From df49a36e140acc211fdc31480d40281404110310 Mon Sep 17 00:00:00 2001
From: Cflip <36554078+cflip@users.noreply.github.com>
Date: Fri, 22 Jan 2021 20:45:43 -0700
Subject: Inital commit with existing code

---
 category.php             |  49 ++++++++++++++++++++
 create_topic.php         |  90 ++++++++++++++++++++++++++++++++++++
 footer.php               |   4 ++
 header.php               |  28 ++++++++++++
 includes/db_inc.php      |  12 +++++
 includes/reply_inc.php   |  33 +++++++++++++
 includes/signout_inc.php |   5 ++
 index.php                |  31 +++++++++++++
 register.php             |  81 ++++++++++++++++++++++++++++++++
 reply.php                |  30 ++++++++++++
 signin.php               |  60 ++++++++++++++++++++++++
 style.css                | 117 +++++++++++++++++++++++++++++++++++++++++++++++
 styles/style.css         | 117 +++++++++++++++++++++++++++++++++++++++++++++++
 topic.php                |  57 +++++++++++++++++++++++
 14 files changed, 714 insertions(+)
 create mode 100644 category.php
 create mode 100644 create_topic.php
 create mode 100644 footer.php
 create mode 100644 header.php
 create mode 100644 includes/db_inc.php
 create mode 100644 includes/reply_inc.php
 create mode 100644 includes/signout_inc.php
 create mode 100644 index.php
 create mode 100644 register.php
 create mode 100644 reply.php
 create mode 100644 signin.php
 create mode 100644 style.css
 create mode 100644 styles/style.css
 create mode 100644 topic.php

diff --git a/category.php b/category.php
new file mode 100644
index 0000000..4e10444
--- /dev/null
+++ b/category.php
@@ -0,0 +1,49 @@
+<?php
+
+include_once 'includes/db_inc.php';
+include_once 'header.php';
+
+echo '<section>';
+
+$sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
+$result = mysqli_query($dbc, $sql);
+
+if (!$result) {
+	die('Error trying to display category: ' . mysqli_error($dbc));
+}
+
+// Display category name and description
+
+if (mysqli_num_rows($result) == 0) {
+	echo 'This category does not exist';
+} else {
+	while ($row = mysqli_fetch_assoc($result)) {
+		echo '<h1>' . $row['cat_name'] . '</h1>';
+		echo $row['cat_description'];
+	}
+}
+
+mysqli_free_result($result);
+
+echo '</section>';
+
+$sql = "SELECT topic_id, topic_subject, topic_date, user_name FROM topics LEFT JOIN users ON topic_author = user_id WHERE topic_cat = " . mysqli_real_escape_string($dbc, $_GET['id']);
+$result = mysqli_query($dbc, $sql);
+
+if (!$result) {
+	die('Error trying to display topics: ' . mysqli_error($dbc));
+} 
+
+// Display table of posts
+
+echo '<table><tr><th class="left">Topic</th><th class="right">Latest Post</th></tr>';
+
+while ($row = mysqli_fetch_assoc($result)) {
+	echo '<tr><td class="left">';
+	echo '<h4><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a></h4>';
+	echo '<small>by <b>' . $row['user_name'] . '</b> on ' . date('M d, Y', strtotime($row['topic_date'])) . '</small></td><td class="right">24 replies</td></tr>';
+}
+
+echo '</table>';
+
+include 'footer.php';
\ No newline at end of file
diff --git a/create_topic.php b/create_topic.php
new file mode 100644
index 0000000..9eab942
--- /dev/null
+++ b/create_topic.php
@@ -0,0 +1,90 @@
+<?php
+
+include 'header.php';
+include_once 'connect.php';
+
+echo '<section><h2>Create a new topic</h2>';
+
+if (!isset($_SESSION['signed_in'])) {
+	echo 'You must be <a href="signin.php">signed in</a> to create a topic.';
+} else {
+	if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+		$sql = "SELECT cat_id, cat_name, cat_description FROM categories";
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			echo 'Error while selecting from database. Please try again later.';
+		} else {
+			if (mysqli_num_rows($result) == 0) {
+				echo 'There are currently no categories to post to.';
+			} else {
+				echo '
+				<form action="" method="post">
+					<label for="topic_subject">Subject: </label><br>
+					<input type="text" name="topic_subject"><br>
+					<label for="topic_cat">Category: </label><br>
+					<select name="topic_cat">';
+
+				while ($row = mysqli_fetch_assoc($result)) {
+					echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
+				}
+
+				echo '
+					</select><br>
+					<label for="post_content">Write your post: </label><br>
+					<textarea name="post_content"></textarea><br>
+					<input type="submit" name="submit">
+				</form>
+				';
+			}
+		}
+	} else {
+		$sql = "BEGIN WORK;";
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			echo 'An error occurred creating your topic. Try again later';
+		} else {
+			$sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_author) VALUES(
+			'" . mysqli_real_escape_string($dbc, $_POST['topic_subject']) . "', 
+			NOW(), 
+			" . mysqli_real_escape_string($dbc, $_POST['topic_cat']) . ", 
+			" . $_SESSION['user_id'] .")";
+
+			$result = mysqli_query($dbc, $sql);
+
+			if (!$result) {
+				echo 'An error occured while creating your post. Please try again later.' . mysql_error();
+				$sql = "ROLLBACK;";
+				mysqli_query($dbc, $sql);
+			} else {
+				$topic_id = mysqli_insert_id($dbc);
+
+				$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(
+				'" . mysqli_real_escape_string($dbc, $_POST['post_content']) . "',
+				NOW(),
+				" . $topic_id . ",
+				" . $_SESSION['user_id'] . ")";
+
+				$result = mysqli_query($dbc, $sql);
+
+				if (!$result) {
+					echo 'An error occured while creating your post. Please try again later.' . mysqli_error($dbc);
+					$sql = "ROLLBACK;";
+					mysqli_query($dbc, $sql);
+				} else {
+					$sql = "COMMIT;";
+					$result = mysqli_query($dbc, $sql);
+
+					echo 'You have successfully created <a href="topic.php?id='. $topic_id . '">your new topic</a>.';
+				}
+			}
+		}
+	}
+}
+
+echo '</section>';
+
+include 'footer.php';
+
+?>
\ No newline at end of file
diff --git a/footer.php b/footer.php
new file mode 100644
index 0000000..e786876
--- /dev/null
+++ b/footer.php
@@ -0,0 +1,4 @@
+<footer>Copyright © 2021 cflip.net</footer>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/header.php b/header.php
new file mode 100644
index 0000000..935f063
--- /dev/null
+++ b/header.php
@@ -0,0 +1,28 @@
+<?php
+session_start();
+?>
+
+<!DOCTYPE html>
+<html>
+<head>
+	<title>cflip.net forum Beta</title>
+	<link rel="stylesheet" href="styles/style.css">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+</head>
+<body>
+<div id="wrapper">
+	<h1 id="title">cflip.net forum</h1>
+	<nav>
+		<a href="index.php">Home</a>
+		<a href="create_topic.php">Create a topic</a>
+
+		<div id="user">
+			<?php
+			if (isset($_SESSION['signed_in'])) {
+				echo 'Signed in as <b>' . $_SESSION['user_name'] . '</b>. <a href="includes/signout_inc.php">Log out</a>';
+			} else {
+				echo '<a href="signin.php">Sign in</a> or <a href="register.php">Register an account</a>';
+			}
+			?>
+		</div>
+	</nav>
\ No newline at end of file
diff --git a/includes/db_inc.php b/includes/db_inc.php
new file mode 100644
index 0000000..b76f06d
--- /dev/null
+++ b/includes/db_inc.php
@@ -0,0 +1,12 @@
+<?php
+
+$db_server = 'localhost';
+$db_user = 'root';
+$db_pass = '';
+$db_database = 'forum';
+
+$dbc = mysqli_connect($db_server, $db_user, $db_pass, $db_database);
+
+if (!$dbc) {
+	die("Database connection error: " . mysqli_connect_error());
+}
diff --git a/includes/reply_inc.php b/includes/reply_inc.php
new file mode 100644
index 0000000..7f53fce
--- /dev/null
+++ b/includes/reply_inc.php
@@ -0,0 +1,33 @@
+<?php
+
+session_start();
+
+include_once 'db_inc.php';
+
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+	die('This file cannot be called directly.');
+} 
+
+if (!isset($_SESSION['signed_in'])) {
+	die('You must be signed in to reply to a topic.');
+} 
+
+$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(?, NOW(), ?, ?)";
+$stmt = mysqli_stmt_init($dbc);
+
+if (!mysqli_stmt_prepare($stmt, $sql)) {
+	die('Failed to process statement: ' . mysqli_error($dbc));
+}
+
+mysqli_stmt_bind_param($stmt, "sii", $_POST['post_content'], $_GET['reply_to'], $_SESSION['user_id']);
+mysqli_stmt_execute($stmt);
+
+$result = mysqli_stmt_get_result($stmt);
+
+if (!$result) {
+	echo 'An error occurred trying to reply to the post. ' . mysqli_error($dbc);
+} else {
+	echo 'Your reply has been saved, check out <a href="topic.php?id=' . $_GET['reply_to'] . '">the topic</a>.';
+}
+
+//header("Location: ../topic.php?id=" . $_GET['reply_to']);
\ No newline at end of file
diff --git a/includes/signout_inc.php b/includes/signout_inc.php
new file mode 100644
index 0000000..c86447a
--- /dev/null
+++ b/includes/signout_inc.php
@@ -0,0 +1,5 @@
+<?php
+
+session_start();
+session_destroy();
+header("Location: ../index.php");
\ No newline at end of file
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..2936a89
--- /dev/null
+++ b/index.php
@@ -0,0 +1,31 @@
+<?php
+include_once 'header.php';
+?>
+	<table>
+		<tr>
+			<th class="left">Category</th>
+			<th class="right">Latest Topic</th>
+		</tr>
+<?php
+	include_once 'includes/db_inc.php';
+
+	$sql = "SELECT cat_id, cat_name, cat_description FROM categories";
+	$result = mysqli_query($dbc, $sql);
+
+	if (!$result) {
+		die('Failure trying to display categories: ' . mysqli_error($dbc));
+	}
+
+	while ($row = mysqli_fetch_assoc($result)) {
+		echo '<tr><td class="left">';
+		echo '<h4><a href="category.php?id=' . $row['cat_id'] . '">' . $row['cat_name'] . '</a></h4>';
+		echo $row['cat_description'];
+		echo '</td><td class="right">Example topic right here<br><small>1 hour ago by <b>cflip</b></small></td></tr>';
+	}
+
+	mysqli_free_result($result);
+?>
+	</table>
+<?php
+include_once 'footer.php';
+?>
\ No newline at end of file
diff --git a/register.php b/register.php
new file mode 100644
index 0000000..8f74aa9
--- /dev/null
+++ b/register.php
@@ -0,0 +1,81 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>cflip.net forum</title>
+	<link rel="stylesheet" href="style.css">
+	<meta name="viewport" content="width=device-width, initial-scale=1.0">
+</head>
+<body>
+<div id="wrapper">
+	<h1>Register an account</h1>
+	<nav>
+		<a href="index.php">Go back</a> Already have an account? <a href="signin.php">Sign in</a>
+	</nav>
+	<section>
+<?php
+
+include_once 'connect.php';
+
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+	echo '
+	<form action="register.php" method="post">
+		<label for="user_name">Username: </label><br>
+		<input type="text" name="user_name"><br>
+		<label for="user_pass">Password: </label><br>
+		<input type="password" name="user_pass"><br>
+		<label for="user_pass_check">Re-enter password: </label><br>
+		<input type="password" name="user_pass_check"><br>
+		<input type="submit" name="submit">
+	</form>
+	';
+} else {
+	$errors = array();
+
+	if (isset($_POST['user_name'])) {
+		if (!ctype_alnum($_POST['user_name'])) {
+			$errors[] = 'Invalid username. Only letters and numbers are supported.';
+		}
+		if (strlen($_POST['user_name']) > 30) {
+			$errors[] = 'Username must be 30 characters or less.';
+		}
+	} else {
+		$errors[] = 'Please provide a username.';
+	}
+
+	if (isset($_POST['user_pass'])) {
+		if ($_POST['user_pass'] != $_POST['user_pass_check']) {
+			$errors[] = 'The two passwords do not match.';
+		}
+	} else {
+		$errors[] = 'Please provide a password.';
+	}
+
+	if (!empty($errors)) {
+		echo 'Please check the following problems: <ul>';
+		foreach ($errors as $err) {
+			echo '<li>' . $err . '</li>';
+		}
+		echo '</ul>';
+	} else {
+		$sql = "INSERT INTO users(user_name, user_pass, user_date)
+				VALUES('" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "',
+						'" . sha1($_POST['user_pass']) . "',
+						NOW())
+				";
+
+		$result = mysqli_query($dbc, $sql);
+		if (!$result) {
+			echo 'Failed to register account due to internal error.';
+			echo mysqli_error($dbc);
+		} else {
+			echo 'Account successfully created!';
+		}
+	}
+}
+
+?>
+	</section>
+	<footer>Copyright © 2021 cflip.net</footer>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/reply.php b/reply.php
new file mode 100644
index 0000000..051aaa4
--- /dev/null
+++ b/reply.php
@@ -0,0 +1,30 @@
+<?php
+
+include 'header.php';
+include_once 'connect.php';
+
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+	echo 'This file cannot be called directly.';
+} else {
+	if (!isset($_SESSION['signed_in'])) {
+		echo 'You must be signed in to reply to a topic.';
+	} else {
+		$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(
+		'" . mysqli_real_escape_string($dbc, $_POST['reply_content']) . "',
+		NOW(),
+		" . mysqli_real_escape_string($dbc, $_GET['reply_to']) . ",
+		" . $_SESSION['user_id'] . ")";
+
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			echo 'An error occurred trying to reply to the post.' . mysqli_error($dbc);
+		} else {
+			echo 'Your reply has been saved, check out <a href="topic.php?id=' . $_GET['reply_to'] . '">the topic</a>.';
+		}
+	}
+}
+
+include 'footer.php';
+
+?>
\ No newline at end of file
diff --git a/signin.php b/signin.php
new file mode 100644
index 0000000..287eeda
--- /dev/null
+++ b/signin.php
@@ -0,0 +1,60 @@
+<?php
+
+include_once 'includes/db_inc.php';
+include_once 'header.php';
+
+echo '<section><h2>Sign in</h2>';
+
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+	echo '
+	<form action="" method="post">
+		<label for="user_name">Username: </label><br>
+		<input type="text" name="user_name"><br>
+		<label for="user_pass">Password: </label><br>
+		<input type="password" name="user_pass"><br>
+		<input type="submit" name="submit">
+	</form>
+	';
+} else {
+	$errors = array();
+
+	if (!isset($_POST['user_name'])) {
+		$errors[] = 'Please provide a username.';
+	}
+
+	if (!isset($_POST['user_pass'])) {
+		$errors[] = 'Please provide a password.';
+	}
+
+	if (!empty($errors)) {
+		echo 'Please check the following problems: <ul>';
+		foreach ($errors as $err) {
+			echo '<li>' . $err . '</li>';
+		}
+		echo '</ul>';
+	} else {
+		$sql = "SELECT user_id, user_name FROM users WHERE user_name = '" . mysqli_real_escape_string($dbc, $_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass']) ."'";
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			echo 'An error occurred while signing in.';
+			echo mysqli_error($dbc);
+		} else {
+			if (mysqli_num_rows($result) == 0) {
+				echo 'There is no user with that username/password combination! Please try again';
+			} else {
+				$_SESSION['signed_in'] = true;
+
+				while ($row = mysqli_fetch_assoc($result)) {
+					$_SESSION['user_id'] = $row['user_id'];
+					$_SESSION['user_name'] = $row['user_name'];
+				}
+
+				echo 'You are now signed in as ' . $_SESSION['user_name'];
+			}
+		}
+	}
+}
+
+echo '</section>';
+include_once 'footer.php';
\ No newline at end of file
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..4fecfa4
--- /dev/null
+++ b/style.css
@@ -0,0 +1,117 @@
+body {
+	background-color: #222;
+	text-align: center;
+}
+
+#title {
+	color: #F1F3F1;
+	margin: 20px;
+}
+
+#wrapper {
+	width: 900px;
+	margin: 0 auto;
+}
+
+table {
+	border-collapse: collapse;
+	width: 100%;
+	background-color: #fff;
+	border: 1px solid #000;
+	float: left;
+	padding: 20px 30px;
+	text-align: left;
+}
+
+nav {
+	background-color: white;
+	margin-bottom: 15px;
+	border: 1px solid black;
+	text-align: left;
+}
+
+#user {
+	float: right;
+	text-align: right;
+}
+
+.post td {
+	height: 200px;
+	min-height: 200px;
+	max-height: 600px;
+}
+
+section {
+	background-color: white;
+	padding: 15px;
+	margin-bottom: 15px;
+	text-align: left;
+}
+
+section h1 {
+	color: black;
+}
+
+form {
+	text-align: left;
+	padding: 5px 5px 5px 50px;
+}
+
+nav a {
+	background-color: #00728B;
+	border: 1px solid black;
+	color: #FFF;
+	padding: 3px;
+	text-decoration: none;
+}
+
+nav a:hover {
+	background-color: #009FC1;
+}
+
+.left {
+	width: 70%;
+}
+
+.right {
+	width: 30%;
+}
+
+table a {
+	color: #000;
+}
+
+table a:hover {
+	color:#373737;
+	text-decoration: none;
+}
+
+th {
+	background-color: #00728B;
+	color: #F0F0F0;
+	border: 1px solid black;
+}
+
+h1, h4 {
+	margin-top: 2px;
+	margin-bottom: 10px;
+}
+
+td {
+	padding: 5px;
+	border: 1px solid black;
+}
+
+h3 {margin: 0; padding: 0;}
+
+footer {
+	font-size: 65%;
+	padding: 3px 0 0 0;
+	color: #999;
+}
+
+textarea {
+	width: 500px;
+	height: 200px;
+	overflow: scroll;
+}
\ No newline at end of file
diff --git a/styles/style.css b/styles/style.css
new file mode 100644
index 0000000..4fecfa4
--- /dev/null
+++ b/styles/style.css
@@ -0,0 +1,117 @@
+body {
+	background-color: #222;
+	text-align: center;
+}
+
+#title {
+	color: #F1F3F1;
+	margin: 20px;
+}
+
+#wrapper {
+	width: 900px;
+	margin: 0 auto;
+}
+
+table {
+	border-collapse: collapse;
+	width: 100%;
+	background-color: #fff;
+	border: 1px solid #000;
+	float: left;
+	padding: 20px 30px;
+	text-align: left;
+}
+
+nav {
+	background-color: white;
+	margin-bottom: 15px;
+	border: 1px solid black;
+	text-align: left;
+}
+
+#user {
+	float: right;
+	text-align: right;
+}
+
+.post td {
+	height: 200px;
+	min-height: 200px;
+	max-height: 600px;
+}
+
+section {
+	background-color: white;
+	padding: 15px;
+	margin-bottom: 15px;
+	text-align: left;
+}
+
+section h1 {
+	color: black;
+}
+
+form {
+	text-align: left;
+	padding: 5px 5px 5px 50px;
+}
+
+nav a {
+	background-color: #00728B;
+	border: 1px solid black;
+	color: #FFF;
+	padding: 3px;
+	text-decoration: none;
+}
+
+nav a:hover {
+	background-color: #009FC1;
+}
+
+.left {
+	width: 70%;
+}
+
+.right {
+	width: 30%;
+}
+
+table a {
+	color: #000;
+}
+
+table a:hover {
+	color:#373737;
+	text-decoration: none;
+}
+
+th {
+	background-color: #00728B;
+	color: #F0F0F0;
+	border: 1px solid black;
+}
+
+h1, h4 {
+	margin-top: 2px;
+	margin-bottom: 10px;
+}
+
+td {
+	padding: 5px;
+	border: 1px solid black;
+}
+
+h3 {margin: 0; padding: 0;}
+
+footer {
+	font-size: 65%;
+	padding: 3px 0 0 0;
+	color: #999;
+}
+
+textarea {
+	width: 500px;
+	height: 200px;
+	overflow: scroll;
+}
\ No newline at end of file
diff --git a/topic.php b/topic.php
new file mode 100644
index 0000000..216211f
--- /dev/null
+++ b/topic.php
@@ -0,0 +1,57 @@
+<?php
+
+include_once 'header.php';
+include_once 'includes/db_inc.php';
+
+$sql = "SELECT topic_id, topic_subject, topic_date, user_id, user_name FROM topics LEFT JOIN users ON topic_author = user_id WHERE topic_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
+$result = mysqli_query($dbc, $sql);
+
+if (!$result) {
+	die('Error trying to display topic page: ' . mysqli_error());
+} 
+
+if (mysqli_num_rows($result) == 0) {
+	echo 'This topic does not exist';
+} else {
+	while ($row = mysqli_fetch_assoc($result)) {
+		echo '<section><h1>' . $row['topic_subject'] . '</h1>';
+		echo 'Created by <b>' . $row['user_name'] . '</b> on ' . date('M d, Y', strtotime($row['topic_date'])) . '</section>';
+		$topic_id = $row['topic_id'];
+	}
+}
+
+echo '</section>';
+
+mysqli_free_result($result);
+
+$sql = "SELECT post_content, post_date, post_author, user_id, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_topic = " . mysqli_real_escape_string($dbc, $_GET['id']);
+$result = mysqli_query($dbc, $sql);
+
+if (!$result) {
+	die('Error trying to display posts: ' . mysqli_error($dbc));
+}
+
+if (mysqli_num_rows($result) == 0) {
+	echo '<section>This topic has no posts</section>';
+} else {
+	echo '<table>';
+	while ($row = mysqli_fetch_assoc($result)) {
+		echo '<tr class="post"><td class="right">Posted by <b>' . $row['user_name'] . '</b><br><small>' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '</small></td>';
+		echo '<td class="left">' . $row['post_content'] . '</td></tr>';
+	}
+	echo '</table>';
+
+	echo '
+<section>
+<form action="includes/reply_inc.php?reply_to=' . $topic_id . '" method="post">
+	<h2>Reply to this thread</h2>
+	<textarea name="reply_content"></textarea>
+	<br>
+	<input type="submit" name="submit">
+</form>
+</section>';
+}
+
+mysqli_free_result($result);
+
+include 'footer.php';
\ No newline at end of file
-- 
cgit v1.2.3