Jump to content

GuruMeditation

Members
  • Posts

    171
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by GuruMeditation

  1. Thanks for this. Glad I installed it as I had permission issues and mixed collation throughout the database. I have no idea what I'm doing, but I changed them all to utf8_general_ci and I assume all is good as nothing has blown up, and the satellites are still orbiting the earth.
  2. I just set up a textarea field, add the Textile formatter to it, and then use the appropriate code such as bc.. which is short for block code. bc.. INPUT "What is your name: ", UserName$ PRINT "Hello "; UserName$ DO INPUT "How many stars do you want: ", NumStars Stars$ = STRING$(NumStars, "*") PRINT Stars$ For more info have a look here. Hope that helps?
  3. Yeah I've seen conflicting views on things, hence the reason I asked for advice on here. I like the last version with Flashdata and $notices, but I'm unsure if there are any potential problems with it. Hopefully someone with the knowledge can give me a definate answer as to whether or not that method is ok. Thanks for the reply.
  4. Or, I could use Flashdata I suppose, which seems a lot neater? <?php $forbidden = array("mod", "moderator", "admin", "administrator"); foreach($notices as $notice) { if($notice instanceof NoticeError) { echo "<p>$notice->text</p>"; } } // If the submit button is clicked, process the form. if($input->post->submit) { $cp = $sanitizer->text($input->post->captcha); $dn = $sanitizer->text($input->post->displayName); if($cp==""){ $session->error("Captcha cannot be blank"); } elseif($cp!=="zebra") { $session->error("Captcha is not correct"); } if($dn==""){ $session->error("Display name cannot be blank!"); } elseif(in_array($dn, $forbidden)){ $session->error($dn . " is a forbidden name."); } $session->redirect('./'); // If the submit button hasn't been clicked, render the form. } else { echo "<form action='./' method='post'> <fieldset> <legend>Testing a form with validation...</legend> <div class='row'> <div class='large-12 columns'> <label>Type in zebra <input type='text' maxlength='30' name='captcha' /> </label> </div> </div> <div class='row'> <div class='large-12 columns'> <label>Enter a display name <input type='text' maxlength='30' name='displayName' /> </label> </div> </div> <div class='row'> <div class='large-12 columns'> <button class='small' type='submit' name='submit' value='Send'>Test</button> </div> </div> </fieldset> </form> "; }
  5. Hi all, I want to process a form, and display an error message under certain conditions. I know there are other ways of doing this, but I kind of like the idea of using $session->set and $session->get to store and retrieve my error messages. This is the first time I have used $session->set(). Is this method ok? <?php $error = $session->get($errorMsg); echo $error; // Clear the session variable so it doesn't display again if the page is reloaded. $session->set($errorMsg, ""); // If the submit button is clicked, process the form. if($input->post->submit) { $test = $sanitizer->textarea($input->post->test); if($test==""){ $error = "Error: You left it blank!"; } elseif($test=="poop"){ $error = "Error: Poop is not allowed!"; } else { $error = ""; } $session->set($errorMsg, $error); $session->redirect('./'); // If the submit button hasn't been clicked, render the form. } else { echo "<form action='./' method='post'> <fieldset> <legend>Testing a form with validation...</legend> <div class='row'> <div class='large-12 columns'> <textarea name='test' rows='10'></textarea> </div> </div> <div class='row'> <div class='large-12 columns'> <button class='small' type='submit' name='submit' value='Send'>Test</button> </div> </div> </fieldset> </form> "; }
  6. As far as I'm aware, you only need to santize actual user input like that typed in a textarea, or a url etc as they can basically type in whatever they wish. As your select boxes are predefined by you and can't be edited by your user, you don't need to santize it. But someone feel free to correct me if I'm wrong.
  7. Just a quick update, I've now got some code to show, to explain exactly what I mean. I've set up some pages which will act as forum categories. These use a template called forum_cat. I have also set up a page field called forum_access which is attached to this template. The forum_access field has the parent admin/access/Roles so that I can select which roles are allowed to view that forum category. $forumCategories = $pages->find("template=forum_cat"); foreach($forumCategories as $forumCategory) { foreach($forumCategory->forum_access as $forumAccess) { if($user->roles->has($forumAccess)) { echo $forumCategory->title; break; } } } } So back to the original question, is this just as safe as using a standard permission? I want to do it this way so that each forum category acts as a setting page for that particular category. Thanks again.
  8. Well I will be the only back-end admin on the site. All other editing will be via the front-end through pages and forms I've created. This is the reason I'm setting up an admin page with my own permissions (checkboxes), so that I can organise them better for myself.
  9. Exactly. I just wanted to know that these will basically work the same. If(theCheckboxForThisPortionIsChecked){ // Not logical I know, but you know what I mean? echo "Show this"; } if($user->hasPermission("forThisPortion")) { echo "Show this"; } Or does hasPermission have some hidden security features that the former doesn't?
  10. Hi all, me again Please don't ask why I want to do this rather than to use the built in permission routines, but I really have my nutty professor reasons. If I add an option to a page called Allowed, and that option is a checkbox, would that be sufficient to be used as a permission for viewing a certain restricted part of a page? By this, I mean if I check for whether or not it's ticked? If it is ticked I allow them to see something, and if not I don't. Or am I missing something in regards to security?
  11. Hi all, I know I have waffled on about a forum module etc before, but I really am determined to stick with PW for both my main site and an integrated and basic forum. I have now found an example of the sort of forum I wish to create. Have a look at the Symphony forum, it's simple and integrated. This is exactly what I'm after. Now correct me if I'm wrong, but if we strip it right back to the basics, wouldn't this be achievable with permissions and foreach loops for the categories, threads etc? I already have most of the code in place for extended profiles. Deleting threads (pages), moving them, renaming them and editing them will be simple enough thanks to the power of the PW API. Posting should be easy enough if I use Textile etc. Banning members shouldn't be a problem as I could cross-reference IP addresses, e-mails etc. Am I on the right track with this, or do I just need to give up? Thanks.
  12. Thanks for the headsup. Hi Ryan. I actually do run an IP.Board website and have purchased IP.Content / downloads etc etc, but since using PW, it just feels fat. I've always found it a pain to get my site looking how I want. I know the new upcoming version looks set to address a lot of the issues, but I still much prefer to use PW as I can get my site to behave exactly how I want. I'm just after a basic forum for my new site, one where members can post new threads, reply, view each others profiles etc. I was under the impression that this could be achieved with PW, although perhaps I'm missing something? Thanks.
  13. This looks interesting. Would this be ideal for setting up a custom profile page? I'm thinking the Table fieldtype might be ideal for that purpose? Let's say I want my user to be able to fill in all the following for their profile: Avatar Display name E-mail Gender Hobbies Dislikes Location About Me I'm assuming ProFields will make this easy to accomplish? Also, as I'm creating a basic forum, I'd like a create a page that can store forum permissions etc for each user group. Would ProFields fit my needs? It would need options to allow or disallow topic editing, profile viewing, content deletion, content posting etc etc. A bit like the AdminCP for this forum, only on a far smaller scale. Thanks.
  14. Another +1 for a MarkItUp module. On another note, does anyone know what this forum uses for its editor?
  15. LOL - No need to apologise. I often reinvent the wheel. It's great to know these methods. How do you find this magic? Where is it hidden? I'm keen to find the other hidden goodies. Oh well, it was a nice coding exercise. Edit: I found the hidden goodies in the Functions.php file in wire/core (as Martijn mentioned, and I missed) - Nice.
  16. Hello everyone. I thought I'd share a few of the functions I've been working on in case any new users etc find them useful. I've not been programming in PHP long, so excuse the sloppy code, and if you find any errors etc, let me know and I will update it. The following function basically takes your $page date and returns it in either hours and minutes if the page is less than a day old, or as sandard if it's older. This could also be extended to display the date as yesterday etc as well. If people are interested, I can add more, and feel free to add your own. function formatDate($itemDate) { // Let's check the item date against the current date so that we can work out the date and time difference. $itemDateTime = new DateTime($itemDate); $currentDateTime = new DateTime('now'); $interval = $itemDateTime->diff($currentDateTime); $day = $interval->format('%d'); $hour = $interval->format('%h'); $minute = $interval->format('%i'); // If it's less than a day, display the date as hours and minutes since the post. // $day == 0 means there is no day difference, i.e we know it is on the same day. if($hour < 24 && $day == 0){ // If it's been less than an hour. if($hour < 1){ if($minute == 0){ $itemDate = "less than a minute ago"; } elseif($minute == 1){ $itemDate = $minute . " minute ago"; } else{ $itemDate = $minute . " minutes ago"; } } // If it's been more than an hour and less than a day. elseif($hour >= 1 && $hour < 24){ if($hour == 1 && $minute == 0){ $itemDate = $hour . " hour ago"; } elseif($hour == 1 && $minute == 1){ $itemDate = $hour . " hour and " . $minute . " minute ago"; } elseif($hour == 1 && $minute > 1){ $itemDate = $hour . " hour and " . $minute . " minutes ago"; } elseif($hour > 1 && $minute == 0){ $itemDate = $hour . " hours ago"; } elseif($hour > 1 && $minute == 1){ $itemDate = $hour . " hours and " . $minute . " minute ago"; } elseif($hour > 1 && $minute > 1){ $itemDate = $hour . " hours and " . $minute . " minutes ago"; } } } // If it's more than a day, just post the standard date. else { $itemDate = $itemDate; } return $itemDate; } The following function can be used in conjunction with the formatDate($itemDate) above. /* This function outputs each article / page header according to how we want it. ** $icon = Font Awesome icon etc, i.e "fa fa-link" which could be used if we create a links system. ** $item = Usually the $page we call the function from. ** $type = A string in the form of Article, Link etc. ** Example: If we call the function with the following args showItemHeader("fa fa-link", $link, "Link"); ** We will see the following displayed: (link icon) Link published 22 hours ago in Website Links ** Obviously change the markup to suit your own needs. */ function showItemHeader($icon, $item, $type) { echo "<h3><a href='{$item->url}'>{$item->title}</a></h3>" . "<h6><i class='$icon'></i> " . $type . " published: " . formatDate($item->date) . " in " . "<a href='{$item->parent->url}'>{$item->parent->title}</a></h6>"; }
  17. You are right, I removed the latter <script src="<?=$config->urls->templates;?>js/vendor/jquery.js"></script> and it worked. But what confuses me there is that I've not added that recently and it worked before. Still, thanks again for spotting that.
  18. Hi all, I've just spent most of the night trying to debug this to no avail. My site has been working as expected for a while now, but over the last two days I've noticed a few weird issues. The only thing I've changed is to update my foundation 5 files from 5.1.1 to 5.2.2, so I reckon it might be something to do with that? However, I was hoping you'd have a look at the following code to make sure I've not done something stupid. The following code has been cut back to the basics for troubleshooting, and should just load the duckduckgo logo in a fancybox popup window, but it loads it as a flat page instead. <!DOCTYPE html> <!--[if IE 9]><html class="lt-ie10" lang="en" > <![endif]--> <html class="no-js" lang="en" > <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"> <link rel="stylesheet" type="text/css" href="<?=$config->urls->templates;?>css/normalize.css"> <link rel="stylesheet" type="text/css" href="<?=$config->urls->templates;?>css/foundation.css"> <link rel="stylesheet" type="text/css" href="<?=$config->urls->templates;?>css/font-awesome.min.css"> <link rel="stylesheet" type="text/css" href="<?=$config->urls->templates;?>css/custom.css"> <link rel="stylesheet" type="text/css" href="<?=$config->urls->templates;?>fb/jquery.fancybox.css"> <script type="text/javascript" src="http://code.jquery.com/jquery-latest.min.js"></script> <script src="<?=$config->urls->templates;?>fb/jquery.fancybox.pack.js"></script> <script src="<?=$config->urls->templates;?>js/vendor/modernizr.js"></script> <title><?=$pages->get("/")->site_name;?> | <?=$page->title;?></title> </head> <body> <div class="container"> <a class='th single_1' href='https://duckduckgo.com/assets/_logo_next.png' title='duck'><img src='https://duckduckgo.com/assets/_logo_next.png' alt='duck' /></a> </div> <script src="<?=$config->urls->templates;?>js/vendor/fastclick.js"></script> <script src="<?=$config->urls->templates;?>js/vendor/jquery.js"></script> <script src="<?=$config->urls->templates;?>js/foundation.min.js"></script> <script type="text/javascript"> $(document).foundation({ orbit: { animation: 'fade', timer_speed: 8000, pause_on_hover: true, animation_speed: 500, swipe: true, resume_on_mouseout: true, slide_number: false, navigation_arrows: false, bullets: false } }); </script> <script type="text/javascript"> $('a[href*="/assets/files/"]:has(img)').addClass('th single_1'); </script> <script type="text/javascript"> $(document).ready(function() { $(".single_1").fancybox({ openEffect : 'elastic', closeEffect : 'elastic', helpers : { title : { type : 'inside' }, overlay : { locked : false } } }); }) </script> </body> </html>
  19. I like the look of Quill. I'm currently looking for a safe editor for the simple forum I'm creating. I do have a somewhat stupid question though. The editor on the Quill page shows an embedded image etc. If the content of the Quill editor was santized, what exactly would happen to the content, and more importantly, the image? Would you santize it as a textarea?
  20. I do have one more question which I forgot to ask. Will it be safe to use $sanitizer->text($input->post->displayname) rather than $sanitizer->name($input->post->displayname) for the display name? The display name will only be used like it is on this forum. I'd like my users to be able to have spaces etc in their display names.
  21. Thanks for the info and the link. You have more or less answered my questions, so I'll mark this as solved. Thanks again.
  22. Hello all, I've come up with the following code to allow a user to update their profile information from the front end. It's part of some code that will allow them to edit other content too. I've decided to use URL Segments to help determine the page they are trying to edit, as well as their name etc. So this piece of code will basically allow them to update their Display Name. I just now need to add a piece of code to save the updated data back to the user profile fields etc. The code works as I would expect, and I know there will be more efficient ways of going about this, but this is easy for me to read as it is. So I'm basically here to ask whether or not this is an ok way to go about things? Is it secure? Can you see any major issues? Obviously I will add more profile fields etc, like e-mail, avatar pic, sex etc. I guess I'm just lacking a bit of confidence on the security front. I don't want users to have their profile info hacked from my sloppy coding etc <?php if($_POST['submit']) { echo "Form was submitted."; $new_display_name = $sanitizer->text($input->post->displayname); // The code to save the updated info for the profile will go here. } // Make sure the user has permission before showing the page to edit. if($user->hasPermission("edit_content")) { $edit_page = $input->urlSegment1; // The user is trying to edit their profile. if($edit_page == "profile") { if($user->name == $input->urlSegment2 or $user->isSuperuser()){ $user_display_name = $user->user_display_name; ?> <form action='./' method='post'> <div class="row"> <div class="large-12 columns"> <label>Display Name <input type="text" maxlength="26" name="displayname" value="<?php echo $user_display_name; ?>" /> </label> </div> </div> <div class="row"> <div class="large-12 columns"> <button type="submit" name="submit" value="Send">Update Profile</button> </div> </div> </form> <?php } else { echo "You cannot edit this profile."; } } elseif($edit_page == "link") { echo "You are editing the following link page: " . $input->urlSegment2; } } else { echo "You do not have permission to edit content."; } Thanks in advance.
  23. Thanks for the replies. I decided to purchase the Form Builder. I'm not sure if I'll use it anytime soon, but I feel it's important to put a bit of money back into PW if we can manage it. I think I'll have a look into creating a few functions soon to tidy up my code a bit. I've just spent the last few days reformatting my initial sloppy code. But I'm still loving it. This is the longest time I've spent doing any kind of programming since Amiga E on the er, Amiga.
×
×
  • Create New...