Edit a page with content editable and save it using php

Question

I am trying to wrap my head around a project that I would like to work on to attempt to get more familiar with programming in PHP.

I want to create a website that's easy to update without a full blown CMS. I was thinking of using the HTML5 contenteditable widget.

What I envision is the following:

User logs in and a session is started that will allow php to echo the content editable tag so that it's only visible when a user is authenticated.
Once logged in, the user can make changes to the file and click a save button and the file will be updated. THIS IS WHERE I NEED HELP

Is it possible to update the php file you are currently on? If it is, does it involve ajax or just pure php? How do I pass the content within the contenteditable widget to be saved on the server? I don't want to use FTP so I'm assuming I have to learn how to do this with AJAX? I hate to ask but if you have example code that would be awesome!

Lastly, is this a super major security risk?

Thanks in advance!

Atlante

Yes, it can be done but your question is too broad and unfocused. Please try something first. When you're stuck/can't get something to work, come back here with the specific problem and we can help you. — M. Eriksson, Jan 16 '16 at 10:38
Atlante, are you still around. Kindly come and clarify other people here. I just made my attempt in doing it. Looks like your question is not reaching correctly to some people here. — Praveen Kumar Purushothaman, Jan 16 '16 at 10:49
@MagnusEriksson, thanks but a starting point is where I would like to be at. I understand the "broadness" of the question but I clearly don't even know where to begin. Thanks for your input though. — Atlante Avila, Jan 16 '16 at 16:59
@PraveenKumar, yes getting rid of forms would be ideal. I just want to learn how to submit the contenteditable div without a form. I believe it has to be done with Javascript since it's a JS widget essentially. Since it's a pretty unpopular question, I will be taking it down if I can't get a starting point. Thanks for your help, it is really appreciated! — Atlante Avila, Jan 16 '16 at 17:01
@AtlanteAvila Did you see the answer. You don't need to take it down. It is good. — Praveen Kumar Purushothaman, Jan 16 '16 at 19:26

score 1 · Answer 1 · answered Jan 16 '16 at 10:41

1

I just did something like that. Considering you have already built a <form> that has a textbox and a submit button:

<form action="update.php" method="post">
  <div><label for="textArea">Your Message</label></div>
  <div><textarea name="textArea" id="textArea"></textarea></div>
  <div><input type="submit" value="Save" /></div>
</form>

Now you just need to do only one thing. Remove the <form> and replace the <textarea> with a contentEditable <div> like this:

<strong>Your Message</strong>
<div contenteditable id="textArea"></div>
<input type="button" value="Save" id="saveBtn" />

As you know, the above too acts as a Rich Text Editor, now you just need to do only one thing. Using jQuery, post the form using AJAX and do something:

$(function () {
  $("#saveBtn").click(function () {
    var text = $("#textArea").html();
    var url = "update.php";
    $.post(url, {textArea: text}, function () {
      $("#textArea").css("background", "#ccc").prop("contenteditable", false);
      alert("Thanks for your message!");
    });
  });
});

And to answer your question about Security, well, you have to have a perfectly patched server and use a HTTPS. This has to be handled only by the server side. The modern browsers are really secure enough.

answered Jan 16 '16 at 10:41

Praveen Kumar Purushothaman

164,888
24
203
252

Ahah Kumar, voting down my answer in order to be at the top of the page shows your great mentality! Plus, giving the full code will not help Atlante that much, he is here to progress, not to have the full solution. GG. – Aziule Jan 16 '16 at 10:47
@sAyVII The OP clearly wants to **get rid of form to use `contenteditable`**. Please understand the question. – Praveen Kumar Purushothaman Jan 16 '16 at 10:47
@sAyVII In that case, if you think that way, I am removing the downvote. Happy now? Your answer is **WRONG**. Seriously, no way related to what OP asked. – Praveen Kumar Purushothaman Jan 16 '16 at 10:48
2

Forms aren't bad. There's absolutely no reason to get rid of them. If the OP don't want forms, it's probably because he doesn't really get the concept. What I would do is create a form, set some hidden CSRF-token (securty), add a hidden "content"-input and upon submit, copy the content of the editable element to the hidden content input and post it with Ajax. – M. Eriksson Jan 16 '16 at 20:03
@MagnusEriksson Yeah man, that's a good idea too. OP's current request, so have to be the one. – Praveen Kumar Purushothaman Jan 16 '16 at 20:29
Hi @PraveenKumar, what would update.php look like? This is the part I was a bit confused on. Thanks! I didn't realize what you were trying to do here originally I thought it was to create a form. But I can just wrap the div with a form tag visible only to admin users right? Thanks! – Atlante Avila Jan 16 '16 at 21:46
@AtlanteAvila Doesn't matter whether it is admin or user, but the thing is, this does the same thing what a form does. – Praveen Kumar Purushothaman Jan 16 '16 at 21:47

Edit a page with content editable and save it using php

1 Answers1