开发者

Adding a mini admin to a webpage

Picture this: you are creating a little module that people can incorporate into their website easily, for example, a little contact form. It would consist of a PHP file that outputs some HTML, a Javascript file (ajax etc.), a CSS file and a CSS skin. Now the person who doesn't know much about coding wants to integrate it on a webpage (website/index.php). We could do this with three rules of code:

<link rel="stylesheet" href="module/css/module.css" />
<script src="module/js/module.js"></script>
<?php require_once 'module/module.php'; ?>

There's no doubt this part is questionable, right?

Now when we want to add an admin for this little module, there are two options:

  1. Accessing the admin via an extra URL like website/module/admin.php and after authentication, displaying a page where the person can do all the settings. The person then goes back to index.php to see the results.
  2. Enabling the admin via an extra URL like website/module/admin.php and after authentication, redirecting back to index.php. The person can now edit the module directly (HTML5 contenteditable) and see changes live, on the webpage where everybody else will see it when the person saves the changes.

Option 2 has a couple of advantages:

  • The person doesn't have to toggle between admin and index.php.
  • The person can see directly how it's looking at the webpage it's integrated in.
  • The pers开发者_运维百科on probably feels like the module is more part of the webpage/website.

Of course option 2 has some disadvantages too:

  • Not everything works well editing it inline.
  • The person would need to have an HTML5 compliant browser.
  • Probably some more I can't think of right now.

Now I have a few concerns that's I can't seem to see a clear answer to.

  1. How would we let the person integrate the admin on their webpage? The admin files only need to be included in index.php if the person has choosen to edit the module via the url (website/module/admin.php). But how can we do this if we have a admin.css file that belongs in the head section, an admin.php file that goes into the body, and another admin.js file that's included at the end of the body?
  2. How would we know the file that admin.php needs to redirect back to, after authentication? index.php could be any webpage with any name. Answer: <?php echo $_SERVER['PHP_SELF']; ?>

Any real life website/web apps examples using this principle are welcome too. If there's something unclear, I am glad to add additional info.


Generalization: admin interfaces do not belong in the main application. Integrating editing capabilities into the main UI is often a must for usability. But as soon as it borders on administrative tasks, you should be aware of security implications. Regardless of code quality, there might be misconfigurations, which should not affect admin tools. Keep them external to add extra precautions (in one project I'm using http auth AND a login form).

In your specific case, you should avoid the integration for practical reasons. You can't anticipiate the remainder of the CSS of the preexisting site and how it might interact with your integrated widgets.

Also if you want to authenticate in the admin tool anyway, this would not be easily understandable. As you already noted, that would mean a redirect. Keeping it all in one place makes it appear more coherent and accessible, I'd proclaim.

Albeit I'm basing this on a tool I'm planning, which is more of a one-time-usage security tool, I think this is advisable for your case too. The integrated UI doesn't outweigh the disadvantages.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜