For those who may want an alternate path to getting some forums running on the Club Kit, I've released a simple Club Site Forums Starter Kit.
Only works with the Club Site (that is, until you change it to do something else :)
It has the basic forums features, sections, paging, sorting, avatars, sticky threads, locks etc. I stopped short of some of the more personal features (like what is a 'new' message, what is a 'popular' message and so on) so there's plenty to add or change
to suit your taste and needs. Source is free (BSD license). Go to town with it, or tell me to go back to building furniture for a living ;-)
That was very simple and very well explained in the readme file. I had the forum up and running in 20 minutes. Great job. Now I will be testing and modifying.
Perhaps its a little bit complex for beginners to learn from (?)
Maybe so. It does try to use some of the latest asp.net 2.0 stuff (which I am learning), there's nothing terribly fancy in there, but perhaps some unfamiliar things such as ObjectDataSource instead of inline SQL code and so on.
If you have a question about how something works, I'll be happy to try to explain it.
The deny users="?" means anonymous users can't go there.
also in web.config, the the authentication setting is set to "Forms" without any more properties set, so it uses the default settings for forms authentication. If you look here http://msdn2.microsoft.com/en-US/library/system.web.security.formsauthentication.loginurl.aspx
you'll see that the default value of the forms auth loginUrl property is "login.aspx" which is cool because that's what we have in the club kit.
So, the user tries to go to forum_addpost.aspx, the auth provider sees the user is not logged in, and it knows where to send them to log in (to the loginUrl) and it's smart enough to know where they really wanted to go, so it appends the redirection to the
query string. The login page has a login control on it which knows what to do with the ReturnUrl in the query string. Neato.
Same thing happens when you are logged in as a regular user, and you try to get at a page that is restricted to Admin, it will ask you to log in again as Admin, and then redirect you.
That's why it's good to use the declarative access controls like those in web.config, you get a lot of automatic logic that way, but you can also do this with code like in this pseudo example:
' this page is admins_only.aspx
If Not User.IsInRole("Administrators") Then
Response.redirect("~/some_page_with_a_login_control.aspx??ReturnUrl=admins_only.aspx")
End If
If the ReturnUrl has querystring info, you might have to run it through HttpUtility.UrlEncode(string) first, before you redirect with it, I dunno, I didn't try it.
Added FreeTextBox to AddPost and it actually show up. Only in Forum_thread the Formatting is shown as tags. Where should I focus my attention, Repeater?
To swap from plain text box to FreeTextBox (or another one like FCKEditor)...
in forum_addpost.aspx, in UpdateButton_Click() , just remove these 2 lines
body = Regex.Replace(body, "\r\n", "<br />", RegexOptions.IgnoreCase Or RegexOptions.Multiline)
body = Regex.Replace(body, "<br />", "<br />", RegexOptions.IgnoreCase Or RegexOptions.Multiline)
But be aware that if you care about security and/or it's a public site, to prevent the posting of malicious HTML/script, you should replace those lines with something like this:
body = MyFunctionThatMakesHTMLSafeForDisplay(body)
then in Form_Load() you'll want this instead of what's there now:
If Not String.IsNullOrEmpty(Request("qu")) Then
bodyTextBox.Text = String.Format("<p><div style='border: solid 1px #DDDDDD;'><i>{0} wrote:</i><br /> {1}</div></p>", msg.displayname, msg.body)
End If
Or something like that, if FreeTextBox uses .Value instead of .Text then adjust as needed.
Then you have a similar bunch of changes to make in Forum_EditPost.aspx. You should study how it works and compare to the above code. Also there's a post on my site that shows the changes for both files, it's in a thread called WYSIWYG...
To explain a bit - if you use a plain text box for input, the user can type in anything they want, in any format, but since the message will be posted as part of an HTML page, 2 things are done with the posted message. First it's HTML encoded - that disables
any tags, including any malicious ones. Then the first Regex replaces any line breaks with <br /> tags so it will look right. The second one fixes any already exisitng BR tags that were encoded in the first step.
If you use FreeTextBox, you don't have to mangle plain text into something that will work in an HTML page, but you do have to worry about poorly formatted or malicious HTML. Here's an example, if you use the HTML source editor in FTB and all you put in there
is <i> without the closing tag and then post, if the editor doesn't catch it and fix it, then all the text after that post will be italic - so user A posts a message like that, and then users B and C post replies, B and C's messages will all be italic, yecch.
Community Server uses a fairly sophisticated bit of code to clean up the HTML you post here in these forums, but you can still trick it into doing bad things.
This is partly why I released with just a plain text box in the forums, it's very safe, easy, and I don't have to give away my HTML cleaner code (but I will sell it to you for a zillion dollars :).
MrLunch
Member
727 Points
144 Posts
Forum Starter Kit
May 09, 2006 07:52 AM|LINK
For those who may want an alternate path to getting some forums running on the Club Kit, I've released a simple Club Site Forums Starter Kit.
Only works with the Club Site (that is, until you change it to do something else :)
It has the basic forums features, sections, paging, sorting, avatars, sticky threads, locks etc. I stopped short of some of the more personal features (like what is a 'new' message, what is a 'popular' message and so on) so there's plenty to add or change to suit your taste and needs. Source is free (BSD license). Go to town with it, or tell me to go back to building furniture for a living ;-)
http://tumblegum.wgg.com/ClubWebSite/Forum_Topics.aspx
Site may be sluggish, I always use more memory than I have :)
Cheers,
Forums Starter Kit
tsaren
Member
55 Points
11 Posts
Re: Forum Starter Kit
May 09, 2006 01:25 PM|LINK
Thank you MrLunch!
That was very simple and very well explained in the readme file. I had the forum up and running in 20 minutes. Great job. Now I will be testing and modifying.
Regards,
Tommy
MrLunch
Member
727 Points
144 Posts
Re: Forum Starter Kit
May 09, 2006 05:14 PM|LINK
Thanks Tommy,
since you're in Sweden, you'll want to check the bug posting on my site about special characters.
When you post Herr Lunch är mycket göra sval, you want it to look right :)
Forums Starter Kit
lexy
Participant
1668 Points
441 Posts
Re: Forum Starter Kit
May 09, 2006 07:29 PM|LINK
Hi,
What I like about this Forum is:
Perhaps its a little bit complex for beginners to learn from (?)
Great Job Mark!
Lex
MrLunch
Member
727 Points
144 Posts
Re: Forum Starter Kit
May 09, 2006 08:00 PM|LINK
Thank you Lex :)
Maybe so. It does try to use some of the latest asp.net 2.0 stuff (which I am learning), there's nothing terribly fancy in there, but perhaps some unfamiliar things such as ObjectDataSource instead of inline SQL code and so on.
If you have a question about how something works, I'll be happy to try to explain it.
Cheers,
Forums Starter Kit
lexy
Participant
1668 Points
441 Posts
Re: Forum Starter Kit
May 09, 2006 08:07 PM|LINK
Hi Mark,
Well as a matter a fact I have , but no rush as you are probably quite busy with users trying out he Forum right now.
I would like to understand how you go to Login and back.to the Thread.
Lex
MrLunch
Member
727 Points
144 Posts
Re: Forum Starter Kit
May 09, 2006 09:01 PM|LINK
Easy, it's built in to asp.net 2.0
I have a link to reply or new thread which points to forum_addpost.aspx
I also have an access control rule in web.config:
<location path="forum_addpost.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
The deny users="?" means anonymous users can't go there.
also in web.config, the the authentication setting is set to "Forms" without any more properties set, so it uses the default settings for forms authentication. If you look here
http://msdn2.microsoft.com/en-US/library/system.web.security.formsauthentication.loginurl.aspx
you'll see that the default value of the forms auth loginUrl property is "login.aspx" which is cool because that's what we have in the club kit.
So, the user tries to go to forum_addpost.aspx, the auth provider sees the user is not logged in, and it knows where to send them to log in (to the loginUrl) and it's smart enough to know where they really wanted to go, so it appends the redirection to the query string. The login page has a login control on it which knows what to do with the ReturnUrl in the query string. Neato.
Same thing happens when you are logged in as a regular user, and you try to get at a page that is restricted to Admin, it will ask you to log in again as Admin, and then redirect you.
That's why it's good to use the declarative access controls like those in web.config, you get a lot of automatic logic that way, but you can also do this with code like in this pseudo example:
' this page is admins_only.aspx
If Not User.IsInRole("Administrators") Then
Response.redirect("~/some_page_with_a_login_control.aspx??ReturnUrl=admins_only.aspx")
End If
If the ReturnUrl has querystring info, you might have to run it through HttpUtility.UrlEncode(string) first, before you redirect with it, I dunno, I didn't try it.
Forums Starter Kit
MrLunch
Member
727 Points
144 Posts
Re: Forum Starter Kit
May 09, 2006 09:23 PM|LINK
Here ya go, tested this, should work most anywhere:
' send to login and redirect back here
If Not User.IsInRole("Administrators") Then
Response.Redirect("~/login.aspx?ReturnUrl=" & HttpUtility.UrlEncode(Request.RawUrl))
End If
Or the version to trap anonymous users and make them log in would be like so:
If Not User.Identity.IsAuthenticated() ThenResponse.Redirect("~/login.aspx?ReturnUrl=" & HttpUtility.UrlEncode(Request.RawUrl))
End If
Forums Starter Kit
lexy
Participant
1668 Points
441 Posts
Re: Forum Starter Kit
May 10, 2006 01:14 PM|LINK
Hi Mark,
Yep, it does, great improvement this.
(almost seems easy, hah)
BTW,
Added FreeTextBox to AddPost and it actually show up. Only in Forum_thread the Formatting is shown as tags. Where should I focus my attention, Repeater?
Thanks,
Lex
MrLunch
Member
727 Points
144 Posts
Re: Forum Starter Kit
May 10, 2006 05:40 PM|LINK
To swap from plain text box to FreeTextBox (or another one like FCKEditor)...
in forum_addpost.aspx, in UpdateButton_Click() , just remove these 2 lines
body = Regex.Replace(body, "\r\n", "<br />", RegexOptions.IgnoreCase Or RegexOptions.Multiline)
body = Regex.Replace(body, "<br />", "<br />", RegexOptions.IgnoreCase Or RegexOptions.Multiline)
But be aware that if you care about security and/or it's a public site, to prevent the posting of malicious HTML/script, you should replace those lines with something like this:
body = MyFunctionThatMakesHTMLSafeForDisplay(body)
then in Form_Load() you'll want this instead of what's there now:
If Not String.IsNullOrEmpty(Request("qu")) Then
bodyTextBox.Text = String.Format("<p><div style='border: solid 1px #DDDDDD;'><i>{0} wrote:</i><br /> {1}</div></p>", msg.displayname, msg.body)
End If
Or something like that, if FreeTextBox uses .Value instead of .Text then adjust as needed.
Then you have a similar bunch of changes to make in Forum_EditPost.aspx. You should study how it works and compare to the above code. Also there's a post on my site that shows the changes for both files, it's in a thread called WYSIWYG...
To explain a bit - if you use a plain text box for input, the user can type in anything they want, in any format, but since the message will be posted as part of an HTML page, 2 things are done with the posted message. First it's HTML encoded - that disables any tags, including any malicious ones. Then the first Regex replaces any line breaks with <br /> tags so it will look right. The second one fixes any already exisitng BR tags that were encoded in the first step.
If you use FreeTextBox, you don't have to mangle plain text into something that will work in an HTML page, but you do have to worry about poorly formatted or malicious HTML. Here's an example, if you use the HTML source editor in FTB and all you put in there is <i> without the closing tag and then post, if the editor doesn't catch it and fix it, then all the text after that post will be italic - so user A posts a message like that, and then users B and C post replies, B and C's messages will all be italic, yecch.
Community Server uses a fairly sophisticated bit of code to clean up the HTML you post here in these forums, but you can still trick it into doing bad things.
This is partly why I released with just a plain text box in the forums, it's very safe, easy, and I don't have to give away my HTML cleaner code (but I will sell it to you for a zillion dollars :).
Forums Starter Kit