I'm developing a site in Symfony, and I'm not sure what the best way is to handle this scenario.
I'm creating a party bookings system. Anyone can go to my frontend app and submit a new booking. Once they're finished, they'll just get a confirmation screen, they can't edit it. Easy.
Only certain users will be able to get to the admin app (it might be secured simply by being on an intranet, but that's not important, just assume it will be only accessible by admin users). They'll be able to view the list of submitted bookings. Easy.
My problem is around code re-use when allowing admin users to edit existing bookings. When you do generate-module in Symfony, the generated module (which as a newbie I'm assuming is a good example of structuring things) creates the form as a partial. I've had to customize this form a lot for my usage (lots of Javascript, etc), so of course I want to re-use this code, to be able to load an existing booking into this form. But there doesn't seem to be a way to share this partial between the apps (I've seen people mention making a plugin...but this seems complicated for this use).
I considered using an IFrame to load the form from the frontend and just passing an "id" parameter to load it in edit mode, but this would mean that the edit mode is not secure - anyone could go to the form on the frontend and pass this parameter to edit a booking.
I also considered putting all of the form display code (HTML, Javascript, etc) in a method on the form object, but this doesn't seem very MVC - all of the display code is then in the form. But this is only because I'm thinking of the form in the same way as a model - is that right?
I feel like this should be a common situation. You can share models and forms between apps, why can't you share this common form display code too?
Thanks!
You should reconsider having 2 applications in the first place. Not only you run into the code reuse problem, but also i18n, testings and other issues. I find it much easier to have 1 application with different bunch of modules for frontend and backend users. You can configure security per module. You can have one sign in form for all users and redirect them to appropriate module based on their credentials.
You can reuse partials between modules inside the same application, but you seem to be talking about two different applications (frontend and backend) so as far as i know the only way is to copy & paste the partial from one application to the other...
Related
How hard would it be to create a website that lets people create their own pages on them?
Like a company creating a custom page on my site only with a drag and drop system provided by my website (of course they would need to create an account).
What frameworks would I need to use?
I tried searching the web but didn't find anything. I found craft.js but I don't know if I can implement it like that.
Thank you all in advance.
Such a project would be very complex and cannot simply be "coded down". Here are the main reasons:
You need an infrastructure where and how your users can save their websites. Does every user just have one page or several (limited or unlimited)?
Drag and Drop requires some JavaScript interactions and a set of predefined web components like buttons, input fields, labels or images. You would have to define abstract components that could be individually filled with user content.
If you ask your users to register before creating websites, you must respect the "General Data Protection Regulation" (applies for the European Union).
If you want to make money with your project you'll have to consider several legal aspects depending on the country where you live.
In short, there are many reasons why homepage kits are not an easy thing to program.
I am trying to figure out how to run an A/B Test for a change on a Page Step for a Single Page. The idea is we have a payment flow with several page steps each containing a form. We'd like to swap out forms and test how our users react. We are trying to avoid changing the URL.
I looked into tools such as Google Analytics, but that requires a different URL to run the A/B test. The hesitation about creating a new URL is because our users are known to bookmark them, and we don't want to keep a backlog of redirects from invalid URLs, also we'd like to avoid constantly deploying new URLs for our tests.
I cannot seem to find any tool to do this, so I've tried to think of a few solutions but I'm not having a lot of luck.
My best idea is to build both a and b forms into the page, and when a user accesses the flow, the session randomly(based on a preset%) stores a value that dictates whether the user is in test a or b. Then when they step into that form, the server will serve the proper form to them. If they abandon their session, we'd track that, and if they complete the action, we'd track that.
I feel like there should be a better solution, but I just cannot come up with one.
My results online were either blogs showing how to approach it from a high level, and all of them used different URLs, I have found almost no developer resources.
Thanks.
We're using ExtJS 4.2.2, and .NET as our server.
Whenever you need the server to be involved, you need server-side instrumentation. No free tools offer that, but you could consider Optimizely "full-stack" (has support for C#) or Variant (does not yet).
I often need to create similar, but very long HTML forms for a client. The forms contain some inter-dependent fields and lot of validations. Some images also need to be uploaded.
Then the client needs to check the database in the CPanel and export it from there.
I want to create something with easy interface which can create complicated forms. Also, client is asking for easy-to-operate back end. The CMS option looks like an overkill. I want to keep the site as lightweight as possible because of performance requirement.
Please suggest me the best path I should take. Should I try to develop everything from scratch? Should I use a CMS? Is there any particular CMS more suitable for the task?
We use ChronoForms along with Joomla 3.1 to create such forms. It has two modes, an easier one that limits the functionality but creation of forms is much easier. The other one offers the full capabilities of the engine but requires manual steps to do even simple things.
Having said that, ChronoForms is the most powerful web based forms designer I have come across. It seems they also support Wordpress now.
They have a drag-drop mechanism to design the forms. Validations are easy to do via check boxes for the standard ones. You can save the results into database tables, send emails, redirect users to specific pages, add captchas.
The backend allows you to view the records and create new tables based on the fields of the form. You can also export the result as CSV.
I had an idea about website vulnerabilities, and I would like to know if it is possible. Also some suggestions on how to fix them.
If some part of my website writes data to the DOM and then calls the data back from it, would it be possible for someone to “hack” the server by editing the DOM in the browser?
For example, suppose I have some radio buttons. Each button has its own logic associated with it. If I remove one of the buttons, but fail to remove or comment out the logic, could someone go in and edit the DOM name of one of the buttons to the removed one, and upon submission have the server execute the logic associated with the removed radio button?
I understand how to fix that situation, by removing or commenting out the removed button’s logic, but I fear my site relies too heavily on such things that could be manipulated via the DOM. Hence, I’m wondering:
Is such a thing possible?
Is some complex validation method the only way to prevent “hacks” of this nature?
The answer to your question is yes. For example in many browsers you can open a javascript console and change not only the DOM but also the javascript on the site.
There is no guarantee that the code you write for a webpage will be run as you code it. Any user can change their copy. What they should not be able to do is change other people's copy. When they do this is called a cross site scripting (XSS) attack. (Typically done by adding script to a field which is saved in a database server and then served to another user.)
To protect your site you need to ensure that all web service calls are secure -- that is a user can't call them with malicious data and cause problems.
You also need to block against SQL injection attacks.
There is NO way to protect against a user changing the web page on their machine and having it do something you did not intend, so all validation needs to occur both in the browser and on the server.
As an example of how easy it is to change the local browser behavior, consider the browser extension. A browser extension is a pre-coded way to change the way web pages act locally.
(Think about ad-blockers as a specific example.)
I'm considering Wordpress as my CMS platform for a client site I'm doing at the moment.
However, I need to create a couple of custom 'modules'. One of these modules is a form that people will be able to complete and have a quote, and once submitted, in a special place in the Wordpress panel (like a menu or something), there will be a listing of all the submitted quotes (just fetching it from a table in my database).
Another one is to manage a cafeteria menu, so the client can add a different meal to each day of the week.
I know perfectly how to do this kind of things using some kind of MVC framework and doing it 'by-hand', but I'm just wondering if this would be possible to do with WP and if yes, what kind of tools I'll have to use.
Thanks
Quite simply, yes, WordPress would be a more-than-capable asset to your criteria. But it's whether the learning curve in getting to know WP outweighs using a framework you're clearly already familiar with?
Personally, it sounds you like you're pretty solid with PHP, and considering the fact that, in my opinion, what you're planning on doing is relatively easy, I'd say WordPress is an excellent solution.
I'd recommend reading about WordPress 3.0's new custom post type API, and skimming the basics of hooks and filters in the Plugin API.
Submitted quotes would merely be a custom post type. You'd be better off writing the front-end code (like handling the form, UI etc.) yourself, either within a theme or plugin, then using wp_insert_post and let WordPress handle all the database administration. In fact, WP will go one step further and set up the entire admin for viewing, editing and deleting quotes.
Post meta (also known as custom fields) is also there for you if you need to store additional information about a quote that doesn't quite fit the post's table structure.
For the menu, this is even easier. I'd say just create a post category called 'Menu', and the client can publish 'dishes' to it as you would with a blog or any similar rolling format.
I've only licked the surface here. Get stuck in with the above, then check out some other goodies like meta boxes and custom taxonomies!
If you want to try a plugin instead of writing something yourself, Flutter might work. It's a little unpolished sometimes but it makes this sort of thing an absolute breeze.