Project-Pro/vidok.com
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cf1a0adb0b04ea3e89f0ac0b3b4aaffb1e4e27b7
vidok.com/.paul/codebase/integrations.md
Jacek Pyziak cf1a0adb0b docs: map existing codebase 
- stack.md (68 lines) - PHP/MySQL/Apache stack, vendored libraries
- architecture.md (131 lines) - Custom MVC CMS, dual-layer (front/admin)
- structure.md (170 lines) - Directory layout and conventions
- conventions.md (98 lines) - PHP snake_case, SCSS $c/$f prefixes, jQuery patterns
- testing.md (49 lines) - No automated tests detected
- integrations.md (111 lines) - Google Maps, PHPMailer, Pixieset, Facebook
- concerns.md (150 lines) - Critical security issues: hardcoded creds, MD5, unserialize
- db_schema.md (260 lines) - ~32 tables with pp_ prefix, inferred from source
- tech_changelog.md (9 lines) - Initial log entry

Co-Authored-By: Claude <noreply@anthropic.com>
2026-05-05 22:02:04 +02:00

5.0 KiB
Raw Blame History

External Integrations

Analysis Date: 2026-05-05

APIs & External Services

Maps & Geolocation:

  • Google Maps API — interactive contact/location maps on frontend

    • Integration: JavaScript API via https://maps.googleapis.com/maps/api/js?key=<key>
    • Auth: API key stored in pp_settings table as google_map_key
    • Toggle: google_maps setting in admin settings
    • Files: templates/site/contact.php, admin/templates/settings/settings.php

  • geoPlugin IP Geolocation — visitor IP-to-location lookup with currency detection

    • Service URL: http://www.geoplugin.net/php.gp?ip={IP}&base_currency={CURRENCY}
    • Library: autoload/class.geoplugin.php
    • No API key required (free service)

Fonts & CDN Resources:

  • Google Fonts — https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
    • File: admin/templates/site/main-layout.php
  • Google AJAX CDN — jQuery loaded from //ajax.googleapis.com/ajax/libs/jquery/2.1.4/
    • File: admin/templates/site/unlogged-layout.php

Social Media:

  • Facebook Likebox widget — fixed sidebar widget showing Facebook feed
    • App ID: 194295077275888 (hardcoded in iframe)
    • File: templates/site/facebook.php

Gallery:

  • Pixieset — external photo gallery service integration
    • Features: ZIP download of gallery images, mark favorites
    • AJAX endpoints: ajax.php?a=pixieset_*
    • Files: templates/articles/article-gallery.php, ajax.php

Data Storage

Databases:

  • MySQL 5.7+ — primary data store for all CMS content
    • Connection: credentials hardcoded in config.php (host, user, password, dbname)
    • Client: Medoo ORM (libraries/medoo/medoo.php)
    • Table prefix: pp_ (~32 tables)
    • Migrations: None detected — schema managed manually

File Storage:

  • Local filesystem — all user uploads stored on server
    • Images: images/ directory
    • Uploads: upload/ directory
    • Temp files: admin/temp/
    • Cache/WebP: cache/ directory
    • No cloud storage (no AWS S3, no CDN)

Caching:

  • Session-based cache via \Cache class (autoload/class.Cache.php)
    • Keys pattern: page_details:lang:id
    • File-based WebP image cache: cache/ directory

Authentication & Identity

Auth Provider:

  • Custom session-based authentication — no OAuth provider
    • Implementation: admin/index.php (session check + cookie auto-login)
    • Password storage: MD5 hashing (insecure — see concerns.md)
    • Session security: IP address validation stored in $_SESSION
    • Files: autoload/admin/factory/class.Users.php, autoload/admin/class.Site.php

OAuth Integrations:

  • None detected

Email & Messaging

SMTP Mail:

  • PHPMailer — SMTP-based transactional email
    • Library: libraries/phpmailer/class.phpmailer.php, libraries/phpmailer/class.smtp.php
    • Config: host, port, login, password stored in pp_settings table
    • Settings keys: email_host, email_port, email_login, email_password
    • Function: \S::send_email() in autoload/class.S.php
    • Used for: contact forms, newsletter delivery

Newsletter:

  • Custom database-driven newsletter system (no Mailchimp/SendGrid)
    • Templates: pp_newsletter_templates table
    • Subscribers: pp_newsletter table
    • Send log: pp_newsletter_send table
    • Files: autoload/front/factory/class.Newsletter.php

Analytics & Tracking

Analytics:

  • Custom code injection — third-party analytics configured via admin settings
    • Setting key: statistic_code (stored in pp_settings)
    • Injection point: before </head> in index.php
    • Supports: Google Analytics, Matomo, or any snippet

Error Tracking:

  • None detected — no Sentry, Rollbar, or similar

Security

CAPTCHA:

  • Custom JavaScript captcha for contact forms

    • Library: libraries/jquery/captcha.js, libraries/jquery/captcha.css
    • Toggle: contact_form_captcha setting
    • File: templates/site/contact.php

  • Google reCAPTCHA — used in some contact form variants

    • Secret key hardcoded in plugins/special-actions-middle.php (8 locations — see concerns.md)

CI/CD & Deployment

Hosting:

  • Shared hosting at serwer1574995.home.pl
    • Deployment: FTP via VS Code extension (.vscode/sftp.json, .vscode/ftp-kr.json)
    • No automated deployment pipeline

CI Pipeline:

  • None detected — no GitHub Actions, no CI configuration

Environment Configuration

Development:

  • Required config: Database credentials in config.php
  • No .env or .env.example — all config hardcoded
  • FTP settings: .vscode/sftp.json

Production:

  • Same config.php used for production (no environment separation)
  • No staging environment detected

Not Detected

  • Payment gateways (Stripe, PayPal, Przelewy24)
  • SMS services (Twilio, SMSAPI)
  • Cloud storage (AWS S3, Google Cloud Storage)
  • Error tracking (Sentry, Rollbar)
  • OAuth / SSO providers
  • Redis / Memcached
  • CDN (no Cloudflare, no CloudFront)
  • Webhooks (incoming or outgoing)

Integration audit: 2026-05-05 Update when adding/removing external services

Reference in New Issue View Git Blame Copy Permalink