13 replies to this topic

[blowd]

Hello community,

I try to implement a communication tool (like a blog) which is done in flash. (loaded as a chunck)
Inside the Flash file a Action Script talks to a php file (simple one, just creates text files to store the content). What Iam about to do is to use the database instead of txt files later.

The problem:

I want to check the etomite session (because it will only appear when a user is authenticated to etomite)
before the php script runs.(So iam able to prevent a hot-linking ish)
I cant use a snippet for that because the action script needs the location of the php file.
Is there a way to check sessions with an 'out of the box' php file?
Any ideas?

[PaulD]

Trying to understand the problem - is it a live chat thing, where users post content without being logged in, or is it that you need the user to log in within flash?

You could (if I understand the problem) just have the chunk called in an authenticated page, so the user has to log in first to see it. Or store the content in your own table and set your own variables/id's as needed. Then you could if needed call an external php file like normal.

Have you got a working example? Sounds interesting...

Paul.

[blowd]

PaulD, on Apr 1 2008, 10:18 PM, said:

Trying to understand the problem - is it a live chat thing, where users post content without being logged in, or is it that you need the user to log in within flash?

You could (if I understand the problem) just have the chunk called in an authenticated page, so the user has to log in first to see it. Or store the content in your own table and set your own variables/id's as needed. Then you could if needed call an external php file like normal.

Have you got a working example? Sounds interesting...

Paul.

Hello PaulD,

thanks for your response. In the meantime I got it work.... me stupid.
There was no reason to not implement the external php into a snippet ... except my mind lol.

I had to integrate a (almost live) communucations box done with flash. The flash (action script) need to talk with php because of the text storage. The problem was that someone could (either by mistake or by discovering) call the flash (swf) file and trigger the execution of the php file. The impact would be that the text(s) are visible and therefor a login to cms would be useless.

Now....I ve put the php code into a snippet (why I havent thought about this earlier...I dont know) And since I can use the "if session validated" I dont care about calling the swf file directly because its not working before someone is authenticated to etomite and let the snippet do its work.

If I am going to publish this one u can see an example.
Next step is to talk with mysql instead of files.

Marco

[PaulD]

blowd, on Apr 2 2008, 05:58 AM, said:

Hello PaulD,

thanks for your response. In the meantime I got it work.... me stupid.
There was no reason to not implement the external php into a snippet ... except my mind lol.

It is a real coincidince but I think I might be doing the same thing...

I was just tonight trying out a script from DHTMLGoodies and I ran into a problem. There is a bit of javascript that has the variable for the php file that is called when input is made by the user, and screen HTML id updated with AJAX.... COde wise I start getting a bit lost here of course :-(

 var ajaxRequestFile = 'writeNodes.php';

The writeNodes file is for saving user input ie changing the title of a task in a todo list, or adding a task.

So do I have to call an external file myself? EDIT: What I mean is I intended to use snippets to call either page data or my own tables of info, but if it all has to be done in an external php then all the advantages, of security and authentication, by etomite seem to be lost. END EDIT

I feel like I should know this, but don't, and am stuck, and am sure I have just got something silly wrong.

Any ideas? I should have posted this as a new topic really. If no one sees it or has any ideas I will post it as a new topic.

Paul

PS you can see it here but as the page says, it is an experimental page, probably wont be around long and will be changing as I play, but an example is here for now anyway. Right click the tree items and the options appear, you can add something but the server file wont be there so nothing is saved or anything ie it is the php script defined in the variable above. What a long PS

Edited by PaulD, 03 April 2008 - 02:10 AM.

[blowd]

Hi,

just put the php code in a snippet and nest it into a new (published) document.
Then change the the

 var ajaxRequestFile = 'http://yourHost/newDocument';

.
That should do and you are able to include the etomite authentication.

Ohh, and maybe you have to assign a different template to the document. (blank?!?)

[PaulD]

Cool! Thanks. So the Ajax calls the page, which is blank, but runs the relevant snippet anyway.

Will try this, thank you!

Paul.

[PaulD]

Still not working and I am a bit stuck.

I am trying to use a folder tree from DHTMLgoodies which is working at the moment in listing tasks from a seperate tasks table within etomite. I am trying to get the dynamic ADD node working. When you right click on the menu tree you get to add an item dynamically. At the same time, a call is made using ajax to a writeNode.php script. I have replaced that call to index.php?id=88 which is a blank page with only a snippet call on it to a snippet that collects the new data, then writes it to the database.

The snippet on the blank page is this:

Quote

// newNode = Title of new node
// parentID = ID of parent node
$parent=$_GET['parentID'];
$name=$_GET['newNode'];

// set table info
// ----------------
$todo_table="etomite_todo"; // where the tasks are kept
$views_table="etomite_todo_views"; // where the view info is kept

// Get user id
// --------------
$todo_user=$_SESSION['internalKey']; // identifies the user


// add new task
// -----------------
// have not done position, just adding for now to see if it works.

// make array to input into table
$row = array('belongsTo'=>$todo_user,
'parent'=>$parent,
'name'=>$name);

// put row into table
$etomite->putIntTableRow($fields=$row, $into=$todo_table);

I cannot output debugging messages, because the page never actually shows. It is called from the javascript on a different page via Ajax. I do not know for certain that GET is the right method of collecting the data, but nothing is being written to the database at the moment. So I am not certain that calling the external index.php?id=88 is the right thing to do.

I could write a seperate php file that connects independently to the table, this might help for testing the data collection part.

Could anyone tell me if this is the right way to be doing this?

Thankyou

Paul

EDIT: You can take a look here but you will have to log in as
user adam
password drewett
I tried removing the permissions but then an SQL prob happens because the page tries to read the database without the user being set. This is only me testing the folder tree.

Edited by PaulD, 04 April 2008 - 05:11 PM.

[Cris D.]

$_GET will only collect data if it exists in the URL. It's looking very cool. Have you had a look at the etomite folder tree to see how Nalgar did it?

[blowd]

PaulD, on Apr 4 2008, 05:02 PM, said:

I cannot output debugging messages, because the page never actually shows. It is called from the javascript on a different page via Ajax. I do not know for certain that GET is the right method of collecting the data, but nothing is being written to the database at the moment. So I am not certain that calling the external index.php?id=88 is the right thing to do.

Suggest u to use wireshark (a network sniffer) to see the GET and POST requests which u normally not see. That was really helpfull in my case.

You need to feed some vars from js into the URL u make to call the snippet(php).(e.g.

http://mydom/snippetURL?action=maketable&tablename=xyz&content=xyz

)
In the php u could of course use these vars with the GET.

Good Luck

[Ralph]

When performing AJAX calls, like the one for adding a new node, you may need to do some testing with some temporary scripts in order to assure that everything is working... For example, can you call document 88 directly, sending the parent and name valuse and have the snippet create the new node...??? If you can, then you know that any problems are with the AJAX call itself... You can usually add in error catching code within the Javascript based on the result code from XMLHttpRequest() which, as I recall, is 0-4...

This is a prime example of why I feel that a very limited amount of AJAX should be used for any site... When you start working with HTML, CSS, PHP, Javascript, and whatever else you might throw into the mix, such as Flash, things get complicated fast... And, more often than not, things slow down to unacceptable levels...

[PaulD]

Hi Cris.D, of course, I should have thought about that...how on earth can it get it without the appropriate bit to get! I tried for ages to get Nalgars menu working away from the manager so I could use it on the front of the site. It has a hidden frame that saves on update when you click and drag. The context menu is cool too. But it is so ingrained into the manager that I couldn't seperate it out. Just beyond me I think.

I also played with the manager for ages to make it look/behave like something an external user could log into and use. In the end I tried to do everything from scratch to stay in firm control of every aspect...then I found these DHTML things and couldn't resist them. It actually started with some simple Ajax tabs that worked brilliantly with Etomite aliases. Alas, that was the start of the end, as my code for todo (the fat-controller snippet in particular) is so long now, with so many this and that reworks, that I just lost control of it. I had no idea what it was doing any more. Still it was aways meant as a learning tool so I learned about planning properly and not just adding fields at a whim into tables etc.

Hi Blowd, Wireshark.org is a serious piece of software, have you seen the list of Authors! I haven't downloaded it or tried it as I think I will have a huge learning curve. I get the point though and thanks for the tip. I just got the impression it wasn't meant for users like me.

About adding to the urls the extra bits. You are absolutely right, of course, stupid me, how on earth could the php know otherwise? I am kinda dissappointed that Ajax seems actually quite plain, I was expecting far more Ajax voodoo to be involved. Javascript has proved virtually impregnable to my efforts to write anything in it. Fiddling with variables in someone elses code is my limit. However, Javascript is a bit like magic in the way it works, I love it but hate it. Can someone knock up a language that is more accessible for an engine that rewrites to javascript... please! Actually DHTML is worse, cant follow a word of it.

Hi Ralph, and thanks, I will test it like that. My php requires quite a bit of what I laughingly call 'testing', but the way eto reports errors for debugging is really cool, and very helpful. It amazes me that the entire manager doesn't collapse under my often 'iffy' coding. It is one of the best features of etomite, it is incredibly stable.

I am not sure I agree about AJAX though, although I have never liked FLASH. I know users can turn off javascript, but that seems a minor prob compared with how it can enrich a users experience. I recently took a look at my Yahoo homepage (that I once set up and promptly never went back to) and it has been updated. It has become a really cool environment, really interactive, intuitive almost (I still wont use it though but it is impressive). Perhaps Etomite needs some more types, chunks for html, snipets for php and perhaps some new ones. Perhaps 'Bits' for AJAX with a facility to help with debugging the Ajax bits.
EDIT: Few days later: I agree with Ralph now. Am starting again using only php. :-(

With javascript being so inaccessible to novices like me (unlike php which I have been so impressed with) perhaps a new divide is opening up on the web. From the incredibly complicated javascript environments, with drag and drop content and AJAX interactions and updates etc to those more humble sites that refresh on every click. That reminds me of IE8 that I was reading about today, and its web-slices. They are really cool (although being part of IE8 is no promise of accessibility). I was also led today to a project on Google (and it might have been from another post on the forum here) that has a javascript (library?) that makes IE7, 6 and 5 into standard compliant browsers. I haven't tried it but how cool is that (if it works), no more cross browser problems!

I am going to the book shop tomorrow (I still read mostly offline) and am tempted with a javascript book, you know, one of those 'teach yourself javascript in 7 days!' or something similar. See you in a week when I shall be a javascript expert! Ha! (Probably manage the equivalent of 10 Print 'hello' 20 goto 10.)

Thanks for the help everyone. I have spent so long writing this I cant try it now. Will have to try it tomorrow, but thanks for the help. If I ever get it working I shall post a version here.

Paul

Edited by PaulD, 07 April 2008 - 08:56 AM.

[PaulD]

I know, I am sorry, double posting, sorry, but....

I passed the variables manually and (after a minor fiddle) it worked.

Then I found the line where in the javascript it made the url. I changed the ? into an & (since the ? had already been given in the php file variable index.php?id=..) and it WORKED!!!!!

Hurray - and thank you! Now I can start adding new options by copying and pasting the original function and sending whatever I want. Cool, and even better, even if I turn on friendly aliases later, the index calls will still work.

Thank you for all the help! I am going to have a play now.

Paul

[deadline]

HI PaulD,

If u feel uncomfortable with javascript and then ajax... may be u should have a look on the "xajax" project :

http://www.xajaxproject.org/

Sounds to me it could simplify your life in many ways... as of embedding ajax into php...

Hope it helps...
deadline

[PaulD]

Wow, how cool is that. I shall definitely be having a look. I had looked at other similar things but nothing as good as XAJAX looks.

You see, once again I am drawn away from the basics. Yesterday I decided to GIVE UP with bloody AJAX. For instance, without the sniffer thing, I kept getting stuck not knowing exactly what was being sent. Also most Javascript waits for a return code, before outputting a message like 'task saved on server', but by running an Etomite page I had no idea what return codes were being sent. And Ralph was right, it very quickly seemed to become really slow.

Finally, the DHTML goodies thing has loads of little bits wrong with it, but I can't fix them and I imagine are very hard to fix. For instance, lists allow one delete, but not two in a row (even their demos don't), and the context menu moved to the top of the page when you used the scroll bar to move down the screen. Very user unfriendly, looks like it was going wrong. (Again same on their demos), but I hadn't noticed this until I had done all the work.

Also, when you changed the tree class (as described in the instructions) away from id="dhtmlgoodies" the whole thing stopped working. So I ended up with a dummy empty ul to make my own IDs activate. All in all, the loss of control became really frustrating.

I have once again then decided to do everythin in html, css and php only. Stick to what I know. Had to start again but have been making great progress. (Alot less sexy without Ajax).

But XAJAX looks really cool. I will try it, thanks for the reccomendation. I will wait for the release candidate though as a final nail in the coffin for using someone elses javascript was security, which is a bigger problem than I thought it was.

Paul

PS On a note about something Ralph said, the project manager JaredWhite at xajax also agrees:
"I see AJAX as being useful for interactive bits within a single page, not being a way to ignore standard page requests. IMHO." link to read more

Edited by PaulD, 07 April 2008 - 09:03 AM.