-2

I'm an iPhone developer who's new to web development. I'm experienced HTML and CSS, but I'm new to PHP, and installed MAMP on my mac.

I'm writing a website for someone who needs a basic CMS (I think that's the right term!). Basic info that they will need to edit such as home page text, about section, etc. I have set up as php includes on txt files. Like this (on the home page):

<?php include 'homeText.txt' ?>

I've also setup an admin.php page where admins can login to edit the site's content. (When I say login I mean if (username == x && password == x) with hardcoded values).

In this page I'd like to have a drop-down, allowing the user to select a text file to open, and when they choose one, it opens up in a rich text editor. (Any formatting would be HTML, which the rich editor would parse, to show formatted text).

Does anyone know of a suitable, open-source rich HTML editor that I could easily embed into a PHP page, and send the resulting HTML off on a PHP post to write to the file?

Thanks in advance - sorry for asking such a beginner question!

Jeromy French
  • 11,812
  • 19
  • 76
  • 129
Alex Coplan
  • 13,211
  • 19
  • 77
  • 138
  • 2
    learnt PHP yesterday? You mean it took a whole day!? I'm a bit slower, I've been learning it for 5 years and I still don't quite get it sometimes :) – vascowhite Aug 01 '11 at 11:24
  • 1
    *started learning: http://blog.themeforest.net/screencasts/diving-into-php-video-series/ - I found that really useful, and you pick it up quickly after doing iPhone stuff :) – Alex Coplan Aug 01 '11 at 11:27
  • possible duplicate of [Textarea toolbar?](http://stackoverflow.com/questions/6852602/textarea-toolbar) – symcbean Aug 01 '11 at 12:00

1 Answers1

1

you are doing it wrong way, i highly doubt that you can develop the application so sooner, as you said you only started learning PHP from yesterday, your examples shows that you are very poor in understating the basics of server side language, you said you would check the login with if (username == x && password == x) this is totally wrong way of doing it, instead you should use database like MySQL to store and check the login credentials i.e via $_SESSION (Session Variable), to be more precise,

Consider a Login Form

<form action="checkLogin.php" method="post">
    <input type = "text" name="username"/>
    <input type = "password" name = "password"/>
    <input type = "submit" name = "submit" value ="login"/>
</form>

It is always better to have database, consider the following database with the following tables and values.

CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(50) NOT NULL,
  `password` varchar(50) NOT NULL,
  PRIMARY KEY (`id`),
);
INSERT INTO `users` VALUES('First User', '6c049bc0f30da673d0a82c5bd1a13cde');
INSERT INTO `users` VALUES('Second User', '6a6150f8eb2c263a31eb91487bebf1d6');
INSERT INTO `users` VALUES('Third User', '2fd7e7348da8dd5f67103b15be525859');

the second argument is hashed values of your password, i have used md5(), you can use sha1() or others too.

Now to check the login credentials you need to write the following code in your checkLogin.php

<?php
if(isset($_POST['submit'])) {
    $username = mysql_real_escape_string($_POST['username']);
    $password = sha1(mysql_real_escape_string($_POST['password']));
    $result = mysql_query('SELECT id, username FROM users WHERE users.username = '.$username.' AND users.username =.'$password) or die('unable to select database');
    if(mysql_num_rows($sesult) > 0) {
        $row = mysql_fetch_array($result);
        $_SESSION['userId'] = $row['userId'];
    }   
}
?>

in other pages if you want to check if the user is logged so that you can give him access, then you simply need to check Session Variables

if(isset($_SESSION['userId'])) {
    //Give Page Access to this user.
}

This is just a basic and rough idea about how PHP works, to get you started i would recommend you check out this tutorial for Novice. http://devzone.zend.com/article/627

Ibrahim Azhar Armar
  • 25,288
  • 35
  • 131
  • 207
  • 1
    You should NEVER use md5 for passwords. You should always use SHA1 or something more secure. [link](http://en.wikipedia.org/wiki/MD5#Security) Other then the MD5 issue, the rest of the code looks correct – Jesse Aug 01 '11 at 12:26
  • 1
    You make a point, though you are absolutely not answering the question :p – Matthieu Napoli Aug 01 '11 at 12:27
  • Sorry I didn't make this clear I am absolutely going to implement mysql, and just checking the login like that is of course completely wrong - that's just very temporary (and I am using a login form with post already. – Alex Coplan Aug 01 '11 at 18:36
  • Also can you use the password('myPassword') function to generate password hashes? – Alex Coplan Aug 01 '11 at 18:36
  • Also like to say (although it didn't answer the question) your answer was very helpful, especially the $_SESSION bit, I was wondering about that... – Alex Coplan Aug 01 '11 at 18:47
  • @Alex go ahead and read the article i have posted the link, it covers most of the basic you need to know. and php does not comes with any function such as `password()` to store the password you need to convert it into hash like md5, sha1 etc. – Ibrahim Azhar Armar Aug 01 '11 at 19:09
  • and also if you find this useful, you can mark it as answered :) – Ibrahim Azhar Armar Aug 01 '11 at 19:09
  • this is where I got the password() command from (it might be a SQL thing??) in this sql block to change the root user password for the mysql db - `update user set password = password('myPassword') where user = 'root';` – Alex Coplan Aug 01 '11 at 19:14
  • don't worry - have done sha1 encryption :) – Alex Coplan Aug 01 '11 at 20:49
  • -1: use of deprecated API, use of insecure hashing algorithms (md5 and sha1) – tereško May 27 '14 at 06:14