Skip to main content

cmsms: bringing the news frontend

I am working on a small intranet project for which I want to edit articles via the frontend.
The news module has plenty of features so there is no need to write a new module. Since there is already a fe_submit action we only a need a way to list and edit articles.

Adding code

In the admin there is a tab that just does that and when we look in the code we see that there is a function admin_articlestab. When we open this file we see that it probably does just what we need.

First we copy this file and make it an action. I called it action.fe_articlestab.php .
We dont't expect this to work, we need to rework a couple of things first.

Here is what I did:
  • added if (!isset($gCms)) exit; as first line
  • replaced CreateFormStart($id,'defaultadmin')) with CreateFrontendFormStart($id,$returnid,'fe_articlestab'))
  • replaced links to defaultadmin with links to fe_articlestab
  • replaced link to addarticle with link to fe_submit
  • removed all permission checks otherwise you must be logged in to the admin section
  • removed pieces of code that use DisplayImage, don't need them for now
The frontend parameters are registered so those that are not yet registered must be added in news.module.php, something I would have liked to avoid since it breaks the module. Something to keep in mind when upgrading.

Add parameters like this (the names will show up in the error messages)

$this->CreateParameter('parameter name','default value','help description');
$this->SetParameterType('parameter name',
[CLEAN_NONE|CLEAN_STRING|CLEAN_INT|CLEAN_FLOAT|CLEAN_FILE]);

To test it I made a page and called the action like this


{news action='fe_articlestab'}



Great,the articles tab of the admin page is now in the front end. When you click an article the editarticle action is called and since this is a admin action it has to be reworked too. Make a copy and name it action.fe_editarticle.php .

Again:
  • remove permission checks
  • edit the redirects to fe_articlestab
  • edit the CreateFormstart occurences
There are a few calls to lang instead of $this->Lang, you will have to change that. Apply is not in the language file so you have to add it.

Add the required parameters to news.module.php . Edit fe_articlestab, change links to editarticle to fe_editarticle.

The content and summary parameters are already registered as type CLEAN_STRING.
If we want to insert pictures this won't work. To make it work add two lines to the submit part of the code:


...
else
{
// added to allow tags in fe like in fe_submit
$summary = cms_html_entity_decode($params['summary']);
$content = cms_html_entity_decode($params['content']);
// database work
//
$query = 'UPDATE '.cms_db_prefix().'module_news SET n...

This is how it is done in the fe_submit action.

Now we can build a bulletin board accessible to everyone. Only to be used in a trusted environment!

Other tweaks

If you want to allow image upload check filepicker in TinyMCE settings.


In the TinyMCE module code edit filepicker.php : comment out
check_login(); $userid = get_userid();

otherwise you must be logged in to the admin section.


We can use the icons of the default admintheme to fill the status column like this:
$onerow->approve_link = '<img src="admin/themes/default/images/icons/system/false.gif" />';

Use true.gif for the published ones.
You can do something similar for the edit icon, link to fe_editarticle.
For the delete icon you could provide a fe_delete action but personally I'm happy with the check boxes.

The results of all this are not too bad for a brute force attack:
  • we can create new articles in the front end
  • we can create a list of articles and edit them

but
  • we broke the news module (for the parameters and the lang file)
  • we broke the TinyMCE module (for the file upoad)
Well, everything has it's price... The upside of this is that we will be forced to use the latest version of news and tinyMCE which is not a bad thing at all.

cms made simple
zipfile with fe_articlestab, fe_editarticle and parameterlist

Comments

Andre said…
This is awesome, thanks for charing, I wounder if is possible to replicate the news module and use the two modules at the same time