Looking for a items module, any ideas?

Hangin' Around Joined: Mar 19, 2004 Posts: 36

I am looking for a module where I can enter items names, a picture, and about 6 over numerical stats about the item. Then my users would get the items displayed in a table, and would also be able to sort and search through it.

The closest I have found that I think I could rewrite to my needs would probably be the Staff module but that would need several more features added.
Or there is the store module, but it is such an over kill I would harldy know where to start in trying to scale it down for my needs.

I have some programing skills, but the less I have to alter the better as I'm know security expert in programing I just barely right code that functions, so I worry that if I start doing to big a rewrite I'll open up security holes.

Any ideas would be greatly apreciated. Thanks

Site Admin Joined: Jun 04, 2004 Posts: 6432

The important question that comes to mind is "How will the information be entered or maintained?" I agree that it's unlikely you'll find a module that does exactly what you need, although you might want to search for the "Universal Module." But again, it depends on how the content will be maintained. If your data is fairly static (as opposed to dynamically generated or user-submitted), then the Staff module might be a good place to start.

How the information is entered is also a significant impact on security. If users can submit content, that's an opportunity for malicious attacks. But it's not the only way. SQL injection can occur even in read-only modules if they don't use standard techniques to access data OR don't have strong security like NukeSentinel™ installed.

Posted: Sun Feb 06, 2005 10:25 pm

To start with I was planning on ME and a few other site admins entering the information for that very reason. It would be nice to eventually allow users to submit but not high on the priority list.

The information once in is fairly static, but new items will be getting added regularly so it does need to be easy to enter the information.

If I use the same database access commands as are allready written in the staff module just change the table & field names and number of fields accessed I should be OK on security right?

And idea where I should look for good sort code? and good search code? I might hold of on search as that is getting into letting users enter stuff, so I'll get the other part up and hopefully secure first.

Hmm, I'll probably also have to tell it to quit listing after X items as there will be way to many eventually Razz

I can tell this is going to be fun LOL

Posted: Sun Feb 06, 2005 10:35 pm

I haven't looked at the staff module yet, so I'm not sure if it uses standard database access. If it does (and I haven't heard otherwise), you should be OK.

Sorting is OK in weblinks and downloads (though the interface leaves much to be desired). As for search, it can get complicated if you're searching multiple attributes as opposed to a single attribute (e.g. title). And even more complicated if you want to make it part of the default site search.

I did a homegrown module with different features, but similar issues. I looked at the progression of security changes in Chatserv's patched series to get ideas on securing it. Having a good idea of how NukeSentinel works helps, too.

Useless Joined: Aug 23, 2002 Posts: 213 Location: Chicago

I think Universal module can handle this job very well.