Actions

Difference between revisions of "BasicPHPFileTemplates"

From Mahara Wiki

(removed reference to non-existant /examples, removed require('init.php) for non-hittable files)
(Sample page using pieforms and dwoo)
 
(20 intermediate revisions by 4 users not shown)
Line 3: Line 3:
 
This project uses PHPDoc for API documentation. This project is also licensed under the GPL, which causes some header bloat (it is a requirement of licensing your program under the GPL, see [http://www.gnu.org/copyleft/gpl.html <span style="white-space: nowrap">http://www.gnu.org/copyleft/gpl.html</span>] ).
 
This project uses PHPDoc for API documentation. This project is also licensed under the GPL, which causes some header bloat (it is a requirement of licensing your program under the GPL, see [http://www.gnu.org/copyleft/gpl.html <span style="white-space: nowrap">http://www.gnu.org/copyleft/gpl.html</span>] ).
  
<div id="section_1">
+
==Template for files you expect to be hit by visitors==
  
===Template for files you expect to be hit by visitors===
+
<source lang="php" enclose="div">
 +
/**
 +
*
 +
* @package    mahara
 +
* @subpackage core or plugintype/pluginname
 +
* @author    Firstname Lastname
 +
* @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 +
* @copyright  For copyright information on Mahara, please see the README file distributed with this software.
 +
*
 +
*/
  
.
+
define('INTERNAL', 1);
  *
+
require('init.php');
  * @package    mahara
+
 
  * @subpackage core
+
// Your code here :)
  * @author    Firstname Lastname
+
</source>
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
+
 
  * @copyright  (C) 2010 Firstname Lastname
+
==Template for files you do NOT want to be hit by visitors==
  *
 
  */
 
 
  define('INTERNAL', 1);
 
  require('init.php');
 
 
  // Your code here :)
 
 
  
</div><div id="section_2">
+
<source lang="php" enclose="div">
 +
/**
 +
*
 +
* @package    mahara
 +
* @subpackage core or plugintype/pluginname
 +
* @author    Firstname Lastname
 +
* @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 +
* @copyright  For copyright information on Mahara, please see the README file distributed with this software.
 +
*
 +
*/
  
===Template for files you do NOT want to be hit by visitors===
+
defined('INTERNAL') || die();
  
.
+
// Your code here :)
  *
+
</source>
  * @package    mahara
 
  * @subpackage core or plugintype/pluginname
 
  * @author    Firstname Lastname
 
  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
 
  * @copyright  (C) 2010 Firstname Lastname
 
  *
 
  */
 
 
  defined('INTERNAL') || die();
 
 
  // Your code here :)
 
 
   
 
   
  
Line 45: Line 44:
  
 
* Omit the closing php tag "?&gt;"
 
* Omit the closing php tag "?&gt;"
* Catalyst employees should assign copyright to "Catalyst IT Ltd [http://catalyst.net.nz/ <span style="white-space: nowrap">http://catalyst.net.nz</span>]", if they are working on the project in company time.
+
* Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
 +
* The author field should always be a person (or more than one), not a company
 +
 
 +
== Sample page using pieforms and dwoo ==
 +
 
 +
<source lang="php" enclose="div">
 +
<?php
 +
 
 +
define('INTERNAL', 1);
 +
require('init.php');
 +
require_once('pieforms/pieform.php');
 +
 
 +
// Get data from the user by using the param_ functions, which will whitelist
 +
// the input
 +
$userint = param_integer('int',0);
 +
// If none of the whitelisting options is acceptable, you can use param_variable,
 +
// but be careful not to print the results to the screen without cleaning them
 +
// first. That's a XSS vulnerability.
 +
$userraw = param_variable('raw', 'no user input provided');
 +
 
 +
// Generate page content
 +
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
 +
// they can be internationalized with get_string()
 +
$hardcoded = "This is a hard-coded string";
 +
 
 +
// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
 +
// Normally you'd populate the default values with values from the DB
 +
$form = array(
 +
    'name' => 'testform',
 +
    'method' => 'post',
 +
    'action' => "", // self
 +
    'successcallback' => 'testform_submit', // defaults to name_submit
 +
    'validatecallback' => 'testform_validate', // defaults to name_validate
 +
    'elements' => array(
 +
        'fullname' => array(
 +
            'type' => 'fieldset',
 +
            'legend' => "Your name", // should use get_string()...
 +
            'elements' => array(
 +
                'firstname' => array(
 +
                    'type' => 'text',
 +
                    'title' => "First name", // should use get_string()
 +
                    'description' => "Your first, or given name", // get_string()
 +
                    'help' => "Surely you know your own first name.", // get_string()
 +
                    'defaultvalue' => 'Joe',
 +
                    'rules' => array(
 +
                        'required' => true
 +
                    )
 +
                ),
 +
                'lastname' => array(
 +
                    'type' => 'text',
 +
                    'title' => "Last name", // get_string()
 +
                    'defaultvalue' => 'Schmoe',
 +
                    'description' => "Your last, or family name", // get_string()
 +
                )
 +
            )
 +
        ),
 +
        'submitbtn' => array(
 +
            'type' => 'submit',
 +
            'value' => "Submit" // get_string()
 +
        )
 +
    )
 +
);
 +
 
 +
function testform_validate(Pieform $form, $values) {
 +
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
 +
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
 +
    }
 +
}
 +
 
 +
function testform_submit(Pieform $form, $values) {
 +
    global $SESSION;
 +
    // Normally here you would save the submitted values into the database
 +
 
 +
    // If you set this up as a JS form, use json_reply()
 +
    if (!empty($values['lastname'])) {
 +
        $name = "{$values['firstname']} {$values['lastname']}";
 +
    } else {
 +
        $name = $values['firstname'];
 +
    }
 +
    $SESSION->add_ok_msg("Kia ora, {$name}!");
 +
    redirect(get_config('wwwroot') . 'test.php');
 +
}
 +
 
 +
// When you call pieform(), the Pieforms library does a bunch of automagical stuff.
 +
// It checks whether the form was submitted, and if so calls the form's validate
 +
// and/or submit callback functions, which usually results in a call to redirect(), ending
 +
// the page load.
 +
// If the form wasn't yet submitted, then pieform() renders the form into the necessary
 +
// HTML to print it on the page.
 +
// IMPORTANT: all pieform rendering needs to happen before calling smarty() for javascript
 +
// to be added to the page correctly
 +
$formhtml = pieform($form);
 +
 
 +
// Instantiate the smarty object.
 +
$smarty = smarty();
 +
// Variables you assign to the smarty become accessible in the template
 +
$smarty->assign('hard_coded', $hardcoded);
 +
$smarty->assign('user_raw', $userraw);
 +
 
 +
$smarty->assign('form', $formhtml);
 +
 
 +
// Specify the template file path, relative to htdocs/theme/raw/templates/
 +
$smarty->display('test.tpl');
 +
</source>
 +
 
 +
The contents of htdocs/theme/raw/templates/test.tpl should look like this:
 +
 
 +
<source lang="smarty" enclose="div">
 +
{include file="header.tpl"}
 +
<!-- Stuff in here is HTML except for the bits in curly braces -->
 +
 
 +
<!-- All variables printed here are run through an HTML escaping process, unless
 +
they have the "|safe" tag. -->
 +
{$hard_coded|safe}
 +
 
 +
<!-- Uncleaned user data shouldn't be considered safe -->
 +
{$user_raw}
 +
 
 +
<!-- Any function in the calling PHP file's namespace can be invoked by adding
 +
it after a "|" in the curly brackets -->
 +
{$hard_coded|strtoupper}
  
</div>
+
<!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
 +
{$form|safe}
 +
{include file="footer.tpl"}
 +
</source>

Latest revision as of 15:43, 12 March 2014

These are the templates for all new PHP files. There is a different template depending on whether you file is able to be publicly hittable or not.

This project uses PHPDoc for API documentation. This project is also licensed under the GPL, which causes some header bloat (it is a requirement of licensing your program under the GPL, see http://www.gnu.org/copyleft/gpl.html ).

Template for files you expect to be hit by visitors

/**
 *
 * @package    mahara
 * @subpackage core or plugintype/pluginname
 * @author     Firstname Lastname
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
 *
 */

define('INTERNAL', 1);
require('init.php');

// Your code here :)

Template for files you do NOT want to be hit by visitors

/**
 *
 * @package    mahara
 * @subpackage core or plugintype/pluginname
 * @author     Firstname Lastname
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
 *
 */

defined('INTERNAL') || die();

// Your code here :)


Notes:

  • Omit the closing php tag "?>"
  • Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
  • The author field should always be a person (or more than one), not a company

Sample page using pieforms and dwoo

<?php

define('INTERNAL', 1);
require('init.php');
require_once('pieforms/pieform.php');

// Get data from the user by using the param_ functions, which will whitelist
// the input
$userint = param_integer('int',0);
// If none of the whitelisting options is acceptable, you can use param_variable,
// but be careful not to print the results to the screen without cleaning them
// first. That's a XSS vulnerability.
$userraw = param_variable('raw', 'no user input provided');

// Generate page content
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
// they can be internationalized with get_string()
$hardcoded = "This is a hard-coded string";

// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
// Normally you'd populate the default values with values from the DB
$form = array(
    'name' => 'testform',
    'method' => 'post',
    'action' => "", // self
    'successcallback' => 'testform_submit', // defaults to name_submit
    'validatecallback' => 'testform_validate', // defaults to name_validate
    'elements' => array(
        'fullname' => array(
            'type' => 'fieldset',
            'legend' => "Your name", // should use get_string()...
            'elements' => array(
                'firstname' => array(
                    'type' => 'text',
                    'title' => "First name", // should use get_string()
                    'description' => "Your first, or given name", // get_string()
                    'help' => "Surely you know your own first name.", // get_string()
                    'defaultvalue' => 'Joe',
                    'rules' => array(
                        'required' => true
                    )
                ),
                'lastname' => array(
                    'type' => 'text',
                    'title' => "Last name", // get_string()
                    'defaultvalue' => 'Schmoe',
                    'description' => "Your last, or family name", // get_string()
                )
            )
        ),
        'submitbtn' => array(
            'type' => 'submit',
            'value' => "Submit" // get_string()
        )
    )
);

function testform_validate(Pieform $form, $values) {
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
    }
}

function testform_submit(Pieform $form, $values) {
    global $SESSION;
    // Normally here you would save the submitted values into the database

    // If you set this up as a JS form, use json_reply()
    if (!empty($values['lastname'])) {
        $name = "{$values['firstname']} {$values['lastname']}";
    } else {
        $name = $values['firstname'];
    }
    $SESSION->add_ok_msg("Kia ora, {$name}!");
    redirect(get_config('wwwroot') . 'test.php');
}

// When you call pieform(), the Pieforms library does a bunch of automagical stuff.
// It checks whether the form was submitted, and if so calls the form's validate
// and/or submit callback functions, which usually results in a call to redirect(), ending
// the page load.
// If the form wasn't yet submitted, then pieform() renders the form into the necessary
// HTML to print it on the page.
// IMPORTANT: all pieform rendering needs to happen before calling smarty() for javascript
// to be added to the page correctly
$formhtml = pieform($form);

// Instantiate the smarty object.
$smarty = smarty();
// Variables you assign to the smarty become accessible in the template
$smarty->assign('hard_coded', $hardcoded);
$smarty->assign('user_raw', $userraw);

$smarty->assign('form', $formhtml);

// Specify the template file path, relative to htdocs/theme/raw/templates/
$smarty->display('test.tpl');

The contents of htdocs/theme/raw/templates/test.tpl should look like this:

{include file="header.tpl"}
<!-- Stuff in here is HTML except for the bits in curly braces -->

<!-- All variables printed here are run through an HTML escaping process, unless
they have the "|safe" tag. -->
{$hard_coded|safe}

<!-- Uncleaned user data shouldn't be considered safe -->
{$user_raw}

<!-- Any function in the calling PHP file's namespace can be invoked by adding
it after a "|" in the curly brackets -->
{$hard_coded|strtoupper}

<!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
{$form|safe}
{include file="footer.tpl"}