diff options
| -rw-r--r-- | category.php | 49 | ||||
| -rw-r--r-- | create_topic.php | 90 | ||||
| -rw-r--r-- | footer.php | 4 | ||||
| -rw-r--r-- | header.php | 28 | ||||
| -rw-r--r-- | includes/db_inc.php | 12 | ||||
| -rw-r--r-- | includes/reply_inc.php | 33 | ||||
| -rw-r--r-- | includes/signout_inc.php | 5 | ||||
| -rw-r--r-- | index.php | 31 | ||||
| -rw-r--r-- | register.php | 81 | ||||
| -rw-r--r-- | reply.php | 30 | ||||
| -rw-r--r-- | signin.php | 60 | ||||
| -rw-r--r-- | style.css | 117 | ||||
| -rw-r--r-- | styles/style.css | 117 | ||||
| -rw-r--r-- | topic.php | 57 |
14 files changed, 714 insertions, 0 deletions
diff --git a/category.php b/category.php new file mode 100644 index 0000000..4e10444 --- /dev/null +++ b/category.php @@ -0,0 +1,49 @@ +<?php + +include_once 'includes/db_inc.php'; +include_once 'header.php'; + +echo '<section>'; + +$sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']); +$result = mysqli_query($dbc, $sql); + +if (!$result) { + die('Error trying to display category: ' . mysqli_error($dbc)); +} + +// Display category name and description + +if (mysqli_num_rows($result) == 0) { + echo 'This category does not exist'; +} else { + while ($row = mysqli_fetch_assoc($result)) { + echo '<h1>' . $row['cat_name'] . '</h1>'; + echo $row['cat_description']; + } +} + +mysqli_free_result($result); + +echo '</section>'; + +$sql = "SELECT topic_id, topic_subject, topic_date, user_name FROM topics LEFT JOIN users ON topic_author = user_id WHERE topic_cat = " . mysqli_real_escape_string($dbc, $_GET['id']); +$result = mysqli_query($dbc, $sql); + +if (!$result) { + die('Error trying to display topics: ' . mysqli_error($dbc)); +} + +// Display table of posts + +echo '<table><tr><th class="left">Topic</th><th class="right">Latest Post</th></tr>'; + +while ($row = mysqli_fetch_assoc($result)) { + echo '<tr><td class="left">'; + echo '<h4><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a></h4>'; + echo '<small>by <b>' . $row['user_name'] . '</b> on ' . date('M d, Y', strtotime($row['topic_date'])) . '</small></td><td class="right">24 replies</td></tr>'; +} + +echo '</table>'; + +include 'footer.php';
\ No newline at end of file diff --git a/create_topic.php b/create_topic.php new file mode 100644 index 0000000..9eab942 --- /dev/null +++ b/create_topic.php @@ -0,0 +1,90 @@ +<?php + +include 'header.php'; +include_once 'connect.php'; + +echo '<section><h2>Create a new topic</h2>'; + +if (!isset($_SESSION['signed_in'])) { + echo 'You must be <a href="signin.php">signed in</a> to create a topic.'; +} else { + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $sql = "SELECT cat_id, cat_name, cat_description FROM categories"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Error while selecting from database. Please try again later.'; + } else { + if (mysqli_num_rows($result) == 0) { + echo 'There are currently no categories to post to.'; + } else { + echo ' + <form action="" method="post"> + <label for="topic_subject">Subject: </label><br> + <input type="text" name="topic_subject"><br> + <label for="topic_cat">Category: </label><br> + <select name="topic_cat">'; + + while ($row = mysqli_fetch_assoc($result)) { + echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>'; + } + + echo ' + </select><br> + <label for="post_content">Write your post: </label><br> + <textarea name="post_content"></textarea><br> + <input type="submit" name="submit"> + </form> + '; + } + } + } else { + $sql = "BEGIN WORK;"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'An error occurred creating your topic. Try again later'; + } else { + $sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_author) VALUES( + '" . mysqli_real_escape_string($dbc, $_POST['topic_subject']) . "', + NOW(), + " . mysqli_real_escape_string($dbc, $_POST['topic_cat']) . ", + " . $_SESSION['user_id'] .")"; + + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'An error occured while creating your post. Please try again later.' . mysql_error(); + $sql = "ROLLBACK;"; + mysqli_query($dbc, $sql); + } else { + $topic_id = mysqli_insert_id($dbc); + + $sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES( + '" . mysqli_real_escape_string($dbc, $_POST['post_content']) . "', + NOW(), + " . $topic_id . ", + " . $_SESSION['user_id'] . ")"; + + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'An error occured while creating your post. Please try again later.' . mysqli_error($dbc); + $sql = "ROLLBACK;"; + mysqli_query($dbc, $sql); + } else { + $sql = "COMMIT;"; + $result = mysqli_query($dbc, $sql); + + echo 'You have successfully created <a href="topic.php?id='. $topic_id . '">your new topic</a>.'; + } + } + } + } +} + +echo '</section>'; + +include 'footer.php'; + +?>
\ No newline at end of file diff --git a/footer.php b/footer.php new file mode 100644 index 0000000..e786876 --- /dev/null +++ b/footer.php @@ -0,0 +1,4 @@ +<footer>Copyright © 2021 cflip.net</footer> +</div> +</body> +</html>
\ No newline at end of file diff --git a/header.php b/header.php new file mode 100644 index 0000000..935f063 --- /dev/null +++ b/header.php @@ -0,0 +1,28 @@ +<?php +session_start(); +?> + +<!DOCTYPE html> +<html> +<head> + <title>cflip.net forum Beta</title> + <link rel="stylesheet" href="styles/style.css"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> +</head> +<body> +<div id="wrapper"> + <h1 id="title">cflip.net forum</h1> + <nav> + <a href="index.php">Home</a> + <a href="create_topic.php">Create a topic</a> + + <div id="user"> + <?php + if (isset($_SESSION['signed_in'])) { + echo 'Signed in as <b>' . $_SESSION['user_name'] . '</b>. <a href="includes/signout_inc.php">Log out</a>'; + } else { + echo '<a href="signin.php">Sign in</a> or <a href="register.php">Register an account</a>'; + } + ?> + </div> + </nav>
\ No newline at end of file diff --git a/includes/db_inc.php b/includes/db_inc.php new file mode 100644 index 0000000..b76f06d --- /dev/null +++ b/includes/db_inc.php @@ -0,0 +1,12 @@ +<?php + +$db_server = 'localhost'; +$db_user = 'root'; +$db_pass = ''; +$db_database = 'forum'; + +$dbc = mysqli_connect($db_server, $db_user, $db_pass, $db_database); + +if (!$dbc) { + die("Database connection error: " . mysqli_connect_error()); +} diff --git a/includes/reply_inc.php b/includes/reply_inc.php new file mode 100644 index 0000000..7f53fce --- /dev/null +++ b/includes/reply_inc.php @@ -0,0 +1,33 @@ +<?php + +session_start(); + +include_once 'db_inc.php'; + +if ($_SERVER['REQUEST_METHOD'] != 'POST') { + die('This file cannot be called directly.'); +} + +if (!isset($_SESSION['signed_in'])) { + die('You must be signed in to reply to a topic.'); +} + +$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(?, NOW(), ?, ?)"; +$stmt = mysqli_stmt_init($dbc); + +if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Failed to process statement: ' . mysqli_error($dbc)); +} + +mysqli_stmt_bind_param($stmt, "sii", $_POST['post_content'], $_GET['reply_to'], $_SESSION['user_id']); +mysqli_stmt_execute($stmt); + +$result = mysqli_stmt_get_result($stmt); + +if (!$result) { + echo 'An error occurred trying to reply to the post. ' . mysqli_error($dbc); +} else { + echo 'Your reply has been saved, check out <a href="topic.php?id=' . $_GET['reply_to'] . '">the topic</a>.'; +} + +//header("Location: ../topic.php?id=" . $_GET['reply_to']);
\ No newline at end of file diff --git a/includes/signout_inc.php b/includes/signout_inc.php new file mode 100644 index 0000000..c86447a --- /dev/null +++ b/includes/signout_inc.php @@ -0,0 +1,5 @@ +<?php + +session_start(); +session_destroy(); +header("Location: ../index.php");
\ No newline at end of file diff --git a/index.php b/index.php new file mode 100644 index 0000000..2936a89 --- /dev/null +++ b/index.php @@ -0,0 +1,31 @@ +<?php +include_once 'header.php'; +?> + <table> + <tr> + <th class="left">Category</th> + <th class="right">Latest Topic</th> + </tr> +<?php + include_once 'includes/db_inc.php'; + + $sql = "SELECT cat_id, cat_name, cat_description FROM categories"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + die('Failure trying to display categories: ' . mysqli_error($dbc)); + } + + while ($row = mysqli_fetch_assoc($result)) { + echo '<tr><td class="left">'; + echo '<h4><a href="category.php?id=' . $row['cat_id'] . '">' . $row['cat_name'] . '</a></h4>'; + echo $row['cat_description']; + echo '</td><td class="right">Example topic right here<br><small>1 hour ago by <b>cflip</b></small></td></tr>'; + } + + mysqli_free_result($result); +?> + </table> +<?php +include_once 'footer.php'; +?>
\ No newline at end of file diff --git a/register.php b/register.php new file mode 100644 index 0000000..8f74aa9 --- /dev/null +++ b/register.php @@ -0,0 +1,81 @@ +<!DOCTYPE html> +<html> +<head> + <title>cflip.net forum</title> + <link rel="stylesheet" href="style.css"> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> +</head> +<body> +<div id="wrapper"> + <h1>Register an account</h1> + <nav> + <a href="index.php">Go back</a> Already have an account? <a href="signin.php">Sign in</a> + </nav> + <section> +<?php + +include_once 'connect.php'; + +if ($_SERVER['REQUEST_METHOD'] != 'POST') { + echo ' + <form action="register.php" method="post"> + <label for="user_name">Username: </label><br> + <input type="text" name="user_name"><br> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <label for="user_pass_check">Re-enter password: </label><br> + <input type="password" name="user_pass_check"><br> + <input type="submit" name="submit"> + </form> + '; +} else { + $errors = array(); + + if (isset($_POST['user_name'])) { + if (!ctype_alnum($_POST['user_name'])) { + $errors[] = 'Invalid username. Only letters and numbers are supported.'; + } + if (strlen($_POST['user_name']) > 30) { + $errors[] = 'Username must be 30 characters or less.'; + } + } else { + $errors[] = 'Please provide a username.'; + } + + if (isset($_POST['user_pass'])) { + if ($_POST['user_pass'] != $_POST['user_pass_check']) { + $errors[] = 'The two passwords do not match.'; + } + } else { + $errors[] = 'Please provide a password.'; + } + + if (!empty($errors)) { + echo 'Please check the following problems: <ul>'; + foreach ($errors as $err) { + echo '<li>' . $err . '</li>'; + } + echo '</ul>'; + } else { + $sql = "INSERT INTO users(user_name, user_pass, user_date) + VALUES('" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "', + '" . sha1($_POST['user_pass']) . "', + NOW()) + "; + + $result = mysqli_query($dbc, $sql); + if (!$result) { + echo 'Failed to register account due to internal error.'; + echo mysqli_error($dbc); + } else { + echo 'Account successfully created!'; + } + } +} + +?> + </section> + <footer>Copyright © 2021 cflip.net</footer> +</div> +</body> +</html>
\ No newline at end of file diff --git a/reply.php b/reply.php new file mode 100644 index 0000000..051aaa4 --- /dev/null +++ b/reply.php @@ -0,0 +1,30 @@ +<?php + +include 'header.php'; +include_once 'connect.php'; + +if ($_SERVER['REQUEST_METHOD'] != 'POST') { + echo 'This file cannot be called directly.'; +} else { + if (!isset($_SESSION['signed_in'])) { + echo 'You must be signed in to reply to a topic.'; + } else { + $sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES( + '" . mysqli_real_escape_string($dbc, $_POST['reply_content']) . "', + NOW(), + " . mysqli_real_escape_string($dbc, $_GET['reply_to']) . ", + " . $_SESSION['user_id'] . ")"; + + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'An error occurred trying to reply to the post.' . mysqli_error($dbc); + } else { + echo 'Your reply has been saved, check out <a href="topic.php?id=' . $_GET['reply_to'] . '">the topic</a>.'; + } + } +} + +include 'footer.php'; + +?>
\ No newline at end of file diff --git a/signin.php b/signin.php new file mode 100644 index 0000000..287eeda --- /dev/null +++ b/signin.php @@ -0,0 +1,60 @@ +<?php + +include_once 'includes/db_inc.php'; +include_once 'header.php'; + +echo '<section><h2>Sign in</h2>'; + +if ($_SERVER['REQUEST_METHOD'] != 'POST') { + echo ' + <form action="" method="post"> + <label for="user_name">Username: </label><br> + <input type="text" name="user_name"><br> + <label for="user_pass">Password: </label><br> + <input type="password" name="user_pass"><br> + <input type="submit" name="submit"> + </form> + '; +} else { + $errors = array(); + + if (!isset($_POST['user_name'])) { + $errors[] = 'Please provide a username.'; + } + + if (!isset($_POST['user_pass'])) { + $errors[] = 'Please provide a password.'; + } + + if (!empty($errors)) { + echo 'Please check the following problems: <ul>'; + foreach ($errors as $err) { + echo '<li>' . $err . '</li>'; + } + echo '</ul>'; + } else { + $sql = "SELECT user_id, user_name FROM users WHERE user_name = '" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass']) ."'"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'An error occurred while signing in.'; + echo mysqli_error($dbc); + } else { + if (mysqli_num_rows($result) == 0) { + echo 'There is no user with that username/password combination! Please try again'; + } else { + $_SESSION['signed_in'] = true; + + while ($row = mysqli_fetch_assoc($result)) { + $_SESSION['user_id'] = $row['user_id']; + $_SESSION['user_name'] = $row['user_name']; + } + + echo 'You are now signed in as ' . $_SESSION['user_name']; + } + } + } +} + +echo '</section>'; +include_once 'footer.php';
\ No newline at end of file diff --git a/style.css b/style.css new file mode 100644 index 0000000..4fecfa4 --- /dev/null +++ b/style.css @@ -0,0 +1,117 @@ +body { + background-color: #222; + text-align: center; +} + +#title { + color: #F1F3F1; + margin: 20px; +} + +#wrapper { + width: 900px; + margin: 0 auto; +} + +table { + border-collapse: collapse; + width: 100%; + background-color: #fff; + border: 1px solid #000; + float: left; + padding: 20px 30px; + text-align: left; +} + +nav { + background-color: white; + margin-bottom: 15px; + border: 1px solid black; + text-align: left; +} + +#user { + float: right; + text-align: right; +} + +.post td { + height: 200px; + min-height: 200px; + max-height: 600px; +} + +section { + background-color: white; + padding: 15px; + margin-bottom: 15px; + text-align: left; +} + +section h1 { + color: black; +} + +form { + text-align: left; + padding: 5px 5px 5px 50px; +} + +nav a { + background-color: #00728B; + border: 1px solid black; + color: #FFF; + padding: 3px; + text-decoration: none; +} + +nav a:hover { + background-color: #009FC1; +} + +.left { + width: 70%; +} + +.right { + width: 30%; +} + +table a { + color: #000; +} + +table a:hover { + color:#373737; + text-decoration: none; +} + +th { + background-color: #00728B; + color: #F0F0F0; + border: 1px solid black; +} + +h1, h4 { + margin-top: 2px; + margin-bottom: 10px; +} + +td { + padding: 5px; + border: 1px solid black; +} + +h3 {margin: 0; padding: 0;} + +footer { + font-size: 65%; + padding: 3px 0 0 0; + color: #999; +} + +textarea { + width: 500px; + height: 200px; + overflow: scroll; +}
\ No newline at end of file diff --git a/styles/style.css b/styles/style.css new file mode 100644 index 0000000..4fecfa4 --- /dev/null +++ b/styles/style.css @@ -0,0 +1,117 @@ +body { + background-color: #222; + text-align: center; +} + +#title { + color: #F1F3F1; + margin: 20px; +} + +#wrapper { + width: 900px; + margin: 0 auto; +} + +table { + border-collapse: collapse; + width: 100%; + background-color: #fff; + border: 1px solid #000; + float: left; + padding: 20px 30px; + text-align: left; +} + +nav { + background-color: white; + margin-bottom: 15px; + border: 1px solid black; + text-align: left; +} + +#user { + float: right; + text-align: right; +} + +.post td { + height: 200px; + min-height: 200px; + max-height: 600px; +} + +section { + background-color: white; + padding: 15px; + margin-bottom: 15px; + text-align: left; +} + +section h1 { + color: black; +} + +form { + text-align: left; + padding: 5px 5px 5px 50px; +} + +nav a { + background-color: #00728B; + border: 1px solid black; + color: #FFF; + padding: 3px; + text-decoration: none; +} + +nav a:hover { + background-color: #009FC1; +} + +.left { + width: 70%; +} + +.right { + width: 30%; +} + +table a { + color: #000; +} + +table a:hover { + color:#373737; + text-decoration: none; +} + +th { + background-color: #00728B; + color: #F0F0F0; + border: 1px solid black; +} + +h1, h4 { + margin-top: 2px; + margin-bottom: 10px; +} + +td { + padding: 5px; + border: 1px solid black; +} + +h3 {margin: 0; padding: 0;} + +footer { + font-size: 65%; + padding: 3px 0 0 0; + color: #999; +} + +textarea { + width: 500px; + height: 200px; + overflow: scroll; +}
\ No newline at end of file diff --git a/topic.php b/topic.php new file mode 100644 index 0000000..216211f --- /dev/null +++ b/topic.php @@ -0,0 +1,57 @@ +<?php + +include_once 'header.php'; +include_once 'includes/db_inc.php'; + +$sql = "SELECT topic_id, topic_subject, topic_date, user_id, user_name FROM topics LEFT JOIN users ON topic_author = user_id WHERE topic_id = " . mysqli_real_escape_string($dbc, $_GET['id']); +$result = mysqli_query($dbc, $sql); + +if (!$result) { + die('Error trying to display topic page: ' . mysqli_error()); +} + +if (mysqli_num_rows($result) == 0) { + echo 'This topic does not exist'; +} else { + while ($row = mysqli_fetch_assoc($result)) { + echo '<section><h1>' . $row['topic_subject'] . '</h1>'; + echo 'Created by <b>' . $row['user_name'] . '</b> on ' . date('M d, Y', strtotime($row['topic_date'])) . '</section>'; + $topic_id = $row['topic_id']; + } +} + +echo '</section>'; + +mysqli_free_result($result); + +$sql = "SELECT post_content, post_date, post_author, user_id, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_topic = " . mysqli_real_escape_string($dbc, $_GET['id']); +$result = mysqli_query($dbc, $sql); + +if (!$result) { + die('Error trying to display posts: ' . mysqli_error($dbc)); +} + +if (mysqli_num_rows($result) == 0) { + echo '<section>This topic has no posts</section>'; +} else { + echo '<table>'; + while ($row = mysqli_fetch_assoc($result)) { + echo '<tr class="post"><td class="right">Posted by <b>' . $row['user_name'] . '</b><br><small>' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '</small></td>'; + echo '<td class="left">' . $row['post_content'] . '</td></tr>'; + } + echo '</table>'; + + echo ' +<section> +<form action="includes/reply_inc.php?reply_to=' . $topic_id . '" method="post"> + <h2>Reply to this thread</h2> + <textarea name="reply_content"></textarea> + <br> + <input type="submit" name="submit"> +</form> +</section>'; +} + +mysqli_free_result($result); + +include 'footer.php';
\ No newline at end of file |