Per Stenebo
2017-07-16 06:22:46
2020-06-22 11:40:42
Notes
Manual page for the BendCMS application Notes.
Notes have replaced the app pageComments.
Features
- A simple interface for plain text messages.
- A common main post + replies structure.
- Moderator interface to manage posts.
- Permissions to write and reply are set per page in page config.
- Permission to moderate are set site-wide.
- Post text can be edited by the original poster for as long as the user session lasts (and by moderators/admins).
- Post timestamps (created & updated) can be edited by moderators and admins.
- Optional name field.
- Optional email address field for system notifications (hidden for other users).
- Notify site admin/webmaster upon new posts.
- Notify main poster on new reply in the same thread.
- Notify reply posters on new reply in the same thread.
- Import of data created by pageComments.
- Max userlevel to send notification email to webmaster (don't send email when you write on your own website).
Features that might be inplemented in the future
- Interface to blacklist users.
- Pagination (show content in sections if many posts. Dev note: Some code written, but I got stuck.
- Show tech details for moderators, like file size, last modified timestamp, and such.
- Encryption.
Security
Notes include two methods to verify that the user is a human and not some kind of robot (spam-bot). The first method is transparent for the end user (invisible form field) and the second is a form field that require user input. The second field is also hidden if user is logged in or if the user already have a recent post on the current page.
Automatic listing of files in data dir is hindered by a index file. The data directory should be protected from direct access in the server configuration, like a htaccess file on apache-like web servers.
Usage for site admins
Notes as guestbook on a page
Select sysLogic/notesFront.php as logic file in page config. That hides the divider bar between main content and notes. You can still have regular content like a page header and description text.
Notes as blog on a page
Select sysLogic/notesFront.php as logic file in page config. Just like guestbook above.
Set $pConf[n]['commentLevel']
(least userlevel to write main post) to a high level, like the level that the blogger have.
Set $pConf[n]['commentReplyLevel']
(least userlevel to write reply post) to a low level like 1.
Block new posts on a page
Set $pConf[n]['commentLevel']
and $pConf[n]['commentReplyLevel']
to higher value than the users you want to block.
Technology
The app are splitted in two parts, a frontend with user interface and a backend for data processing. The backend is called from the frontend using AJAX technique and is never used directly by the user. The data is stored in CSV text files, one file per page.
Data fields and the CSV format
Some metadata are stored together with the user supplied data in a csv file, fields are separated with semicolon (;). Each post have these fields stored:
postId: Page-unique autogenerated id-number.
parentId: id-number of the parent post if post is a reply, zero if main post.
createUTS: Unix timestamp when post where created.
updateUTS: Unix timestamp when post was last edited (editable inline if moderator).
ip: Poster (public) IP.
session: Poster PHP session id.
status: Post status as a index number related to $bVar['notesStatusArr'] in app config.
encryption: Post encryption as an index number related to $bVar['notesEncArr'] in app config.
name: Optional name field.
email: Optional poster email field.
subject: Optional subject field.
body: Body text.
Post ID
Each post have a autogenerated identification number used by the system, unique for each post on the same page.
Special menings of post id and parent post id (when sent from frontend to backend):
(postId < 0) = Send current posts (if any)
(postId == 0) = New post
(postId > 0) = Edit post
(parentId == 0) = Main post
(parentId > 0) = Reply to post with postId == parentId
User permissions
A moderator is a logged in BendCMS user who is member of the moderator usergroup (+ site admins).
If user permission level is >= page commentLevel "Least user level to comment page":
User can write main post, write reply post, view posts.
If user permission level is >= page commentReplyLevel "Least user level to reply on comments":
User can write reply post, view posts.
If user permission level is >= site blacklistLevel and >= page access level:
User can view posts.
The user permission level is evaluated in both frontend and backend using the same session.
Files
App configuration: ~/sysConfig/notesConfig.php
Page config frontend: ~/pageConfig/69.php
Logic frontend: ~/pageLogic/sysLogic/notesFront.php
Head file (transfer variables from php to javascript): ~/head/notesHead.php
Javascript: ~/javascript/notes.js
Translations: /sysLang/notes_en.php and /sysLang/notes_sv.php
Page content frontend: ~/pageContent/69.php
Page config backend: ~/pageConfig/70.php
Logic backend: ~/pageLogic/sysLogic/notesBack.php
Page content backend: ~/pageContent/70.php
Data files in dir: ~/pageData/notes/