Announcement Announcement Module
Collapse
No announcement yet.
Static Website, need to let client edit a small section of it, how to do it? Page Title Module
Move Remove Collapse
Search Search Module
Collapse

Advertisement Advertisement Module
Collapse

Featured Images Featured Images Module
Collapse

Mediabistro Creative Sites Mediabistro Creative Sites Module
Collapse
Latest Topics Latest Topics Module
Collapse

  • Juniberry
    Reply to Wordpress theme and plugin help for print company.
    Juniberry
    I should also mention that a theme that supports the visual composer would be excellent....
    Today, 05:54 AM
  • Juniberry
    Wordpress theme and plugin help for print company.
    Juniberry
    Howdy-doody fellas and bellas, I'm just after some quick advice from those of you out there with plenty of experience choosing and working with WP themes.

    Attached is a template/guide to...
    Today, 05:53 AM
  • arielr190
    Reply to Opinions on My Logo?
    arielr190
    the business is online. print-wise, the smallest it will ever get is a business card.
    Today, 03:53 AM
  • lowfatgraphics
    Reply to UX tips
    lowfatgraphics
    Hmm This isn't UX, it is UI... Its common to get the two mixed up but having worked in UX and now UI, there is a pretty big difference.

    Now from a UI stand point, there isn't much here...aside...
    Today, 03:52 AM
  • lowfatgraphics
    Reply to Candy Shop Logo
    lowfatgraphics
    "S" is tough to read-- looks interesting. the glossy highlights seem to have multiple light sources tho...might want to double check.
    Today, 03:43 AM
Advertisement Advertisement Module
Collapse

Sponsors Sponsors Module
Collapse

X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Static Website, need to let client edit a small section of it, how to do it?

    I'm familiar with CMS's and have used them many times, but this is a static site built before open source CMS's became prevalent. They currently edit it by editing the html and then uploading it by ftp to the server. I'm trying to think if there is an easier way that I can set up to make it easier on them. Maybe a password protected form where they can enter in paragraphs in the text field and hit submit and it will save the text to a file that the html page will read and pull the text from it. I don't know if there is any way to do this without using a database, but thought I would check.

  • #2
    i suspect you'd need some sort of database if you go the form route...

    short of converting the site to a cms, you could probably use server side includes to pull in a text file that they change/update, similar to:

    <?php include('name of text file'); ?>

    (changing the file extension to php)

    however, if you end up with a quite few text areas they want to update, it's more sanity-preserving to go with a cms anyway...

    i've just plain decided that there's no such thing as 'static' anymore...just more dynamic and less dynamic...ie, cms solutions (joomla, wordpress, etc) and server side includes, the minimum...i really, really like only having to change stuff once! ...
    Last edited by flutterby nut; 05-26-2009, 03:21 PM. Reason: additional thought
    Monarchs Rule!

    Comment


    • #3
      Something I just started doing....

      If the area they want to edit is for News Updates, you could have them create an external free news blog, and then just bring the RSS news feed in with a bit of code. Blogger is with google/gmail now, so any client that has a gmail account could potentially use it to manage their company's news feeds without having to edit any html pages directly. I'd suggest they create a new Gmail account just for the business if they go this route. This is the only way I can think of doing it without major coding or implementing a full on CMS or paid software of sorts. I used these scripts to make it happen:

      http://www.feedforall.com/free-php-script.htm

      Aside from that, the way they are doing it now would probably still be best if it is not for news updates. Maybe just have pages they are updating associated with a template (if using dreamweaver or similar where this is possible), and lock areas they are not updating so they don't mess it up.

      I'm all ears though if there are other methods, I just starting doing this RSS feed thing because it's working for my client's needs - who also would like to be able to update their static websites without having to implement a full on CMS - mostly due to budget restraints.
      | Valerie |
      "Make sure the fortune that you seek is the fortune that you need"
      -Ben Harper

      Comment


      • #4
        Originally posted by flutterby nut View Post
        i suspect you'd need some sort of database if you go the form route...

        short of converting the site to a cms, you could probably use server side includes to pull in a text file that they change/update, similar to:

        <?php include('name of text file'); ?>

        (changing the file extension to php)

        however, if you end up with a quite few text areas they want to update, it's more sanity-preserving to go with a cms anyway...

        i've just plain decided that there's no such thing as 'static' anymore...just more dynamic and less dynamic...ie, cms solutions (joomla, wordpress, etc) and server side includes, the minimum...i really, really like only having to change stuff once! ...
        The amount they need to update is so small that it wouldn't be worth implementing a cms at this point. I just tried out the php include, which helps. Now when they open up the included php file, it will only have that section, and the rest of the page's html will be inaccessible. It would still be nice if they didn't have to download the file, edit, and re-upload it.

        Comment


        • #5
          I don't know enough about this to offer any advice, just wanted to ask a question...
          Are these (see below) suitable for what you want to do? I was looking for something that would let me edit the content on just one webpage, without having to have a blog or Wordpress site:

          http://tinymce.moxiecode.com/index.php

          http://www.cushycms.com/

          I'm just wondering if these are really as easy to use as they say, because this seems much more convenient than having to download, update and ftp for frequent changes.
          Has anyone had any experience with these, or similar programs?

          Callie

          Comment


          • #6
            Originally posted by MikeTheVike View Post
            I'm trying to think if there is an easier way that I can set up to make it easier on them. Maybe a password protected form where they can enter in paragraphs in the text field and hit submit and it will save the text to a file that the html page will read and pull the text from it. I don't know if there is any way to do this without using a database, but thought I would check.

            You could do the following (no database required), provided you have a basic working knowledge of PHP. Let's assume the name of your existing page that requires an editable content area is called foopage.php:
            1. Create your password protected directory—let's call it /edit.
            2. Create your form—let's call it index.php—and place it in /edit.
            3. Create a plain text file that contains the content that is to be edited & used as an include—let's call it foopage_content.txt.
            4. CHMOD both /edit and foopage_content.txt to make sure they are writable.
            5. Use PHP to read the contents of foopage_content.txt and load it into the <textarea> of your form.
            6. Use PHP to process the form & write the edited text back to foopage_content.txt.
            Again, I'm assuming that you have a basic working knowledge of PHP and will know which functions you'll need to use to read from/write to the text file, process the form, and handle any text formatting issues. I realize that may be a little more work than what you had in mind to handle such a simple task, but... *shrug*


            Re what Callendale said: A print design friend of mine also recently mentioned that her company uses CushyCMS. It looks like the CMS part is hosted remotely and allows them to use their company branding so it looks like it's thiers. There was another one that used to get menitioned fairly regularly on the DW forums... I think it might have been Flyspeck, but I'm not sure. I've never used either of them, so I can't vouch for how well they work.

            Digi
            The world is divided into people who think they are right.
            —Anonymous

            Comment


            • #7
              Callie,

              Here's what a friend in another forum had to say about CushyCMS recently: http://forums.about.com/n/pfx/forum....cdes&tid=25513

              Hope that helps a little.

              Digi
              The world is divided into people who think they are right.
              —Anonymous

              Comment


              • #8
                Use file_get_contents() to extract the contents of the file then echo it on the page. If you include the file its possible that the user could write PHP and affect the site as a whole. You will also need to use file_put_contents() for writing the textarea info to the file.

                Comment


                • #9
                  Originally posted by tZ View Post
                  If you include the file its possible that the user could write PHP and affect the site as a whole.
                  Do you really think that's an issue with the form in a password protected area? I know there are 1001 security concerns with PHP, especially in a shared hosting environment over an unencrypted connection, but I just don't see Mike's client inadvertently writing PHP that would sabotage his own site.

                  I'm not trying to start an argument, I'm just wondering if you're aware of something that I'm not.

                  Digi
                  The world is divided into people who think they are right.
                  —Anonymous

                  Comment


                  • #10
                    Very basic example. You will need to make certain that the directory which the text file resides is world writable.

                    HTML Code:
                    <?php
                    
                    $root = $_SERVER['DOCUMENT_ROOT'];
                    $fileName = 'my_text_file.txt';
                    if(isset($_POST['submit']) && isset($_POST['content'])) {
                    	
                    	file_put_contents($root.'/'.$fileName,$_POST['content']);
                    	echo 'file saved';
                    }
                    $content = file_exists($root.'/'.$fileName)?file_get_contents($root.'/'.$fileName):'';
                    
                    ?>
                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
                    <html xmlns="http://www.w3.org/1999/xhtml">
                    <head>
                    	<title>Untitled</title>
                    </head>
                    <body>
                    
                    <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
                    	<fieldset>
                    		<legend>Alter File</legend>
                    		<ol>
                    			<li>
                    				<label for="content-field">Content:</label>
                    				<textarea id="content-field" cols="70" rows="20" name="content"><?php echo $content; ?></textarea>
                    			</li>
                    			<li>
                    				<input type="submit" name="submit" value="submit">
                    			</li>
                    		</ol>
                    	</fieldset>
                    </form>
                    
                    </body>
                    </html>

                    Comment


                    • #11
                      Originally posted by digizan
                      Do you really think that's an issue with the form in a password protected area?
                      Yep, people are idiots. The last thing I want for someone to run a query that would wipe out the entire application. Say if someone gets into the admin panel that isn't suppose to be there. Maybe not all that much of a concern here, but in more db intensive apps surely. Another example would be including ?> which would end the script and result in a error. There isn't any reason to make the contents of a textarea PHP interpretable.

                      if the variable name for the query object and tables could be determined the entire app could be destroyed.

                      $db->query('DROP TABLE table1;');
                      $db->query('DROP TABLE table2;');
                      $db->query('DROP TABLE table3;');
                      $db->query('DROP TABLE table4;');

                      Proper permission management may prevent this, but that still doesn't eliminate the possibility to affect the functionality of the site through the textarea.

                      The simple answer is just to echo the contents of all user input areas as plain text. That way the state of the application is separate from the content contained within it. This eliminates the possibility of anyone being able to affect the application state. Regardless of the size application its just good security.

                      Besides, user input is normally content not code even if it contains code. Therefore, it should be treated like content not code.
                      Last edited by tZ; 05-26-2009, 08:02 PM.

                      Comment


                      • #12
                        Originally posted by tZ View Post
                        Yep, people are idiots.... Maybe not all that much of a concern here, but in more db intensive apps surely.... There isn't any reason to make the contents of a textarea PHP interpretable.... Regardless of the size application its just good security.
                        Good point. There's no such thing as being too paranoid when it comes to security.

                        Digi
                        The world is divided into people who think they are right.
                        —Anonymous

                        Comment


                        • #13
                          there is always skybluecanvas....no database needed.

                          Comment


                          • #14
                            Originally posted by digizan View Post
                            You could do the following (no database required), provided you have a basic working knowledge of PHP. Let's assume the name of your existing page that requires an editable content area is called foopage.php:
                            1. Create your password protected directory—let's call it /edit.
                            2. Create your form—let's call it index.php—and place it in /edit.
                            3. Create a plain text file that contains the content that is to be edited & used as an include—let's call it foopage_content.txt.
                            4. CHMOD both /edit and foopage_content.txt to make sure they are writable.
                            5. Use PHP to read the contents of foopage_content.txt and load it into the <textarea> of your form.
                            6. Use PHP to process the form & write the edited text back to foopage_content.txt.
                            Again, I'm assuming that you have a basic working knowledge of PHP and will know which functions you'll need to use to read from/write to the text file, process the form, and handle any text formatting issues. I realize that may be a little more work than what you had in mind to handle such a simple task, but... *shrug*


                            Digi
                            That's actually what I'm trying now, and it looks like its working. If i could just get this password protection to work to test it out, I will be good to go!

                            Comment


                            • #15
                              Originally posted by tZ View Post
                              Yep, people are idiots. The last thing I want for someone to run a query that would wipe out the entire application. Say if someone gets into the admin panel that isn't suppose to be there. Maybe not all that much of a concern here, but in more db intensive apps surely. Another example would be including ?> which would end the script and result in a error. There isn't any reason to make the contents of a textarea PHP interpretable.

                              if the variable name for the query object and tables could be determined the entire app could be destroyed.

                              $db->query('DROP TABLE table1;');
                              $db->query('DROP TABLE table2;');
                              $db->query('DROP TABLE table3;');
                              $db->query('DROP TABLE table4;');

                              Proper permission management may prevent this, but that still doesn't eliminate the possibility to affect the functionality of the site through the textarea.

                              The simple answer is just to echo the contents of all user input areas as plain text. That way the state of the application is separate from the content contained within it. This eliminates the possibility of anyone being able to affect the application state. Regardless of the size application its just good security.

                              Besides, user input is normally content not code even if it contains code. Therefore, it should be treated like content not code.
                              tZ, I see your point. I highly doubt the client will mess it up, all they are doing is adding paragraphs of text. But I'll give your way a shot just in case...

                              I had a couple questions about your code, I don't know much php. I'll just put comments next to the parts I don't understand...

                              HTML Code:
                              <?php
                              
                              $root = $_SERVER['DOCUMENT_ROOT']; 
                              $fileName = 'my_text_file.txt';
                              if(isset($_POST['submit']) && isset($_POST['content'])) {
                              	
                              	file_put_contents($root.'/'.$fileName,$_POST['content']); 
                              	echo 'file saved';
                              }
                              $content = file_exists($root.'/'.$fileName)?file_get_contents($root.'/'.$fileName):''; //what is this doing, pulling the current content?
                              
                              ?>
                              <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
                              <html xmlns="http://www.w3.org/1999/xhtml">
                              <head>
                              	<title>Untitled</title>
                              </head>
                              <body>
                              
                              <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> //can you explain the stuff in the action=""?
                              	<fieldset>
                              		<legend>Alter File</legend>
                              		<ol>
                              			<li>
                              				<label for="content-field">Content:</label>
                              				<textarea id="content-field" cols="70" rows="20" name="content"><?php echo $content; ?></textarea> // what is the php echo $content doing?
                              			</li>
                              			<li>
                              				<input type="submit" name="submit" value="submit">
                              			</li>
                              		</ol>
                              	</fieldset>
                              </form>
                              
                              </body>
                              </html>

                              Comment

                              Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us
                              Working...
                              X