Project-Pro/centrumcopy.com.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2026-04-30 21:31:32 +02:00
parent e22bbde336
commit e6a09f6c95
16 changed files with 1929 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
.paul/codebase/overview.md Normal file
View File

@@ -0,0 +1,65 @@
# Codebase Overview — centrumcopy.com.pl
## Project Summary
B2B e-commerce/catalogue website for a photocopier and office equipment distributor. The site is a legacy PHP application built on Kohana 2.3.4 (2009-era, EOL framework) hosted on shared hosting (Hostido) and deployed via FTP.
**Live domain:** centrumcopy.com.pl
**Deployment:** FTP upload via VS Code `ftp-kr` extension
## Quick Stats
| Item | Value |
|------|-------|
| Framework | Kohana 2.3.4 (EOL ~2016) |
| Language | PHP (5.2+ minimum, likely running 7.x on host) |
| Database | MySQL — 5 tables |
| Frontend | Vanilla HTML/CSS/JS, no build tools |
| Test coverage | 0% |
| External APIs | None functional (all legacy/defunct) |
## Key Features
- **CMS pages** — slug-based content via `page` table, hierarchical navigation (`parent_id`)
- **Product catalogue** — static pages managed via admin CMS
- **Admin panel** — CRUD for pages, users, gallery, news (some incomplete)
- **Gallery** — image gallery module (admin side unimplemented)
- **News** — news module (controller missing, planned only)
- **Contact** — form with Google Maps (v2, non-functional)
## Critical Issues (act immediately)
1. **Backdoor**`admin/force/login` grants full admin access with no password (`application/controllers/admin/force.php`)
2. **Credentials in git** — DB password in `application/config/database.php`, FTP password in `.vscode/ftp-kr.json`
3. **Debug data leak**`print_r($_POST)` in login controller exposes credentials in HTTP response
4. **Install controller**`application/controllers/install.php` is publicly accessible and can reset users
## Architecture in One Paragraph
`index.php` bootstraps Kohana's event system. URLs route to controllers under `application/controllers/front/` (public) or `application/controllers/admin/` (protected). Controllers extend `Base_Front_Controller` or `Base_Admin_Controller` which set up layout/auth. Models are thin Kohana ORM wrappers. Views use a layout+partial pattern: controller assigns an inner view to `$this->view->content`, then calls `$this->view->render(true)`.
## Document Index
| Document | Contents |
|----------|----------|
| [stack.md](stack.md) | Languages, framework, libraries, external services, infrastructure |
| [architecture.md](architecture.md) | Directory structure, MVC layout, routing, business domains |
| [conventions.md](conventions.md) | Naming, code style, patterns, auth, security practices |
| [concerns.md](concerns.md) | Security issues, technical debt, risks — with severity ratings |
| [db_schema.md](db_schema.md) | Table structures, columns, relationships |
## What's Working
- Public CMS pages render correctly
- Admin login and page management
- Contact form (email via SwiftMailer)
- Static product catalogue pages
## What's Broken / Missing
- Google Maps contact page (API v2 shutdown 2010)
- Flash banner (Flash EOL)
- Gallery admin (no controller)
- News section (no controller)
- Google Analytics (key empty + `IN_PRODUCTION=false`)
- IE7.js CDN (Google Code shutdown 2016)