I run a website for a club in our high school. The first owner of the site used weebly.com to host the site, but eventually, someone was able to convince the school to pay the yearly fee to host it on a legit server, and that person built a website from scratch on that server (a2hosting.com, if it matters).
I now run the site, and recently added an 'Announcements' page, where I have been adding a <div> element at the top of the page every time the leader of the club askes me to. She has started using the announcements more and more, however, and I would like to build a private page which has a form that she can use to add some code to the announcements page.

tl;dr, I want to build a password-protected page that has a form that will insert a piece of code into a pre-existing page.

I don't really know where to start on how to develop this, if anyone has any ideas I would love to hear them!
What is your experience with web editing? I assume you're at least familiar with HTML but how about PHP?

Sounds like the easiest thing you can do is script that updates a .txt file with her message. Be sure to escape the HTML special chars and prevent any injections should anyone with malicious intent be able to sign in.

For the index page that displays this announcement you'll want to have a script that reads this file. You should certainly check if the file exists first. The script will read the contents of the file then place those contents inside the div. You may be able to do some date checking so that announcements are only displayed for X days; checking the last modified date would be ideal. So when you check that file exists you can also check the date of the file and if the file doesn't exist or is more than 7 days old the script won't embed the announcement code.

You want to check the file exists because if it doesn't, the script will error out and could prevent the rest of of your page from loading. At the very least you'll have an error displayed on your page.

There's a second way to clear the announcement that would require some more diligence but provides greater flexibility. After checking if the file exists, just read the file size of the file. If the file size is 0 end the script, if it's greater than 0, run the script to display the message. This way an announcement can be displayed for a few hours or a few weeks. When you're/she's/anybody's ready to remove it all they need to do is submit a blank form.

http://php.net/manual/en/function.file-exists.php
http://php.net/manual/en/function.file-get-contents.php
http://php.net/manual/en/function.fopen.php
http://php.net/manual/en/function.htmlspecialchars.php


Code:
$msgpath = 'path/to/annoucement.txt';

if(file_exists($msgpath) {
     $msg = htmlspecialchars(file_get_contents($msgpath));
     echo("<div id=\"annoucement\">$msg</div>");
} else {}


That's a very rudimentary idea but should get you started. The form used to submit the data should also point to a PHP script but I think it's best to tackle this as two seperate projects. One, trying to read data from a file. Two, trying to write data to a file. I advise trying to read data first so that way you can see if you are successfully writing the text to the file. Wink

The third project will be securing the input field behind a password. This topic here should get you started but I don't think it'll answer all your authentication questions. I advise against using a flatfile for this but it's doable. It'd be more secure in a MySQL database or something. Anyone can edit a flatfile, even with FTP access. All it takes is for someone to open the password file and make a change and now the hashes will never match. There's a bit more complexity when accessing a database but also less likely for someone to change something they shouldn't.

Heck, if you do go the MySQL/Database route you can even move the announcement system over to a database table. You can create a new line for each announcement so you have a history of prior announcements, log the date it was added and, if you so desire, add a new field where the submitter can determine the length of time the announcement is present on the home page.
Alex wrote:
It'd be more secure in a MySQL database or something. Anyone can edit a flatfile, even with FTP access. All it takes is for someone to open the password file and make a change and now the hashes will never match. There's a bit more complexity when accessing a database but also less likely for someone to change something they shouldn't.

Heck, if you do go the MySQL/Database route you can even move the announcement system over to a database table. You can create a new line for each announcement so you have a history of prior announcements, log the date it was added and, if you so desire, add a new field where the submitter can determine the length of time the announcement is present on the home page.


Can you, or someone, help point me in the right direction into figuring out exactly what a MySQL database is and how to use one to create the type of system that Alex has indicated above? On our website domain hosting site I see options to create such a server and add users to a server, but I dont really know what I would do after that, or anything at all regarding to SQL.

I've tried doing google searches and nothing helpful is coming up.
An apology in advance, I didn't make this sound very easy so I color coded the steps I recommend. Which, admittedly, is like 4 sentences.

An SQL Database is basically a series of tables used to look up information. Imagine it like an Excel workbook. Say you want to log all of your workouts in this workbook, so you create a sheet for how many miles you run each day. Two of the columns would be Miles & Time. You could then create more columns for more information, maybe you want to log the temperature, date, time of day, etc etc. But now you want to add more workouts. You can't use the same sheet because you'd start mixing up your runs with your bench presses and you can't really use the same columns for those two things.

So, you create a new sheet. On this one you have the weight you benched, how many reps you did, and how many sets you accomplished. You could even add in extraneous info like if the weights were iron or dense rubber, if you used a particular technique, etc etc. Using a database is very similar.

For example, Cemetech uses a sheet for all the topics created. So

Code:

Topic ID | Title   | Date
1234     | Topic 1 | DateTime Created
1235     | Topic 2 | DateTime Created
1236     | Topic 3 | DateTime Created
etc...


Where each pipe is a new column.

Then, in a new table we have all of the posts.

Code:

Post ID | Topic | User | Date of Post | Content
111111  | 1234  | 333  | DateTime     | Blah blah blah
111112  | 1234  | 934  | DateTime     | Blah blah blah
111113  | 1236  | 446  | DateTime     | Blah blah blah
111114  | 1234  | 123  | DateTime     | Blah blah blah
111115  | 1235  | 313  | DateTime     | Blah blah blah


So, when you load a topic the viewtopic.php script looks up the data and displays it. It'd be really cumbersome to have the posts and topics in the same table. Our list of users is in a third table, our program archives are in yet a fourth table. And there's a bunch more tables that make up the forum too. Don't try and store everything in one table.

For example, I'm making a site that will use at least 3 tables per page. I'll have a table for the main text, a second table for links supporting the main text, and a third table showing the scores for those links. Then there will likely be additional tables to support comments and other things too. It's been on the back burner for a while but I'll hopefully be picking it up again soon.

MySQL is a big thing to learn. So, take it in chunks. Work on learning how to display info from one table. Which, sounds like all you need to do. Looking at your use case, password protected page that has a form to add code into another page. You will need two tables but you'll only use one at a time. One to sign in, the other to modify/add the code.

You could store the username and password as a text file but best practice is to use a database. It'll be easier to support multiple users AND track when the log in. For instance, you can have the following columns on the login table:

Code:
User | Password | DateTime Last Logged in | IP


That way you can verify you last logged in and if that log in was malicious (changed the code to something else) you can check to see if the IP is associated with the school or somewhere far away.
The flaw here is that it would only save the last login info. So, if a user logs in again the IP and DateTime would be overwritten. Thus, you could even go one step further and create two tables for logging in: One with the username and password and a second for all login attempts (failed or successful). That way you can log a history for each user. Then you'll be able to see if an IP is regular or not. But, for the sake of simplicity and learning, let's just create the one table.

For the second table, you'd have something like this:

Code:
Content | DateTime


This is assuming you only have one page you wish to update via this method. I added the DateTime in there so, if desired, you can add a "This was last updated on: DateTime" on the page you'll be changing via this method.


Now, best practice would be something like this:
Table 1

Code:
Page ID | Page Title

Table 2

Code:
Page ID | Content | DateTime | User


When you log in, Table 1 is displayed. Allowing a user to select which page they want to edit. Then from there, you use the selected Page ID to look up the Page ID in Table 2. When displaying the content to visitors you'd use the Page ID to look up Table 2 and display the contents.
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement