About Tuskfish CMS (V2)
7 April 2022 3716 views | Documentation v2
Tuskfish is a micro content management system (CMS). It is designed to provide a minimalist yet capable website publishing framework, with the tools that you need and nothing that you don’t. It is fast, easy to use and simple to maintain.
Tuskfish is suitable for publishing blogs, static “brochure” sites, photo galleries, electronic libraries, podcasts or any combination of the above. It can handle text articles, photos, audio and video recordings (with inline HTML5 player, or embedded via Youtube), downloadable files, static pages, or even automatically generate Google maps from GPS tracks. Content can be organised into collections and labelled with tags. Tuskfish can be extended to handle additional content types.
Tuskfish is simple enough to be used ‘as is’ by the novice webmaster, but with a basic knowledge of PHP and HTML (editing a line here or there) Tuskfish provides a highly flexible web publishing platform in a fast, lightweight package.
Key features
Publishing
- Publish mixed stream of content (articles, downloads, galleries, audio, videos, maps/GPS tracks) with a simple data entry form.
- Organise your content with tags, collections and data types.
- Bootstrap-based themes with responsive, mobile first designs.
- SEO-friendly links and customisable meta tags for every piece of content.
- Well documented, with a "plain English" user manual, development guide and API.
Technical
- Small, modern code base (PHP 8 ready, compatible with PHP 7.2+) that is fully documented and easy to understand.
- Embedded SQLite database, a separate database server is not required.
- Native PHP template engine.
- Automatic image scaling and caching. Thumbnails rebuild according to dimensions specified in templates.
- Tiny core library ~500 KB in size.
Security
- Single super administrator only.
- Explicitly minimised attack surface with minimal use of external libraries.
- Minimal public-facing code base. Most of the code lives outside the web root.
- Rigorous data validation. Tuskfish components do not trust one another.
- Prepared statements with bound parameters (PDO) as protection against SQL injection.
- No online password recovery (offline is available).
- Optional two-factor authentication with Yubikey hardware tokens.
Limitations
- Tuskfish is not suitable for 'community' style websites. It only supports a single user (the administrator) and content editors (staff). Posting of content by random members of the public is not supported, and the author considers this a 'feature'.
System requirements
- Apache webserver.
- PHP 7.2+ (tested to 8.3.8) with SQLite3 and PDO extensions and PDO_SQLITE driver.
- GD2 extension is required for image scaling.
- curl is required for optional two-factor authentication.
Bill of materials
Tuskfish CMS 2.0.7 contains the following 3rd party libraries:
- Auth_Yubico 2.6: Optional library used for two-factor authentication with a Yubikey hardware token.
- Bootstrap 5.3.2: Front end GUI library for default theme.
- DICE 4.0.3: Lightweight dependency injection container used to simplify code.
- FontAwesome 6.4.2: Icons for front-end themes.
- jQuery 3.7.1: Simplifies basic operations in Javascript, also a Boostrap dependency for themes below version 5.
Backend only
- Bootstrap-datepicker 1.9.0: Widget for selecting dates in content submission forms.
- Bootstrap-fileinput 5.2.8: Widget for uploading files and images in content submission forms.
- HTMLPurifier 4.14: Used for input validation of HTML in content forms. Note that it is not used for output validation due to its weight.
- htmx 1.9.6: Allows content to be toggled on and offline without page reloads.
- TinyMCE 6.4.2: WYSIWYG editor for content submission forms.
Copyright, all rights reserved.