Project-Pro/centrumcopy.com.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
centrumcopy.com.pl/.paul/codebase/overview.md
Jacek Pyziak e6a09f6c95 update
2026-04-30 21:31:32 +02:00

3.0 KiB
Raw Permalink Blame History

Codebase Overview — centrumcopy.com.pl

Project Summary

B2B e-commerce/catalogue website for a photocopier and office equipment distributor. The site is a legacy PHP application built on Kohana 2.3.4 (2009-era, EOL framework) hosted on shared hosting (Hostido) and deployed via FTP.

Live domain: centrumcopy.com.pl
Deployment: FTP upload via VS Code ftp-kr extension

Quick Stats

Item Value
Framework Kohana 2.3.4 (EOL ~2016)
Language PHP (5.2+ minimum, likely running 7.x on host)
Database MySQL — 5 tables
Frontend Vanilla HTML/CSS/JS, no build tools
Test coverage 0%
External APIs None functional (all legacy/defunct)

Key Features

  • CMS pages — slug-based content via page table, hierarchical navigation (parent_id)
  • Product catalogue — static pages managed via admin CMS
  • Admin panel — CRUD for pages, users, gallery, news (some incomplete)
  • Gallery — image gallery module (admin side unimplemented)
  • News — news module (controller missing, planned only)
  • Contact — form with Google Maps (v2, non-functional)

Critical Issues (act immediately)

  1. Backdooradmin/force/login grants full admin access with no password (application/controllers/admin/force.php)
  2. Credentials in git — DB password in application/config/database.php, FTP password in .vscode/ftp-kr.json
  3. Debug data leakprint_r($_POST) in login controller exposes credentials in HTTP response
  4. Install controllerapplication/controllers/install.php is publicly accessible and can reset users

Architecture in One Paragraph

index.php bootstraps Kohana's event system. URLs route to controllers under application/controllers/front/ (public) or application/controllers/admin/ (protected). Controllers extend Base_Front_Controller or Base_Admin_Controller which set up layout/auth. Models are thin Kohana ORM wrappers. Views use a layout+partial pattern: controller assigns an inner view to $this->view->content, then calls $this->view->render(true).

Document Index

Document Contents
stack.md Languages, framework, libraries, external services, infrastructure
architecture.md Directory structure, MVC layout, routing, business domains
conventions.md Naming, code style, patterns, auth, security practices
concerns.md Security issues, technical debt, risks — with severity ratings
db_schema.md Table structures, columns, relationships

What's Working

  • Public CMS pages render correctly
  • Admin login and page management
  • Contact form (email via SwiftMailer)
  • Static product catalogue pages

What's Broken / Missing

  • Google Maps contact page (API v2 shutdown 2010)
  • Flash banner (Flash EOL)
  • Gallery admin (no controller)
  • News section (no controller)
  • Google Analytics (key empty + IN_PRODUCTION=false)
  • IE7.js CDN (Google Code shutdown 2016)
Reference in New Issue View Git Blame Copy Permalink