be upgrade sometime. It is a security problem. SO if my main concern is about security (a social network should be concern about security since all the data are private and valuable) then should I limit myself to the official elgg plugin untill I really can be sure to get always upgraded plugins (for free or from hiring)?

    Also I wanted to know if elgg did a security audit for the framework, as i planned to do one maybe. I want to create that social network for people, i won't do this if it may harm them.

  • Elgg core fixes security issues as soon as they are reported - meaning there are no known security issues unfixed right now. I don't know if some people do security audits especially for Elgg. But there are people who report them like developers of 3rd party plugins (preferred way is to not report them in public here on the site or at github to allow for fixing them first).

    Security issues in plugins are maybe less of an issue. Of course, a badly coded plugin might introduce some security issues and therefore it might be safer to not install any 3rd party plugin blindly. But it also depends on what the plugin does exactly to be able to say if there are any risks for security to be expected in the first place. Generally speaking, a plugin not updated since a certain time does also say nothing about its security. A good developer might publish a plugin that does not need to be updated all the time but is safe right from the start and also does not cause any issues when a new Elgg version is released.

    I can only suggest to test out Elgg and additional plugins to be able to judge on your own. Some plugins will offer functionality you might not want to go without on your site. Not using them now just because they might not get updated in the future seems not a good reason to go without them because nobody can give you any guarantee today that a plugin will get supported for many years to come. On the other hand you might think carefully about installing countless plugins on your site. You can test them on a test installation of course, but then you should consider if it makes sense to install them on your production site. Are they really worth installing or do they provide only some gimmick that might not be of much use in the long term? Too many features on your site might also confuse your members and they might not use most of them if there's no real need for them.

  • thanks @iionly .

    may I know what main functions are risky? if the plugin deals with the server info it's risky, such as form?

  • Theoretically any plugin can be risky, unless you do a code review you don't *really* know what it's doing.  This is true of any platform.

    Consider a plugin that for all intents and purposes is perfectly written, except it includes one line

    exec($_GET['query']);

    or

    update_data($_GET['query']);

    The plugin can do everything it's supposed to, but have something stupid like that and you'd never know without reviewing the code.  There's no guarantee of anything with any such software.  If you're not doing your own code reviews it's a trust game.  Use software from trusted sources/developers.  Rely on code reviews from other people who know what they're doing.  Likely the source is available on github or whatever, and most people aren't that dumb.  Most of the time any such risk is due to ignorance moreso than malice, and can be fixed with education.  Long story short - there's no way to answer 'what main functions are risky', and potentially all functions are risky in the wrong hands.

  • Thank you very much. I see what you mean.

    I will check all usefull plugins then ask on general discussion if it's a good security choice.

    thanks to all.

Professional Services

Professional Services

Get / offer professional help on Elgg; like customization, design, development, setup, hosting... Illegal trades are not allowed.