Well, I'm still trawling for a CMS for a site... but am now pondering whether or not I really need one.

Basically most/all of the features I need could be found in .post Nuke or PHP Nuke - but PHP Nuke is about as insecure as they come, and .post Nuke, while better, seems to be in a similar boat ( same base source ). So I've been trawling for more secure CMS's lately. A dynamic site is basically all I need, only I do need users to be able to upload files, each with seperate security levels for uploading differing file types, accessing different area's of the site, updating different area's of the site etc. I've tried several other 'CMS's that have just lacked any sort of power or flexibility in those regards ( they serve pages, do a bit of dynamic content, and call it a CMS. Some even allow you do upload files or certain inflexbile types, but they're still a long way short ), but have recently found a couple that actually look promising re: features and security.

...only it seems that the bigger and more secure CMS's are also much more powerful than I need. Two options I've found:

Zope (http://www.zope.org/)
Typo3 (http://typo3.org/)

....bear in mind I have a budget of $500-$1000 NZD ( single server licence ), so the 'Open source' tag is really a bonus rather than a necissity.

I'm just curious as to whether anybody has used either of the above CMS's and could give feedback, or could suggest a good closed-source option. Figured I'd ask first, as just learning these CMS systems will likely take a large investment of time.

....which brings up the question, should I bother? What are people's opinions of .post Nuke ( and I guess PHP Nuke - though I notice just by the number of Security Advisories, that project seems to be a little lost ) as a CMS?

unfortunately every man and his dog has decided they know the best way to write a CMS, so there are ****ing heaps of them out there... most being pretty damn substandard too.

the old nuke and forks (PHPNuke, PostNuke, Xoops, Xaraya) are really hard to beat for features a maturity. security isn't so much the big problem people make it out to be, it's just there's so many dumbasses who know enough to load a CMS onto a webserver, but don't have a clue how to secure it. it's much the same arguement as the old "omglol windows is so insecure bshaxfag" stuff. it also doesn't really help that PHPNuke for instance has an east staines massif codebase now, so tightening security is no small feat.

for what you've described i'd recommend XOOPS (http://www.xoops.org), as it is reasonably secure out of the box and implements a tried and true way of doing things. Mambo Opensource (http://www.mamboserver.com) is another option, although it might take a bit of tweaking to achieve what you want.

also, if you're prepared to pay for licensing pmachine (http://www.pmachine.com) is toight like a toiger, and reasonably priced too.

Cheers for that. I did wonder if that was basically how it was re: security.

Mambo was actually one of the 'sounded good but lacked waaay too many features' options that I tried. Especially regarding abilities of different user classes having access to view or modify different area's of the site.

I dunno, maybe it could have been coded in, but there sure wasn't much in the control panel interface or any of the configs - and besides, if I wanted to code it all I wouldn't be looking for a CMS ;).

I've noticed a few mentions of Xoops around, I might have to have a look at it. Haven't heard of pMachine - but then, people don't disuss the pay-ware options nearly as much online, so that's to be expected.