grantp22 Posted August 21, 2010 Share Posted August 21, 2010 Hi, I need some advice on how to go about allowing administrators with dev skills the ability to edit my existing templates I have created for them by logging into the backend and editing the pages online or even adding their own custom templates and switching them! I can write the script for doing this by allowing them to write files to a folder that has permissions and simply allowing them to set a new path to that file which will get loaded into the main template via database array variables in place of static include paths! My template could have the following script to include their templates: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Custom templates</title> </head> <body bgcolor="#001e00"> <div class="container"> <?php // This will be where the header gets inserted include('thenewtemplate.php'); ?> <div class="main"> // someother static divs with contents in here </div> <?php // This will be where the footer gets inserted include('thenewtemplate.php'); ?> etc, etc... So my question is what would be the best approach, because obviously allowing permissions to write to templates or create new ones with potentially dangerous scripts can obviously be witten out to the template to be loaded later, if an unauthorised person ever managed to get access to my backend The backend is pretty secure but I wouldn't stake my life on it either! I would like to have a textarea where they could type in the new template source code and then save it out to a text file or some other file format to be loaded into the main template. I want them to be able to change the header div contents, footer and right column div to create their own unique looks Does anybody have any advice on this! Good or bad? Thanks Grant Quote Link to comment https://forums.phpfreaks.com/topic/211387-admin-ability-to-edit-templates-via-backend/ Share on other sites More sharing options...
grantp22 Posted August 22, 2010 Author Share Posted August 22, 2010 Can anybody give me some feedback? Quote Link to comment https://forums.phpfreaks.com/topic/211387-admin-ability-to-edit-templates-via-backend/#findComment-1102332 Share on other sites More sharing options...
plznty Posted September 14, 2010 Share Posted September 14, 2010 I once used text files. The problem is that you end up having a ton of different folders for different users etc. If you are having potentially untrusted people with an access to the back-end then it would be easy for them to cause damage. I had file_get_contents(paths) to link to there folder etc. This is the code I used for editor, if you can extract anything you may need from it feel free. <?php include("include/data.php"); if ($_COOKIE[user] == ($username) && $_COOKIE[pass] == md5($password)) { include("include/config.php"); $welcome = ucwords($_COOKIE[user]); echo "<center><font color='#FFFFFF'><body bgcolor='#000000' link='#FFFFFF' vlink='#FFFFFF' alink='#FFFFFF'>"; if ( $_GET['view'] == contents ) { echo " <b>$welcome's Webpage Editor</b> <p><a href='editor.php?view=website'>Website</a></p> <p><a href='editor.php?view=forum'>Forum</a></p>"; } if ( $_GET['view'] == website ) { echo " <b>$welcome's Webpage Editor</b> <p><a href='editor.php?process=edit&file=title'>Title</a></p> <p><a href='editor.php?process=edit&file=bgcolor'>Background Colour</a></p> <p><a href='editor.php?process=edit&file=logo'>Logo URL</a></p> <p><a href='editor.php?process=edit&file=txtcolor'>Text Colour</a></p> <p><a href='editor.php?process=edit&file=link'>Link Colour</a></p> <p><a href='editor.php?process=edit&file=home'>Home</a></p> <p><a href='editor.php?process=edit&file=memberlist'>Member list</a></p>"; } if ( $_GET['view'] == forum ) { echo " <b>$welcome's Webpage Editor</b> <p><a href='editor.php?process=edit&file=forumthreadname'>Forum Thread Name</a></p> <p><a href='editor.php?process=edit&file=forumowner'>Forum Owner</a></p> <p><a href='editor.php?process=edit&file=forum1'>Forum Box [1]</a></p> <p><a href='editor.php?process=edit&file=forum2'>Forum Box [2]</a></p> <p><a href='editor.php?process=edit&file=forum3'>Forum Box [3]</a></p> <p><a href='editor.php?process=edit&file=forum4'>Forum Box [4]</a></p> <p><a href='editor.php?process=edit&file=forum5'>Forum Box [5]</a></p> <p><a href='editor.php?process=edit&file=forum6'>Forum Box [6]</a></p> <p><a href='editor.php?process=edit&file=forum7'>Forum Box [7]</a></p> <p><a href='editor.php?process=edit&file=forum8'>Forum Box [8]</a></p> <p><a href='editor.php?process=edit&file=forum9'>Forum Box [9]</a></p> <p><a href='editor.php?process=edit&file=forum10'>Forum Box [10]</a></p>"; } if ( $_GET['process'] == edit ) { $data = file_get_contents("./web/$_COOKIE[user]/$_GET[file].txt"); echo " <b>$welcome's Webpage Editor</b> <p>You are editing: $_GET[file]</p> <p><form action='editor.php?process=submit&file=$_GET[file]' method=post><textarea name='data' cols='40' rows='10'>$data</textarea> <p><input type=submit value=Edit></p> </form>"; } if ( $_GET['process'] == submit ) { $myFile = "./web/$_COOKIE[user]/$_GET[file].txt"; $fh = fopen($myFile, 'w') or die("can't open file"); $stringData = "$_POST[data]"; fwrite($fh, $stringData); fclose($fh); echo "<center><font color='#FFFFFF'><body bgcolor='#000000' link='#FFFFFF' vlink='#FFFFFF' alink='#FFFFFF'><a>Successfully changed</a>"; } }else{ echo '<META HTTP-EQUIV="Refresh" CONTENT="0; URL=timeout.php">'; } ?> Sorry I could not be any more help to you, maybe if you respond I would like to offer more help. Quote Link to comment https://forums.phpfreaks.com/topic/211387-admin-ability-to-edit-templates-via-backend/#findComment-1110841 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.