Actions

BasicPHPFileTemplates: Difference between revisions

From Mahara Wiki

No edit summary
 
(11 intermediate revisions by 3 users not shown)
Line 5: Line 5:
==Template for files you expect to be hit by visitors==
==Template for files you expect to be hit by visitors==


.
<source lang="php" enclose="div">
/**
/**
  * Mahara: Electronic portfolio, weblog, resume builder and social networking
*
  * Copyright (C) 2011 Copyright Holder
* @package    mahara
  *
* @subpackage core or plugintype/pluginname
  * (rest of the GPL statement)
* @author    Firstname Lastname
  *
* @license   http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
  * @package    mahara
* @copyright  For copyright information on Mahara, please see the README file distributed with this software.
  * @subpackage core or plugintype/pluginname
*
  * @author    Firstname Lastname
*/
   */
 
define('INTERNAL', 1);
  define('INTERNAL', 1);
require('init.php');
  require('init.php');
 
// Your code here :)
  // Your code here :)
</source>


==Template for files you do NOT want to be hit by visitors==
==Template for files you do NOT want to be hit by visitors==


.
<source lang="php" enclose="div">
/**
/**
  * Mahara: Electronic portfolio, weblog, resume builder and social networking
*
  * Copyright (C) 2011 Copyright Holder
* @package    mahara
  *
* @subpackage core or plugintype/pluginname
  * (rest of the GPL statement)
* @author    Firstname Lastname
  *
* @license   http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
  * @package    mahara
* @copyright  For copyright information on Mahara, please see the README file distributed with this software.
  * @subpackage core or plugintype/pluginname
*
  * @author    Firstname Lastname
*/
   */
 
defined('INTERNAL') || die();
  defined('INTERNAL') || die();
 
// Your code here :)
  // Your code here :)
</source>
   
   


Line 50: Line 49:
== Sample page using pieforms and dwoo ==
== Sample page using pieforms and dwoo ==


<?php
<source lang="php" enclose="div">
<?php
define('INTERNAL', 1);
 
require('init.php');
define('INTERNAL', 1);
require('init.php');
// Get data from the user by using the param_ functions, which will whitelist
require_once('pieforms/pieform.php');
// the input
 
$userint = param_integer('int',0);
// Get data from the user by using the param_ functions, which will whitelist
// If none of the whitelisting options is acceptable, you can use param_variable,
// the input
// but be careful not to print the results to the screen without cleaning them
$userint = param_integer('int',0);
// first. That's a XSS vulnerability.
// If none of the whitelisting options is acceptable, you can use param_variable,
$userraw = param_variable('raw', 'no user input provided');
// but be careful not to print the results to the screen without cleaning them
// first. That's a XSS vulnerability.
// Generate page content
$userraw = param_variable('raw', 'no user input provided');
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
 
// they can be internationalized with get_string()
// Generate page content
$hardcoded = "This is a hard-coded string";
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
// they can be internationalized with get_string()
// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
$hardcoded = "This is a hard-coded string";
// Normally you'd populate the default values with values from the DB
 
$form = array(
// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
    'name' => 'testform',
// Normally you'd populate the default values with values from the DB
    'method' => 'post',
$form = array(
    'action' => '', // self
    'name' => 'testform',
    'successcallback' => 'testform_submit', // defaults to name_submit
    'method' => 'post',
    'validatecallback' => 'testform_validate', // defaults to name_validate
    'action' => "", // self
    'elements' => array(
    'successcallback' => 'testform_submit', // defaults to name_submit
        'fullname' => array(
    'validatecallback' => 'testform_validate', // defaults to name_validate
            'type' => 'fieldset',
    'elements' => array(
            'legend' => "Your name", // should use get_string()...
        'fullname' => array(
            'elements' => array(
            'type' => 'fieldset',
                'firstname' => array(
            'legend' => "Your name", // should use get_string()...
                    'type' => 'text',
            'elements' => array(
                    'title' => "First name", // should use get_string()
                'firstname' => array(
                    'description' => "Your first, or given name", // get_string()
                    'type' => 'text',
                    'help' => "Surely you know your own first name.", // get_string()
                    'title' => "First name", // should use get_string()
                    'defaultvalue' => 'Joe',
                    'description' => "Your first, or given name", // get_string()
                    'rules' => array(
                    'help' => "Surely you know your own first name.", // get_string()
                        'required' => true
                    'defaultvalue' => 'Joe',
                    )
                    'rules' => array(
                ),
                        'required' => true
                'lastname' => array(
                    )
                    'type' => 'text',
                ),
                    'title' => "Last name", // get_string()
                'lastname' => array(
                    'defaultvalue' => 'Schmoe',
                    'type' => 'text',
                    'description' => "Your last, or family name", // get_string()
                    'title' => "Last name", // get_string()
                )
                    'defaultvalue' => 'Schmoe',
            )
                    'description' => "Your last, or family name", // get_string()
        ),
                )
        'submitbtn' => array(
            )
            'type' => 'submit',
        ),
            'value' => "Submit" // get_string()
        'submitbtn' => array(
        )
            'type' => 'submit',
    )
            'value' => "Submit" // get_string()
);
        )
    )
function testform_validate(Pieform $form, $values) {
);
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
 
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
function testform_validate(Pieform $form, $values) {
    }
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
}
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
    }
function testform_submit(Pieform $form, $values) {
}
    global $SESSION;
 
    // Normally here you would save the submitted values into the database
function testform_submit(Pieform $form, $values) {
    global $SESSION;
    // If you set this up as a JS form, use json_reply()
    // Normally here you would save the submitted values into the database
    if (!empty($values['lastname'])) {
 
        $name = "{$values['firstname']} {$values['lastname']}";
    // If you set this up as a JS form, use json_reply()
    } else {
    if (!empty($values['lastname'])) {
        $name = $values['firstname'];
        $name = "{$values['firstname']} {$values['lastname']}";
    }
    } else {
    $SESSION->add_ok_msg("Kia ora, {$name}!");
        $name = $values['firstname'];
    redirect(get_config('wwwroot') . 'test.php');
    }
}
    $SESSION->add_ok_msg("Kia ora, {$name}!");
    redirect(get_config('wwwroot') . 'test.php');
// Instantiate the smarty object.
}
$smarty = smarty();
 
// Variables you assign to the smarty become accessible in the template
// When you call pieform(), the Pieforms library does a bunch of automagical stuff.
$smarty->assign('hard_coded', $hardcoded);
// It checks whether the form was submitted, and if so calls the form's validate
$smarty->assign('user_raw', $userraw);
// and/or submit callback functions, which usually results in a call to redirect(), ending
// the page load.
// When you call pieform(), the Pieforms library does a bunch of automagical stuff.
// If the form wasn't yet submitted, then pieform() renders the form into the necessary
// It checks whether the form was submitted, and if so calls the form's validate
// HTML to print it on the page.
// and/or submit callback functions, which usually results in a call to redirect(), ending
// IMPORTANT: all pieform rendering needs to happen before calling smarty() for javascript
// the page load.
// to be added to the page correctly
// If the form wasn't yet submitted, then pieform() renders the form into the necessary
$formhtml = pieform($form);
// HTML to print it on the page.
 
$formhtml = pieform($form);
// Instantiate the smarty object.
$smarty->assign('form', $formhtml);
$smarty = smarty();
// Variables you assign to the smarty become accessible in the template
// Specify the template file path, relative to htdocs/theme/raw/templates/
$smarty->assign('hard_coded', $hardcoded);
$smarty->display('test.tpl');
$smarty->assign('user_raw', $userraw);
 
/* The contents of htdocs/theme/raw/templates/test.tpl should look like this:
$smarty->assign('form', $formhtml);
{include file="header.tpl"}
 
&lt;!-- Stuff in here is HTML except for the bits in curly braces -->
// Specify the template file path, relative to htdocs/theme/raw/templates/
$smarty->display('test.tpl');
&lt;!-- All variables printed here are run through an HTML escaping process, unless
</source>
they have the "|safe" tag. -->
 
{$hard_coded|safe}
The contents of htdocs/theme/raw/templates/test.tpl should look like this:
 
&lt;!-- Uncleaned user data shouldn't be considered safe -->
<source lang="smarty" enclose="div">
{$user_raw}
{include file="header.tpl"}
<!-- Stuff in here is HTML except for the bits in curly braces -->
&lt;!-- Any function in the calling PHP file's namespace can be invoked by adding
 
it after a "|" in the curly brackets -->
<!-- All variables printed here are run through an HTML escaping process, unless
{$hard_coded|strtoupper}
they have the "|safe" tag. -->
{$hard_coded|safe}
&lt;!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
 
{$form|safe}
<!-- Uncleaned user data shouldn't be considered safe -->
{include file="footer.tpl"}
{$user_raw}
  */
 
<!-- Any function in the calling PHP file's namespace can be invoked by adding
it after a "|" in the curly brackets -->
{$hard_coded|strtoupper}
 
<!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
{$form|safe}
{include file="footer.tpl"}
</source>

Latest revision as of 15:43, 12 March 2014

These are the templates for all new PHP files. There is a different template depending on whether you file is able to be publicly hittable or not.

This project uses PHPDoc for API documentation. This project is also licensed under the GPL, which causes some header bloat (it is a requirement of licensing your program under the GPL, see http://www.gnu.org/copyleft/gpl.html ).

Template for files you expect to be hit by visitors

/**
 *
 * @package    mahara
 * @subpackage core or plugintype/pluginname
 * @author     Firstname Lastname
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
 *
 */

define('INTERNAL', 1);
require('init.php');

// Your code here :)

Template for files you do NOT want to be hit by visitors

/**
 *
 * @package    mahara
 * @subpackage core or plugintype/pluginname
 * @author     Firstname Lastname
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
 *
 */

defined('INTERNAL') || die();

// Your code here :)


Notes:

  • Omit the closing php tag "?>"
  • Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
  • The author field should always be a person (or more than one), not a company

Sample page using pieforms and dwoo

<?php

define('INTERNAL', 1);
require('init.php');
require_once('pieforms/pieform.php');

// Get data from the user by using the param_ functions, which will whitelist
// the input
$userint = param_integer('int',0);
// If none of the whitelisting options is acceptable, you can use param_variable,
// but be careful not to print the results to the screen without cleaning them
// first. That's a XSS vulnerability.
$userraw = param_variable('raw', 'no user input provided');

// Generate page content
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
// they can be internationalized with get_string()
$hardcoded = "This is a hard-coded string";

// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
// Normally you'd populate the default values with values from the DB
$form = array(
    'name' => 'testform',
    'method' => 'post',
    'action' => "", // self
    'successcallback' => 'testform_submit', // defaults to name_submit
    'validatecallback' => 'testform_validate', // defaults to name_validate
    'elements' => array(
        'fullname' => array(
            'type' => 'fieldset',
            'legend' => "Your name", // should use get_string()...
            'elements' => array(
                'firstname' => array(
                    'type' => 'text',
                    'title' => "First name", // should use get_string()
                    'description' => "Your first, or given name", // get_string()
                    'help' => "Surely you know your own first name.", // get_string()
                    'defaultvalue' => 'Joe',
                    'rules' => array(
                        'required' => true
                    )
                ),
                'lastname' => array(
                    'type' => 'text',
                    'title' => "Last name", // get_string()
                    'defaultvalue' => 'Schmoe',
                    'description' => "Your last, or family name", // get_string()
                )
            )
        ),
        'submitbtn' => array(
            'type' => 'submit',
            'value' => "Submit" // get_string()
        )
    )
);

function testform_validate(Pieform $form, $values) {
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
    }
}

function testform_submit(Pieform $form, $values) {
    global $SESSION;
    // Normally here you would save the submitted values into the database

    // If you set this up as a JS form, use json_reply()
    if (!empty($values['lastname'])) {
        $name = "{$values['firstname']} {$values['lastname']}";
    } else {
        $name = $values['firstname'];
    }
    $SESSION->add_ok_msg("Kia ora, {$name}!");
    redirect(get_config('wwwroot') . 'test.php');
}

// When you call pieform(), the Pieforms library does a bunch of automagical stuff.
// It checks whether the form was submitted, and if so calls the form's validate
// and/or submit callback functions, which usually results in a call to redirect(), ending
// the page load.
// If the form wasn't yet submitted, then pieform() renders the form into the necessary
// HTML to print it on the page.
// IMPORTANT: all pieform rendering needs to happen before calling smarty() for javascript
// to be added to the page correctly
$formhtml = pieform($form);

// Instantiate the smarty object.
$smarty = smarty();
// Variables you assign to the smarty become accessible in the template
$smarty->assign('hard_coded', $hardcoded);
$smarty->assign('user_raw', $userraw);

$smarty->assign('form', $formhtml);

// Specify the template file path, relative to htdocs/theme/raw/templates/
$smarty->display('test.tpl');

The contents of htdocs/theme/raw/templates/test.tpl should look like this:

{include file="header.tpl"}
<!-- Stuff in here is HTML except for the bits in curly braces -->

<!-- All variables printed here are run through an HTML escaping process, unless
they have the "|safe" tag. -->
{$hard_coded|safe}

<!-- Uncleaned user data shouldn't be considered safe -->
{$user_raw}

<!-- Any function in the calling PHP file's namespace can be invoked by adding
it after a "|" in the curly brackets -->
{$hard_coded|strtoupper}

<!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
{$form|safe}
{include file="footer.tpl"}