Geeklog Forums

I've created a very simple and half-cool hack in my theme that turns the content portion of header into an editable Static Page.

Basically, I found the table in header.thtml that held the contents, cut it out, replaced it with something like:



Then, I created a static page with the id "header" and pasted the cut table from header.thtml.

I was pleased to see that this worked! Now, any user I choose to authorize to edit Static Pages can edit the Header -- and potentially the Footer, and maybe even any other layout component that I am wacky enough to open up to user editing.

There is, however, one shortcoming. For some reason, anything that is put into header.thtml using "include_once" apparently isn't processed by the function that looks for {variables}. For example, the code in header.thtml that says:



creates a broken image because instead of parsing "{site-logo}" into "logo.png" or whatever, it just leaves it as "{site-logo}" and looks for a file by that name in the current directory.

So... any ideas on how to fix this shortcoming? If we can't fix it, then it's not a huge deal... the only down side, really, is that it'd be pretty hard to make the footer customizable without losing the "Page generated in Umpteen Seconds" script.

Also... am I creating any security flaws here that I don't realize? I'm not worried about "user betrayal"... none of my users who I authorize to change this are going to do anything screwy. [I know them personally, and they don't even KNOW how to do screwy things. ] But since I'm only moderately familiar with how PHP security works, I want to be sure that I'm not somehow opening up these files to editing by non-registered users.

Love and Healing,

Treesong

First of all, when posting HTML or PHP code, use the forum's [ CODE ] button or it will be stripped out (as can be seen - or rather not seen - above).

The {variables} are only processed in the .thtml file itself, not in any code that you add there via PHP. But since you can use PHP, you don't need the variables anyway and can put in anything you want ...

PHP code in the header should follow the usual standards for PHP code, i.e always initialize your variables before using them (so that they can't be overwritten when register_globals is on). As for include_once: Use hard-coded paths or take extra care that any variables you're using in the path are properly initialised and can not be overwritten.

bye, Dirk

Thanks for the reply. I've edited the above post so that you can actually see the code now. You also said:



Is there any way to just change which file Geeklog looks at for its header and footer? And if so, would it work for me to tell Geeklog to use a file with a URL along the lines of:



This way, I could just have Geeklog directly use the static page as the entire header, making the header editable using the admin interface.

I'm not terribly concerned about this shortcoming (i.e. not being able to have variables parsed by thtml), so if it gets really complicated, I'm not going to worry about it. But it would be nice, and might be something that others would find useful too if they also want to have their admins able to edit header and footer without having to log in via FTP.

Love and Healing,

Treesong

You can override the default header and footer by providing replacement functions in your theme. Geeklog checks for functions called themename_siteHeader (e.g. professional_siteHeader) and themename_siteFooter and uses those if they exist (instead of COM_siteHeader / COM_siteFooter). That should give you maximum flexibility.

bye, Dirk