Top 3 Shortcuts To Writing Your Own CMS

by C.L. Greene

So you've decided use your mad programming skills to write your own CMS. Everyone else thinks you're crazy but you don't care. If you were sensible you'd be learning how to configure Drupal, if you were lazy you'd use Joomla, but you need something a little less generic. Here are my top 3 tips to writing the Content Management System you've always dreamed about.

Text Input

You're going to need some way to type stuff into your CMS. Yes, I know that you can type immaculately formed XHTML 1.0 Strict straight into a standard text box, but consider these possibilities:

So the first shortcut is this: Use a free WYSIWGY editor instead of writing your own.

There are a few out there, probably the most popular being TinyMCE and FCKeditor. These babies let you use a lovely text editor in your CMS. You can configure them to be very basic, with just the usual bold, italics and suchlike, or to be complicated, full-featured editors. They are free, with TinyMCE being licensed under the LGPL, and FCKeditor triple-licensed as LGPL, GPL and MPL, so you can nick the code and use it in your all-conquering search engine while you're at it. They output XHTML, which is nice. So look for a ready-made editor, it'll save you loads of time.

Generating Feeds

You're surely going to need newsfeeds in your new CMS, but where's the fun in programming those? They have to conform to strict standards and be valid XML, so you've got nothing to gain by re-inventing the wheel, and it'll just annoy you when you have to debug minor errors.

So the next shortcut is to Use A Feed Generator Script That Somebody Else Wrote.

What you use depends on what language you're writing the CMS in, whether you want an RSS or Atom feed, and so on. There are also a few feed generator script tutorials that you can follow (or skip to the end and steal the code, which I don't recommend of course.)


You're probably thinking, "Yeah, a shortcut to security. This oughta be good!"

But that's not the shortcut. The third shortcut is to Read security guides BEFORE you start writing the CMS.

You might think that it will be easiest to just hack away at a "proof of concept", then once it's up and running you can just tack on the security. This won't seem like such a good idea when your site has been hacked and you end up having to rewrite big chunks of your lovely code. If you read up on the security aspects beforehand and incorporate them into your initial design, you will save an enormous amount of time in the long run. Anyway, at the start of the project you will be ready to take on the world, and by the end you will probably be flagging. Best get the boring stuff out of the way first. Then at the end you can have all sorts of fun trying to crash the CMS with invalid input, which is always fun. (Plus, you can't get arrested for doing it to your own site. Actually, under the Patriot Act you probably can. Just don't report yourself and you should be OK.)

There are people out there who care passionately about security. They have written guides for people like us who can't get worked up about it. Read them, and use them like checklists to make sure you've thought of everything.


So there you go. If you're crazy enough, I mean if you're skilled enough to write your own CMS, you can afford to take a few shortcuts here and there. Don't bother writing an editor, there are great ones out there for free that do everything you want already. Beg, borrow or steal code for boring stuff like generating RSS feeds. Don't skimp on security, but do save time by designing security into your CMS right from the start. Now that you know a few timesavers, you can go out there and use your coding skills to create a custom CMS to be proud of.