11
Shiva
Re: Module development - AddElement
  • 2006/7/10 14:09

  • Shiva

  • Quite a regular

  • Posts: 280

  • Since: 2006/7/9 1


What about using core XOOPS functions like the security tokens and field validation are they easier to implement using smarty templates or XoopsForms?

12
birdseed
Re: Module development - AddElement
  • 2006/7/10 14:18

  • birdseed

  • Just popping in

  • Posts: 59

  • Since: 2005/2/26


Hi McNaz,

Quote:

Sorry but I have to disagree there. Especially the bit about "good style to get HTML out of the php files". It might have been good style ten years ago but we've (thankfully) moved on from the stone ages of PHP and HTML in one file.


Even today many PHP Newbie Tutorials use that approach and xoops1 still used it. Even in xoops2...have a look at the implementation of the comment system and tell me if this is how it should be.

I think we both want the same result. Well structured code. What I criticised in your post is that you see it too dogmatic by not using the XoopsForms because it would injure the MVC principle.
First, the basic MVC Approach is originally aimed at fat clients. In Web application, you can't adopt that at 100%, you can just do "something that looks like MVC".
Second, it isn't even said that XoopsForm injures the MVC principle. Prove it to me. ;)

In ASP.NET, you have something which is calles SqlDataSource. SQL Statements directly in the HTML Code! Ugly, you would think. But: The idea is from .NET 2.0 (2005 and not 1995) and it makes code development much faster for smaller applications. Although it hurts almost every principle of structured code. No matter, it works fine.

Quote:

I would imagine that Smarty templates consume less overhead due to the fact that Smarty caches and compiles php files. You also get the added bonus of not having HTML strewn all over your PHP file .


Ever had a look at a compiled result of a <{section}> Tag? Ever went into a function call of a runtime plugin with a debugger? Ever stepped though the instanciation process of a smarty template? The IS much overhead. Even with the compilation result.

greetings
birdseed

13
Dave_L
Re: Module development - AddElement
  • 2006/7/10 14:47

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Another factor:

It's desirable to use consistent coding methods throughout XOOPS. This facilitates readability, maintenance and reusability.

There are inconsistencies within XOOPS, but that's not by design. It's a result of it being an open-source project with multiple authors, without any real process to ensure consistency.

Quote:
What about using core XOOPS functions like the security tokens and field validation are they easier to implement using smarty templates or XoopsForms?


Those features are easier to implement if you use the XoopsForm classes. It's possible, but a bit more difficult, if you use XoopsForm classes combined with templates. It's still possible if you don't use the XoopsForm classes, but then it gets more difficult.

Regarding the field validation, I've had to override much of that anyway, since the checking is too generic; it only checks whether fields are present or missing. For most forms, I don't enable the validation; I just do the checking on the PHP side, which is needed anyway in case the client has Javascript disabled. For upload forms, I want Javascript validation, but then I also add checks for things such as correct file extensions.

14
jegelstaff
Re: Module development - AddElement

Quote:

Shiva wrote:
Can you recommend a good practice how to create forms. I am briefly aware of form generators as formulize and formulaire, are these any good?


Hello,

As the lead developer on Formulize, I'd have to say it's very good.

Formulize is one way around some of the limitations of manually creating forms with the XoopsForm class that have been discussed here.

Like Liase and Formulaire, Formulize provides a graphical user interface that you can use to create forms. So you specify the elements that you want in the form by picking them from a list, and configuring their options (size of texboxes, options in a dropdown menu, etc) all through a form in your browser.

Formulize also adds a lot of control over how people interact with the form. So you can specify that a form should allow only one entry per user (ie: a profile form) or mulitple entries per user (ie: an activity log). There is also a detailed permission system that lets you control whether people can see entries others have made within their group, or across the whole site. And also whether they can edit or delete their own or other people's entries, among other things.

The forms are displayed by default using the standard XoopsForm class, so the appearance is limited.

However, there is a full API for Formulize that you can use to control how you want the form to appear on an element by element basis. You would create the form in the normal way using the interface described above, specifying all the elements that you want to have. And then you would write some custom PHP on the page where the form should appear. It could look something like this (to use a simple, old style table layout for multiple columns):

print "<h1>Title of my Form</h1>";

print 
"<table>";

print 
"<tr><td>";
displayElement('myform'1);
print 
"</td><td>";
displayElement('myform'2);
print 
"</td></tr>";

print 
"<tr><td>";
displayElement('myform'3);
print 
"</td><td>";
displayElement('myform'4);
print 
"</td></tr>";

print 
"</table>";


As for reviewing the information once users have submitted it, Formulize includes a powerful searching, sorting and calculation interface that lets you analyze the data however you choose, and save custom views of the information, publish views to other users, and export the data to .csv format.

It is very suitable for any standard data input-output situation, and with the API can be used to create custom applications, which in some cases may be easier or more appropriate than creating a new module from scratch.

The current focus of development is on providing access in the administration screens to the more advanced features currently available only through the API.

If you would like to discuss further, please visit the Formulize area on dev.xoops.org, accessible through this link:

http://www.freeformsolutions.ca/formulize

Thanks for reading,

--Julian
Technical Architect - Freeform Solutions
Formulize - custom registration forms, ad hoc forms and reports

15
jegelstaff
Re: Module development - AddElement

Quote:

leostotch wrote:
XoopsForm actually fails to separate busyness logic from presentation logic, as it makes form elements created in PHP code, and thus prevents templates designer to have any real control on the presentation they want to have: if the programer decided that a field should be a selectbox, there is no way to use checkboxes or anything else instead.


Could you explain this further? I'm not sure this is correct. I think it all depends on how good the programmer is at using the class effectively.

The XoopsForm class just gives you a way of outputting HTML form elements in your page without having to manually create all the HTML necessary for the element.

This is especially useful when dealing with large option lists since adding an array of options to the element object is a lot nicer than the alternative. It's generally a lot cleaner to read too, at least if you're a programmer.

I agree that rendering the entire form as a unit through the XoopsForm class does limit your presentation options, however you are aware that each element can be rendered individually using its own render method? ie, something like this (I have not debugged this code, could be syntax errors in it, etc, but you get the idea):

//PHP code:
$element_objects[] = new XoopsFormText("Textbox 1"'box1');
$element_objects[] = new XoopsFormText("Textbox 2"'box2');
$element_objects[] = new XoopsFormText("Textbox 3"'box3');
$element_objects[] = new XoopsFormText("Textbox 4"'box4');

foreach(
$element_objects as $element) {
  
$elements_rendered[] = $element->render();
}

$xoopsTpl->assign('elements'$elements_rendered);

//Smarty code:
<table>
<
tr><td><{$elements.0}></td><td><{$elements.1}></td></tr>
<
tr><td><{$elements.2}></td><td><{$elements.3}></td></tr>
</
table>


I think that pretty effectively separates presentation from logic.

Yes, there are some shortcomings of the XoopsForm class, particularly validation of user input, and enforcing required fields. But that can be dealt with by custom javascript that you could write. In Formulize we are planning on adding in more such features through the module rather than changing the class.

--Julian
Technical Architect - Freeform Solutions
Formulize - custom registration forms, ad hoc forms and reports

16
Shiva
Re: Module development - AddElement
  • 2006/7/13 10:40

  • Shiva

  • Quite a regular

  • Posts: 280

  • Since: 2006/7/9 1


That does seem a very good way to do it.

There appears to be 3 main approaches to developing interfaces:
1. Use Smarty Templates
- Total control over layout, slower, less secure

2. Use XoopsForm
- Very secure, More difficult to Maintain, Less control over layout

3. Use Both
- Very secure & Good control over layout

Using option 3 as Julian has suggested seems like the best aproach for someone about to start on a new project.

Can anyone give any pointers regarding Security? What should one be trying to keep secure? How can XOOPS Core help?

Are security tokens implemented automatically using the XOOPS hidden elements?

Thanks again guys, still just getting to grips with it all.

17
jegelstaff
Re: Module development - AddElement

And, 4. Use Liase or Formulaire or Formulize depending on the nature of the application you're trying to build.

What is it exactly that you're trying to create?

--Julian
Technical Architect - Freeform Solutions
Formulize - custom registration forms, ad hoc forms and reports

18
birdseed
Re: Module development - AddElement
  • 2006/7/13 16:47

  • birdseed

  • Just popping in

  • Posts: 59

  • Since: 2005/2/26


Hi

Some ways to write secure code:

- turn off register_globals
- assign $_POST and $_GET Variables at the beginning of the script to the variables with whom you wanna work
- Let your objects inherit from XoopsObject (uh I'm afraid they changed it do xo something in 2.0.14.)
- use $ts->addSlashes($postVariable) before inserting the content of textboxes to sql strings (sql injection)
- praise that there is no D.O.S Attack (denial-of-service). The main weak point in XOOPS is the search function (oops, I should keep that secretly )
- use insert/update/delete SQL statements only in POST Request, this is pseudo-safe, but it works for non-professional users

greetings
MK

Login

Who's Online

179 user(s) are online (107 user(s) are browsing Support Forums)


Members: 0


Guests: 179


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits