By Harish Kamath

This article copyright Melonfire 2000-2002. All rights reserved.

Table of Contents
Bells And Whistles . . . Adopting A Moderate Approach If Looks Could Kill... . . . Bringing In The Database . . A Well-Formed Plan . . . When Things Go Wrong . . Locking It Down . . . . Over And Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 2 3 5 7 9 10 12

Printed from DevShed.com i

Bells And Whistles

In the first part of this article, I gave you a quick rundown on the patGuestbook application, right from downloading the application to the nitty-gritty of installation, configuration and basic usage. This was followed by an express introduction to guestbook creation and deployment. Now, in this concluding article, I shall focus on some of the bells and whistles offered by the application to the more enthusiastic developers out there (count me in as a permanent member of this group). Among the items under discussion: controlling the entries listed in the guestbook, customizing the user interface with the included patTemplate class, and protecting access to the applications administration module. Keep reading!

Printed from DevShed.com 1

Adopting A Moderate Approach

If you recollect, one of the options available at guestbook creation time was related to guestbook entry moderation. In the first part of this article, I had decided to leave this at its default setting and not moderate the entries for my guestbook; as a result, entries were immediately displayed on the site as soon as they were entered. However, in the real world, it is often essential to moderate the entries in the guestbook, and thereby control the content displayed to other visitors. And this is where patGuestbooks moderation feature comes in handy. In order to enable moderation, you need to navigate back to the administration module, and select the "Voice of the People" entry from the drop-down menu at the top of the page. On the resulting information screen, navigate to the "General Settings" section, and check the box for guestbook moderation. Use the "Save Changes" button to record your changes, and the job is

done! Now, whenever a user tries to enter a comment in your guestbook, a message will appear indicating that the entry will be moderated, The administrator - in other words, you - can then selectively approve or reject each comment via the site administration module. In order to do this, navigate back to the administration module, and select the "Voice of the People" entry from the drop-down menu at the top of the page. On the resulting information screen, navigate to the "General Settings" section and you will be presented with a list of all active and

You can update the status of inactive entries. each entry, and use the "Update Status" command to save your changes; all entries marked as active will not appear in the guestbook.

Printed from DevShed.com 2

If Looks Could Kill...

Next up, interface customization. As you may already know, patGuestbook is tightly integrated with a sister project, patTemplate, a powerful PHP-based template engine (if you dont know how patTemplate works, you should read the introductory material at http://www.devshed.com/Server_Side/PHP/patTemplate/patTemplate1 and only then proceed forward with this tutorial). This template engine makes it fairly easy to create your own skins for the patGuestbook interface (and even share them with others, if you so desire). First things first - where are the templates located? If you recollect, this location was specified as part of the configuration parameters located in the "patGuestbook.php" file in your installations "config" directory:

<?PHP// snip// Directory where the templates for subscription pages are stored$skins_dir = "skins";

Look inside this directory, and youll see a structure like this:

skins| --------- pat|

||

-------

img|

||

-------

Do those directory names ring a bell? They should - theyre the template names that appear every time you create a new guestbook. So, if you want to create your own set of templates, this is obviously a good way to start. Now, the patGuestbook application uses three different templates for rendering the user interface: 1. patGuestbookList.tmpl - this is the template that displays the entries in the guestbook 2. patGuestbookAdd.tmpl - this is the template which handles adding new entries to the guestbook 3. patGuestbookDisabled.tmpl - this template simply displays an error message when a particular guestbook is disabled Lets start with the "patGuestbookList.tmpl" file. To make things easier, Ill give you a quick peek at the desired output before I explain the templates innards to you. [image]image3.jpg[/image] Now, if you take a close look at it, youll see that this is very similar to the "textonly" template - all Ive really done is add a navigation menu to the left side of the page. Im going to call my new template "melonfire" (feel free to name your appropriately), and so my first task is to create a directory parallel to the "pat and "textonly" folders in the "skins" directory. Under this directory, Ill add an "img" directory to store images, and a "styles" directory to store stylesheets. Next up, the page layout. After much thought and coffee-napkin scrawls, I decided on a simple two-column layout for my guestbook, with the navigation bar in the left column and the main guestbook content in the right one. Heres the basic skeleton:

Printed from DevShed.com 3

<pattemplate:tmpl name="page"><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html

Since the menu on the left is going to be constant across all pages, it can be hardcoded into the template here it is:

<!-- menu --><table cellSpacing="0" cellPadding="0" border="0">

<tr>

<td><a href="http:

Of course, since the menu is going to be constant across the pages, you can even abstract it into another template - I leave that to you as an exercise.

Printed from DevShed.com 4

Bringing In The Database

At this point, I have identified the layout for the pages, and also shown you the menu that will be displayed on each page. Now for the most important item - connecting all this up to the patGuestbook database. Heres the code:

<table border="0" cellpadding="0" cellspacing="0"><tr>

<td class="textinvert" colspan="3">

Chaos, youre thinking...and rightly so. But let me help make some sense of it. 1. First, the page header, displaying the name of the guestbook.

<tr><td class="textinvert" colspan="3">

Welcome to {GB_NAME}!<br><br>

</td></tr>

{GB_NAME} is a special patGuestbook template variable that will be replaced by the name of the guestbook specified at run time - in this example, "Voice of the People". 2. Next, I have to define the template used for display of each field in the guestbook. In this example, I would like to display the name of the user along with the time at which the entry was saved.

<pattemplate:tmpl name="displayName" visibility="hidden" varscope="entry"type="simpleCondition" req

Once I am done with the users name via the {ENTRY_NAME} and {ENTRY_DATE} variables, I can proceed to the users email address and URL.

<pattemplate:tmpl name="displayEmail" visibility="hidden" varscope="entry"type="simpleCondition" re

Once again, two special patGuestbook variables -{ENTRY_EMAIL} and {ENTRY_HOMEPAGE} - are used to retrieve the information entered by the user. I can also display the appropriate labels for each field via the {LABEL_EMAIL} and {LABEL_HOMEPAGE} variables. How about displaying the heart of the guestbook - the users comments?

<pattemplate:tmpl name="displayEntry" visibility="hidden" varscope="entry"type="simpleCondition" re

Printed from DevShed.com 5

Finally, the rating field, which is also fairly straightforward.

<pattemplate:tmpl name="ratings" visibility="hidden">

<tr>

<td colspan="3"><img src="s

One of the configuration variables in the guestbook is the number of entries to be displayed on a single page. So, I also need to add paging logic, and a link to add new entries to the system.

<table width="550" cellpadding="1" cellspacing="0" border="0">

<tr>

<td>

The {URL_PREVIOUSPAGE} and {URL_NEXTPAGE} variables are used to display the links to the previous and next page, if required. the {URL_ADDENTRY} variable contains the URL that allows users to add a new entry to the guestbook.

Printed from DevShed.com 6

A Well-Formed Plan
So that takes care of the main guestbook page - now how about customizing the input form for new entries? Heres what it should look like,

and heres the code that makes it happen:

<form action="{DISPATCHER}" method="post" name="adder"><table border="0" cellpadding="0" cellspacin

Ugly isnt it? 1. First, the page header, displaying the name of the guestbook.

<table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr>

<td class="textinvert" alig

2. The template that displays a message to the user when moderation follows the header.

<!-- message for moderated guestbook --><pattemplate:tmpl name="moderated" visibility="hidden">Note

3. This is followed by a list of error messages, which are displayed when required fields are left empty.

<!-- errors --><pattemplate:tmpl name="errors" visibility="hidden"><table width="400" cellpadding="

Printed from DevShed.com 7

Feel free to edit the error messages above to reflect the personality and style of your site. 4. Finally, the meat of the template - the form that is displayed to the user. As usual, there are pre-defined patGuestbook templates that I can work with for this section. Remember to be careful when tweaking these templates (unless, of course, youre comfortable with patTemplate, in which case, tweak away!).

<table border="0" cellpadding="0" cellspacing="2" width="100%"><pattemplate:tmpl name="displayName"

For each field in the guestbook, I have two tags - one displaying the label and the other displaying the form field to the user. For example, for the users name, Ive used the {LABEL_NAME} variable for the label and the {ENTRY_NAME} variable for the text box that is displayed to the user.

Printed from DevShed.com 8

When Things Go Wrong

Finally, patGuestbook includes a template to display an error message to the user when a particular guestbook has been specifically disabled.

<p>&nbsp;</p>

<p>&nbsp;</p><form action="{DISPATCHER}" method="post" name="adder"><input

Pretty simple, this - plain ol HTML, no fancy-shmancy gimmicks or convoluted variables. In order to see what it looks like, turn off a guestbook from the administration module and try accessing it - you should see something like this:

Thats about it for the user interface templates that can be customized. If you thought that was easy and youre hankering for another challenge, you can always try customizing the administration module as well (alternatively, you could get up from your computer and go get yourself a life).

Printed from DevShed.com 9

Locking It Down
If there is one drawback to the patGuestbook application, it is the lack of security for the administration module. By default, patGuestbook leaves the entire administration section totally unprotected and open to malicious attacks. If youre using the Apache Web server (you probably are), you can access the servers authentication features to add basic security to this section. In order to illustrate how this works, lets consider a simple example. Lets assume the existence of the following directory structure:

/usr/local/apache/htdocs/patGuestbook/

example.php

Now, lets suppose that I want to protect the directory "admin". Its fairly simple to do with HTTP authentication. The first step is to ensure that your Apache build includes support for the "mod_auth" module. You can check this by executing the Apache binary with the "-l" command-line option.

$ /usr/local/apache/bin/httpd -lCompiled-in modules:

http_core.c

mod_env.c

mod_log_config.c

mod

If you dont see "mod_auth" in the list, youll need to recompile Apache with support for that module. Next, check Apaches configuration file, "httpd.conf", and ensure that the option

AllowOverride All

is present in the section for the server document root. This allows you to override global server settings via per-directory ".htaccess" control files. Next, create a file named ".htaccess" in the "admin" directory, and put the following lines into it:

AuthType BasicAuthUserFile /usr/local/apache/usersAuthName "patGuestbook Administration Module"Requ

This tells the server that access to the "admin" directory (the directory in which the ".htaccess" file is located) is to be controlled, and access is to be granted to users based on the username/password information in the file "/usr/local/apache/users" The final step is to create the "users" file. Change to the "/usr/local/apache" directory (or whichever directory youve decided to store the user data in) and use the "htpasswd" command:

Printed from DevShed.com 10

$ htpasswd -c users johnNew password: ****Re-type new password: ****Adding password for user john

You can add more users to this file if you like (remember to omit the "-c" parameter for all subsequent additions, as that parameter creates a brand-new, empty file). Remember *not* to store the "users" file in a directory under the server document root, or else malicious users will be able to view and download the password database through a browser. Now, attempt to access the "admin" directory via your Web browser. The browser should pop up a dialog box and prompt you for a username and password. Access to the "admin" directory will be granted only if you enter a correct username and password, as defined in the "users" file. Note that this is very primitive authentication, and can substantially add to the load on your Web server if it involves a large number of users. For a more comprehensive solution, take a look at http://www.devshed.com/Server_Side/PHP/UserAuth

Printed from DevShed.com 11

Over And Out

And thats about all we have time for. In this two-part article, I introduced you to patGuestbook, a PHP application that makes setting up a guestbook on your site as easy as clicking your way through a series of menus. I showed you how to create a new guestbook, configure required and optional fields, and explore rating possibilities in your guestbook. I also showed you how to moderate entries as they are added, customize the user interface via the patTemplate engine, and protect unauthorized access to your guestbook with simple HTTP authentication. In case youd like to learn more about the topics discussed in this tutorial, take a look at the following links: The official patGuestbook Web site, at http://www.php-tools.de/ Template-Based Web Development With patTemplate, at http://www.devshed.com/Server_Side/PHP/patTemplate User Authentication With Apache And PHP, at http://www.devshed.com/Server_Side/PHP/UserAuth Until next time...stay healthy! Note: All examples have been tested on Linux/i586 with Apache 1.3.28, PHP 4.2 and patGuestbook 1.0. Examples are illustrative only, and are not meant for a production environment. Melonfire provides no warranties or support for the source code described in this article. YMMV!

Printed from DevShed.com 12