Knightnet Site Design - Template Features

Features and structure of the main template used on this site

As stated elsewhere, I use Apache web server, PHP scripting and, optionally, mySQL database to provided a template for the site. This means that I can concentrate on providing information rather than worring about getting the page layout correct.

Structure

The template provides a standard six pane layout as shown:

Main Template Features

The main features that the template provides are:

Automatic navigation features

Using the additional "automenu" file, local navigation menus, breadcrumb trails and site maps are created automatically.

Standard look and feel

Provided by the template and by the external CSS (Cascading Style Sheet) definitions. This means that the colour, fonts, etc. can all easily be changed without needing to delve into any PHP coding.

Basic security

With the use of a mySQL database, the template is able to provide basic access controls.

Information content can be included via a number of simple means:

• The "content" variable
• Database content
  From a standard table. This is the prefered method as the content is searchable from the search page and can be edited (on localhost only) directly. Each section (set of paragraphs) has its own title (optional) and associated named anchor so that it can be linked to. They are also dated so a page can be in a "blog" format by date and there is even the ability to email new content to a page.
• Hand coded HTML (placed outside of the PHP code)
• External files
• The "bottomContent" variable

Print layout

A print layout is automatically made available by the use of an alternative CSS file. Mozilla users can easily switch between the two layouts manually, but all current mainstream browsers will automatically use the alternative layout when printing.

Search engine optimisation

The layout of the template provides two seach engine optimisations.
Firstly, The page title is repeated at the top of the page as a heading level 1. Secondly, the navigation menu on the left hand side is actually AFTER the main content.

Client side scripting

Is catered for

Meta data

Basic information about the page (represented by the HTML META tags "title", "description" and "keywords") can be provided either from variables or from a standard "meta" database table. The later is prefered since it is searchable from the site search page.

Site Searching

Is provided for ONLY for content provided from a database. There are "plugins" for the "content" table, the "meta" table (page titles, descriptions and keywords), site news and worship resource data tables currently. Additional tables are easily added because the results use the dbHtTbl class

Standards and Accessability

All of the pages created by the template have an HTML 4.01 STRICT syntax and make good use of CSS to keep HTML code complexity down along with making the look & feel easy to manage. The pages are also reasonably good for any current accessibility enhanced browsers.

Dependencies

The template has the following basic dependencies:

• Apache 1.3.x+
• PHP 4.3.2+
• mySQL 4.0.x+
  Although this is technically optional, it is required for security features and dynamically served content (including searches). However, it would be fairly easy to replace the MySQL code with that for an alternative SQL database.
• Apache local overrides using .htaccess
  Most web hosts provide this. It is not strictly needed but does make security and configuration better.

In addition, the following files are needed for the correct operation:

• thread.class.inc
  The template class itself.
• thread.class.initvars.inc
  This is used for the default settings. This is normally in the same folder as the main template file but the defaults can be overridden by creating a copy in the same folder as the web page to be treated differently.
• automenu.class.inc and automenu.class.initvars.inc
  Provides the automatic navigation features
• db-mysql.inc
  Is required for access to mySQL databases
• debug.inc
  Is used for debugging functions
• default.css and print.css
  Contain the CSS formatting for the site. These files have to be within the web root somewhere and accessible to the browser.

These optional files provide additional functions:

• html.inc
  Provides email and web-safe variable validation functions (e.g. stripping html, restricting length, etc.) The email function allows the to address to be hidden from the web site.
• thread.class.inc, thread.class.initvars.inc, thread.editPage.inc and news-thread.class.inc
  Provide a way to provide flat and hierarchical news, discussion, task lists, etc.
• dbHtTbl.class.inc and dbHtDetails.class.inc
  Provide automated utilities for browsing and editing SQL tables with minimal coding.

All files listed here should normally be kept outside of the web root folder so that they cannot accidentally be served up to a client.

The template works under both Windows and Linux operating systems.

Usage

NOTE: Need to move this section to its own page.

See the examples page for basic usage.

Externally controllable variables

See the thread.class.initvars.inc file for all of the easily controllable parameters.

You will probably wish to at least change the defaults for $this->owner and $this->author.

Externally callable methods

setVar($varname,$value)

Sets the value of the variable named. This should always be used in preference to $Template->varname=$value as it allows validation to take place. Only the variables listed in the file template.class.initvars.inc should be altered externally.

getVar($varname)

Returns the current value of the named variable. This should always be used in preference to $value=$Template->varname.

securityLevel($securityLevel,'optionalGroupName')

securityLevel is one of the constants: SECURITY_NONE, SECURITY_OPTIONAL or SECURITY_REQUIRED. The group name is optional additional security. If set to optional or required, a login button is shown in the top lefthand corner of the page. If required is set, no content (apart from manual html) will be shown until the user is logged in, only a login screen will be displayed. If the user is logged in, $Template->qSecurity will be TRUE otherwise it will be FALSE. A temporary cookie (KNL) is set on the browser when the user logs in, this is updated on every page refresh and eventually times out after an amount of inactivity. If the user refuses to accept cookies from the site, they can never be logged in.

outputTop()

Prints out the top part of the web page which includes the headers and the content variable.

outputBottom()

Prints out the lower part of the web page including any externally included HTML, the left hand automenu and the footers.

output()

Combines the above two functions. Use this if you do not want any manually included HTML.

Any other functions in the class should not be called externally.

Externally available constants

NL

New Line character

SECURITY_NONE, SECURITY_OPTIONAL, SECURITY_REQUIRED

Use as $Template->securityLevel(SECURITY_OPTIONAL,'worship');

Other Usage

Also see the automenu class for additional methods and variables. To access these, use the structure: $Template->AutoMenu->...

Additionally, the debug.inc include file contains some useful debug functions. The main one being show_r($variable-array-object-resource) which produces an html formatted listing of the contents passed to it.

The content variable can be as static or dynamic as PHP can make it but there are a couple of "gotchas":

• If you use either " or <<<ZZZ style strings to assign to $content you need to escape $ as in \$ (alternatively and better still, input as an html entity "&#36;". Otherwise it may be interpreted by PHP. Of course, the advantage to this is that PHP variables can be used and will be expanded correctly. If you use a simple ' you do not need to escape $
• < has to be specified as an html entity, e.g. &lt; otherwise it is interpreted as HTML. Other characters may also need to be specified as entities such as the & (&amp;) in the line above
• Because the $content variable allows HTML you need to be careful with content. This is especially true if allowing others to create content over the web. Such content should have all but 'safe' tags removed. Note that I have now written a function to do this that is available in the html.inc file.

I have written a PHP function called webSafe which allows 4 bits of processing:

• The string is always truncated to a set length. This defaults to 64k characters but can be set to anything
• Optionally allows only restricted HTML tags to be passed, all other tags are removed OR escaped all tags so no HTML is passed
• Optionally allows pseudo tags to be used instead of (or as well as) standard html. See here for details. These are converted to HTML tags by the function. This can be mixed with real web safe html tags if required
• Optionally allows conversion of line breaks to <br> tags, just for convenience. Can be used in conjunction with the other two options.

The webSafe function is also useful for displaying large portions of HTML or PHP code on a page. Assign the code to a variable using the string assignment form "$str=<<<ZZZ ..." and then run it through webSafe with all parameters set to FALSE. This string can then be included in the page's $content variable. You will, however, still need to replace each $ with \\$

Features and structure of the main template used on this site

As stated elsewhere, I use Apache web server, PHP scripting and, optionally, mySQL database to provided a template for the site. This means that I can concentrate on providing information rather than worring about getting the page layout correct.

Structure

The template provides a standard six pane layout as shown:

Main Template Features

The main features that the template provides are:

Automatic navigation features

Using the additional "automenu" file, local navigation menus, breadcrumb trails and site maps are created automatically.

Standard look and feel

Provided by the template and by the external CSS (Cascading Style Sheet) definitions. This means that the colour, fonts, etc. can all easily be changed without needing to delve into any PHP coding.

Basic security

With the use of a mySQL database, the template is able to provide basic access controls.

Information content can be included via a number of simple means

The template allows a combination of "content" variables, hand coded HTML, external files and database entries to deliver content to a web page.
Database entries are prefered because they are automatically indexed for the site search facility.

Print layout

A print layout is automatically made available by the use of an alternative CSS file. Mozilla users can easily switch between the two layouts manually, but all current mainstream browsers will automatically use the alternative layout when printing.

Search engine optimisation

The layout of the template provides two seach engine optimisations.
Firstly, The page title is repeated at the top of the page as a heading level 1. Secondly, the navigation menu on the left hand side is actually AFTER the main content.

Client side scripting

Is catered for

Site Searching

Is provided for ONLY for content provided from a database. There are "plugins" for the "content" table, the "meta" table (page titles, descriptions and keywords), site news and worship resource data tables currently. Additional tables are easily added because the results use the dbHtTbl class

Dependencies

The template has the following basic dependencies:

• Apache 1.3.x+
• PHP 4.3.2+
• mySQL 4.0.x+
  This is optional, required for security features and dynamically served content (including searches).
• Apache local overrides using .htaccess
  Most web hosts provide this. It is not strictly needed but does make security and configuration better.

In addition, the following files are needed for the correct operation:

• thread.class.inc
  The template class itself.
• thread.class.initvars.inc
  This is used for the default settings. This is normally in the same folder as the main template file but the defaults can be overridden by creating a copy in the same folder as the web page to be treated differently.
• automenu.class.inc and automenu.class.initvars.inc
  Provides the automatic navigation features
• db-mysql.inc
  Is required for access to mySQL databases
• debug.inc
  Is used for debugging functions
• default.css and print.css
  Contain the CSS formatting for the site. These files have to be within the web root somewhere and accessible to the browser.

These optional files provide additional functions:

• html.inc
  Provides email and web-safe variable validation functions (e.g. stripping html, restricting length, etc.) The email function allows the to address to be hidden from the web site.
• thread.class.inc, thread.class.initvars.inc, thread.editPage.inc and news-thread.class.inc
  Provide a way to provide flat and hierarchical news, discussion, task lists, etc.
• dbHtTbl.class.inc and dbHtDetails.class.inc
  Provide automated utilities for browsing and editing SQL tables with minimal coding.

All files listed here should normally be kept outside of the web root folder so that they cannot accidentally be served up to a client.

The template works under both Windows and Linux operating systems.

Usage

NOTE: Need to move this section to its own page.

See the examples page for basic usage.

Externally controllable variables

See the thread.class.initvars.inc file for all of the easily controllable parameters.

You will probably wish to at least change the defaults for $this->owner and $this->author.

Externally callable methods

setVar($varname,$value)

Sets the value of the variable named. This should always be used in preference to $Template->varname=$value as it allows validation to take place. Only the variables listed in the file template.class.initvars.inc should be altered externally.

getVar($varname)

Returns the current value of the named variable. This should always be used in preference to $value=$Template->varname.

securityLevel($securityLevel,'optionalGroupName')

securityLevel is one of the constants: SECURITY_NONE, SECURITY_OPTIONAL or SECURITY_REQUIRED. The group name is optional additional security. If set to optional or required, a login button is shown in the top lefthand corner of the page. If required is set, no content (apart from manual html) will be shown until the user is logged in, only a login screen will be displayed. If the user is logged in, $Template->qSecurity will be TRUE otherwise it will be FALSE. A temporary cookie (KNL) is set on the browser when the user logs in, this is updated on every page refresh and eventually times out after an amount of inactivity. If the user refuses to accept cookies from the site, they can never be logged in.

outputTop()

Prints out the top part of the web page which includes the headers and the content variable.

outputBottom()

Prints out the lower part of the web page including any externally included HTML, the left hand automenu and the footers.

output()

Combines the above two functions. Use this if you do not want any manually included HTML.

Any other functions in the class should not be called externally.

Externally available constants

NL

New Line character

SECURITY_NONE, SECURITY_OPTIONAL, SECURITY_REQUIRED

Use as $Template->securityLevel(SECURITY_OPTIONAL,'worship');

Other Usage

Also see the automenu class for additional methods and variables. To access these, use the structure: $Template->AutoMenu->...

Additionally, the debug.inc include file contains some useful debug functions. The main one being show_r($variable-array-object-resource) which produces an html formatted listing of the contents passed to it.

The content variable can be as static or dynamic as PHP can make it but there are a couple of "gotchas":

• If you use either " or <<<ZZZ style strings to assign to $content you need to escape $ as in \$ (alternatively and better still, input as an html entity "&#36;". Otherwise it may be interpreted by PHP. Of course, the advantage to this is that PHP variables can be used and will be expanded correctly. If you use a simple ' you do not need to escape $
• < has to be specified as an html entity, e.g. &lt; otherwise it is interpreted as HTML. Other characters may also need to be specified as entities such as the & (&amp;) in the line above
• Because the $content variable allows HTML you need to be careful with content. This is especially true if allowing others to create content over the web. Such content should have all but 'safe' tags removed. Note that I have now written a function to do this that is available in the html.inc file.

I have written a PHP function called webSafe which allows 4 bits of processing:

• The string is always truncated to a set length. This defaults to 64k characters but can be set to anything
• Optionally allows only restricted HTML tags to be passed, all other tags are removed OR escaped all tags so no HTML is passed
• Optionally allows pseudo tags to be used instead of (or as well as) standard html. See here for details. These are converted to HTML tags by the function. This can be mixed with real web safe html tags if required
• Optionally allows conversion of line breaks to <br> tags, just for convenience. Can be used in conjunction with the other two options.

The webSafe function is also useful for displaying large portions of HTML or PHP code on a page. Assign the code to a variable using the string assignment form "$str=<<<ZZZ ..." and then run it through webSafe with all parameters set to FALSE. This string can then be included in the page's $content variable. You will, however, still need to replace each $ with \\$