Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> I have had good progress in web programming

views
     
silverhawk
post Dec 7 2020, 10:03 AM

I'm Positively Lustrous
Group Icon
Elite
4,414 posts

Joined: Jan 2003


QUOTE(FlierMate @ Dec 6 2020, 10:33 PM)
How does blogging site (or simply any site with userbase) send activation link which would work?
How to implement it from scratch theoretically, and how to implement with the help of frameworks, if any?
You can download frameworks and see how it works. Or you can try to post your thought process here. How do YOU think it would work?

QUOTE
Can I store the data as a flat file instead of database table?
Is it possible the flat file would be hacked despite being encrypted using my own method? Or does MySQL database provide better protection against malicious attack?

If you think about it, all databases are flat files. You're asking the wrong questions here.

Why would you want to use a file vs a database? Why are you worried about "being hacked"? Do you really know enough to know how to prevent being hacked? What makes you think your encryption method is good? Why not use well known encryption methods that are battle tested?

QUOTE
Which one do you recommend? Use my own markdown language or use HTML markup?

Who is your target audience? What would be best for them?

QUOTE
4) Generating blog page programmatically
5) Generating table of content programmatically

This is where the fun begins.  drool.gif  I have not think about it in details yet, but I hope it can be done anyway.

Of course it can be done. Otherwise systems like wordpress won't exist

QUOTE
6) Design of user's personalized homepage

This is the most difficult part. Blogger.com, for example, allows user to drag-and-drop the UI elements up and down, and can choose to hide a particular UI element.

What I am planning is to let users choosing background image, set the title and description, and maybe choice to set time zone and delete account.
*
What you want is simple enough, want to show how you are going to do it and problems you're facing?
FlierMate
post Oct 4 2021, 11:16 PM

Casual
***
Validating
483 posts

Joined: Nov 2020
Just curious and want to do one like this (see picture below):

It is actually from online newspaper portal where readers can react by clicking Like or Dislike without the need to login and whatsoever.

Do you web developer expert know how to do it? PHP +AJAX? Or pure Javascript?
And how to keep track the number of upvotes and downvotes? Database or text file?

This is an interesting and small project to do. Can someone shed lights on these?

user posted image
silverhawk
post Oct 5 2021, 07:35 PM

I'm Positively Lustrous
Group Icon
Elite
4,414 posts

Joined: Jan 2003


QUOTE(FlierMate @ Oct 4 2021, 11:16 PM)
Just curious  and want to do one like this (see picture below):

It is actually from online newspaper portal where readers can react by clicking Like or Dislike without the need to login and whatsoever.

Do you web developer expert know how to do it? PHP +AJAX? Or pure Javascript?
And how to keep track the number of upvotes and downvotes? Database or text file?

This is an interesting and small project to do. Can someone shed lights on these?

user posted image
*
what steps/layers do you think are required first? Dont think about the language, just think of the steps.
FlierMate
post Oct 5 2021, 10:15 PM

Casual
***
Validating
483 posts

Joined: Nov 2020
QUOTE(silverhawk @ Oct 5 2021, 07:35 PM)
what steps/layers do you think are required first? Dont think about the language, just think of the steps.
*
Thanks for your question.
I think I need to create two buttons, one for Like and another one for Dislike.
The buttons have "onclick=" to fire an event in Javascript.

The downvotes and upvotes are not just session or cookies, these are parmanent, so the number of likes and dislikes are probably to be stored in file or database table. But on second thought, who will use a database table just to save Upvotes & Downvotes two distinct value in such a small scale project?

But then I am not sure if Javascript can actually open and write to file. Please enlighten me.
silverhawk
post Oct 6 2021, 12:01 AM

I'm Positively Lustrous
Group Icon
Elite
4,414 posts

Joined: Jan 2003


QUOTE(FlierMate @ Oct 5 2021, 10:15 PM)
Thanks for your question.
I think I need to create two buttons, one for Like and another one for Dislike.
The buttons have onclick to fire an event in Javascript.

The downvotes and upvotes are not just session or cookies, these are parmanent, so the number of likes and dislikes are probably to be stored in file or database table. But on second thought, who will use a database table just to save Upvotes & Downvotes two distinct value in such a small scale project?

But then I am not sure if Javascript can actually open and write to file. Please enlighten me.
*
You could use something like sqlite, which almost all languages have a library for. You could use a flatfile and just increment the number stored in there, but you may run into concurrency issues (e.g. 2 users click at the same time).

Javascript can open/write files (can be done on server side using nodejs), its really up to you how much you want to expose or what the mechanism to increase/write to the counter is.
meenn P
post Jan 19 2022, 08:36 PM

New Member
*
Probation
11 posts

Joined: Jan 2022
About PHP login and signup:

QUOTE
1) Login and Register.

How does blogging site (or simply any site with userbase) send activation link which would work?
How to implement it from scratch theoretically, and how to implement with the help of frameworks, if any?


I have done a activation code generation, as below, is this acceptable?

CODE
 $key = rand(100000,999999);

 $insertSQL = "INSERT INTO users(username,name, password ) values(?,?,?)";
 $stmt = $con->stmt_init();
 $stmt = $con->prepare($insertSQL);
 $stmt->bind_param("sss",$email,$key,$password);
 $stmt->execute();
 $stmt->close();

 $to      = $email;
 $subject = 'Activation Code';
 $msg = "Please click this link below to activate your account on yourdomain.com:\n\nhttps://yourdomain.com/phpdemo/activate.php?email=" . $to . "&key=" . $key;
 $msg = wordwrap($msg,70);
 mail($to, $subject, $msg);


So, I receive link in e-mail like this:

CODE
yourdoamin.com/phpdemo/activate.php?email=XXX&key=XXX


I see other platform has more complicated way used to activation link, but was my example above sufficient for small-scale application?
meenn P
post Jan 20 2022, 10:06 PM

New Member
*
Probation
11 posts

Joined: Jan 2022
And this is my activate.php (portion of it):

CODE
if (isset($_GET['email'])) {
 $unameurl= $_GET['email'];
 if (isset($_GET['key'])) {
   $keyurl= $_GET['key'];
   $uname = mysqli_real_escape_string($con, $unameurl);

   $sql_query = "select * from users where username='". $uname ."'";
   $result = mysqli_query($con,$sql_query);
   $row = mysqli_fetch_array($result);

   $key = $row['name'];

   if ($uname != $key) {
     if ($keyurl == $key) {

       $insertSQL = "UPDATE users SET name = '" . $uname . "' WHERE username = '" . $uname . "'";
       $stmt = $con->stmt_init();
       $stmt = $con->prepare($insertSQL);
       $stmt->execute();
       $stmt->close();

       alert2("Activated successfully.");
     } else {
       alert2("Invalid key.");
     }
   } else {
     alert2("User account has already been activated before.");
   }
 }
}


I think it is working anyway, but am not sure if this is the proper way of doing it.

As you can see, my "users" table has username, name and password fields.
The activation key is stored in "name" field initially, then once activated, it will replace "name" field the same value as "username" field.

If the "name" field is still random number, means it is not yet activated. Clever? biggrin.gif
malleus
post Jan 20 2022, 10:19 PM

Look at all my stars!!
*******
Senior Member
2,060 posts

Joined: Dec 2011
QUOTE(meenn @ Jan 20 2022, 10:06 PM)
And this is my activate.php (portion of it):

CODE
if (isset($_GET['email'])) {
 $unameurl= $_GET['email'];
 if (isset($_GET['key'])) {
   $keyurl= $_GET['key'];
   $uname = mysqli_real_escape_string($con, $unameurl);

   $sql_query = "select * from users where username='". $uname ."'";
   $result = mysqli_query($con,$sql_query);
   $row = mysqli_fetch_array($result);

   $key = $row['name'];

   if ($uname != $key) {
     if ($keyurl == $key) {

       $insertSQL = "UPDATE users SET name = '" . $uname . "' WHERE username = '" . $uname . "'";
       $stmt = $con->stmt_init();
       $stmt = $con->prepare($insertSQL);
       $stmt->execute();
       $stmt->close();

       alert2("Activated successfully.");
     } else {
       alert2("Invalid key.");
     }
   } else {
     alert2("User account has already been activated before.");
   }
 }
}


I think it is working anyway, but am not sure if this is the proper way of doing it.

As you can see, my "users" table has username, name and password fields.
The activation key is stored in "name" field initially, then once activated, it will replace "name" field the same value as "username" field.

If the "name" field is still random number, means it is not yet activated. Clever?  biggrin.gif
*
what happens in the event where none if your if statements passes? you do need to display an error right? you only display errors for the 2 inner most if statements, but not the outer 2.

one thing that I noticed is, you have up to 4 if statements nested. how about instead of checking for positive cases, check for a negative instead. and if you get a negative, return right away. this way you only need to have 1 layer nested max

your earlier code example makes use of parameterised statements. why don't you use that instead? instead of constructing the sql string manually?

finally, is it really a good idea to use (or misuse) the name field for something that's not supposed to go there? try to imagine when you look at this again months or years from now. will you still remember why you put the activation key in the name field?
meenn P
post Jan 20 2022, 11:09 PM

New Member
*
Probation
11 posts

Joined: Jan 2022
First of all, really thanks for your code review, it is a really helpful reply.

QUOTE(malleus @ Jan 20 2022, 10:19 PM)
what happens in the event where none if your if statements passes? you do need to display an error right? you only display errors for the 2 inner most if statements, but not the outer 2.
*
Yes, I just checked, if missing email or key in the URL, it displays a blank page. I was so careless....

QUOTE
one thing that I noticed is, you have up to 4 if statements nested. how about instead of checking for positive cases, check for a negative instead. and if you get a negative, return right away. this way you only need to have 1 layer nested max
*
If check for negative case with one if..then condition, means only one error message? e.g. Activation failed

QUOTE
your earlier code example makes use of parameterised statements. why don't you use that instead? instead of constructing the sql string manually?
*
Good eye. My parameterised statements yesterday was modified from online tutorial. But I wrote the code in activate.php myself (hence, don't know to apply parameterised statement here). The time I wrote my activate.php, not much online examples of e-mail activation in PHP.

QUOTE
finally, is it really a good idea to use (or misuse) the name field for something that's not supposed to go there? try to imagine when you look at this again months or years from now. will you still remember why you put the activation key in the name field?
*

You're right, it is certainly confusing to use "name" field for activation key. The problem is then everytime need to refer to source code to find out... hmm.gif


If I host my this phpdemo example (Login & signup) in local Exabytes, my activation mails were delivered successfully, but if I host it on Godaddy, my activation mails would be rejected as spam because containing activation link. Not sure if Godaddy has bad reputation for abusing PHP mail service.


malleus
post Jan 21 2022, 09:27 AM

Look at all my stars!!
*******
Senior Member
2,060 posts

Joined: Dec 2011
QUOTE(meenn @ Jan 20 2022, 11:09 PM)
If check for negative case with one if..then condition, means only one error message? e.g. Activation failed
not really. it's more like

CODE


if (!isset($_GET['email'])) {
 //show error message 1
 return
}

if (!isset($_GET['key'])) {
 //show error message 2
 return
}

.
.
.


this way you return early on errors. and you keep your if statement nesting down
flashang
post Jan 21 2022, 10:05 AM

Getting Started
**
Junior Member
116 posts

Joined: Aug 2021


my personal opinion and habit :

1) Login and Register. (Activation)
Every register user status set to 'Pending',
System send activation link with ?id=system generated serial number
After user click activation link, update status to 'OK'

2) Storing of user account information and blog articles
Prefer use database to store info.
No encrypt because you may need to search articles.

3) Formatting of blog articles
Markdown. If possible, use standard markdown, easier for future extension / upgrade.

4) Generating blog page programmatically
5) Generating table of content programmatically
6) Design of user's personalized homepage

You may draft your design, how you want to make it work before coding.

smile.gif


silverhawk
post Jan 21 2022, 12:36 PM

I'm Positively Lustrous
Group Icon
Elite
4,414 posts

Joined: Jan 2003


QUOTE(meenn @ Jan 20 2022, 10:06 PM)
If the "name" field is still random number, means it is not yet activated. Clever?  biggrin.gif
*
To be honest.... no. It is stupid.

Much better to have a specific "activation_key" column, and would also be better to have a "status" column as well. Consider that activation keys might be needed again if they forgot their password, and password resets can be done by anyone. You don't want to lock out an account just because someone did a "forgot my password" request.

 

Change to:
| Lo-Fi Version
0.0208sec    0.54    5 queries    GZIP Disabled
Time is now: 26th May 2022 - 04:49 PM