xmas list maker

Interactive Xmas List Editor for the Whole Family

Xmas List Maker is a PHP application for making gift lists available in one central location. Lists are stored in text files, so no database is required. A printer-friendly version of the list makes gift shopping easier for everyone!

Xmas List Maker is easy to install. It requires at least PHP 4.3 and a web server. The pages are very basic and should work in any browser. It even works in lynx!

Tested on:

Slackware Linux 10.1
php 4.3.11
apache 1.3.34

How it works

Add a user. Add an item to a user's list. Edit a user's list. That's about it.

Lists are stored in the lists subdirectory. Bob's list would be named Bob.lst. User names must start with a letter, and may contain only letters, numbers or spaces. The application will complain about any violations.

The main page displays all lists. Users may add a single item to a list, or use the list editor. The list editor is required to remove items. No knowledge of HTML is required. No HTML may be inserted into the page.

The printer-friendly page removes empty lists and form controls.

Installation

Untar the tarball in your web directory:

tar xzvf xmaslist.tar.gz

Set permissions, making the lists directory world writable:

cd xmaslist chmod 644 * chmod 777 lists

Some FTP clients support setting permissions, if shell access is not available.

How to use it

Point your browser at http://your.server/xmaslist/index.php and start adding users. Share the link with your family, and be prepared to get some good loot this year!

Caveats

User lists are viewable by anyone. Advanced features, such as marking gifts as bought, require an authentication/authorization mechanism. I feel that offering custom views has the potential to ruin the fun and suspense of gift-giving, especially if someone is looking over your shoulder or a password is leaked. Items may be removed from lists, but I suggest using alternate means to convey this information, so you don't spoil the surprise. Yes, I have kids.
User lists are editable by anyone. It's a good idea to protect the directory with a password that you share with your family. The application has some defenses against HTML injection, and minimizes many risks. But, I recommend keeping the location a secret among users, especially when not using password protection. In other words, don't link to it from a public page, and feel free to change the name of the directory.
Removing users requires you to delete the user's list file. There is no administrative interface.

Don't let the caveats scare you -- Xmas List Maker is all about easy. It's easy to install, easy to use, and the PHP code (and the HTML it produces) is well-commented and easy to understand. If anyone discovers any exploits, please let me know. I would also appreciate any feedback on how it works/doesn't work on other systems.

Demo

Visit the demo to see what the application looks like. List editing has been disabled for security reasons.

Download

xmaslist.tar.gz

Changelog

20051202

consolidated multiple scripts into index.php
simpler and more robust file handling
uses stripslashes() and htmlentities() for better security (no HTML allowed)
printer-friendly page contains stylesheet
redirect uses id instead of named anchor

20041215

checks for existing names
names restricted to alphanumeric and space characters
lists are now kept in a subdirectory
names read from list filenames, no more separate file containing list of user names
valid HTML
better security

20041212

better code
uses <pre> to display lists
printer friendly page excludes users with empty lists

20021202

first version, and it works!