4 Replies - 799 Views - Last Post: 19 April 2020 - 10:48 AM Rate Topic: -----

#1 justawebuser   User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 83
  • Joined: 09-February 14

Laravel - allow admin to edit the layout html

Posted 15 April 2020 - 09:21 PM

Is this a good idea at all?
How would you do that?
Is it possible to give this option to admins but at the same time keep using the Blade?
What is the best way to do this?

This post has been edited by justawebuser: 15 April 2020 - 09:27 PM

Is This A Good Question/Topic? 0
  • +

Replies To: Laravel - allow admin to edit the layout html

#2 Ornstein   User is offline

  • D.I.C Head

Reputation: 105
  • View blog
  • Posts: 216
  • Joined: 13-May 15

Re: Laravel - allow admin to edit the layout html

Posted 16 April 2020 - 02:01 AM

Some software does let admins do this sort of thing. I guess your main concern would be making sure the admins can't irreversibly break anything - so you might want to prevent them being able to edit the admin area templates, have some backup/restore functionality, etc.

There may also be some security implications e.g. the risk that someone logged into the admin account could write arbitrary code in a template to elevate privileges or read/write sensitive data or whatever else.

Depending on the specifics of what you're making, there may be other concerns to keep in mind e.g. an admin's changes breaking compatibility with updates or plugins.

Off the top of my head, the easiest way to do it - if you don't want to bite off more than you can chew - might be to just let them edit the Blade template files directly, but include a prompt for the admin's password before you save any changes. Depending on who's intended to use the admin area and/or how it's intended to be used, you may also want some permissions system to regulate which admins have template editing privileges and which don't - so a decision can be made as to who can be trusted to have that level of control. This isn't perfect, but it should be easiest to implement whilst mitigating a lot of the risks.

You could perhaps instead extend the Blade compiler to prevent all inline code execution - if you're feeling adventurous. Or just use a template engine that doesn't support it in the first place (or more easily allows you to disable it). Assuming you're not using inline code in your templates (which you probably shouldn't be anyway).
Was This Post Helpful? 2
  • +
  • -

#3 astonecipher   User is offline

  • Enterprise Software Architect
  • member icon

Reputation: 3150
  • View blog
  • Posts: 11,954
  • Joined: 03-December 12

Re: Laravel - allow admin to edit the layout html

Posted 16 April 2020 - 09:26 AM

A few previous companies did this. You end up storing the templates in a database and adding version numbers and dates as well as who did it. One did a drag and drop that allowed the html and variables to be added behind the scenes. Tinymce was used if I remember correctly for one of the others.
Was This Post Helpful? 1
  • +
  • -

#4 justawebuser   User is offline

  • D.I.C Head

Reputation: 5
  • View blog
  • Posts: 83
  • Joined: 09-February 14

Re: Laravel - allow admin to edit the layout html

Posted 16 April 2020 - 10:04 PM

OK, Thank you both, This is how I did it :

In my Master.blade.php

<?php

$partial_dir = resource_path('views/partial');
$user_partial_dir = public_path('current/views/partial');
$addon_path = public_path('includes/addon/*');

$layout_file =  public_path("current/theme/index.htm") ;

$layout = file_get_contents($layout_file);


// Take Care Of Simple Values
Use \App\Code\JET;
$layout=str_ireplace("<-BlogCustomHtml->",JET::$config->site_script,$layout);
$layout=str_ireplace("<-BlogAbout->",JET::$config->site_about,$layout);
$layout=str_ireplace("<-BlogTitle->",JET::$config->site_title,$layout);
$layout=str_ireplace("<-BlogXmlLink->",JET::$root."rss",$layout);
$layout=str_ireplace("<-TempDir->",JET::$root."current/theme/",$layout);
$layout=str_replace("<-PageRand->",rand(100,900000),$layout);



$regex= "/<-[^>]+->/";

$html_parts = preg_split($regex,$layout);

preg_match_all($regex,$layout,$partial_views_array);

$partial_views = $partial_views_array[0];


$index=-1;

foreach($html_parts as $part)
{

   echo $part;
   $index++;

   if($index == count($partial_views))
     break;


   $special_tag = $partial_views[$index];
   $dump = str_replace("<-","",$special_tag);
   $CamelCase = str_replace("->","",$dump);

   if($CamelCase=="MainContent")
   {
     ?> @yield("content") <?php
     continue;
   }

   $view_name = Str::of($CamelCase)->snake();

   if(view()->exists("partial.$view_name"))
   {
         ?> @include("partial.$view_name") <?php
         continue;
   }


   //*** check If the partial is in addon folders
   $addons = glob($addon_path);
   $found = false;
   foreach($addons as $addon_path)
    {
      $addon = basename($addon_path);
      if( view()->exists("$addon.partial.$view_name") )
      {
         $found = true;
         break;
      }
    }

    if($found)
    {
        ?> @include("$addon.partial.$view_name") <?php
        continue;
    }


}


?>


And this is my index.htm

<!DOCTYPE html>
<html>

<head>
  <-EssentialHeaders->
  <link rel="stylesheet" href="/includes/lib/wow/css/libs/animate.css">
  <script src="/includes/lib/wow/dist/wow.min.js"></script>
  <link href="<-TempDir->main.css?<-PageRand->" rel="stylesheet" />
  <script src="<-TempDir->script.js?<-PageRand->"></script>
</head>

<body>

    <-TopMenu->

        <-HeaderSection->

            <-navbar->

                <div class="container-fluid" id="container">

                    <div class="row ">

                        <div class="col-md-3 col-sm-12 ">

                               <-SearchBlock->
                                    <br/>
                               <-LoginBlock->
                                    <br/>
                               <-LastArticles->
                                    <br/>

                        </div>

                        <div class="col-md-6 col-sm-12 " id="contentBar">

                            <-MainContent->

                        </div>

                        <div class="col-md-3 col-sm-12 ">

                             <-PersianDateTime->
                                    <br/>
                             <-Advertise->
                                    <br/>
                             <-LastForumTopics->

                        </div>

                    </div>

                </div>

                </div>

                <-FooterSection->

</body>
<-BlogCustomHtml->

</html>




Astonecipher,In my previous projects I used to save it in the database but It was hard to edit. Then I used Code Mirror which has some bugs I couldn't bear. Then I decided to save it in a file so when I want to edit it I will just open it with notepad++ and get done with it.
I'm thinking of making a desktop app with C# to allow users to generate Html themes with drag and drop.

Ornstein, I'm sure admin doesn't want to hack his own site and if he does I can't think of any security problems here. But if you see any let me now. Because in the future I may take further steps to develop a blogging platform like Blogger.

At the moment I want just to finish moving from the old project and start learning the advanced features of Laravel and refactor my project to throw some dirty codes away.

So far I have moved 90% of my old project to Laravel framework. The big problem is left is a User table with different column names and different hash method for the password. Of course, I will make other topics to take your guidance.

Thank You

This post has been edited by justawebuser: 16 April 2020 - 11:58 PM

Was This Post Helpful? 0
  • +
  • -

#5 Splashsky   User is offline

  • D.I.C Addict
  • member icon

Reputation: 9
  • View blog
  • Posts: 565
  • Joined: 25-August 13

Re: Laravel - allow admin to edit the layout html

Posted 19 April 2020 - 10:48 AM

View Postjustawebuser, on 16 April 2020 - 10:04 PM, said:

OK, Thank you both, This is how I did it :

In my Master.blade.php

<?php
...


Let me stop you right there - that's NOT how you use Blade templates. Business logic such as this belongs in a Controller, or at the very least you could replace a lot of this functionality with Blade directives.

Read the documentation.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1