Creating NewPost Page
The NewPost page is provided to authenticated users for creating new blog posts. It needs to display a form that collects the information about the new post, including the post title and the post body content.
Because NewPost can only be accessed by authenticated users, we add a page configuration file config.xml under the directory protected/pages/posts. The configuration specifies that guest users cannot access NewPost and EditPost which is to be introduced in the next section.
As the number of our pages expands, we would like to modify MainLayout so that in the footer of our blog pages there are links to various pages, including the homepage, the NewUser page (visible to the administrator only), and the upcoming NewPost page (visible to authenticated users only).
We now create two files protected/pages/posts/NewPost.page and protected/pages/posts/NewPost.php to save the page template and page class, respectively.
Creating Page Template
The NewPost page template contains a TTextBox to collect the post title and a THtmlArea to collect the post content. The latter is a WYSIWYG HTML editor. To ensure the user input is valid, we associate validators with these input controls.
<%@ Title="My Blog - New Post" %>
<com:TContent ID="Main">
Create New Post
Title:
<com:TRequiredFieldValidator
ControlToValidate="TitleEdit"
ErrorMessage="Please provide a title."
Display="Dynamic" />
<com:TTextBox ID="TitleEdit" Columns="50" />
Content:
<com:TRequiredFieldValidator
ControlToValidate="ContentEdit"
ErrorMessage="Please provide content."
Display="Dynamic" />
<com:THtmlArea ID="ContentEdit" />
<com:TButton Text="Create" OnClick="createButtonClicked" />
</com:TContent>
Creating Page Class
From the above page template, we see that we mainly need to write a page class that implements the event handler: createButtonClicked() (attached to the Create button's OnClick event).
class NewPost extends TPage
{
/**
* Creates a new post if all inputs are valid.
* This method responds to the OnClick event of the "create" button.
* @param mixed event sender
* @param mixed event parameter
*/
public function createButtonClicked($sender,$param)
{
if($this->IsValid) // when all validations succeed
{
// populates a PostRecord object with user inputs
$postRecord=new PostRecord;
// using SafeText instead of Text avoids Cross Site Scripting attack
$postRecord->title=$this->TitleEdit->SafeText;
$postRecord->content=$this->ContentEdit->SafeText;
$postRecord->author_id=$this->User->Name;
$postRecord->create_time=time();
$postRecord->status=0;
// saves to the database via Active Record mechanism
$postRecord->save();
// redirects the browser to the newly created post page
$url=$this->Service->constructUrl('posts.ReadPost',array('id'=>$postRecord->post_id));
$this->Response->redirect($url);
}
}
}
Testing
To test the NewPost page, login first and click on the New Post link button in the footer of the homepage. Our browser will display the following result with the URL http://hostname/blog/index.php?page=NewPost.
When you visit the NewPost page for the first time, you may notice that it takes several seconds for the page to be displayed. This is because PRADO needs to unpack and publish the javascript code and images for the THtmlArea control used in the page. This is done once and for all.
To test the pagination feature that we developed for the ListPost page, we can create five or more posts and see what happens to the homepage. The pager in ListPost displays five posts each page.