Custom Dynamic Page Alias ?

[nKM]

Dear contao's users,

I'm working on a contao website project and my question is about if it's possible to define a custom page alias instead of having only alphanumeric characters.

To explain you, I'm making a partner page who list the partners of my company, the first page called "partners" is just a list of all the partners with the company logo and the name of the company.
And when you click on the logo you come to a detail page called "details".

What I need is to show the content for each partners, but with in the same page who keep the template that I've made.

(Check the attached files for more informations)

A partner have to create an account to be showed on our partner list and to manage his informations (logo, website, etc..) and to do some other stuffs in the website (functionalities who are already done or that I'm going to do soon, but we don't need to know it for my actual problem).

I already know that it's possible to create "news" and use this module to list all the partners, because I already used it for an other part to list some events that we promote. Indeed, on this part the link is dynamic, we have links like :

www.mywebsite.com/events/items/event-8.html

but I think that It's not the solution to my problem..

The thing that I want to do, is for example having a url like this :

www.mywebsite.com/partners -> list of all the partners (1st image)
http://www.mywebsite.com/partners/PA...1-details.html -> details of the current partner page (2nd image)

The PARTNER01 correspond to the name of the partner, so as a template it would be like this for example "*-details" (the * is the dynamic link).

But I don't know how to make it possible instead of making one page for each partners that we have.
I know how to do it from scratch but as I started to develop on Contao since 3 weeks I have to learn some new things on it.

I made a module to show the partners that I have in my database :

Code:

<?php 

$sql="select * from tl_member where partnerCategory=1";
$req=mysql_query($sql) or die(mysql_error());

while($data=mysql_fetch_assoc($req)){
	echo $data['company'];
	echo '
';
        echo '[img]assets/images/partners/'.$data['companyLogo'].'[/img]';
	echo '
';
	echo '
';
}

I'm a novice in object php that's why I wanted to start with something easy to use and improve the code when it'll work, but I'm free to improve myself and to learn some new tips on it !

I hope that you'll understand my problem and that a solution will be found soon. I continue of course to find a solution too and if I find it I'll show my solution here.

Best regards,
Maxence 'nKM' Bocher

[Ruud]

On Contao 2 you could use catalog and add a list and details module on the same page. There is no similar (working) extension yet for contao 3, though metamodels is getting close to being finished (it rocks when done).

If you need it solved with normal custom made extensions, you can add an alias field to the members when you manipulate the dca of tl_member (create a dca/tl_member.php file and add you changes). See how Contao defines alias fields, they have a onsave callback that generates the value automatically.

A reader module can be on the listing page, hidden if no item was in the url. So when you go to partners.html the module is hidden, when you go to partners/partnera.html it shows partner with alias partnera. The module should look for the get input parameter "item". (In Contao 3 the item key name is not needed in the url (like .../item/...), it is an auto_item)

[nKM]

Hello,

Thank you for your reply.

I found an other solution to make my rediction page, as I have my suffix url defined as "/" I made this short code in the .htaccess

Code:

RedirectMatch 301 /details-(.*).html$ www.mywebsite.com/partners/partner-detail/?id=$1

With this line, I have made a module to show the list of my partners on the partners list page with this code like :

Code:

$sql="select * from tl_member where partnerCategory=1";
		$req=mysql_query($sql) or die(mysql_error());

		while($data=mysql_fetch_assoc($req)){

			echo '[img]assets/images/partners/'.$data['companyLogo'].'[/img]<span>'.$data['company'].'</span>';

		}

And then on my partners details page I have made an other module to GET the id by this code :

Code:

$sql="select * from tl_member where id=".$_GET['id'];
$req=mysql_query($sql) or die(mysql_error());
$data=mysql_fetch_assoc($req);

	echo '<h2>'.$data['company'].'</h2>';
	//and the other informations that I need to show on the detail page

I hope that this problem will solve other problems for people who could have the same problem like me.

Best regards,
Maxence 'nKM' Bocher

[Ruud]

I don't understand why you did this and what the problem is. You created a security problem because you use $_GET and never even check if the value is what you expect. Good for you that you solved it, but I don't see the need to "hack" it that way...

With Contao it is possible to have http://domain.com/partner/philips.html, http://domain.com/partner/shell.html, http://domain.com/partner/whatever.html. Where "partner" is a Contao page with your detail module and the philips, shell or whatever is the variable that identifies which partner to show.

Auto-item parameter is the way to go. When you add the parameter to $GLOBALS['TL_AUTO_ITEM'] then Contao will handle the url part for you. So create a config/config.php file in your custom extension and add the code below.

Code:

$GLOBALS['TL_AUTO_ITEM'][] = 'partnerid';

You will now be able to get the value in your reader page (now called 'partner-detail') via \Input::get('partnerid') or $this->Input->get('partnerid'); (Contao 3 or Contao 2). The url, if you change only what I now say, should be http://yourdomain.com/partners/partn...f-partner.html

But even without the change above, you can do the exact same thing when you go to: http://yourdomain.com/partners/partn...f-partner.html.
To explain; this page will be converted by the default .htaccess into something like: http://yourdomain.com/index.php/part...=id-of-partner, or otherwise said it opens the partner/partner-detail page where you can access \Input::get('partnerid').

[punkstjimmy]

Ruud makes some good points in his post.

To further enhance the security of your code, as well as make it easier for you to write you should try and use Contao default behaviour and libraries wherever you can.

Your code has some big security holes. Using SQL Injection, somebody could delete your entire database! For example if we look at your code:

Code:

$sql="select * from tl_member where id=".$_GET['id'];

This is very bad practice for a few reasons:

• You aren't escaping the input
  You aren't checking that the ID actually contains an ID
  You're inserting user provided values directly into your SQL code
  You're not 'preparing' the SQL

Here's a much safer version of your code:

Code:

// Clean up the input using Contao's Input class
$id = Input::get('id');

// Make sure you are indeed getting an id, or at least a numeric value using Contao's Validator class
if(Validator::isNumeric($id))
{
        // Use Contao's Database class and a prepared statement
        $objPartner = Database::getInstance()->prepare('SELECT * FROM tl_member WHERE partnerCategory=?')->execute($id);
}

The best way to improve your code is to use Contao's libraries wherever you can. It's difficult at first when you don't know which libraries are available but you can pick this up by looking at the code of Contao's core modules, if you're unsure just ask on the forums.

I hope this helps!

[Devilish1208]

Ruud makes some good points in his post.

To further enhance the security of your code, as well as make it easier for you to write you should try and use Contao default behaviour and libraries wherever you can.

Your code has some big security holes. Using SQL Injection, somebody could delete your entire database! For example if we look at your code:

Code:

$sql="select * from tl_member where id=".$_GET['id'];

This is very bad practice for a few reasons:

• You aren't escaping the input
  You aren't checking that the ID actually contains an ID
  You're inserting user provided values directly into your SQL code
  You're not 'preparing' the SQL

Here's a much safer version of your code:

Code:

// Clean up the input using Contao's Input class
$id = Input::get('id');

// Make sure you are indeed getting an id, or at least a numeric value using Contao's Validator class
if(Validator::isNumeric($id))
{
        // Use Contao's Database class and a prepared statement
        $objPartner = Database::getInstance()->prepare('SELECT * FROM tl_member WHERE partnerCategory=?')->execute($id);
}

The best way to improve your code is to use Contao's libraries wherever you can. It's difficult at first when you don't know which libraries are available but you can pick this up by looking at the code of Contao's core modules, if you're unsure just ask on the forums.

I hope this helps!

Hey, I already found your reply helpfull but I still need some further help, My problem is where to place and what the structure of those files needs to be in order to be able to use contao built in libraries/functions? And I also have a second question: After getting the id from the URL, how can I pass it in a contao module/insert-tag or other element?