A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.
I'm hoping a more experienced developer can point me toward a "best practice" for designing this:
I've finished a website for a client in PHP/MySQL, which works great. However, for the first time I have the requirement that the client's Office Manager must be able to update the page contents. There aren't very many pages: some static content, some pages with data from a database.
Creating the forms to edit/update isn't difficult. My problem is, how best to "wrap" the editing functions around the site? Essentially, I want to give her (the office manager) the ability to Login, then navigate the site as usual but with all content now-editable (again, making it editable isn't the problem.).
I'm thinking of three possible ways of providing this "edit interface":
1. Have an "edit.php" page, and pass each page as a query string variable. So "edit.php?contact.php" would edit the Contact page, "edit.php?news.php" would edit the News page, etc. The problem is that I would have to make the menu and other navigation links point to the "edit.php?whatever" page instead of the actual pages, so that she could navigate as usual while in Edit Mode. PROS: Most visitors wouldn't know about the edit page, so there's a small amount of obscurity-security. Even if they found it, it's an immediate roadblock without credentials. CONS: might have problems passing page content in through the query string.
2. Build into each page the mechanism to edit it, if the user has the right session credentials. Basically, once logged in each page would notice "hey, we're in logged-in-user mode. let's display editable content". PROS: straight-forward editing (once the edit mode is triggered), so fewer problems with passed-through content. CONS: if the authentication ever made a mistake (i'm doing a lot of research to get this part right, but you never know...), that visitor would be able to edit the site.
3. Have the "edit" page locally on her computer. PROS: Nobody could access this page but her. CONS: you still have all Cons of option 1.
I hope that makes sense. This seems like such a fundamental question that I hope there's a "best" way to do it. I appreciate all your suggestions.
"CONS: if the authentication ever made a mistake (i'm doing a lot of research to get this part right, but you never know...), that visitor would be able to edit the site."
Honestly, this is such a non-concern it's not even worth it. Simply create a login page in PHP that uses PHP sessions. In the pages, check the session for a logged-in tag and display, perhaps and "edit this page" link which takes you to the page to edit it (or just adds on ?edit to the url which causes the page to re-render but with textboxes in the place of the content). You may also wish to provide a "preview" function as well as the usual submit/cancel.
One option that might work is to set up the site for use with Macromedia Contribute (+/-$100). Contribute works like a browser untill you get to a page you want to edit, then lets you edit it, then publish the changes, or send them for approval, etc. It works well if you have designed the site initially using Dreamweaver and templates. That said, you probably have enough common content in your pages that you might have used with includes, etc that retrofitting isn't a big deal. You have to make sure that all PHP code is outside of the editable areas, but you'll have to do that with what you're suggesting too. I think Contribute alsolets you enforce CSS selections too. I haven't used the latest version, but you can get a frial trial.
Where you will have trouble with Contribute is changing dynamically generated content stored in a database. For this, you'd have to put together some forms. This all depends on what your site looks like, but I generally recommend keeping the admin pages completely separate from the world accessible display code, and use includes for common elements.
Sunday, November 21, 2004
Does your client really need to be editing the php files or do they just need to be editing the content of the pages.. if they just need to update content, separate the content out from the php files that display the content.
Then make a link on each page that does edit.php?pagename.inc or whatever. If you give them the ability to edit the php pages, they are just going to end up breaking the site and blaming you for it.
Wednesday, November 24, 2004
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz