# Duplicating PF-like thread posting on my own site for my 5 colleagues

## Summary:

html syntax for generating text entry box, with submit button that start post #1 of a thread, permitting additional comments to add numbered posts

## Main Question or Discussion Point

I would like to duplicate the Physics Forums thread posting machinery on my own site so 5 colleagues and I can have our own very small group discussions. Someone offered html syntax which had a box with a button, but the button didn't do anything and I did not know how to get the button to accept the text in the box and list it in a numbered sequence of comments. If anyone knows a very simple bare bones version of doing this (obviously not as advanced as the whole Physics Forums machinery) that would be great.

My main interest in doing this is to implement MathJax to get LaTeX capability but I already know how to make MathJax available to HTML web pages so I presume once I have a bare bones text box entry submit button functionality to add submissions as numbered comments in a listed thread, and the threads to themselves be listed by titles, the MathJax can be added by the known syntax

## Answers and Replies

Related Programming and Computer Science News on Phys.org
mfb
Mentor
XenForo (the main software this forum is based on) costs money, but there are plenty of free options. No need to re-invent the wheel. MathJax is free and easy to add, independent of the forum software.

QuantumQuest
Mark44
Mentor
Summary:: html syntax for generating text entry box, with submit button that start post #1 of a thread, permitting additional comments to add numbered posts

Someone offered html syntax which had a box with a button, but the button didn't do anything and I did not know how to get the button to accept the text in the box and list it in a numbered sequence of comments.
The HTML code just displays the text entry box and whatever controls you put in it. To make the button actually do something, you need the "code behind," Javascript or other scripting language that can react to, say, a button-click event.

jedishrfu
Mentor
You could also check out python flask or grails to roll your own site. Doing so would take a few days of playing around with the server code and html though.

mfb
Mentor
The HTML code just displays the text entry box and whatever controls you put in it. To make the button actually do something, you need the "code behind," Javascript or other scripting language that can react to, say, a button-click event.
JavaScript (JS) does something locally on the user looking at the page. For a forum you need the server to do something as well. The typical choice here is PHP. JS might guide the user, but when they click a form it is a request for a PHP page from the server - that puts the user inputs into a database, and also gets the data from that database to show it to the user (and other users) again. JS is not strictly needed, HTML forms are sufficient.

Svein
Science Advisor
The HTML code just displays the text entry box and whatever controls you put in it. To make the button actually do something, you need the "code behind," Javascript or other scripting language that can react to, say, a button-click event.
Here is an extract of a program dealing with button clicks:
Code:
procedure TMainForm.Save1Click(Sender: TObject);
begin
FTPsave;
end;

procedure TMainForm.Exit1Click(Sender: TObject);
begin
FTPsave;
Close;
end;

Super replies everybody. Very many thanks, esp for the code snippet. I have great food for thought materials here and begin the said "playing". Personally I would rather NOT be obligated set up a MySQL db so will be pursing any non-db possibilities, but it may well turn out that the db is kind of mandatory in which case I may have to bite the bullet. If any non-db solutions are obvious to anyone please advise.

Thank you all very very much

berkeman
jedishrfu
Mentor
You don’t need a database for this app. You could append each entry field to a file.

As an example, using Python Flask You could present a webpage with a some text and a text box. When you enter text into the box and press the submit button the flask app would take the text and append it to the file and then regenerate the webpage with the newly added text and send it back to you.

when generating the webpage, additional html could be added to separate different text entries And add date time stamps and who entered it.

Thank you Jedishrfu for this non-db idea. Definitely appears to be the way to go. Let the playing go in this direction also!

If you already have a hosted site , you might check with your hosting company to see what they offer.

For example, a2hosting.com (which I use a lot) has more than a dozen forums available to add to a site. They are available through cpanel (usually yourdomain.com/cpanel) and are simple to add from there.

There are also plenty of forum packages available online, generally written in php or perl. Deploying one of them can be as simple as unzipping a file and sometimes changing a few configuration parameters.

jedishrfu
pbuk
Science Advisor
Gold Member
If you want to get something that works within a fairly short period of time then you need something off-the-shelf. Assuming it needs to be free then PHPBB or SMF forums are the choice; both of them have MathJax plugins. SMF is slightly easier to install and keep up to date, PHPBB is IMHO a better user experience.

If you want to write it yourself then here are a few things to consider:
1. Where are you going to serve it from? Cheap web hosting only supports PHP so that decides it for you; if you are OK with running your own server (using a service like Digital Ocean) then you don't have that limitation, but running a PHP server is still the easiest way to go, followed by NODE JS and Python. I wouldn't look beyond these 3 languages for a web app: choose whichever you are most comfortable with.
2. As well as the back end if you want the front end to be anything more than a form to submit, you will need to write that in Javascript. This bit is really easy and can be done by importing standard libraries.
3. I strongly recommend a database back end (MySQL/MariaDB) to deal with the following problem:
1. Alice views page1
2. Bob views page1
3. Alice edits page1
4. Bob edits page1
5. Alice submits edits to page1 - server now has Alice's edits to the original file.
6. Bob submits edits to page1 - server now has Bob's edits to the original file; Alice's edits are lost.
4. You need to learn about how to manage state using cookies and/or other tokens.
5. You need to learn about security (if not, your site WILL be hacked and present a threat to anyone visiting it), in particular:
1. Script injection (or as it is commonly but misleadingly termed cross-site scripting or XSS)
2. Cross site request forgery (CSRF)
3. SQL injection
Probably the best way to learn about 3, 4 and 5 is to implement a standard framework that deals with them. For Python i'd recommend Django, for Node then Express, for PHP probably Laravel or maybe Symfony. Each of these frameworks comes with the cost of a steep learning curve and to some extent or another a 'lock in' to their own idiosyncracies - this is particularly true of the PHP frameworks and less so for Express, with Django somewhere in the middle.

If you have no experience of any of these three languages then firstly I've got to say that you are facing an enormous challenge, and secondly I'd say that if you are confident with Linux system administration then go with NODE JS as it is probably the most flexible and long-lasting of these environments (it is basically the same as Javascript which every web browser uses so will be here as long as the web is). If not then go with PHP because you can get your site online with a few mouse clicks and the price of a meal on your credit card.

Many years ago I learned this stuff from a book called PHP and MySQL Web Development (ISBN 0321833899); technology has moved on since then and although the book has been updated I don't know whether it is still worthwhile.

QuantumQuest
mfb
Mentor
It's a forum for 6 users. If they don't share critical internal information: Google "free online forum", pick one, a minute later you have a forum. Some (most?) of these will have the option to include custom JS. No need to start with a course on server security.

Math_QED, QuantumQuest and pbuk
PeterDonis
Mentor
2019 Award
Google "free online forum"
The first hit on Google for that nowadays might be Google Docs...

pbuk
Science Advisor
Gold Member
It's a forum for 6 users. If they don't share critical internal information: Google "free online forum", pick one, a minute later you have a forum. Some (most?) of these will have the option to include custom JS.
I don't think any free hosted forum has the option to include your own JS - the security implications would be insurmountable. Search "free online forum mathjax" though and you might do better.

pbuk #11 bullet 3 scenario where two users both respond to the same post, is exactly the reason why the 5 of my colleagues are failing in the plain cc-list email version of our comment discussions we are using now which is why I wanted to set up the bare bones forum on my own site myself in the first place. In plain group-cc list email version, if someone adds the response n+1 to the nth post, then another response (n+2) might be missed and ingnored but should just naturally become n+2 even if n+2 is unaware of n+1, that's ok because it is a comment on n still and since they are all clearly marked n, n+1, n+2 everyone will still see there were 2 responses.

mfb #12 is entirely correct to point out this is a very small informal group so doesn't have to be bullet proof. However, if someone hacks into it because it is too simple, what damage can they do? The whole site on which this would be located is READ viewable to world so there is no secret information to steal. But curious if the fact that it will be hacked is true, what is the worst damage that could happen to a system to professes to be open to the world?

pbuk
Science Advisor
Gold Member
pbuk #11 bullet 3 scenario where two users both respond to the same post, is exactly the reason why the 5 of my colleagues are failing in the plain cc-list email version of our comment discussions we are using now which is why I wanted to set up the bare bones forum on my own site myself in the first place. In plain group-cc list email version, if someone adds the response n+1 to the nth post, then another response (n+2) might be missed and ingnored but should just naturally become n+2 even if n+2 is unaware of n+1, that's ok because it is a comment on n still and since they are all clearly marked n, n+1, n+2 everyone will still see there were 2 responses.
So you need to implement optimistic locking. This is much easier with a DBMS than a file system.
mfb #12 is entirely correct to point out this is a very small informal group so doesn't have to be bullet proof. However, if someone hacks into it because it is too simple, what damage can they do?
Insert a script that will redirect any vistor to your site anywhere rendering your site unusable. Alternatively, insert a script that will will do something more sinister without anyone knowing - search botnet. Sooner or later your ISP will notice and your site will be shut down with your account suspended. You may be liable for damages to your ISP and to anyone that has visited your site.

thank you for heads up! so are these hack problems solved by the db versions?

pbuk
Science Advisor
Gold Member
No, the database is there to help with the edit conflict problem and actually introduces a new potential attack target, the SQL injection! Fortunately this is countered by properly using a database abstraction layer (DBAL).

This is not the place to go into detail but techniques to mitigate against common attack vectors include the following:

 Vulnerability Counters Script injection Sanitize user input before storing where possible. Use a template rendering system as a second layer of protection. Cross-site request forgery Prefer ajax form submission with tokens in HTTP headers. If you must use an HTML form submission then use a token field and a honeypot.

QuantumQuest
Science Advisor
Gold Member
As a web developer, I can assure you that if I had to create the whole thing from scratch, I would definitely go with PHP and MySQL (or MariaDB). Not because these are a part of the main technologies I work with but because they are open technologies and a great fit for anything small to medium (particularly but not limited to). Now, of course, you may not want to take such pains, if you are not interested to learn / deal with web development and, of course, to learn how to take the appropriate security measures, so I would go with @mfb's advice, for something already up and working to add it on or Google.

Now, in case that you finally choose to create it yourself, keep in mind that it's not at all difficult to utilize a small database through an RDBMS and have the luxury and safety that such a system offers - well, nothing is absolutely safe or even safe enough in many cases; the race between measures and countermeasures of, often enough, fancy things, rages. It's also not very difficult to write some scripting code your own. @pbuk's post #18 sent my mind years back when code sanitizing was a manual process - I was doing it in PHP and the competition was fierce enough. Now, through a framework, as has already been pointed out, things work automa(g)ically.

To be honest, I never was (and I'm not) a fan of "scripting will do all the household", as this is the easiest but not the safest way and even most flexible way at times, talking in general. I have fought a lot of times with other developers about this. There is a whole lot of things that an RDBMS can be programmed to do for you and let scripting do just it's job (mostly controller part in an MVC model) and only a little part of the security thing. Investing some time to learn the inner workings of an RDBMS (like stored procedures, triggers etc.), can easily make the life of a hacker hard enough.

pbuk
pbuk
Science Advisor
Gold Member
It's not possible to like only 2/3 of a post so I was with you on this:
As a web developer...
And this:
Now, in case that you finally choose to create it yourself...
But not this:
To be honest, I never was (and I'm not) a fan of "scripting will do all the household", as this is the easiest but not the safest way and even most flexible way at times, talking in general. I have fought a lot of times with other developers about this. There is a whole lot of things that an RDBMS can be programmed to do for you and let scripting do just it's job (mostly controller part in an MVC model) and only a little part of the security thing. Investing some time to learn the inner workings of an RDBMS (like stored procedures, triggers etc.), can easily make the life of a hacker hard enough.
- at least not for the proposed system. 'Business logic belongs in the RDMBS' is all very well in a big corporate system with many programmers hacking things over time, but in most web apps (including the one in this thread) I can't see that the benefits outweigh the disadvantages of introducing yet another application layer.

Besides, shared hosting doesn't in general support stored procedures for obvious reasons, so now you have to add maintaining a VPS to the picture.

Are we still on topic?

QuantumQuest
Science Advisor
Gold Member
But not this:
- at least not for the proposed system. 'Business logic belongs in the RDMBS' is all very well in a big corporate system with many programmers hacking things over time, but in most web apps (including the one in this thread) I can't see that the benefits outweigh the disadvantages of introducing yet another application layer.

Besides, shared hosting doesn't in general support stored procedures for obvious reasons, so now you have to add maintaining a VPS to the picture.

Are we still on topic?
Yes, I agree. This was a more general comment - that's why I have it in a separate paragraph, but unfortunately - according to my experience, it is absolutely true. It's true that I wouldn't do it for a small system like the one that OP is referring to but the fact that web hosts don't support any sort of "touching" in their database - many of them have already such RDBMS constructs in their databases, doesn't make exclusive use of scripting optimal.

XenForo (the main software this forum is based on) costs money, but there are plenty of free options. No need to re-invent the wheel. MathJax is free and easy to add, independent of the forum software.
@Dukon you could try https://www.phpbb.com/ -- there are extensions for MathJax or LatexRender -- phpBB has a strongly supportive user community.

jedishrfu