New Web Site - I Need Advice

Onebadhawk
shop deals on amazon
the rocketry show
The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
GregGleason

GregGleason

Well-Known Member
Joined
Nov 13, 2009
Messages
4,674
Reaction score
45
I need some guidance from those of you who are web savvy out there. I serve on a board for a local home education community (a non-profit) and we are in need of migrating to a new web site. The web site will support a community of about 100 to 200 users. The primary need if for community. So from that standpoint, the critical needs are, all of which are related:

  • Ease of use (x3)
  • Layout simplicity
  • Comfortable look and feel

As far as functionality, the things that we would like to have are:

  • Membership database
  • Directory
  • Mass email function
  • Secure access for members
  • Public area
  • Calendar w/ event notification
  • Sign-up
  • Contact info
  • PayPal

Any help would be greatly appreciated.

Greg
 
Take a look at Joomla - the software is free and well supported by most hosts.

Here's a site I setup for my fire brigade https://keysboroughfirebrigade.com/

It allows for general public access but the Username/Password box is for our members to log in and access the training and events calendar.
Joomla supports a number of user levels from Admin right down to 'read only' users.

I have setup the brigade secretary to be an editor for the calendar - she can add/change/remove dates, but she's restricted from modifying any other part of the site. The brigade members can all log in and view the calendar but cannot change it.

Hope that helps :)

Good luck with your site!

Krusty
 
If you need a forum, another option is a vBulletin (commercial) or phpbb (free). Both have this capability fully on their own or with addons.
 
GregGleason said:
[*]Ease of use (x3)
Click to expand...

That eliminates Joomla -- it's not easy to learn

[*]Membership database
Click to expand...

I would discourage you from putting confidential contact information online, unless you know your security is very good.

[*]Mass email function
Click to expand...

How often will you be sending out emails? Even with users subscribing, you'll find yourself dealing with some ISPs flagging you as a spammer if you don't do this carefully.

[*]Secure access for members
Click to expand...

What kind of information is going to be secured? How secure it needs to be is directly affected by this.

[*]PayPal
Click to expand...

Basic PayPal integration isn't difficult, but requires more manual effort on the back end. Full PayPal integration is a bit more work, unless you can find a module for whatever web software you go with that has it built in.

-Kevin
 
So, is the quick answer is to go Third Party and have them build it?

Greg
 
GregGleason said:
So, is the quick answer is to go Third Party and have them build it?
Click to expand...

Possibly.

The challenge is that, depending on what platform they build it on may make it difficult for you (or someone else) to maintain.

This stuff is easy on paper. When you're dealing with people's money and potentially confidential information, the rules change, dramatically.

As an example, if TRF were compromised, what's the fallout beyond sheer annoyance? Not much.

If the site I work on during the day is compromised, what's the fallout? Much more significant, as it's an ecommerce website.

What you're looking at doing lies somewhere in between the two.

-Kevin
 
Hi Greg,

Depending on your budget, which if you're a not for profit may not be large, I would simply farm it out to a 3rd party, someone like GoDaddy, which have a lot of resources and can put this together very inexpensively. There are also many consultants that specialize in not-for profit, but they will still likely charge a lot more than a discount 3rd party like GoDaddy.

As for email campaigns, it is generally not an acceptable practise to launch an email campaign from your own internal resources. Even if you out-source your mail to to a 3rd party provider they will likely mitigate outbound emails on a daily basis. There are many valid reasons for this, which I will not get into and others may disagree as it is commonly done, but it is a bad idea. Again there are many reasonably priced 3rd parties that can take care of this for you, like campaigner, etc.

Also regardless of whom you engage for web development, don't assume they know what they are doing when it comes to best practises. There are a lot of developers out there that simply feel they are good enough to do web development without understanding some of the basic best practices from a security perspective. One of the most common things overlooked is to publish contact information in plain text within the code. The net effect of this will be that you are simply increasing the attack surface area of your published email which will increase spam over time. Considering spam is currently the highest method of propagating threats, this should be a concern. There are very easy methods of mitigating this activity. A common one is to obfuscate the email address in the code so that when the spam harvesters, who use automated methods to glean data from web pages, hit your site they cannot read the mailto links. There are many ways to obfuscate email addresses, from a simple graphic image of your email, which prevents the convenience of clicking the mailto link, to using various encryption methods on the mailto link. Your web developer should know about this and provide you with a suitable solution, keeping in mind that whatever solution they provide should be reviewed on a regular basis as spam harvesters do look for and employ ways around obfuscation techniques.

Storing user data or client information on a web server is another topic. My advice would be to consider your exposure of doing this as you may be putting yourself and or the organization at risk of legal action, this is often casually dismissed but should be considered even at this level. Keep in mind, databases are exploitable, as is any technology that is used on websites, Java, Flash, they all have unknown as well as unknown leveraged vulnerabilities. These nefarious techniques are well known, and can allow a would be attacker to use your site for their gain either by gleaning confidential information from your site or by redirecting traffic to your site and using it as a bot to eventually glean information from other unsuspecting surfers.

There are many other factors to consider as some other posters have touched on such as managing the content, etc...lots to consider!
 
Last edited:
If your budget is *really* small, farming it out to a third party may still be out of reach. If so, I recommend building a webpage on a blog site like Blogger or Wordpress. It's free, and ridiculously simple to set up and use. Both of these can be integrated with Google Calendar and mass emails can be handled with MailChimp which is also free (unless you have a really huge address list. I use Blogger and MailChimp for our church webpage as well as a couple blogs of my own. If I were to do it again, I would seriously consider using Wordpress because I have been told that it offers some functionality that Blogger dos not.

At the risk of offending anyone for linking you to "religious" stuff, here is a link to our church webpage that is built on Blogger. I have a page built with Google calendar but haven't implemented it yet because I haven't had time to work out a couple format issues that are functional but aren't quite the way I want it to look.

Church Webpage
 
GregGleason said:
Does anyone know anything about iPage?
Click to expand...

No experience with iPage, but the high school band director switched the band's website over to Wix a few years ago -- previously, it was in Joomla, but that wasn't something the Director had time to learn and it meant he had to rely on others for updates. He's been much happier since switching to Wix.

I have no experience with Wix, either.

-Kevin
 
MOODLE might be of interest. Paypal integration is there, user database and management is there, in fact, most of your requirements are there. I will be the first to admin that the calendar leaves something to be desired as of the last time I used it (a couple of years ago). Forums, https, public and private areas, personal blogs, instant messaging, e-mailing to groups... might be what you are looking for. Our school district has used it for a long time and I have managed the server for the last 5 years. Not a lot of customization on our site, but it can be done. Several others like Canvas by Instructure might also be a bit more of what you are looking for.
 

Similar threads

Zeus-cat
eRockets/Semroc response to your wish lists - lots of info from Randy
Replies
22
Views
8K
K'Tesh
K'Tesh
J
We know about the Mercury 7, but what about the Mercury 21?!?
Replies
12
Views
2K
JonathanDunbar
J
shreadvector
Sticky: List of useful web links with tons of information.
Replies
21
Views
28K
JohnnyLaw
J
apogee
RockSim Update Now Available
2
Replies
35
Views
3K
RickVB
RickVB
GuyNoir
NAR PREZ - DRAFT Response to FAA NPRM
Replies
20
Views
3K
denverdoc
denverdoc

Latest posts

Back
Top