Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ItemManager 2.0
Yes, it is possible to do this, but I see potential security implications by making this type of functionality accessible from the frontend. I do not recommend frontend file upload for non authorized users, because it's only a matter of time before the website is compromised.

If you want something like this on the frontend, you should be really very-very careful, you'll need to be storing files they add in a non-web accessible location. Also, you should make sure they are not posting hundreds of large files to fill up your drive or using image resize functions as DDOS entry points etc ...

If you want to get an overview of how you can use the API to render item fields, see this method: https://github.com/bigin/ImExtraFields/b...er.php#L97 - but, this method is not suitable for frontend file upload.
Reply
(2018-09-03, 00:08:46)Bigin Wrote: This is the answer to the question from this thread: http://get-simple.info/forums/showthread...9#pid62939

Don't quite understand what you want, is it an ImForms form you want to show or are you looking for a way to create the items from the frontend?

(2018-09-04, 03:03:59)Bigin Wrote: Yes, it is possible to do this, but I see potential security implications by making this type of functionality accessible from the frontend. I do not recommend frontend file upload for non authorized users, because it's only a matter of time before the website is compromised.

If you want something like this on the frontend, you should be really very-very careful, you'll need to be storing files they add in a non-web accessible location. Also, you should make sure they are not posting hundreds of large files to fill up your drive or using image resize functions as DDOS entry points etc ...

If you want to get an overview of how you can use the API to render item fields, see this method: https://github.com/bigin/ImExtraFields/b...er.php#L97 - but, this method is not suitable for frontend file upload.

"is not suitable?" meaning it can be done but not recommended or cannot be done at all?
Reply
Both, not recommended for safety reasons and not directly suitable because code must be adapted.
Reply
(2018-09-04, 06:33:12)Bigin Wrote: Both, not recommended for safety reasons and not directly suitable because code must be adapted.

Damn it, I thought it could be just a matter of calling a function with category ID.
Of course it wouldn't be that straightforward but at least something similar...
Reply
It's very similar but there's a significant part missing, especially in matters of security.
Reply
Hey Bigin, it's me again Big Grin

i want to pick the latest 4 items from a category. currently i doin it "static" what means: if i add a new entry into my category, the latest item will not be shown on my page cause the $count is already at its limit. do you know what i mean? Here is my code so far:

<?php
$count = "1";
$imanager = imanager();
$mapper = $imanager->getItemMapper();
// change 1 to your category id
$mapper->alloc(1);

foreach($mapper->simpleItems as $item) {
if($count > 4) break;
echo '
<div class="box20 angebot">
<div class="angebot-bild">
<img src="'.IM_SITE_URL.$item->bild[0].'" width="100%">
</div>
<div class="angebot-bauteil">'.$item->bauteil.'</div>
<div class="angebot-bauteil">'.$item->preis.'</div>
</div>
';
$count++;
};
?>

regards
Fab
Reply
Hello Fabmue, try this:

PHP Code:
$length 4;

$imanager imanager();
$mapper $imanager->getItemMapper();
// change 1 to your category id
$mapper->alloc(1);
$recentItems array_slice($mapper->simpleItems, -$length$lengthtrue);

foreach(
$recentItems as $item) {
    echo 
'
        <div class="box20 angebot">
            <div class="angebot-bild">
                <img src="'
.IM_SITE_URL.$item->bild[0].'" width="100%">
            </div>
            <div class="angebot-bauteil">'
.$item->bauteil.'</div>
            <div class="angebot-bauteil">'
.$item->preis.'</div>
        </div>
        '
;
}; 
Reply
you're my man! works perfectly - thanks!!
Reply
(2018-09-04, 18:57:23)Bigin Wrote: It's very similar but there's a significant part missing, especially in matters of security.

I'm still curious that how could this be implemented regardless of security implications?

I can't imagine that how hard it can be to display a form?
I can always create a custom PHP processing script for form submissions and I'm just trying to avoid inventing the wheel again.
Reply
I posted link in the previous reply, there are methods for rendering the markup for fields, such as used in ItemManager admin, that can be used as an example. Or what did you expect? ItemManager is not a wizard, it's just a simple framework, it offers functions and methods, but you have to write your application yourself ;-)
Reply
(2018-09-21, 02:58:07)JAKE Wrote: I can't imagine that how hard it can be to display a form?

Which form do you mean? ItemManger does not offer any forms, you have to create them yourself. But you can use ImForms to create your forms. How to show them in the font-end is explained in the description.
Reply
(2018-09-21, 03:51:09)Bigin Wrote:
(2018-09-21, 02:58:07)JAKE Wrote: I can't imagine that how hard it can be to display a form?

Which form do you mean? ItemManger does not offer any forms, you have to create them yourself. But you can use ImForms to create your forms. How to show them in the font-end is explained in the description.

So how does it provide means to add i.e. to manage items? By forms.
For example load.php?id=imanager&edit > Add new.

Of course I could always just copy and paste markup from that form and use custom processing.


File upload is still a bit of a question...

ImForms is just for forms and it has nothiing to do with Items just like I stated in the other topic.
I don't see that there's anything else common with these but the naming convetion.
Reply
Any forms always do the same job, a HTML form on a web page has nothing to do with your items, it just allows a user to enter data that is sent to a server for processing, there are no forms that do anything else.

So, your task is to create a simple HTML form for the frontend, which has the corresponding fields like the category in ItemManager you created, which items should contain the data – It's no matter how you do it.

For instance, if your items contain the following fields: name, age, profession, interests, image, etc ... Your HTML form should also support these fields: name-> text field, age -> number, profession -> text, interests -> text, image -> file upload ...

After the form has been sent, you can process the data in your php script: Check if all data has been entered correctly, check validity, clean invalid characters, validate the height, width of the image, file type, etc ... (To process and save images you can also use /plugins/imanager/upload/server/php/UploadHandler.php) - but as I already wrote it is not an easy task. Now, that you have checked the data, you can save it as an item. How you can use API to create new items and populate its fields with data I have shown thousands of times, you can find all the information on my website https://ehret-studio.com/articles/itemma...ith-items/ look under "Creating items"
Reply
So a short answer: ItemManager doesn't provide forms, or methods that process the data from forms (By the way, this is exactly what ImForms is designed for). It rather provides a various functions for creating forms and such processing scripts. Either way, you have to create your own application, of course, you can use the tools that ItemManger provides for you.
Reply
(2018-09-21, 06:11:12)Bigin Wrote: Any forms always do the same job, a HTML form on a web page has nothing to do with your items, it just allows a user to enter data that is sent to a server for processing, there are no forms that do anything else.

So, your task is to create a simple HTML form for the frontend, which has the corresponding fields like the category in ItemManager you created, which items should contain the data – It's no matter how you do it.

For instance, if your items contain the following fields: name, age, profession, interests, image, etc ... Your HTML form should also support these fields: name-> text field, age -> number, profession -> text, interests -> text, image -> file upload ...

After the form has been sent, you can process the data in your php script: Check if all data has been entered correctly, check validity, clean invalid characters, validate the height, width of the image, file type, etc ... (To process and save images you can also use /plugins/imanager/upload/server/php/UploadHandler.php) - but as I already wrote it is not an easy task. Now, that you have checked the data, you can save it as an item. How you can use API to create new items and populate its fields with data I have shown thousands of times, you can find all the information on my website https://ehret-studio.com/articles/itemma...ith-items/ look under "Creating items"

Yes of course I can do that, but this is just what I'm trying to avoid: inventing the wheel again.

If there's already everything place for admins to create new items via forms then how it can be that hard to create similar page that would be accessbile to anyone?

What would be the least overlapping method?
Could I create another Manager class which doesn't include admin checks and similar things that are now in Manager class?
Reply
(2018-09-24, 20:27:47)JAKE Wrote: Yes of course I can do that, but this is just what I'm trying to avoid: inventing the wheel again.

Hmm, why don't you publish the password for the admin on your website and the job is done, so you don't have to write a line of code? ;-)

(2018-09-24, 20:27:47)JAKE Wrote: If there's already everything place for admins to create new items via forms then how it can be that hard to create similar page that would be accessbile to anyone?

As I have already written, it is relatively simple to adopt the approach of backend methods as long as you are confident in what you are doing, and know how it works.

(2018-09-24, 20:27:47)JAKE Wrote: What would be the least overlapping method?
Could I create another Manager class which doesn't include admin checks and similar things that are now in Manager class?

I don't understand the point of your approach, sorry... that sounds strange, somehow comparable with :-)

[Image: mini-cooper.jpg?raw=1]

To make this adjustments you need to be familiar with ItemManager core. This is completely unnecessary, there is a comfortable API to do these things quicker and better. For these customizations you will need 10 times longer than writing your own processor - so much for staying "inventing the wheel again".

Just try ImForms and see how easy it is to use that plugin for this purpose.

Step 1:
Download the latest version of ItemManager and ImForms and install/update it.
Open /plugins/im_forms/inc/custom.config.php file, and modify formProcessors variable as follows: 

PHP Code:
$config->formProcessors = array(
 
   'EmailTransmitter' => 'EmailTransmitter',
 
   // Note: Key and value should be equal, there is an issue for the moment
 
   'FormProcessor' => 'FormProcessor'
); 

Next, download an example form processors from https://github.com/bigin/FormProcessor, and extract the archive into /plugins/im_forms/module/ folder (Note, folder, file and the class, must have the same name FormProcessor, see EmailTransmitter modules, for example).

Step 2:

Go to the IM menu and select imforms category click "ADD NEW".
Enter name "itemform".
Check "Enabled".
Enter exactly this value , in the field Form Data.
Then, click "Save".

Step 3:
Go to Pages > ImForms menu and check if there is a new test form itemforms.
If so, open a page on which the form should be shown and enter this placeholder [[imforms itemform]] in editor, then save.
Open that page in the browser, a test form should now appears there.

Step 4:
Now, look at your processor file in the /plugins/im_forms/module/FormProcessor/FormProcessor.php directory. Especially the methods checkUserInput() and save() - there you can start to extend your application. All the form entries can be found in the $this->input->post variable. You can display it by using the Util::preformat($this->input->post) method.
A tip: If you remove the AjaxBlock and DelayBlock in your itemform, you can see the output directly from the processor, use echo or var_dump() for this.
Reply




Users browsing this thread: 1 Guest(s)