PHP Help

[-iSynthesis]

So I'm working on a website and am trying to do something like a small CMS. I have set up an html form, which, when submitted, directs to another site with the following php:

<?php
	$content = $_GET['content'];
	$newArticle = "//String to replace another string in another php-file";
	$str = implode("", file("other-site.php"));
	$fp = fopen("other-site.php", "w");
	$str = str_replace("<!--Comment to be replaced-->", $newArticle, $str);
	fwrite($fp, $str, strlen($str));
?>

other-site.php is in the same folder as this file. I want to replace a comment on other-site.php with $newArticle but, well, it doesn't do anything^^.

Any help?

(new to php)

[LUUD18]

This is not the right way to setup a CMS. I would recommend using a database and putting the comments in there. 

[-iSynthesis]

Just now, LUUD18 said:

This is not the right way to setup a CMS. I would recommend using a database and putting the comments in there. 

I don't want to make it too complicated. It is a website for a school project and i want a few others to be able to add text (an article) to one file (other-site.php). 

[LUUD18]

2 minutes ago, -iSynthesis said:

I don't want to make it too complicated. It is a website for a school project and i want a few others to be able to add text (an article) to one file (other-site.php). 

It's not complicated and it is really good to learn how to use a database. Almost all websites use them.

 

The way you are doing it now is a really bad practice and will probably give you more headaches then using a database.

[-iSynthesis]

Just now, LUUD18 said:

It's not complicated and it is really good to learn how to use a database. Almost all websites use them.

 

The way you are doing it now is a really bad practice.

I'll look into it, thanks. Though i would still want to know why the above code doesn't do anything^^

[leonfagan71]

I agree with @LUUD18, using a database would be a faster and better approach.

[Chaoix]

@-iSynthesis Alright. All of this comes with the disclaimer that there are so many things wrong security wise with what you are doing here, but I do understand the importance of learning the wrong way to do something to help you work toward the right solution. I am a professional Web developer.

Don't use $_GET, use $_POST. There is a character limit on the get array due to it being processed from the browsers URL bar (limit ~2048 characters).

 

Its probably easier to write to a file (this is basically a flat file database) and in other-site.php put that files contents into the html output.

[Chaoix]

PS. Its also probably easier to just make a basic wordpress website, but I do think its important to understand how the PHP behind Wordpress works so you understand when Wordpress is working against you.

[-iSynthesis]

2 minutes ago, Chaoix said:

PS. Its also probably easier to just make a basic wordpress website, but I do think its important to understand how the PHP behind Wordpress works so you understand when Wordpress is working against you.

It would probably be easier but I'm quite familiar with html itself, just not with any server-side languages like php. But i guess this is not the spot to be experimenting with it^^

[Cruorzy]

Try using SQLite, or a normal Database like MySQL. It is way easier when dealing with this stuff and its really interesting to learn.

Dont get scared of it and watch some youtube videos to ease into it.

[melkawakibi]

Hello, using MySQL database or a NoSQL database like MongoDB is an easy solution to save your data. You can find a lot of video's online to help you setup a simple database.

[Chaoix]

4 minutes ago, Cruorzy said:

Try using SQLite, or a normal Database like MySQL. It is way easier when dealing with this stuff and its really interesting to learn.

Dont get scared of it and watch some youtube videos to ease into it.

Plus MySQL support is built into PHP.
http://php.net/manual/en/mysqli.overview.php

 

There is also a great wrapper class for database work called EZSQL. Wordpress uses a fork of EZSQL in its backend code:

https://github.com/ezSQL/ezSQL

[Chaoix]

6 minutes ago, -iSynthesis said:

It would probably be easier but I'm quite familiar with html itself, just not with any server-side languages like php. But i guess this is not the spot to be experimenting with it^^

If you feel like experimenting post your code revisions here and I am sure we all would be happy to steer you in the right direction. I understand not wanting to learn PHP and SQL at the same time. SQL is almost a programming language in itself.

[Dat Guy]

I disagree with the "just use a database" comments. Storing plain text (like comments) in a database does not make much sense. Store the articles and the comments in text files and use a database to link them together if you wish.

[Dat Guy]

28 minutes ago, LUUD18 said:

Almost all websites use them.

 

Name your source.

[Cruorzy]

@Chaoix I always found the combination of SQL and PHP great, i can test the things i write and actually do something fun with the data.

I know some people want to start small and simple but it is not that bad.

 

And you can start crappy as long you learn everyday you with eventually become better and learn alot of new tools, still some tools i find now a days blow my mind.

[Chaoix]

@Cruorzy I agree. I remember when I first discovered GROUP BY and sub queries in SQL. The power of them blew my mind. But I remember learning Web development and I definitely learned PHP really well first, with just enough SQL to scrap by, then drove into advanced SQL techniques, server management, etc. Server management was the big one.

[mariushm]

Don't use $_GET , use POST method to submit forms. 

Then use $_REQUEST to retrieve data , $_REQUEST holds both $_GET and $_POST, so it can be used throughout pages for simple things like $_REQUEST['id']  for pages like viewarticle.php?id=1  or for more complex stuff like whole chunks of text that wouldn't fit inside the URL ( which would be how data is sent to the server and then shows up in $_GET array

 

Don't replace text within PHP files.  Store the data inside individual text files, see functions like file_get_contents to read the contents of a whole file into a string in memory, or file_put_contents  to store data into a file.

 

The most complicated part would be having unique IDs for each page in your Wiki. A database would take care of unique IDs very easily but if you don't want to use databases, you can store this information into a separate text file.

 

For example, your configuration file would be something like this (you make the assumption that the content of page with unique id 1 will be saved in the 1.txt and so on)

 

1|Main Page

3|About

4|Random Page

 

And when you want to add a unique page you just have to read all those lines in memory and determine the last number  and increment that by one and write it to file.

Here's some simple code for that

 

<?php

$enter = chr(0x0D).chr(0x0A); // two characters in Windows  CR + LF (carriage return and line feed)

$cfgfile_contents = file_get_contents('database.txt');

// splits the whole contents of the database.txt wherever it detects the enter character combination, and puts it into an array  

// so $rows[0] = '1|main page' ; $rows[1]='3|About'; $rows[2]='4|Random Page'; and so on.

$rows = explode($enter, cfgfile_contents); 

$rows_count = count($rows)-1; // because arrays start from 0 .. so if we have two lines in the text file,

$last_id = 1;  // we assume the last used unique ID was 1 because so far we don't know how many pages there are in the cms

// now we go through each entry and separate 1 and the title of the wiki page

foreach ($rows as $key => $value) {  
  // key is 0,1,2,3 the unique position in the array, the $row holds the actual value for that position in array
  // key isn't necessarily equal to the unique id, because you may delete some pages at some point and you won't reuse those numbers

  $rows[$key] = explode('|',$value);  // now $rows[0][0] = 1; $rows[0][1] = 'Main Page'; now $rows[1][0] = 2; $rows[1][1] = 'About';  ... and so on

  if ($rows[$key][0] > $last_id) $last_id = $rows[$key][0];

}

// if you want to add a page to your cms .

$last_id = $last_id + 1;

$rows_count = $rows_count+1;

$rows[$rows_count] = array( 0 => $last_id, 1 => 'New title page');

// if you want to delete a page, just set the title to an empty string and when you save the text file you don't write that line

// if you want to save changes

$file_handle = fopen('database.txt','w'); // open a file handle with the mode 'w' , write only )

$first_line=TRUE;

foreach ($rows as $key => $row) { 

 if ($row[1] !=='')  { // page title is not empty aka you didn't delete this page

   if ($first_line==FALSE) fwrite($file_handle,$enter); // no need to advance to new line if we're writing the first ever line in the text file

   $first_line=FALSE;

   fwrite($file_handle,$row[0].'|'.$row[1]);

  }

}

fclose($file_handle); // close the file

?>

and the page that shows what user entered, would read the text file (1.txt, 3.txt, 4.txt etc ) using something like file_get_contents(filename) but you don't just use echo $file_contents  because some characters are not allowed to be printed directly into a html page.

Use a function like htmlspecialchars to convert characters that have special meaning like <  and > and & into a combination of characters that's safely parsed by browsers.

 

if you learn some url_rewrite rules, you can make your cms have nice urls like  www.yoursite.org/pages/1/Main_Page , www.yoursite.org/pages/3/About  and so on

The web server converts those URLs based on the url_rewrite rules to your viewarticle.php?id=1 , viewarticle.php?id=3 and so on  then your code in viewarticle.php  uses $_REQUEST['id] to get the unique ID from the URL , makes sure the is actually a number, optionally read database.txt to extract the page title for your page if you won't save the title as a first line in your 1.txt, 2.txt , 3.txt and so on

then echo/print the contents of the unique text file after you escape the contents using functions like the one i mentioned above.

 

[vorticalbox]

18 hours ago, Dat Guy said:

I disagree with the "just use a database" comments. Storing plain text (like comments) in a database does not make much sense. Store the articles and the comments in text files and use a database to link them together if you wish.

100% agree. flat file systems are just as good as database ones if set up correctly, it also reduces load on the server as you could use JavaScript to get all the data. grav is a nice flat file CMS.

[mariushm]

The problem with non-database CMS systems is that it's more difficult to prevent two or more users simultaneously apply edits to a page. Especially if all the content is stored in a single big file.

In addition to that, some file systems are slower when there's lots of files inside one folder ... for example, NTFS is much slower at parsing the contents of a folder and reading the first byte of a file if a folder has more than maybe 1000-2000 files in it, regardless of their size. Write a small php script with scandir or a c program with the windows api functions like findfirstfile and so on, and time how long it takes with a large folder and with a small folder.

That's why lots of websites (for example mediawiki based sites) store files in multiple subfolders,for example they create a unique SHA1 hash for each file and then store the file on disk in "files/01/0156/01560024d4ae.. " in order to reduce the chance of one folder going over around 1000 files.

When there's a chance multiple users may hit save and change a file at the same time, you'd have to complicate your life with your script LOCKING the file to be read/write only to that thread, make changes, unlock the file ... if another script tries to save at same time it would be unable to open the file because it's locked by another instance of the script (which would be often if you store all pages in a single big file), you'd have to implement a sort of "delay and retry a few times until you obtain a lock on the file"

 

With a database, you'd have row level locking at least so you can start a transaction and lock that row, read the contents, make the edits, save them , close transaction and you can be sure no other thread messed with the content between the moment you read it from the row and made the changes.

Think mediawiki (wikipedia and sites like it) and how they make DIFFs between current version and the changes made by user (that he wants to save) where they create revisions and store the changes in order to allow for undo/revert changes .. the creation of such diffs can take time which means those rows can be locked for a few seconds.

 

With plain files you also have the issue of them being cached by the operating system and not having control over when they're dropped from memory, and if they're not cached but you have lots of people reading different pages, you're limited by the hard drive's i/o throughput especially with small files ,,, run a hdd benchmark tool like Crystal Disk Mark and see how fast a regular hard drive can read 4KB chunks of data (hint: it's below a few MB/s)

 

A smart database system would cache the whole table in memory and keep it there, if it has the memory to do so, and would only commit changes to disk. it would also cache the queries like "get me the title of the page with the unique id 123456" - you wouldn't have to read the contents of a whole file in memory and parse it to find the line with id 123456 and retrieve the page title from there, the database would know it made that query at some point in the past, so it knowns the data is in row xyz in table abc, already cached in memory at position xxxx so it jumps there, reads the bytes for that row and returns the title of the page. 

 

So basically, your scripts will retrieve the content of each page much faster.  And, in the case of systems like mediawiki where  a page can be made of multiple other pages, it's way faster to retrieve all components, parse/compile them , then store a "compiled" version of the page in memory using something like "memcached" 

 

// apologies for typos, damn temporary keyboard (broke my old one and it's not sold anymore so have to search for a new one) ... not used to the layout of the keys on this crap one and it's much harder on the fingers compared to my old one so sometimes i miss some keys by not pressing deep enough

[Dat Guy]

1 hour ago, mariushm said:

When there's a chance multiple users may hit save and change a file at the same time

 

Comments are usually not shared for multiple users. Other contents may just use a write queue.