Letting users custom skin
As an exercise, I'm trying to wrap my head around what goes into letting a user custom skin their profile (like myspace as an example). I'm using PHP. Since I'm clueless as to the whole thing, I'm not sure what to ask, but some of my concerns are how complex this is, is it going to require an overhaul of my code, can I separate this part into a separate module that can maybe be turned off as needed, are there templating engines that can help with this, and security. The assumption is that if a user wants to custom-skin their profile, they have design/coding skills to begin with. Any ideas with this are a开发者_JS百科ppreciated.
It depends how much control over the appearance that you want to give to the user.
I developed a website for a theater who wanted the ability to change the look of the front end as and when, the way this was achieved was to set up several different css files, in the back end there was a page of previews for the different styles and the client just picked which ever one they wanted. The style they picked was stored in the database and when the front end was loaded the css file they had picked was loaded.
<link rel="stylesheet" type="text/css" href="<?php echo $styleSheet; ?>" />
Depends on the costumization you want to give them. If we are talking about say:
- user background image
- text colors
- link colors
That can all be achieved very easily with CSS without breaking your code.
Lets assume you stored all those values in a database. And you have your HTML like this:
<html>
<head>
<link rel="stylesheet" href="...">
<style type="text/css">
<?php
// if is set get user css and post it here; example:
// #userid { background-image: url(...) }
?>
</style>
</head>
<body>
<div id="userid" class="userpannel">
...
</div>
</body>
</html>
Your users defined styles could be easily set to override the default theme.
Hope it helps!
This is a very difficult thing to accomplish and still be secure. If someone can upload custom PHP code, then you are just giving your server away to the first hacker. You also have to worry about the user uploading custom JavaScript, because that would be a Stored Cross Site Scripting (XSS) Vulnerability.
You might want to check out this Open Source PHP project:
(DISCLAMER I have no idea how secure this software is. ) http://sourceforge.net/projects/myownspace/
精彩评论