Actions

Difference between revisions of "BasicPHPFileTemplates"

From Mahara Wiki

(clarify licensing related stuff)
Line 47: Line 47:
 
* Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
 
* Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
 
* The author field should always be a person (or more than one), not a company
 
* The author field should always be a person (or more than one), not a company
 +
 +
=== Sample page using pieforms and dwoo ===
 +
 +
<?php
 +
 +
define('INTERNAL', 1);
 +
require('init.php');
 +
 +
// Get data from the user by using the param_ functions, which will whitelist
 +
// the input
 +
$userint = param_integer('int',0);
 +
// If none of the whitelisting options is acceptable, you can use param_variable,
 +
// but be careful not to print the results to the screen without cleaning them
 +
// first. That's a XSS vulnerability.
 +
$userraw = param_variable('raw', 'no user input provided');
 +
 +
// Generate page content
 +
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
 +
// they can be internationalized with get_string()
 +
$hardcoded = "This is a hard-coded string";
 +
 +
// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
 +
// Normally you'd populate the default values with values from the DB
 +
$form = array(
 +
    'name' => 'testform',
 +
    'method' => 'post',
 +
    'action' => '', // self
 +
    'successcallback' => 'testform_submit', // defaults to name_submit
 +
    'validatecallback' => 'testform_validate', // defaults to name_validate
 +
    'elements' => array(
 +
        'fullname' => array(
 +
            'type' => 'fieldset',
 +
            'legend' => "Your name", // should use get_string()...
 +
            'elements' => array(
 +
                'firstname' => array(
 +
                    'type' => 'text',
 +
                    'title' => "First name", // should use get_string()
 +
                    'description' => "Your first, or given name", // get_string()
 +
                    'help' => "Surely you know your own first name.", // get_string()
 +
                    'defaultvalue' => 'Joe',
 +
                    'rules' => array(
 +
                        'required' => true
 +
                    )
 +
                ),
 +
                'lastname' => array(
 +
                    'type' => 'text',
 +
                    'title' => "Last name", // get_string()
 +
                    'defaultvalue' => 'Schmoe',
 +
                    'description' => "Your last, or family name", // get_string()
 +
                )
 +
            )
 +
        ),
 +
        'submitbtn' => array(
 +
            'type' => 'submit',
 +
            'value' => "Submit" // get_string()
 +
        )
 +
    )
 +
);
 +
 +
function testform_validate(Pieform $form, $values) {
 +
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
 +
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
 +
    }
 +
}
 +
 +
function testform_submit(Pieform $form, $values) {
 +
    global $SESSION;
 +
    // Normally here you would save the submitted values into the database
 +
 +
    // If you set this up as a JS form, use json_reply()
 +
    if (!empty($values['lastname'])) {
 +
        $name = "{$values['firstname']} {$values['lastname']}";
 +
    } else {
 +
        $name = $values['firstname'];
 +
    }
 +
    $SESSION->add_ok_msg("Kia ora, {$name}!");
 +
    redirect(get_config('wwwroot') . 'test.php');
 +
}
 +
 +
// Instantiate the smarty object.
 +
$smarty = smarty();
 +
// Variables you assign to the smarty become accessible in the template
 +
$smarty->assign('hard_coded', $hardcoded);
 +
$smarty->assign('user_raw', $userraw);
 +
$smarty->assign('form', pieform($form)); // even a pieform!
 +
// Specify the template file path, relative to htdocs/theme/raw/templates/
 +
$smarty->display('test.tpl');
 +
 +
/* The contents of htdocs/theme/raw/templates/test.tpl should look like this:
 +
{include file="header.tpl"}
 +
<!-- Stuff in here is HTML except for the bits in curly braces -->
 +
 +
<!-- All variables printed here are run through an HTML escaping process, unless
 +
they have the "|safe" tag. -->
 +
{$hard_coded|safe}
 +
 +
<!-- Uncleaned user data shouldn't be considered safe -->
 +
{$user_raw}
 +
 +
<!-- Any function in the calling PHP file's namespace can be invoked by adding
 +
it after a | i the curly brackets -->
 +
{$hard_coded|strtoupper}
 +
 +
<!-- The output from pieform() is the HTML output of the form. So you can just print it. -->
 +
{$form|safe}
 +
{include file="footer.tpl"}
 +
  */

Revision as of 17:59, 27 February 2013

These are the templates for all new PHP files. There is a different template depending on whether you file is able to be publicly hittable or not.

This project uses PHPDoc for API documentation. This project is also licensed under the GPL, which causes some header bloat (it is a requirement of licensing your program under the GPL, see http://www.gnu.org/copyleft/gpl.html ).

Template for files you expect to be hit by visitors

.
/**
  * Mahara: Electronic portfolio, weblog, resume builder and social networking
  * Copyright (C) 2011 Copyright Holder
  *
  * (rest of the GPL statement)
  *
  * @package    mahara
  * @subpackage core or plugintype/pluginname
  * @author     Firstname Lastname
  */

 define('INTERNAL', 1);
 require('init.php');

 // Your code here :)

Template for files you do NOT want to be hit by visitors

.
/**
  * Mahara: Electronic portfolio, weblog, resume builder and social networking
  * Copyright (C) 2011 Copyright Holder
  *
  * (rest of the GPL statement)
  *
  * @package    mahara
  * @subpackage core or plugintype/pluginname
  * @author     Firstname Lastname
  */

 defined('INTERNAL') || die();

 // Your code here :)

Notes:

  • Omit the closing php tag "?>"
  • Catalyst employees should assign copyright to "Catalyst IT Ltd", if they are working on the project in company time.
  • The author field should always be a person (or more than one), not a company

Sample page using pieforms and dwoo

<?php

define('INTERNAL', 1);
require('init.php');

// Get data from the user by using the param_ functions, which will whitelist
// the input
$userint = param_integer('int',0);
// If none of the whitelisting options is acceptable, you can use param_variable,
// but be careful not to print the results to the screen without cleaning them
// first. That's a XSS vulnerability.
$userraw = param_variable('raw', 'no user input provided');

// Generate page content
// NOTE: Normally you should put hard-coded strings into a lang file under /lang, so that
// they can be internationalized with get_string()
$hardcoded = "This is a hard-coded string";

// See https://wiki.mahara.org/index.php/Developer_Area/Core_Subsystems/Form_API_%28Pieforms%29
// Normally you'd populate the default values with values from the DB
$form = array(
    'name' => 'testform',
    'method' => 'post',
    'action' => , // self
    'successcallback' => 'testform_submit', // defaults to name_submit
    'validatecallback' => 'testform_validate', // defaults to name_validate
    'elements' => array(
        'fullname' => array(
            'type' => 'fieldset',
            'legend' => "Your name", // should use get_string()...
            'elements' => array(
                'firstname' => array(
                    'type' => 'text',
                    'title' => "First name", // should use get_string()
                    'description' => "Your first, or given name", // get_string()
                    'help' => "Surely you know your own first name.", // get_string()
                    'defaultvalue' => 'Joe',
                    'rules' => array(
                        'required' => true
                    )
                ),
                'lastname' => array(
                    'type' => 'text',
                    'title' => "Last name", // get_string()
                    'defaultvalue' => 'Schmoe',
                    'description' => "Your last, or family name", // get_string()
                )
            )
        ),
        'submitbtn' => array(
            'type' => 'submit',
            'value' => "Submit" // get_string()
        )
    )
);

function testform_validate(Pieform $form, $values) {
    if (isset($values['lastname']) && $values['firstname'] == 'Joe' && $values['lastname'] == 'Schmoe') {
        $form->set_error('lastname', "That's not your real name! That was the default."); // get_string()
    }
}

function testform_submit(Pieform $form, $values) {
    global $SESSION;
    // Normally here you would save the submitted values into the database

    // If you set this up as a JS form, use json_reply()
    if (!empty($values['lastname'])) {
        $name = "{$values['firstname']} {$values['lastname']}";
    } else {
        $name = $values['firstname'];
    }
    $SESSION->add_ok_msg("Kia ora, {$name}!");
    redirect(get_config('wwwroot') . 'test.php');
}

// Instantiate the smarty object.
$smarty = smarty();
// Variables you assign to the smarty become accessible in the template
$smarty->assign('hard_coded', $hardcoded);
$smarty->assign('user_raw', $userraw);
$smarty->assign('form', pieform($form)); // even a pieform!
// Specify the template file path, relative to htdocs/theme/raw/templates/
$smarty->display('test.tpl');

/* The contents of htdocs/theme/raw/templates/test.tpl should look like this:
{include file="header.tpl"}

{$hard_coded|safe}

{$user_raw}

{$hard_coded|strtoupper}

{$form|safe}
{include file="footer.tpl"}
 */