Blogo.NET update »
FERDY CHRISTANT - MAR 22, 2008 (12:57:59 PM)
Once again I made great progress in building Blogo.NET. Without further delay, here are the updates.
Below is the homepage. There are two subtle updates here:
- Blog entries that are marked private (draft) are not displayed, these are only visible by the administrator in the admin panel.
- I added a tag cloud link to the sidebar (see arrow)
Upon clicking the tag cloud link, the tag cloud page is opened:
There is too little data to display a nice, full tag cloud. Trust me though, it works. I actually reused the logic from my article Domino Tag Clouds. I ported the javascript code to C#.
The forementioned updates apply to the end user screens. Most of the progress has been made in the admin screens though. I managed to get FormsAuthentication working quite nicely. Upon accessing any of the admin screens, once has to authenticate if not done already:
As mentioned in previous updates, Blogo can have multiple administrators. These can be managed from the admin users screen. The passwords are hashed so that even when the database gets hacked, the user passwords cannot be retrieved, unless a brute force dictionary attack is applied. However, since each user also gets a unique, randomly generated salt to obfuscate the hash, even a dictionary attack will not work:
This is implemented using FormsAuthentication in combination with a custom MembershipProvider. Once authenticated, the admin arrives at the admin panel, from where everything can be managed. Note that the admin panel displays who is logged in (see arrow):
I have implemented several new things in the admin panel, one of the most important being the admin blog form, from which you can create/edit blog entries:
As you can see, there is no rich text editor yet. I'm not sure whether to include it in the first release of a next release. The rest works nicely though!
Another new feature in the admin panel is the ability to create/edit and delete tags:
The setup link is also new. It allows blog admins to configure the blog. So far, there are just a few options:
- Blog title: the title of the blog as displayed on the home page
- Root path: the path required to compose absolute URLs in the RSS feeds
- RSS Page Size: the number of entries to display in the RSS feed
Another new feature is error handling. Any uncaught exceptions in the application will redirect the user to a friendly error page (not displayed). The error page does not display error details, as that might not be secure in all cases. Instead, the detailed error message is logged in the database. From the admin panel, blog administrators can inspect this log, and delete all or individual entries:
Upon clicking a log entry the full error details are opened and displayed inside a text area, making it easy to copy:
The log mechanism is completely seperated from the UI logic, making it easy to extend logging beyond just errors (i.e. authentication attempts).
That's it. I'm very happy with the pace of progress, the application really is coming together now. Next on the todo list is the ability to manage files from the admin panel, particularly images that can be used to write blog entries. I have no idea yet how to integrate this with my current backend, but I'll find a way.
Next to the file handling, below is a short wish list of things I would also like to implement:
- TinyMCE rich text editor for writing blog entries
- Comment spam protection
- Search
- URL rewriting
