Beruflich Dokumente
Kultur Dokumente
Table of Contents
Bells And Whistles . . . Adopting A Moderate Approach If Looks Could Kill... . . . Bringing In The Database . . A Well-Formed Plan . . . When Things Go Wrong . . Locking It Down . . . . Over And Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 3 5 7 9 10 12
done! Now, whenever a user tries to enter a comment in your guestbook, a message will appear indicating that the entry will be moderated, The administrator - in other words, you - can then selectively approve or reject each comment via the site administration module. In order to do this, navigate back to the administration module, and select the "Voice of the People" entry from the drop-down menu at the top of the page. On the resulting information screen, navigate to the "General Settings" section and you will be presented with a list of all active and
You can update the status of inactive entries. each entry, and use the "Update Status" command to save your changes; all entries marked as active will not appear in the guestbook.
<?PHP// snip// Directory where the templates for subscription pages are stored$skins_dir = "skins";
Look inside this directory, and youll see a structure like this:
||
-------
img|
||
-------
Do those directory names ring a bell? They should - theyre the template names that appear every time you create a new guestbook. So, if you want to create your own set of templates, this is obviously a good way to start. Now, the patGuestbook application uses three different templates for rendering the user interface: 1. patGuestbookList.tmpl - this is the template that displays the entries in the guestbook 2. patGuestbookAdd.tmpl - this is the template which handles adding new entries to the guestbook 3. patGuestbookDisabled.tmpl - this template simply displays an error message when a particular guestbook is disabled Lets start with the "patGuestbookList.tmpl" file. To make things easier, Ill give you a quick peek at the desired output before I explain the templates innards to you. [image]image3.jpg[/image] Now, if you take a close look at it, youll see that this is very similar to the "textonly" template - all Ive really done is add a navigation menu to the left side of the page. Im going to call my new template "melonfire" (feel free to name your appropriately), and so my first task is to create a directory parallel to the "pat and "textonly" folders in the "skins" directory. Under this directory, Ill add an "img" directory to store images, and a "styles" directory to store stylesheets. Next up, the page layout. After much thought and coffee-napkin scrawls, I decided on a simple two-column layout for my guestbook, with the navigation bar in the left column and the main guestbook content in the right one. Heres the basic skeleton:
Since the menu on the left is going to be constant across all pages, it can be hardcoded into the template here it is:
<tr>
<td><a href="http:
Of course, since the menu is going to be constant across the pages, you can even abstract it into another template - I leave that to you as an exercise.
Chaos, youre thinking...and rightly so. But let me help make some sense of it. 1. First, the page header, displaying the name of the guestbook.
Welcome to {GB_NAME}!<br><br>
</td></tr>
{GB_NAME} is a special patGuestbook template variable that will be replaced by the name of the guestbook specified at run time - in this example, "Voice of the People". 2. Next, I have to define the template used for display of each field in the guestbook. In this example, I would like to display the name of the user along with the time at which the entry was saved.
Once I am done with the users name via the {ENTRY_NAME} and {ENTRY_DATE} variables, I can proceed to the users email address and URL.
Once again, two special patGuestbook variables -{ENTRY_EMAIL} and {ENTRY_HOMEPAGE} - are used to retrieve the information entered by the user. I can also display the appropriate labels for each field via the {LABEL_EMAIL} and {LABEL_HOMEPAGE} variables. How about displaying the heart of the guestbook - the users comments?
<tr>
One of the configuration variables in the guestbook is the number of entries to be displayed on a single page. So, I also need to add paging logic, and a link to add new entries to the system.
<tr>
<td>
The {URL_PREVIOUSPAGE} and {URL_NEXTPAGE} variables are used to display the links to the previous and next page, if required. the {URL_ADDENTRY} variable contains the URL that allows users to add a new entry to the guestbook.
A Well-Formed Plan
So that takes care of the main guestbook page - now how about customizing the input form for new entries? Heres what it should look like,
Ugly isnt it? 1. First, the page header, displaying the name of the guestbook.
2. The template that displays a message to the user when moderation follows the header.
3. This is followed by a list of error messages, which are displayed when required fields are left empty.
Feel free to edit the error messages above to reflect the personality and style of your site. 4. Finally, the meat of the template - the form that is displayed to the user. As usual, there are pre-defined patGuestbook templates that I can work with for this section. Remember to be careful when tweaking these templates (unless, of course, youre comfortable with patTemplate, in which case, tweak away!).
For each field in the guestbook, I have two tags - one displaying the label and the other displaying the form field to the user. For example, for the users name, Ive used the {LABEL_NAME} variable for the label and the {ENTRY_NAME} variable for the text box that is displayed to the user.
<p> </p>
Pretty simple, this - plain ol HTML, no fancy-shmancy gimmicks or convoluted variables. In order to see what it looks like, turn off a guestbook from the administration module and try accessing it - you should see something like this:
Thats about it for the user interface templates that can be customized. If you thought that was easy and youre hankering for another challenge, you can always try customizing the administration module as well (alternatively, you could get up from your computer and go get yourself a life).
Locking It Down
If there is one drawback to the patGuestbook application, it is the lack of security for the administration module. By default, patGuestbook leaves the entire administration section totally unprotected and open to malicious attacks. If youre using the Apache Web server (you probably are), you can access the servers authentication features to add basic security to this section. In order to illustrate how this works, lets consider a simple example. Lets assume the existence of the following directory structure:
/usr/local/apache/htdocs/patGuestbook/
example.php
Now, lets suppose that I want to protect the directory "admin". Its fairly simple to do with HTTP authentication. The first step is to ensure that your Apache build includes support for the "mod_auth" module. You can check this by executing the Apache binary with the "-l" command-line option.
http_core.c
mod_env.c
mod_log_config.c
mod
If you dont see "mod_auth" in the list, youll need to recompile Apache with support for that module. Next, check Apaches configuration file, "httpd.conf", and ensure that the option
AllowOverride All
is present in the section for the server document root. This allows you to override global server settings via per-directory ".htaccess" control files. Next, create a file named ".htaccess" in the "admin" directory, and put the following lines into it:
This tells the server that access to the "admin" directory (the directory in which the ".htaccess" file is located) is to be controlled, and access is to be granted to users based on the username/password information in the file "/usr/local/apache/users" The final step is to create the "users" file. Change to the "/usr/local/apache" directory (or whichever directory youve decided to store the user data in) and use the "htpasswd" command:
$ htpasswd -c users johnNew password: ****Re-type new password: ****Adding password for user john
You can add more users to this file if you like (remember to omit the "-c" parameter for all subsequent additions, as that parameter creates a brand-new, empty file). Remember *not* to store the "users" file in a directory under the server document root, or else malicious users will be able to view and download the password database through a browser. Now, attempt to access the "admin" directory via your Web browser. The browser should pop up a dialog box and prompt you for a username and password. Access to the "admin" directory will be granted only if you enter a correct username and password, as defined in the "users" file. Note that this is very primitive authentication, and can substantially add to the load on your Web server if it involves a large number of users. For a more comprehensive solution, take a look at http://www.devshed.com/Server_Side/PHP/UserAuth