Personal notepad [Deleted]

duderuud · Jul 8, 2019

duderuud submitted a new resource:

Personal notepad - Add a personal notepad for your users

A small add-on that was custom made for our forum.

I like to give a bit back to the XF community so use this if you like what you see
Install this add-on as usual, set the required permissions and enjoy!

View attachment 206037

View attachment 206038

View attachment 206039

View attachment 206040

Read more about this resource...

Ozzy47 · Jul 8, 2019

duderuud said:
duderuud submitted a new resource:

Personal notepad - Add a personal notepad for your users

Read more about this resource...

Very nice, thanks for sharing this with the community for free.

GeorgWin · Jul 9, 2019

When to uninstall a modification:

Code:

ErrorException: [E_NOTICE] Undefined variable: tableName in src\addons\lgxNotepad\Setup.php at line 42

    XF::handlePhpError() in src\addons\lgxNotepad\Setup.php at line 42
    lgxNotepad\Setup->uninstall() in src\XF\Admin\Controller\AddOn.php at line 635
    XF\Admin\Controller\AddOn->actionUninstall() in src\XF\Mvc\Dispatcher.php at line 321
    XF\Mvc\Dispatcher->dispatchClass() in src\XF\Mvc\Dispatcher.php at line 248
    XF\Mvc\Dispatcher->dispatchFromMatch() in src\XF\Mvc\Dispatcher.php at line 100
    XF\Mvc\Dispatcher->dispatchLoop() in src\XF\Mvc\Dispatcher.php at line 50
    XF\Mvc\Dispatcher->run() in src\XF\App.php at line 2177
    XF\App->run() in src\XF.php at line 390
    XF::runApp() in admin.php at line 13

\src\addons\lgxNotepad\Setup.php

Code:

    public function uninstall(array $stepParams = [])
    {
        // TODO: Implement uninstall() method.
        $sm = $this->schemaManager();
        $sm->dropTable($tableName);      
    }

Correctly:

Code:

    public function uninstall(array $stepParams = [])
    {
        // TODO: Implement uninstall() method.
        $sm = $this->schemaManager();
        $sm->dropTable('lgx_notepad');      
    }

TheGreek · Jul 9, 2019

Wanted to give you kudos on releasing this, great attitude on giving back to the community!

duderuud · Jul 9, 2019

duderuud updated Personal notepad with a new update entry:

Uninstall error fix

This update fixes the uninstall error.

Read the rest of this update entry...

kick · Jul 9, 2019

PHP:

<?php
namespace lgxNotepad;

use XF\AddOn\AbstractSetup;
use \XF\Db\Schema\Alter;


class Setup extends AbstractSetup
{
    use \XF\AddOn\StepRunnerInstallTrait;
    use \XF\AddOn\StepRunnerUpgradeTrait;
    use \XF\AddOn\StepRunnerUninstallTrait;
 
    public function install(array $stepParams = [])
    {
        // TODO: Implement install() method.
        $this->db()->query("
            CREATE TABLE IF NOT EXISTS `lgx_notepad`
            (
            `notepad_id` INT(5) NOT NULL AUTO_INCREMENT ,
            `user_id` INT(5) NOT NULL ,
            `subject` VARCHAR(500) NOT NULL ,
            `description` TEXT NOT NULL ,
            `created_at` INT(12) NOT NULL ,
            `edit_at` INT(12) NOT NULL ,
            PRIMARY KEY (`notepad_id`)
            )
            ENGINE = MyISAM;
        ");
     
    }

    public function upgrade(array $stepParams = [])
    {
        // TODO: Implement upgrade() method.
    }

    public function uninstall(array $stepParams = [])
    {
        // TODO: Implement uninstall() method.
        $sm = $this->schemaManager();
        $sm->dropTable("lgx_notepad");    
    }
}

Well ok. Why are traits used if the installation is not used in steps? @Chris D, @Kier, @Mike implemented an analogue scheme manager laravel, and here we write a naked request to create a table.

PHP:

<?php
namespace lgxNotepad\Pub\Controller;

use XF\Mvc\ParameterBag;
use XF\Api\Controller\AbstractController;


class Notepad extends AbstractController
{
    public function actionIndex(ParameterBag $params)
    {
        $db = \XF::db();
        $visitor = \XF::visitor();
        if(!$visitor->hasPermission('general', 'lgxNotepadPermission')){
            return $this->noPermission();
        }
     
        if($params['notepad_id'])
        {
            $notepad_id = $params['notepad_id'];
            $note = $db->fetchRow("SELECT * FROM lgx_notepad WHERE notepad_id= '$notepad_id' AND user_id = '$visitor->user_id' ");
            if(!$note){
                return $this->redirect( $this->buildLink('notepad') );
            }
            $params = [
                'note' => $note,
            ];
            return $this->view('', 'lgx_notepadSingle', $params);
        }
        $entries = $db->fetchAll("SELECT * FROM lgx_notepad WHERE user_id = '$visitor->user_id' ORDER BY edit_at DESC");
        $params = [
            'notes' => $entries,
        ];
        return $this->view('', 'lgx_notepad', $params);
    }

 
    public function actionAdd()
    {
        $db = \XF::db();
        $visitor = \XF::visitor();
        $time = \XF::$time;
        if(!$visitor->hasPermission('general', 'lgxNotepadPermission')){
            return $this->noPermission();
        }
     
        if($this->isPost())
        {
            $input = $this->filter([
                'subject' => 'str',
                'description_html' => 'str',
            ]);
            $subject = $input['subject'];
            $html = $input['description_html'];
            $bbCode = \XF\Html\Renderer\BbCode::renderFromHtml($html);
            $description = \XF::cleanString($bbCode);
            $db->query("INSERT INTO `lgx_notepad` (`notepad_id`, `user_id`, `subject`, `description`, `created_at`, `edit_at`) VALUES (? ,? ,? ,? ,? ,?) ", [NULL, $visitor->user_id, new \XF\PreEscaped($subject), new \XF\PreEscaped($description), $time, $time]);
         
            $last_insert = $db->lastInsertId();
            $note = $db->fetchRow("SELECT * FROM lgx_notepad WHERE notepad_id= '$last_insert'");
            return $this->redirect( $this->buildLink('notepad', $note) );
        }
     
        return $this->view('', 'lgx_notepadAddEdit');
    }
 
 
    public function actionEdit(ParameterBag $params)
    {
        $db = \XF::db();
        $visitor = \XF::visitor();
        $time = \XF::$time;
        if(!$visitor->hasPermission('general', 'lgxNotepadPermission')){
            return $this->noPermission();
        }
     
        $notepad_id = $this->filter('id', 'uint');
        if(!$notepad_id){
            $notepad_id  = $params['notepad_id'];
        }
     
        $note = $db->fetchRow("SELECT * FROM lgx_notepad WHERE notepad_id= '$notepad_id' AND user_id = '$visitor->user_id' ");
        if(!$note)
        {
            return $this->redirect( $this->buildLink('notepad') );
        }
         
        if($this->isPost())
        {
            $input = $this->filter([
                'subject' => 'str',
                'description_html' => 'str',
            ]);
            $subject = $input['subject'];
            $html = $input['description_html'];
            $bbCode = \XF\Html\Renderer\BbCode::renderFromHtml($html);
            $description = \XF::cleanString($bbCode);
            $db->query(" UPDATE `lgx_notepad` SET
            `subject`= ?, `description`= ?, `edit_at` = ? , `user_id` = ? WHERE `notepad_id` = ? ",
            [new \XF\PreEscaped($subject), new \XF\PreEscaped($description), $time, $visitor->user_id, $notepad_id] );
         
            return $this->redirect( $this->buildLink('notepad', $note) );
        }
     
        $params = [
            'note' => $note,
        ];
        return $this->view('', 'lgx_notepadAddEdit', $params);
    }
 
 
    public function actionDelete(ParameterBag $params)
    {
        $db = \XF::db();
        $visitor = \XF::visitor();
        if(!$visitor->hasPermission('general', 'lgxNotepadPermission')){
            return $this->noPermission();
        }
     
        $notepad_id  = $params['notepad_id'];
        $db->query("DELETE FROM lgx_notepad WHERE notepad_id= '$notepad_id' AND user_id='$visitor->user_id'");
        return $this->redirect( $this->buildLink('notepad') );
    }
 
}

Oh my GOD.... Please read https://xenforo.com/xf2-docs/dev/entities-finders-repositories/. Direct queries to the database bypassing the abstraction is a sign of poor tone. By the time the developers again implemented ORM and follow the principle of Data Mapper. Request such as


            $note = $db->fetchRow("SELECT * FROM lgx_notepad WHERE notepad_id= '$notepad_id' AND user_id = '$visitor->user_id' ");

You can replace
$db->fetchRow("SELECT * FROM lgx_notepad WHERE notepad_id= ? AND user_id = ?", $notepad_id, $visitor->user_id)
You can use the finder depending on the need, but it will be more expensive in memory than a request. But in the form that it is now this . You need to first create an entity and create data on it, and CRUD requests in the controller will disappear. In addition to all this, this code violates the principles of the Model View Controller pattern. The idea is interesting, the implementation is terrible.

Chris D · Jul 9, 2019

While I share some of your concerns related to the Resource standards, I think it's sensible to maintain a civil tone and have an attitude of patience rather than using profanity, please, @kick.

@duderuud did you develop this yourself or did someone create it for you?

Ozzy47 · Jul 9, 2019

I believe @Bill Arf developed this.

duderuud · Jul 9, 2019

You are correct @ozzy47

duderuud · Jul 9, 2019

This resource has been removed and is no longer available.

Waiting for the developer to make a version that complies with the XF standards.

Alpha1 · Jul 9, 2019

IMHO this is why XF should really consider to review addon code.

djbaxter · Jul 10, 2019

Alfa1 said:
IMHO this is why XF should really consider to review addon code.

How much are you willing to pay to have this done?

duderuud · Jul 10, 2019

The developer is banned from XF so I cannot release a new version...

Ozzy47 · Jul 10, 2019

duderuud said:
The developer is banned from XF so I cannot release a new version...

Honestly, after looking at the code, I would file a dispute with your CC company/bank.

Kirby · Jul 10, 2019

Alfa1 said:
IMHO this is why XF should really consider to review addon code.

Manual code reviews are prohibitively expensive.

Hopefully I am not going to insult anyone by saying so, but a lot of Add-ons seem to be developed by Part-Time Developers and Amateurs.
They (ideally) do what they are intended to do, but they are not developed with security, performance and maintainability in mind.
I also fear that you might be kinda ... hmm ... disappointed by the outcome of manual checks, that could very well block a significant amount of Add-ons.

But with some effort, automatic checks could be done - there are a lot of amazing things that can be detected by static code analyzers like Phan/PHPStan, phpUnit Tests, etc.

If XenForo would offer some kind of "official CI" with clearly defined rulesets, that would be a major step forward to better code quality.
But that would IMHO alo require clear code style rules, and even XF itself does not a strict code style.

Ozzy47 · Jul 10, 2019

Kirby said:
Hopefully I am not going to insult anyone by saying so, but a lot of Add-ons seem to be developed by Part-Time Developers and Amateurs.

That’s the way it’s been since the vB2 days as far as I can remember.

Alpha1 · Jul 10, 2019

@Kirby I have replied in the thread below, as that thread answers some of the things you address:

Review resources before approving them (XF Community)

The goal of this thread is to hear possibility status (from staffs) and interests and feedbacks (from anyone) Wherever examples provided, the only goal is clarification and not the advertisement. As I understood, although there are lots of new things in XF2 so far, its' main focus is on...

xenforo.com

Dynamic · Jul 10, 2019

duderuud said:
The developer is banned from XF so I cannot release a new version...

Ah ****! I need to contact him. I sent a PM but if he is banned he won't see it. Do you have an e-mail address or something? I want to request a refund for some work he did, but I don't want to go out all-guns-blazing and just dispute the payment without letting him have his say first.

Thanks.

jmurrayhead · Jul 11, 2019

Kirby said:
there are a lot of amazing things that can be detected by static code analyzers like Phan/PHPStan, phpUnit Tests, etc.

Code scanners often bring up a lot of false positives, but it then becomes the responsibility of the developer to either fix or prove that the finding was false. It would be beneficial for customers to have this added protection before new or modified add-ons are uploaded. I did recently see Chris mention something about XenForo having something in the works (in another thread), though could have misunderstood. It might not be a code scanner, but something is better than nothing.

🔥Iggy🔥 · Jul 12, 2019

assuming most have noticed this but fwiw.....ozzys PC to self was better anyway ;P

Personal notepad [Deleted]

Well-known member

Well-known member

Active member

Active member

Well-known member

Well-known member

XenForo developer

Well-known member

Well-known member

Well-known member

Well-known member

in memoriam 1947-2022

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Well-known member

Similar threads

We value your privacy