By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,746 Members | 1,924 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,746 IT Pros & Developers. It's quick & easy.

Online code editor for beginner's PHP class

P: n/a
Let's say you want to use Moodle to teach an introductory class in PHP
programming. Some of the students have little or no computer experience.

In addition to background reading and topics-oriented assignments
supplied by Moodle, you want to build an online text editor into the
course, so students can type their PHP programs and HTML directly into
files on the server, so they don't have to fight with NotePad on Windows
PCs in a lab, and so beginning students don't have to fight with FTP to
get their work onto the webserver.

You could make a form: (no error checking etc. for simplicity)
$path =
$_GET['dirpath']. '/myassignment';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><br>
<textarea name="editor">'.@file_get_contents($path).'</textarea>
<input type="submit"></form>';

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fp = fopen($path,"w");
fwrite($fp,$_POST['editor']);
fclose($fp);
}

Most developers like to clean user input with addslashes or htmlentities
in the POST processing. But if you do that in the "online code editor"
case you get code that won't run or display. So, if you do not
addslashes, but you still want to cover your bases, what are the issues?

Students would have to login (password) to get access to the editor. So
this editor is not available to the world at large. But trusting
passworded students still may not be a good idea. fopen would have to be
limited to specific location patterns. Perhaps you would have to use
regular expressions to look for javascript, and then to strip it out.
But what do you do if you want to teach javascript? Is an online editor
any more dangerous than letting students upload code via FTP?
Sep 16 '08 #1
Share this Question
Share on Google+
25 Replies


P: n/a
doznot wrote:
Let's say you want to use Moodle to teach an introductory class in PHP
programming. Some of the students have little or no computer experience.
That's a disaster waiting to happen right there.
In addition to background reading and topics-oriented assignments
supplied by Moodle, you want to build an online text editor into the
course, so students can type their PHP programs and HTML directly into
files on the server, so they don't have to fight with NotePad on Windows
PCs in a lab, and so beginning students don't have to fight with FTP to
get their work onto the webserver.
Very bad idea. They should be working on their own systems. Why do you
need the programs on a server, anyway?

But you could allow them to edit on their own server and upload via http
if necessary.
You could make a form: (no error checking etc. for simplicity)
$path =
$_GET['dirpath']. '/myassignment';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><br>
<textarea name="editor">'.@file_get_contents($path).'</textarea>
<input type="submit"></form>';
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fp = fopen($path,"w");
fwrite($fp,$_POST['editor']);
fclose($fp);
}

Most developers like to clean user input with addslashes or htmlentities
in the POST processing. But if you do that in the "online code editor"
case you get code that won't run or display. So, if you do not
addslashes, but you still want to cover your bases, what are the issues?
If you're going to display the code in a browser, htmlentities() is a
must. Forget addslashes().
Students would have to login (password) to get access to the editor. So
this editor is not available to the world at large. But trusting
passworded students still may not be a good idea. fopen would have to be
limited to specific location patterns. Perhaps you would have to use
regular expressions to look for javascript, and then to strip it out.
But what do you do if you want to teach javascript? Is an online editor
any more dangerous than letting students upload code via FTP?
Not a good idea at all.

If you absolutely must, give each student their own virtual server and
limit their access to just that directory.

But I would say this is the wrong way to go.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 16 '08 #2

P: n/a

Editing on their own box? I suppose. NotePad never seems to save
files in the same place twice, so absolute beginning students spend
half the day looking for the file they just edited.
Virtual servers is a good idea. I'll look into that.

They can learn to ssh into their virtual server and use vi or emacs
a semester later, but not in the first week of PHP 101.
Sep 16 '08 #3

P: n/a
doznot wrote:
>
Editing on their own box? I suppose. NotePad never seems to save
files in the same place twice, so absolute beginning students spend
half the day looking for the file they just edited.
Virtual servers is a good idea. I'll look into that.

They can learn to ssh into their virtual server and use vi or emacs
a semester later, but not in the first week of PHP 101.
Sure notepad saves the files in the same place twice. It saves the
files to the same directory as the last time it saved a file.

Or, better yet, get them a decent editor. I personally prefer Crimsom
editor for PHP.

In 20 years of training, I have never forced my students to save files
on a server. They all work off their own machines.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 16 '08 #4

P: n/a
doznot wrote:
>
Editing on their own box? I suppose. NotePad never seems to save
files in the same place twice, so absolute beginning students spend
half the day looking for the file they just edited.
Virtual servers is a good idea. I'll look into that.

They can learn to ssh into their virtual server and use vi or emacs
a semester later, but not in the first week of PHP 101.
I should qualify that - if you start notepad from a command line, i.e.
"notepad myfile.php", it will store the file in the current directory.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 16 '08 #5

P: n/a


I won't divulge much in the way of details.
But I'm working in rural schools with limited resources.
I have a central server, but the client computers the students
use are Windows labs, hundreds of miles away, in multiple schools,
with ancient browsers that I have no control over. I am not
allowed to install new editors on those remote boxes.

Why do I want them to save code on my server? So the students
can instantly see their work displayed. When they are
hundreds of miles away, working on machines I can not
control, uploading homework assignments to a remote
server, or editing via some hacked form, is the only way.

Virtual machines and a name server would be best way
to go. I'll have to get that together soon.

In the meantime I've got it hacked so their "save"
attempts fail, if not attempted in a fixed location,
on a per-student basis, involving $_SESSION['username'];

Sep 16 '08 #6

P: n/a
Message-ID: <4-******************************@bresnan.comfrom doznot
contained the following:
I am not
allowed to install new editors on those remote boxes.
You can get a small, lightweight editor that does not need to be
installed. It's called Notepad2 and is absolutely brilliant. I would
never inflict Notepad on my students.

You can get it here http://www.flos-freeware.ch/notepad2.html
--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk
Sep 16 '08 #7

P: n/a
Geoff Berrow wrote:
Message-ID: <4-******************************@bresnan.comfrom doznot
contained the following:
>I am not
allowed to install new editors on those remote boxes.

You can get a small, lightweight editor that does not need to be
installed.
....I'm not sure what this means: " does not need to be installed "
If it is a windows exe, then it has to be installed on the client
box somehow, no? And in my case, the client boxes are hundreds of
miles away.
Sep 16 '08 #8

P: n/a
doznot wrote:
>

I won't divulge much in the way of details.
But I'm working in rural schools with limited resources.
I have a central server, but the client computers the students
use are Windows labs, hundreds of miles away, in multiple schools,
with ancient browsers that I have no control over. I am not
allowed to install new editors on those remote boxes.

Why do I want them to save code on my server? So the students
can instantly see their work displayed. When they are
hundreds of miles away, working on machines I can not
control, uploading homework assignments to a remote
server, or editing via some hacked form, is the only way.

Virtual machines and a name server would be best way
to go. I'll have to get that together soon.

In the meantime I've got it hacked so their "save"
attempts fail, if not attempted in a fixed location,
on a per-student basis, involving $_SESSION['username'];

Trying to teach non-computer literate people a programming language
remotely? That a prescription for failure before you even begin.

People need a few skills before even beginning to program. Basic
computer literacy is one of them. An understanding of programming
principles is another.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Sep 16 '08 #9

P: n/a
doznot wrote:
>
Editing on their own box? I suppose. NotePad never seems to save
files in the same place twice, so absolute beginning students spend
half the day looking for the file they just edited.
Virtual servers is a good idea. I'll look into that.

They can learn to ssh into their virtual server and use vi or emacs
a semester later, but not in the first week of PHP 101.

You're putting the cart before the horse. If your students can't even
use a text editor and save/find files, they're doomed to fail at
becoming decent programmers. It sounds like some of them should be
referred to some computer basics course before pursuing programming.

To learn the basics of PHP, one doesn't even need a server, as it can
be done from the command line.

--
Curtis
Sep 16 '08 #10

P: n/a
Jerry Stuckle wrote:
Trying to teach non-computer literate people a programming language
remotely? That a prescription for failure before you even begin.
My last semester's students didn't see it that way.
They started with nothing, and ended up making simple but dynamic pages.
Teaching elementary programming (flow control, variables, scope, etc)
with web pages as the homework display medium keeps their interest up.

You can predict failure all you want.
But I already have the success.
Sep 16 '08 #11

P: n/a
In our last episode, <To******************************@bresnan.com>, the
lovely and talented doznot broadcast on comp.lang.php:
Editing on their own box? I suppose. NotePad never seems to save
files in the same place twice, so absolute beginning students spend
half the day looking for the file they just edited.
Then overcoming the drawbacks of MicroSoft products would really be an
essential skill for them to learn. Trying to teach someone who cannot use a
text editor a scripting language seems pointless and counterproductive.

It also is skipping some essential cognitive steps. If you cannot type
"Hello, world!" on your own machine, save it as a file, and recover the
file, you are missing a lot of information necessary to getting PHP to put
"Hello, world!" in a web document (although perhaps you can learn a limited
amount of PHP CLI).
Virtual servers is a good idea. I'll look into that.
They can learn to ssh into their virtual server and use vi or emacs
a semester later, but not in the first week of PHP 101.
--
Lars Eighner <http://larseighner.com/us****@larseighner.com
Dynamic linking error: Your mistake is now everywhere.
Sep 16 '08 #12

P: n/a
In our last episode, <md******************************@bresnan.com>, the
lovely and talented doznot broadcast on comp.lang.php:
Jerry Stuckle wrote:
>Trying to teach non-computer literate people a programming language
remotely? That a prescription for failure before you even begin.
My last semester's students didn't see it that way.
They started with nothing, and ended up making simple but dynamic pages.
Teaching elementary programming (flow control, variables, scope, etc)
with web pages as the homework display medium keeps their interest up.
You can predict failure all you want.
But I already have the success.
Then, if you already have the answer, why are you asking us?

Students who take Art 101 (Oil Painting) spend the first couple of weeks
learning to make stretchers, to stretch canvas, and to prep canvas. Most of
us spent a week or two learning to use an IBM 026 (or even more ancient)
keypunch before we wrote a line of code.

And say, if your students cannot use a text editor, how did they learn HTML?
Nearly every day we get questions here from people who think they can use
PHP to make web pages when they cannot make a valid HTML document without
PHP. If HTML is not a prerequisite of your course, you are simply a quack.

--
Lars Eighner <http://larseighner.com/us****@larseighner.com
War hath no fury like a noncombatant.
- Charles Edward Montague
Sep 16 '08 #13

P: n/a
Lars Eighner wrote:
Then, if you already have the answer, why are you asking us?

I asked about security issues.
Everybody told me I had a bad idea.

But I have a very good idea.
I have happy students who learned a great deal in a short period of time.

Every educator I have shown this
to is pressuring me to publish immediately.
But I'll wait a year. When I get all the bugs out I'll publish
then, and make a name for myself.

It does look like I'll have to get there without much help
from usenet. Imagine that.
Sep 16 '08 #14

P: n/a
Response to doznot <da*********@gmail.com>:
Lars Eighner wrote:
>Then, if you already have the answer, why are you asking us?

I asked about security issues.
Everybody told me I had a bad idea.

But I have a very good idea.
I have happy students who learned a great deal in a short period
of time.

Every educator I have shown this
to is pressuring me to publish immediately.
But I'll wait a year. When I get all the bugs out I'll publish
then, and make a name for myself.

It does look like I'll have to get there without much help
from usenet. Imagine that.
I can understand your frustration as I've met many a USENET Nazi
who preferred arrogant banter as opposed to outright help...

....but I haven't seen them here. Nor in this thread. A REAL
teacher seeks to educate, not spoon feed -- which is exactly what
Mr. Stuckle did for you (not spoon feed you that is). Geoff also
gave you a great pointer on Notepad2 which you just questioned
instead of checking it out. Not too swift in my opinion but it's
just my opinion.

Now, instead of the extremely convoluted method you are pursuing
why not have them download an "all-in-one" solution? XAMPP lite
for example, easy, quick and doesn't require anything but to
install (unless they changed something drastically).

Students can simply LEARN to store their code in ONE single place
using a VERY good editor like NOTEPAD2 (although I hate it) and
open those pages in THEIR browser. It's been my experience those
who wish to learn will overcome these minor obstacles. If you
don't expect your students to do the same then I'd not allow you to
teach my children.

No offense, no harm... but stop going on about how useless USENET
is and see the words for what they are -- information for you to
use, not feel the need to defend yourself.

Good luck.

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
Sep 16 '08 #15

P: n/a
-Lost wrote:
Response to doznot <da*********@gmail.com>:
>Lars Eighner wrote:
>>Then, if you already have the answer, why are you asking us?
I asked about security issues.
Everybody told me I had a bad idea.

But I have a very good idea.
I have happy students who learned a great deal in a short period
of time.

Every educator I have shown this
to is pressuring me to publish immediately.
But I'll wait a year. When I get all the bugs out I'll publish
then, and make a name for myself.

It does look like I'll have to get there without much help
from usenet. Imagine that.

I can understand your frustration as I've met many a USENET Nazi
who preferred arrogant banter as opposed to outright help...

...but I haven't seen them here. Nor in this thread. A REAL
teacher seeks to educate, not spoon feed -- which is exactly what
Mr. Stuckle did for you (not spoon feed you that is). Geoff also
gave you a great pointer on Notepad2 which you just questioned
instead of checking it out. Not too swift in my opinion but it's
just my opinion.
Notepad2 is great. But it is a windows exe.
How can a student in a Windows lab, who does not have permission
to download an exe make use of it?
>
Now, instead of the extremely convoluted method you are pursuing
why not have them download an "all-in-one" solution? XAMPP lite
for example, easy, quick and doesn't require anything but to
install (unless they changed something drastically).
Because they have no permission to download.
Students can simply LEARN to store their code in ONE single place
using a VERY good editor like NOTEPAD2 (although I hate it) and
open those pages in THEIR browser. It's been my experience those
who wish to learn will overcome these minor obstacles. If you
don't expect your students to do the same then I'd not allow you to
teach my children.
They are smart kids who learn quickly with the tools given them.
But in this case they are given computers without ftp, without Notepad++
and they have no authority or permission to change that, and neither do
I. I said that a half a dozen times.

No offense, no harm... but stop going on about how useless USENET
is and see the words for what they are -- information for you to
use, not feel the need to defend yourself.

Good luck.
Sep 16 '08 #16

P: n/a
Response to doznot <da*********@gmail.com>:

<snip>
They are smart kids who learn quickly with the tools given them.
But in this case they are given computers without ftp, without
Notepad++ and they have no authority or permission to change
that, and neither do I. I said that a half a dozen times.
Ah, terribly sorry, I took: "Editing on their own box? I suppose."
to mean um... "their own box." Not a computer assigned to them by
their institution.

How about providing them all the information about Notepad2, XAMPP
et cetera and encourage them to do this at home -- in the meantime
create a small batch file (as plain text they can rename to BAT)
they can have in their scripting directory that uploads their work
via the command-line FTP?

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
Sep 16 '08 #17

P: n/a
-Lost wrote:
>
How about providing them all the information about Notepad2, XAMPP
et cetera and encourage them to do this at home
These particular students seem to me to have the same bell curve
on intelligence as any other group I've ever encountered.
Almost none of them have computers at home. That's all I'm going
to say about who and where. They want to learn about the internet
badly.
Sep 16 '08 #18

P: n/a
In our last episode, <Ed******************************@bresnan.com>, the
lovely and talented doznot broadcast on comp.lang.php:
-Lost wrote:
>>
How about providing them all the information about Notepad2, XAMPP
et cetera and encourage them to do this at home
These particular students seem to me to have the same bell curve
on intelligence as any other group I've ever encountered.
Almost none of them have computers at home. That's all I'm going
to say about who and where. They want to learn about the internet
badly.
Then PHP is a horrible place to start. If they want to learn about the web,
HTML is where to start. If they can ever get to a browser that can show
source (which would be about all of them) with an internet connection, they
can see HTML and they can learn what hypertext is. Unless they found some
very broken pages, they will not see php on the web --- certainly none that
works. If they cannot write valid HTML, they cannot use PHP to create valid
pages.

For simple includes and question and response forms, the truth to tell,
there are better scripting languages than PHP --- you aren't expecting
pupils who cannot use a text editor to understand using a database, are you?

To answer your original question: there are simple editors in Javascript.
There are tons of them on the web for free. (More than 1.3 million hits for
free Javascript editor on google.) I'm no fan of Javascript, but just about
every GUI browser can use it.

--
Lars Eighner <http://larseighner.com/us****@larseighner.com
War on Terrorism: Treat Readers like Mushrooms
"If the story needs rewriting to play down the civilian casualties, DO IT."
-Memo, _Panama City_ (FL) _News Herald_
Sep 16 '08 #19

P: n/a
doznot wrote:
-Lost wrote:
>Response to doznot <da*********@gmail.com>:
>>Lars Eighner wrote:

Then, if you already have the answer, why are you asking us?
I asked about security issues.
Everybody told me I had a bad idea.

But I have a very good idea.
I have happy students who learned a great deal in a short period
of time.
Every educator I have shown this
to is pressuring me to publish immediately.
But I'll wait a year. When I get all the bugs out I'll publish
then, and make a name for myself.

It does look like I'll have to get there without much help
from usenet. Imagine that.

I can understand your frustration as I've met many a USENET Nazi who
preferred arrogant banter as opposed to outright help...

...but I haven't seen them here. Nor in this thread. A REAL teacher
seeks to educate, not spoon feed -- which is exactly what Mr. Stuckle
did for you (not spoon feed you that is). Geoff also gave you a great
pointer on Notepad2 which you just questioned instead of checking it
out. Not too swift in my opinion but it's just my opinion.

Notepad2 is great. But it is a windows exe.
How can a student in a Windows lab, who does not have permission
to download an exe make use of it?
>>
Now, instead of the extremely convoluted method you are pursuing why
not have them download an "all-in-one" solution? XAMPP lite for
example, easy, quick and doesn't require anything but to install
(unless they changed something drastically).
Because they have no permission to download.
>Students can simply LEARN to store their code in ONE single place
using a VERY good editor like NOTEPAD2 (although I hate it) and open
those pages in THEIR browser. It's been my experience those who wish
to learn will overcome these minor obstacles. If you don't expect
your students to do the same then I'd not allow you to teach my children.
They are smart kids who learn quickly with the tools given them.
But in this case they are given computers without ftp, without Notepad++
and they have no authority or permission to change that, and neither do
I. I said that a half a dozen times.
You might want to appeal to those who do have the authority, if
possible. A decent text editor and at least the ability to use virtual
hosting to provide each student with their own areas in which to work
is a must. An FTP server would also make the process much easier.

These are tools to help accomplish needed tasks, not give people
trouble. If you can make a case for such things to be installed to
those in charge, that would be preferred.
>No offense, no harm... but stop going on about how useless USENET is
and see the words for what they are -- information for you to use, not
feel the need to defend yourself.

Good luck.
--
Curtis
Sep 16 '08 #20

P: n/a
Message-ID: <Sf******************************@bresnan.comfro m doznot
contained the following:
>You can get a small, lightweight editor that does not need to be
installed.

...I'm not sure what this means: " does not need to be installed "
If it is a windows exe, then it has to be installed on the client
box somehow, no?
Well it runs on the client, yes, but as I say it's very small.
And in my case, the client boxes are hundreds of
miles away.
Why does that matter? I'd supply them with a copy of Notepad 2, a bit
of php enabled webspace and ftp access to it. Doesn't matter where they
are then.
--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk
Sep 16 '08 #21

P: n/a
Message-ID: <kP******************************@bresnan.comfro m doznot
contained the following:
>Notepad2 is great. But it is a windows exe.
How can a student in a Windows lab, who does not have permission
to download an exe make use of it?
I see. I used to be a teacher and came across similar problems. It's
like swimming with your hands tied behind your back. Bloody stupid.

I solved the problem by having a separate server on the network that the
students could use as a sandbox.

--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
http://slipperyhill.co.uk - http://4theweb.co.uk
Sep 16 '08 #22

P: n/a

"doznot" <da*********@gmail.comwrote in message
news:R-******************************@bresnan.com...
Let's say you want to use Moodle to teach an introductory class in
PHP programming. Some of the students have little or no computer
experience.

In addition to background reading and topics-oriented assignments
supplied by Moodle, you want to build an online text editor into the
course, so students can type their PHP programs and HTML directly
into files on the server, so they don't have to fight with NotePad
on Windows PCs in a lab, and so beginning students don't have to
fight with FTP to get their work onto the webserver.

You could make a form: (no error checking etc. for simplicity)
$path =
$_GET['dirpath']. '/myassignment';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><br>
<textarea name="editor">'.@file_get_contents($path).'</textarea>
<input type="submit"></form>';

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fp = fopen($path,"w");
fwrite($fp,$_POST['editor']);
fclose($fp);
}

Most developers like to clean user input with addslashes or
htmlentities in the POST processing. But if you do that in the
"online code editor" case you get code that won't run or display.
So, if you do not addslashes, but you still want to cover your
bases, what are the issues?

Students would have to login (password) to get access to the editor.
So this editor is not available to the world at large. But trusting
passworded students still may not be a good idea. fopen would have
to be limited to specific location patterns. Perhaps you would have
to use regular expressions to look for javascript, and then to strip
it out. But what do you do if you want to teach javascript? Is an
online editor any more dangerous than letting students upload code
via FTP?
Hi,

I think the idea is not so bad as many people here think.
I can surely see advantages in this setup, nice to see someone
thinking outside the box :)

I think you have to be sure about backups, and maybe even images of
the server-system.
Maybe a virtual machine comes in handy here? Keep a fresh machine copy
and you are ready to start again.
Dont forget backups of course in case someone finds a hole in the
fence... :)

If you can isolate the users from eachother, and keep them away from
essential system functions, it can work well. Then it is not more
dangerous than FTP IMHO.

Before yuo start thinking of specific things like slashes and
entities, get a secure server setup working first.
Setup PHP as secure as possible by disabling everything you dont need
(google can help). Then have a hack at it yourself. Or have someone
hack it, I guess plenty of volunteers around! ;)

R.
Sep 16 '08 #23

P: n/a
r0g
doznot wrote:
Let's say you want to use Moodle to teach an introductory class in PHP
programming. Some of the students have little or no computer experience.

In addition to background reading and topics-oriented assignments
supplied by Moodle, you want to build an online text editor into the
course, so students can type their PHP programs and HTML directly into
files on the server, so they don't have to fight with NotePad on Windows
PCs in a lab, and so beginning students don't have to fight with FTP to
get their work onto the webserver.

You could make a form: (no error checking etc. for simplicity)
$path =
$_GET['dirpath']. '/myassignment';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><br>
<textarea name="editor">'.@file_get_contents($path).'</textarea>
<input type="submit"></form>';

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fp = fopen($path,"w");
fwrite($fp,$_POST['editor']);
fclose($fp);
}

Most developers like to clean user input with addslashes or htmlentities
in the POST processing. But if you do that in the "online code editor"
case you get code that won't run or display. So, if you do not
addslashes, but you still want to cover your bases, what are the issues?

Students would have to login (password) to get access to the editor. So
this editor is not available to the world at large. But trusting
passworded students still may not be a good idea. fopen would have to be
limited to specific location patterns. Perhaps you would have to use
regular expressions to look for javascript, and then to strip it out.
But what do you do if you want to teach javascript? Is an online editor
any more dangerous than letting students upload code via FTP?

Hi there,

No it's no more dangerous than FTP so long as you take good care to
exclude the general public. You can give them all their own subdomain
and webspace, limit access to it with httpauth and use a simple
upload/editor script like you suggest. Even with all the power functions
locked down there's still an awful lot of useful stuff they could learn.

I shouldn't worry about the javascript - it's client side anyway. If
each student has their own vhost who can they harm with javascript
except themselves?

You might want to ensure E_ALL error reporting is set for every script
they run and you might want to look into Geshi for syntax highlighting
and maybe throw a HTML validator inline.

Interesting idea, good luck with it :)

Roger Heathcote.
Sep 17 '08 #24

P: n/a
r0g wrote:
doznot wrote:
>Let's say you want to use Moodle to teach an introductory class in PHP
programming. Some of the students have little or no computer experience.

In addition to background reading and topics-oriented assignments
supplied by Moodle, you want to build an online text editor into the
course, so students can type their PHP programs and HTML directly into
files on the server, so they don't have to fight with NotePad on Windows
PCs in a lab, and so beginning students don't have to fight with FTP to
get their work onto the webserver.

You could make a form: (no error checking etc. for simplicity)
$path =
$_GET['dirpath']. '/myassignment';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><br>
<textarea name="editor">'.@file_get_contents($path).'</textarea>
<input type="submit"></form>';

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fp = fopen($path,"w");
fwrite($fp,$_POST['editor']);
fclose($fp);
}

Most developers like to clean user input with addslashes or htmlentities
in the POST processing. But if you do that in the "online code editor"
case you get code that won't run or display. So, if you do not
addslashes, but you still want to cover your bases, what are the issues?

Students would have to login (password) to get access to the editor. So
this editor is not available to the world at large. But trusting
passworded students still may not be a good idea. fopen would have to be
limited to specific location patterns. Perhaps you would have to use
regular expressions to look for javascript, and then to strip it out.
But what do you do if you want to teach javascript? Is an online editor
any more dangerous than letting students upload code via FTP?


Hi there,

No it's no more dangerous than FTP so long as you take good care to
exclude the general public. You can give them all their own subdomain
and webspace, limit access to it with httpauth and use a simple
upload/editor script like you suggest. Even with all the power functions
locked down there's still an awful lot of useful stuff they could learn.

I shouldn't worry about the javascript - it's client side anyway. If
each student has their own vhost who can they harm with javascript
except themselves?

You might want to ensure E_ALL error reporting is set for every script
they run and you might want to look into Geshi for syntax highlighting
and maybe throw a HTML validator inline.

Interesting idea, good luck with it :)

Roger Heathcote.
Thank you. Subdomains do seem like the way to go.
There is a huge third world need for this: a way to teach
IT skills to a "behind the digital divide" audience that has no
connectivity at home.

Server-side linux boxes are cheap and millions of dollars of grant
money are available for setting up centralized distance learning
centers. But connecting cutting-edge server technology to aging windows
machines in poorly funded (often amazingly) remotely-located rural
schools is a challenge. That's what I'm trying to accomplish.
Sep 17 '08 #25

P: n/a
r0g
doznot wrote:
r0g wrote:
>doznot wrote:
>>Let's say you want to use Moodle to teach an introductory class in PHP
programming. Some of the students have little or no computer experience.

In addition to background reading and topics-oriented assignments
supplied by Moodle, you want to build an online text editor into the
course, so students can type their PHP programs and HTML directly into
files on the server, so they don't have to fight with NotePad on Windows
PCs in a lab, and so beginning students don't have to fight with FTP to
get their work onto the webserver.

You could make a form: (no error checking etc. for simplicity)
$path =
$_GET['dirpath']. '/myassignment';
echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><br>
<textarea name="editor">'.@file_get_contents($path).'</textarea>
<input type="submit"></form>';

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$fp = fopen($path,"w");
fwrite($fp,$_POST['editor']);
fclose($fp);
}

Most developers like to clean user input with addslashes or htmlentities
in the POST processing. But if you do that in the "online code editor"
case you get code that won't run or display. So, if you do not
addslashes, but you still want to cover your bases, what are the issues?

Students would have to login (password) to get access to the editor. So
this editor is not available to the world at large. But trusting
passworded students still may not be a good idea. fopen would have to be
limited to specific location patterns. Perhaps you would have to use
regular expressions to look for javascript, and then to strip it out.
But what do you do if you want to teach javascript? Is an online editor
any more dangerous than letting students upload code via FTP?


Hi there,

No it's no more dangerous than FTP so long as you take good care to
exclude the general public. You can give them all their own subdomain
and webspace, limit access to it with httpauth and use a simple
upload/editor script like you suggest. Even with all the power functions
locked down there's still an awful lot of useful stuff they could learn.

I shouldn't worry about the javascript - it's client side anyway. If
each student has their own vhost who can they harm with javascript
except themselves?

You might want to ensure E_ALL error reporting is set for every script
they run and you might want to look into Geshi for syntax highlighting
and maybe throw a HTML validator inline.

Interesting idea, good luck with it :)

Roger Heathcote.

Thank you. Subdomains do seem like the way to go.
There is a huge third world need for this: a way to teach
IT skills to a "behind the digital divide" audience that has no
connectivity at home.

Server-side linux boxes are cheap and millions of dollars of grant
money are available for setting up centralized distance learning
centers. But connecting cutting-edge server technology to aging windows
machines in poorly funded (often amazingly) remotely-located rural
schools is a challenge. That's what I'm trying to accomplish.
Well that's a very laudable aim and I wish you the best in it. In fact,
if you think I may be able to help in any way (I program php, python and
web on windows and linux) please get in touch with me via my website
http://www.technicalbloke.com :-)

All the best,

Roger Heathcote.
Sep 17 '08 #26

This discussion thread is closed

Replies have been disabled for this discussion.