Article
Build an XML-Based Content Management System with PHP
Defining the XML Files
Whenever I build a CMS, I try to define the data backend first, because I find that all the other elements cascade from there. In this case, our data backend is an XML file repository, so we need to define how our files should be structured.
XML files are made up of nested start and end tags, each of which defines some chunk of information. XML files must also contain a "root" start and end tag that includes all the other tags.
Because we are only going to be dealing with articles in this example, our "root" start and end tag should be:
<article>
</article>
All other tags that we identified during our discovery phase must go in between these two tags. Based on that list, our article files will likely be structured like this:
<?xml version="1.0"?>
<article id=\\\"xml-howto-1\\\">
<headline>Writing XML Articles</headline>
<status>in progress</status>
<author>Joe Author</author>
<email>jauthor@example.com</email>
<abstract>A short article about writing XML articles.</abstract>
<keywords>XML,articles,how to</keywords>
<para-intro>Intro paragraph here.</para-intro>
<para-main>Main paragraph.</para-main>
<para-conclusion>Conclusion paragraph.</para-conclusion>
</article>
Several things to note about our article example:
- Usually, you would create a DTD or Schema to define how an article would look. Creating effective DTDs or Schemas is an entire tutorial unto itself, so here, I used a shortcut method involving a sample case. This is faster than developing a schema, but be aware that you may run into problems because your sample case may be too simple. Also, if you want to validate your XML document, you will need to create a DTD.
- Did you notice the "
id=" part in the article tag? This is called an attribute. We'll talk more later about why it's important to have a unique id attribute for each article we create in the system. - Because we want to keep this example simple, I'm going to assume that our articles will comprise only three paragraphs each, and the forms we build later on will accommodate this structure. In future tutorials, we will build a more dynamic structure in which we nest the paragraph tags into a
<body>tag.
Building the Admin Tool
The admin tool for our XML-based CMS will be just a few PHP pages that will allow administrators to log in and create, edit, publish, and delete XML articles. Administrators will also be able to create, edit, and delete other administrators.
The Login Page
The login page is very simple. It involves a simple HTML form that allows administrators to enter a username and password. The PHP logic on this page needs to check the entered values against a list of administrators. If we had enough time, I'd walk you through the building of an admin.xml file that holds these values. But for now, we'll take the shortcut of embedding values in our PHP.
Here is the code for the login.php page:
<?php
session_start();
?>
<html>
<title>Please Log In</title>
<body>
<form name="login" method="post" action="verify.php">
<table width="290" border="0" align="center" cellpadding="4" cellspacing="1">
<tr>
<td colspan="2"><div align="center">Please log in</div>
</td>
</tr>
<tr>
<td width="99" bgcolor="#CCCCCC"> <div align="right">login</div></td>
<td width="181" bgcolor="#CCCCCC"> <div align="left">
<input name="username" type="text" id="username">
</div></td>
</tr>
<tr>
<td bgcolor="#CCCCCC"> <div align="right">password</div></td>
<td bgcolor="#CCCCCC"> <div align="left">
<input name="password" type="password" id="password">
</div></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input type="submit" name="Submit" value="Submit">
<input name="reset" type="reset" id="reset" value="Reset">
</div></td>
</tr>
<tr>
<td colspan=2 align=center>
<?php echo $_SESSION[\\\"error\\\"]; ?>
</td>
</tr>
</table>
</form>
</body>
</html>
Notice that the form's action is set to a page called verify.php. The verify.php page is extremely simple. All it does is check that the passed-in values for username and password match the stored username/password values.
If there's a match for both, PHP sets a session variable and redirects the user to the admin page. If not, PHP sends the user back to the login.php page, and a special session variable containing an error message is displayed. Here is the code for the verify.php page:
<?php
session_start();
$user = 'tom';
$passw = 'test';
if (($_POST["username"] == $user) and ($_POST["password"] == $passw)){
$_SESSION["login"] = "true";
header("Location:adminindex.php");
exit;
} else {
$_SESSION["error"] = "<font color=red>Wrong username or password. Try again.</font>";
header("Location:login.php");
}
?>
Because anyone can enter a URL for the admin pages, we have to add an extra piece of security. At the top of each page, we need to check to see if the value of the session variable "login" is set to "true." If it isn't, send folks back to the login.php page; if it is, show them the admin page.