Write a CMS in PHP

Editing a node

Create site24 by copying site23.

/cms
1. ...
2. site23
3. site24

In this chapter, we are going to create the node editor.

To test the result online, enter http://www.frasq.org/cms/site24 in the address bar of your navigator. Identify yourself with the name foobar and the password f00bar. Back to the home page, click on the link Legal information. Click on the Edit button in the banner of the page.

The editor displays the title, the URL, the abstract and the cloud of keywords of the node in separate text fields. Click on the French flag to edit the node in French. Click on the English flag to return to the version in English. Press the View button in the banner of the page.

The view of the node is displayed. Press on the Edit button to return to the editor. Add Publication to the abstract and the word publication to the cloud. Erase the URL and replace the title by Legal conditions. Press Edit to modify the node in the DB. The URL is automatically generated from the title.

NOTE: In this demonstration version, the content of the site can not be modified.

Start by creating the action editnode by adding the file editnode.php in the folder actions with the following content:

/cms/site24
1. actions
  1. editnode.php

editnode.php

require_once 'userhasrole.php';
require_once 'models/node.inc';

Loads the user_has_role function and the data model.

function editnode($lang, $arglist=false) {
global $supported_languages;
if (!user_has_role('writer')) {
return run('error/unauthorized', $lang);
}

Declares the global variable $supported_languages. Checks if the user is identified and if he is allowed to modify the content of the site.

$node=false;
if (is_array($arglist)) {
if (isset($arglist[0])) {
$node=$arglist[0];
}
}
if (!$node) {
return run('error/notfound', $lang);
}
$node_id = node_id($node);
if (!$node_id) {
return run('error/notfound', $lang);
}

Extracts the node number from the parameters of the call request in $node_id. Checks that $node_id exists in the DB. Sends back an HTTP 404 Not Found document in case of error.

$clang=false;
foreach ($supported_languages as $slang) {
if (isset($_POST[$slang . '_x'])) {
$clang=$slang;
break;
}
}
if (!$clang) {
if (isset($_POST['clang'])) {
$clang = $_POST['clang'];
}
else if (isset($_GET['clang'])) {
$clang = $_GET['clang'];
}
else {
$clang=$lang;
}
if (!in_array($clang, $supported_languages)) {
return run('error/notfound', $lang);
}
}

Determines the language of the content to edit. First test if the user has pressed one of the language selectors among the ones which are supported. Otherwise, tries to extract the hidden field clang sent in a POST or the parameter clang from the URL of a GET. Clicking on a language selector or on Edit in the form sends a POST. Clicking on Edit or View in the banner sends a GET. If the language specified in a POST or in a GET isn't supported, an HTTP 404 Not Found document is sent back. By default, the language of the content is identical to the language of the request.

$node_editor = build('nodeeditor', $lang, $clang, $node_id);
head('title', $node_id);
head('description', false);
head('keywords', false);
head('robots', 'noindex, nofollow');
$view=url('node', $clang) . '/'. $node_id;
$validate=url('node', $clang) . '/'. $node_id;
$banner = build('banner', $lang, compact('view', 'validate'));
$content = view('editing/editnode', $lang, compact('node_editor'));
$output = layout('editing', compact('banner', 'content'));
return $output;
}

Builds the block of the node editor with the language of the request, the language of the content and the node number by calling the nodeeditor function. Fills in the header of the final document. Note that since the direct display of a node isn't normally accessible, the fields exploited by search engines are empty. Adds the buttons View and Validate to the banner menu with the URL of the content of the node in parameter. Builds the view of the editor. Assembles the final document with the layout editing and returns it.

Add the file editing.phtml in the folder layouts with the following content:

/cms/site24
1. layouts
  1. editing.phtml

editing.phtml

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php echo $head; ?>
</head>
<body>
<div id="editor">
<?php echo $banner; ?>
<div id="content">
<?php echo $content; ?>
</div>
</div>
</body>
</html>

The editing.phtml layouts puts the whole body of the document in a <div id="editor"> tag. It doesn't display a footer. Modify the standard.phtml layout to embed the whole body of the document in a <div id="viewer"> tag:

standard.phtml

<body>
<div id="viewer">
<?php echo $banner; ?>
<div id="content">

Create the folders views/en/editing and views/fr/editing. Add the view of the editor in English in the folder views/en/editing and the French version in the folder views/fr/editing :

/cms/site24
1. views
  1. en
    1. editing
      1. nodeeditor.phtml
  2. fr
    1. editing
      1. nodeeditor.phtml

editnode_en.phtml

<?php echo $node_editor; ?>

editnode_fr.phtml

<?php echo $node_editor; ?>

To grant access to the editnode action, add an alias for each language in the file includes/aliases.inc:

aliases.inc

'edit/node' => 'editnode',

'edition/noeud' => 'editnode',

Add the file nodeeditor.php in the folder blocks with the following content:

/cms/site24
1. blocks
  1. nodeeditor.php

nodeeditor.php

require_once 'readarg.php';
require_once 'strtofname.php';
require_once 'models/node.inc';

Loads the functions readarg and strtofname and the data model.

Modify the file readarg.php in the folder library:

readarg.php

function readarg($s, $trim=true, $strip=true) {

Adds the parameter $strip.

if (is_array($s)) {
$r=array();
foreach ($s as $ss) {
$r[]=readarg($ss, $trim, $strip);
}
return $r;
}

Can filter a array of character strings.

if ($trim) {
$s = trim($s);
}
if ($strip) {
$s = strip_tags($s);
}
return $s;
}

Removes spaces at the beginning and at the end of $s if $trim is $true. Removes all the tags in $s if $strip is true. This last option allows to protect the site from a content which could call another site or run a script. EXAMPLE: The text <script type="text/javascript">alert('DANGER');</script> input in a form runs a code in Javascript if it is injected without any precaution in the content of the site.

function readarg($s, $trim=true, $strip=true) {
if (is_array($s)) {
$r=array();
foreach ($s as $ss) {
$r[]=readarg($ss, $trim, $strip);
}
return $r;
}
if (get_magic_quotes_gpc()) {
$s = stripslashes($s);
}
if ($trim) {
$s = trim($s);
}
if ($strip) {
$s = strip_tags($s);
}
return $s;
}

In this version used before PHP 7, readarg removes all the \ (BACKSLASH) from $s automatically added by PHP to the content of the variables $_GET and $_POST if the configuration parameter magic_quotes_gpc is true.

Add the file strtofname.php in the folder library with the following content:

/cms/site24
1. library
  1. strtofname.php

strtofname.php

require_once 'strflat.php';
function strtofname($s, $strict=false) {
/* remove accents */
$s = strflat($s);
/* lower case */
$s = strtolower($s);
/* keep letters, digits, underscores and dashes replacing others by a dash */
$s = preg_replace('#[^a-z0-9_-]#', '-', $s);
/* replace consecutive dashes by one */
$s = preg_replace('/[-]+/', '-', $s);
/* remove a dash at the beginning or at the end */
$s = preg_replace('/^-|-$/', '', $s);
if (!$strict) {
return $s;
}
/* remove words which are too short */
$r = array();
foreach (explode('-', $s) as $w) {
if (strlen($w) > 2) {
$r[] = $w;
}
}
return implode('-', $r);
}

strtofname transforms $s in a file name. The editor uses this function to generate a URL from the title of a node. If $strict is true, strtofname withdraws all the words which have less than 3 letters.

function nodeeditor($lang, $clang, $node_id) {

nodeeditor has 3 parameters: the language of the editor, the language of the content and the node number to edit.

$action='init';
if (isset($_POST['node_edit'])) {
$action='edit';
}
$node_name=$node_title=$node_abstract=$node_cloud=false;

Initializes $action to 'edit' if the user has pressed the Edit button or to 'init' by default of the form is simply displayed. Initializes all the data transmitted in the form before they are read.

switch($action) {
case 'init':
case 'reset':
$r = node_get($clang, $node_id, false);
if ($r) {
extract($r);
}
break;
case 'edit':
if (isset($_POST['node_title'])) {
$node_title=readarg($_POST['node_title']);
}
if (isset($_POST['node_name'])) {
$node_name=strtofname(readarg($_POST['node_name']));
}
if (empty($node_name) and !empty($node_title)) {
$node_name = strtofname($node_title);
}
if (isset($_POST['node_abstract'])) {
$node_abstract=readarg($_POST['node_abstract']);
}
if (isset($_POST['node_cloud'])) {
$node_cloud=readarg($_POST['node_cloud'], true, false); // trim but DON'T strip!
preg_match_all('/(\S+)/', $node_cloud, $r);
$node_cloud=implode(' ', array_unique($r[0]));
}
break;
default:
break;
}

Extracts the input fields input from the form and filters them with readarg. The field 'node_name' is filtered with the function strtofname. If it's empty, it's automatically filled from the field 'node_title'. Notice that the field 'node_cloud' isn't filtered with the strip_tags function in order to be able to associate a tag as a keyword to a node. The content of the field 'node_cloud' is split in words then filtered to eliminate duplicates.

$missing_node_name=false;
$bad_node_name=false;
$missing_node_title=false;
switch($action) {
case 'edit':
if (empty($node_name)) {
$missing_node_name = true;
}
else if (!preg_match('#^[\w-]{3,}$#', $node_name)) {
$bad_node_name = true;
}
if (empty($node_title)) {
$missing_node_title = true;
}
break;
default:
break;
}

Checks the contents $node_name and $node_title.

switch($action) {
case 'edit':
if ($missing_node_name or $bad_node_name or $missing_node_title) {
break;
}
$r = node_set($clang, $node_id, $node_name, $node_title, $node_abstract, $node_cloud);
if (!$r) {
break;
}
break;
default:
break;
}

Checks that no error has been detected and modifies the content of the node in the DB by calling the function node_set.

$errors = compact('missing_node_name', 'bad_node_name', 'missing_node_title');
$output = view('editing/nodeeditor', $lang, compact('clang', 'node_name', 'node_title', 'node_abstract', 'node_cloud', 'errors'));
return $output;
}

Prepares all the parameters of the view, generates it and returns its content.

Add the view of the editor in English in the folder views/en/editing with the following content:

/cms/site24
1. views
  1. en
    1. editing
      1. editnode.phtml

nodeeditor_en.phtml

<?php extract($errors); ?>
<form class="compact" action="" method="post">
<input name="clang" type="hidden" value="<?php echo $clang; ?>" />
<p>
<?php if (in_array('fr', $supported_languages)): ?>
<input name="fr" type="image" src="<?php echo $base_path; ?>/images/theme/flags/fr.png" alt="fr" title="Français"/>
<?php endif; ?>
<?php if (in_array('en', $supported_languages)): ?>
<input name="en" type="image" src="<?php echo $base_path; ?>/images/theme/flags/en.png" alt="en" title="English"/>
<?php endif; ?>
</p>
<p>
<input id="node_title" name="node_title" type="text" size="40" maxlength="100" value="<?php echo htmlspecialchars($node_title, ENT_COMPAT, 'UTF-8'); ?>" title="Title" onkeypress="return submitonenter(event, 'node_edit')"/>
<label>URL:</label>
<input id="node_name" name="node_name" type="text" size="40" maxlength="100" value="<?php echo $node_name; ?>" onkeypress="return focusonenter(event, 'node_title')"/>
</p>
<p><label>Abstract:</label></p>
<p>
<textarea name="node_abstract" cols="80" rows="3"><?php echo htmlspecialchars($node_abstract, ENT_COMPAT, 'UTF-8'); ?></textarea>
</p>
<p><label>Cloud:</label></p>
<p>
<textarea name="node_cloud" cols="80" rows="2" ><?php echo htmlspecialchars($node_cloud, ENT_COMPAT, 'UTF-8'); ?></textarea>
</p>
<p>
<input id="node_edit" name="node_edit" type="submit" value="Edit" />
</p>
<?php if ($missing_node_title or $missing_node_name or $bad_node_name): ?>
<div class="alert">
<?php if ($missing_node_title): ?>
<p>You didn't input the title.</p>
<?php endif; ?>
<?php if ($missing_node_name): ?>
<p>Specify a name for the link.</p>
<?php elseif ($bad_node_name): ?>
<p>The name of the link is invalid.</p>
<?php endif; ?>
</div>
<?php endif; ?>
</form>

Notice how the contents the fields are protected with the PHP function htmlspecialchars.

Add the view of the editor in French in the folder views/en/editing with the following content:

/cms/site24
1. views
  1. fr
    1. editing
      1. editnode.phtml

nodeeditor_fr.phtml

<?php extract($errors); ?>
<form class="compact" action="" method="post">
<input name="clang" type="hidden" value="<?php echo $clang; ?>" />
<p>
<?php if (in_array('fr', $supported_languages)): ?>
<input name="fr" type="image" src="<?php echo $base_path; ?>/images/theme/flags/fr.png" alt="fr" title="Français"/>
<?php endif; ?>
<?php if (in_array('en', $supported_languages)): ?>
<input name="en" type="image" src="<?php echo $base_path; ?>/images/theme/flags/en.png" alt="en" title="English"/>
<?php endif; ?>
</p>
<p>
<input id="node_title" name="node_title" type="text" size="40" maxlength="100" value="<?php echo htmlspecialchars($node_title, ENT_COMPAT, 'UTF-8'); ?>" title="Titre" onkeypress="return submitonenter(event, 'node_edit')"/>
<label>URL :</label>
<input id="node_name" name="node_name" type="text" size="40" maxlength="100" value="<?php echo $node_name; ?>" onkeypress="return focusonenter(event, 'node_title')"/>
</p>
<p><label>Extrait :</label></p>
<p>
<textarea name="node_abstract" cols="80" rows="3"><?php echo htmlspecialchars($node_abstract, ENT_COMPAT, 'UTF-8'); ?></textarea>
</p>
<p><label>Nuage :</label></p>
<p>
<textarea name="node_cloud" cols="80" rows="2" ><?php echo htmlspecialchars($node_cloud, ENT_COMPAT, 'UTF-8'); ?></textarea>
</p>
<p>
<input id="node_edit" name="node_edit" type="submit" value="Éditer" />
</p>
<?php if ($missing_node_title or $missing_node_name or $bad_node_name): ?>
<div class="alert">
<?php if ($missing_node_title): ?>
<p>Vous n'avez pas saisi le titre.</p>
<?php endif; ?>
<?php if ($missing_node_name): ?>
<p>Spécifiez un nom pour le lien.</p>
<?php elseif ($bad_node_name): ?>
<p>Le nom du lien est invalide.</p>
<?php endif; ?>
</div>
<?php endif; ?>
</form>

Edit the file models/node.inc and add the function node_set:

node.inc

function node_set($lang, $node_id, $node_name, $node_title, $node_abstract, $node_cloud) {
$tabnode=db_prefix_table('node');
$sql="UPDATE $tabnode SET modified=NOW() WHERE node_id=$node_id LIMIT 1";
$r = db_update($sql);
if (!$r) {
return false;
}
$sqllang=db_sql_arg($lang, false);
$sqlname=db_sql_arg($node_name, true);
$sqltitle=db_sql_arg($node_title, true);
$sqlabstract=db_sql_arg($node_abstract, true, true);
$sqlcloud=db_sql_arg($node_cloud, true, true);
$tabnodelocale=db_prefix_table('node_locale');
$sql="INSERT $tabnodelocale SET node_id=$node_id, locale=$sqllang, name=$sqlname, title=$sqltitle, abstract=$sqlabstract, cloud=$sqlcloud ON DUPLICATE KEY UPDATE node_id=LAST_INSERT_ID(node_id), locale=VALUES(locale), name=VALUES(name), title=VALUES(title), abstract=VALUES(abstract), cloud=VALUES(cloud)";
$r = db_insert($sql);
return $r;
}

node_set strats by updating the field modified of the node $node_id in the table node. If the operation fails, the node $node_id doesn't exist and node_set returns false. node_set inserts an entry in the table node_locale or replaces the data of the existing node. node_set returns true or false in case of error.

Edit the file blocks/banner.php to add the buttons Edit and View:

banner.php

$is_writer = user_has_role('writer');

Sets $is_writer to true if the is allowed to modify the content of the site.

case 'edit':
if ($param) {
if ($is_writer) {
$edit_page=$param;
$edit=true;
}
}
break;

Adds a link to edit a content if $components contains 'edit' and if the is allowed to edit it. $param defines the URL of the link.

case 'view':
if ($param) {
if ($is_writer) {
$view_page=$param;
$view=true;
}
}
break;

Adds a link to view a content if $components contains 'view' and if the is allowed to edit it. $param defines the URL of the link.

if ($contact or $login or $logout or $edit or $view or $validate) {
$menu = view('bannermenu', $lang, compact('contact', 'contact_page', 'edit', 'edit_page', 'view', 'view_page', 'validate', 'validate_page', 'logout', 'nobody_page', 'login', 'user_page'));
}

Builds the view of the banner passing all the parameters computed before. Generates the content of the banner and returns it.

Complete the views of the menu in English and in French:

bannermenu_en.phtml

<?php if ($edit): ?>
<li><a id="edit" href="<?php echo $edit_page; ?>" rel="nofollow" title="Edit"><span>Edit</span></a></li>
<?php elseif ($view): ?>
<li><a id="view" href="<?php echo $view_page; ?>" rel="nofollow" title="View"><span>View</span></a></li>
<?php endif; ?>

bannermenu_fr.phtml

<?php if ($edit): ?>
<li><a id="edit" href="<?php echo $edit_page; ?>" rel="nofollow" title="Éditer"><span>Éditer</span></a></li>
<?php elseif ($view): ?>
<li><a id="view" href="<?php echo $view_page; ?>" rel="nofollow" title="Voir"><span>Afficher</span></a></li>
<?php endif; ?>

Create the folder theme in the folder images then the folders icons and flags in the folder images/theme. From the folder buttons, move the files cancel.png, check.png, mail.png and user.png to the folder images/theme/icons then the files en.png and fr.png to the folder images/theme/flags. Delete the folder buttons. Finally, move the file heading.png from the folder images to the folder images/theme.

/cms/site24
1. ~~buttons~~
2. images
  1. theme
    1. icons
      1. cancel.png
      2. check.png
      3. mail.png
      4. user.png
    2. flags
      1. en.png
      2. fr.png
    3. heading.png

Add the icons edit.png and web.png in the folder images/theme/icons:

/cms/site24
1. images
  1. theme
    1. icons
      1. edit.png
      2. web.png

edit.png

web.png

Reflect these changes in the file css/theme.css:

theme.css

h3 {line-height:24px;background:transparent url(../images/theme/heading.png) no-repeat;text-indent:30px;margin:0 0 0.5em 0;}

Moves the image displayed ahead of the <h3> titles in the folder images/theme.

#bannermenu #mail {width:24px;height:24px;float:right;margin-left:6px;background:transparent url(../images/theme/icons/mail.png) no-repeat center center;}
#bannermenu #exit {width:24px;height:24px;float:left;margin-right:6px;background:transparent url(../images/theme/icons/cancel.png) no-repeat center center;}
#bannermenu #enter {width:24px;height:24px;float:right;margin-right:6px;background:transparent url(../images/theme/icons/user.png) no-repeat center center;}
#bannermenu #edit {width:24px;height:24px;float:left;margin-right:6px;background:transparent url(../images/theme/icons/edit.png) no-repeat center center;}
#bannermenu #view {width:24px;height:24px;float:left;margin-right:6px;background:transparent url(../images/theme/icons/web.png) no-repeat center center;}
#bannermenu #validate {width:24px;height:24px;float:left;margin-right:6px;background:transparent url(../images/theme/icons/check.png) no-repeat center center;}

Associate the links in the banner menu with their icons in the folder images/theme/icons.

#french {width:32px;height:24px;float:left;margin-right:2px;background:transparent url(../images/theme/flags/fr.png) no-repeat center center;}
#english {width:32px;height:24px;float:left;margin-right:2px;background:transparent url(../images/theme/flags/en.png) no-repeat center center;}

Moves the images of the flags in the folder images/theme/flags.

div.alert {color:#333333;background-color:#ffcccc;padding:0.5em 1em 0.5em 1em;}
div.warning {color:#333333;background-color:#ffffe0;padding:0.5em 1em 0.5em 1em;}
div.alert p, div.warning p {margin-top:0.5em; margin-bottom:0.5em;}

Defines the style of the error messages.

Enter http://localhost/cms/site24/en in the address bar of your navigator. Identify yourself with the name foobar and the password f00bar. Click on the link Legal information in the home page. Press the Edit button in the banner of the page.

Erase the URL, change the title of the node, its description, add a keyword to the cloud the press Edit. NOTE: If you change the URL, remember to modify the link in the footer. Edit the content in French. Enter http://localhost/cms/site24/fr/edition/noeud/1 in the address bar of your navigator to test the editor in French.

site24.zip

frasq.org

Editing a node

Comments

Your comment: