PDA

View Full Version : Building a CMS and I want to record content changes


lux
11-29-2006, 01:25 PM
Hey people,

So im building a simple cms, you know the sort of thing:

login/out
add, update, remove records
display info by joining a couple of tables and passing ids in the url
in php with mysql backend.

What i would like to do is somehow record a history or record changes.

e.g. ive got my news db table with a number of records which a user can update. Now if i take the simple approach i could have another table which records the news ID and has a field for the user to add a comment as to why they changed the article, but i was maybe hoping for something a little more sophisticated and was wondering if anyone had any ideas?

cheers people

davidj
11-29-2006, 02:14 PM
What your after is a logger

all my apps have this built in and you can make it very clever

create a LOG table with fields like ...

[date time stamp] [user] [message][other stuff]

then create an insert statement which populates this table

test it

paste the PHP insert script into a page on its own and save it off as logger.php

under every event throughout your app that you want to log just add an include("logger.php");

example

/////////////////////////////////////////////
//***************************//
// do stuff
$dbinsert = new dbConnect;
$dbinsert->setSQL("insert into table (batch_date, batch_time, batch_no, batch_idx ) values ('$today', '$time', '$batch_no', '$NextRowNum')");
$row = $dbinsert->insert($chem,$database);

//log stuff
include("logger.php");

/////////////////////////////////////////////
/////////////////////////////////////////////

lux
11-29-2006, 02:27 PM
yeah cheers thanks for that!

would you be able to list other helpful functionality that goes beyond the simple things i listed in my first post to help imporve the quality of a hand wriiten cms?

davidj
11-29-2006, 02:51 PM
These are some that you should have in your dev spec


are you securing each page to stop access by just typing a path into the address bar
displaying logged in user details
do passwords have a shelf life? ((force change after 30, 60, 90 days)
logoff function and kill all sessions
log every activity including login attempts
3 login attempts then lock account!!
passwords encrypted!
use refresh tags on every page with a 15 - 20 minute refresh redirect to the logoff page (killing all sessions) (additional security)
display all your log data in an admin area table(dont display all data as this table will get very heavy and will be unusable after a few months. Use a search engine to filter results as required)
Lock/unlock/delete accounts function

lux
11-29-2006, 03:03 PM
hehe ummmm, i havent covered half of those problems!

So you going to be creating a vid for each bullet point? haha, only joking

but how would you go about securing each page to stop access by just typing the path into the address bar. I have used DW's login feature to redirect a user from private pages (e.g. admin pages etc).

and how would you force change passwords after 30,60,90 days?

the rest i can manage

davidj
11-29-2006, 03:16 PM
I have used DW's login feature to redirect a user from private pages

that should be ok but i would test it to distruction


and how would you force change passwords after 30,60,90 days?


set a $today var using date() and mktime() (PHP);

set a $db_date var using $row['password_set_date']; and mktime()

Then calculate your days between both dates

then


IF($value > 30){header("location:new_password.php");}


you just do this calc in the login page before you allow entry so it will be in an elseif

domedia
11-29-2006, 03:16 PM
'Simple CMS' .. Sounds like an oxymoron to me, and I think that's what you're discovering right now.

lux
11-29-2006, 03:28 PM
yeah,

i think 'basic' or 'my first cms' would be a better suited description! hehe

cheers davidj will look to implement what you have described.

lux
12-05-2006, 03:34 PM
hey dj,

could you give a quick account of how to achieve this:

'3 login attempts then lock account!!'

regards

Lux

davidj
12-05-2006, 03:48 PM
that spooky

was just writing one !

here is a function...


function daysAgo($then) {

$year = substr($then,0,4);
$month = substr($then,5,2);
$day = substr($then,8,2);

// check last modified date and time and calculate difference in order to redirect
$difference = mktime(0,0,0, date('m'),date('d')+1,date('Y')) - mktime(0,0,0,$month,$day,$year);
$daysAgo= floor($difference/60/60/24);
return $daysAgo;
}


lets explain it

we have called the function daysAgo() which expects an agument $then

next we break down $then into relevant parts like month, day, year using substr()

then we perform the calculation between days using $difference and mktime and assign the difference in days to $daysAgo var and return the value

to call the function just do...


if (daysAgo($last_modified) == NULL || daysAgo($last_modified) > 30){

//**** do stuff here ***

}


$last_modified is a var set from a database query so you could get that value during login validation so above that IF you could do..

$last_modified = $row['last_accessed']; // from database

davidj
12-05-2006, 04:07 PM
Shite
I have mis-read your post! sorry mate :roll:

that was for a password change page after 30 days redirection!

i feel like a right Plum

lux
12-05-2006, 04:16 PM
haha, no worries.

you never know that might have been my next question!

ill will be using this function if thats cool though, v. good and clear!

davidj
12-05-2006, 04:16 PM
ok great mate

here ya go


if ($row['user_id']){ // found user through ID


$_SESSION['counter'] = $_SESSION['counter'] + 1; // start counting attempts

if ($_SESSION['counter'] > 3){

////////// insert your sql update script here locking the account (just add a L for lock to the status field in your user table

header("location:includes/logout.php?r=4"); // send user to the logout script page which kills all sessions
exit;
}

}


now add the following where you want your display


<?php
if ($_SESSION['counter'] > 0 && $_POST['submitter']){
$Remaining = 4 - $_SESSION['counter'];
echo '<div class="text-small-grey-back" id="remain" align="centre">You have '. $Remaining .' attempts remaining.</div>';
}
?>


This just draws a <div with an attempts warning message

nanny
12-05-2006, 11:26 PM
Hi

Very cool explanation I must say.
Is there a reason why you would only allow 3 attempts.
I am just curious, wouldn't the user give up and try to retrieve the password etc.

The first function that you gave I was wondering if I could adapt it to change a users access level to a lower level after 30 days from first entry, or would that mean I would have to set up a cron job (not really knowing what that is by the way).
Thanks, just a little off track. I am also changing my html website (almost 1000 pages) into a php mini cms - hence all the questions.
cheers.

davidj
12-05-2006, 11:41 PM
Very cool explanation I must say.

aw shucks :oops:


Is there a reason why you would only allow 3 attempts.


this is not there for the user this is there to stop people who know someone elses ID and are trying to guess a password


The first function that you gave I was wondering if I could adapt it to change a users access level to a lower level after 30 days from first entry,


of course you can. just pass in the date you want from the db then update the users access level in the db when 30 days have been reached

you can do anything you want with it


or would that mean I would have to set up a cron job (not really knowing what that is by the way).


you can use php to perform server tasks without anything to do with a browser (i do) and you could use a cron to run them ( a cron in unix is like a schedule in widows. Just runs scripts at a given time)

nanny
12-05-2006, 11:48 PM
Thanks
I will use all above.
I guess though a cron job wouldn't work if the date changed due to someone renewing their say membership, using the type of function you gave would.
Am I correct?

davidj
12-06-2006, 12:04 AM
its very rare to find a good reason to use a cron regarding web apps

If you have a process which is better suited after hours like a backup job or a large FTP process then you would consider using a cron to run a script or a process

i use them to syncronize db's on different machines over night.