| Author | Message | Time |
|---|---|---|
| Kaiory | This is a simple little forum that I made. First lets make the tables [code] mysql> create table forum_topics ( topic_id int not null primary key auto_increment, topic_title varchar (150), topic_create_time datetime, topic_owner varchar (150) ); mysql> create table forum_posts ( post_id int not null primary key auto_increment, topic_id int not null, post_text text, post_create_time datetime, post_owner varchar (150) ); [/code] Now heres the code to show the topics [code] <?php //check for required info from the query string if (!$_GET[topic_id]) { header("Location: topiclist.php"); exit; } //connect to server and select database $conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error()); mysql_select_db("testDB",$conn) or die(mysql_error()); //verify the topic exists $verify_topic = "select topic_title from forum_topics where topic_id = $_GET[topic_id]"; $verify_topic_res = mysql_query($verify_topic, $conn) or die(mysql_error()); if (mysql_num_rows($verify_topic_res) < 1) { //this topic does not exist $display_block = "<P><em>You have selected an invalid topic. Please <a href=\"topiclist.php\">try again</a>.</em></p>"; } else { //get the topic title $topic_title = stripslashes(mysql_result($verify_topic_res,0, 'topic_title')); //gather the posts $get_posts = "select post_id, post_text, date_format(post_create_time, '%b %e %Y at %r') as fmt_post_create_time, post_owner from forum_posts where topic_id = $_GET[topic_id] order by post_create_time asc"; $get_posts_res = mysql_query($get_posts,$conn) or die(mysql_error()); //create the display string $display_block = " <P>Showing posts for the <strong>$topic_title</strong> topic:</p> <table width=100% cellpadding=3 cellspacing=1 border=1> <tr> <th>AUTHOR</th> <th>POST</th> </tr>"; while ($posts_info = mysql_fetch_array($get_posts_res)) { $post_id = $posts_info['post_id']; $post_text = nl2br(stripslashes($posts_info['post_text'])); $post_create_time = $posts_info['fmt_post_create_time']; $post_owner = stripslashes($posts_info['post_owner']); //add to display $display_block .= " <tr> <td width=35% valign=top>$post_owner<br>[$post_create_time]</td> <td width=65% valign=top>$post_text<br><br> <a href=\"replytopost.php?post_id=$post_id\"><strong>REPLY TO POST</strong></a></td> </tr>"; } //close up the table $display_block .= "</table>"; } ?> <html> <head> <title>Posts in Topic</title> </head> <body> <h1>Posts in Topic</h1> <?php print $display_block; ?> </body> </html> [/code] This code is the topic lists [code] <?php //connect to server and select database $conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error()); mysql_select_db("testDB",$conn) or die(mysql_error()); //gather the topics $get_topics = "select topic_id, topic_title, date_format(topic_create_time, '%b %e %Y at %r') as fmt_topic_create_time, topic_owner from forum_topics order by topic_create_time desc"; $get_topics_res = mysql_query($get_topics,$conn) or die(mysql_error()); if (mysql_num_rows($get_topics_res) < 1) { //there are no topics, so say so $display_block = "<P><em>No topics exist.</em></p>"; } else { //create the display string $display_block = " <table cellpadding=3 cellspacing=1 border=1> <tr> <th>TOPIC TITLE</th> <th># of POSTS</th> </tr>"; while ($topic_info = mysql_fetch_array($get_topics_res)) { $topic_id = $topic_info['topic_id']; $topic_title = stripslashes($topic_info['topic_title']); $topic_create_time = $topic_info['fmt_topic_create_time']; $topic_owner = stripslashes($topic_info['topic_owner']); //get number of posts $get_num_posts = "select count(post_id) from forum_posts where topic_id = $topic_id"; $get_num_posts_res = mysql_query($get_num_posts,$conn) or die(mysql_error()); $num_posts = mysql_result($get_num_posts_res,0,'count(post_id)'); //add to display $display_block .= " <tr> <td><a href=\"showtopic.php?topic_id=$topic_id\"><strong>$topic_title</strong></a><br> Created on $topic_create_time by $topic_owner</td> <td align=center>$num_posts</td> </tr>"; } //close up the table $display_block .= "</table>"; } ?> <html> <head> <title>Topics in My Forum</title> </head> <body> <h1>Topics in My Forum</h1> <?php print $display_block; ?> <P>Would you like to <a href="addtopic.html">add a topic</a>?</p> </body> </html> [/code] Script to add topic [code] <?php //check for required fields from the form if ((!$_POST[topic_owner]) || (!$_POST[topic_title])|| (!$_POST[post_text])) { header("Location: addtopic.html"); exit; } //connect to server and select database $conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error()); mysql_select_db("testDB",$conn) or die(mysql_error()); //create and issue the first query $add_topic = "insert into forum_topics values ('', '$_POST[topic_title]', now(), '$_POST[topic_owner]')"; mysql_query($add_topic,$conn) or die(mysql_error()); //get the id of the last query $topic_id = mysql_insert_id(); //create and issue the second query $add_post = "insert into forum_posts values ('', '$topic_id','$_POST[post_text]', now(), '$_POST[topic_owner]')"; mysql_query($add_post,$conn) or die(mysql_error()); //create nice message for user $msg = "<P>The <strong>$topic_title</strong> topic has been created.</p>"; ?> <html> <head> <title>New Topic Added</title> </head> <body> <h1>New Topic Added</h1> <?php print $msg; ?> </body> </html> [/code] Script to reply to post [code] <?php //connect to server and select database; we'll need it soon $conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error()); mysql_select_db("testDB",$conn) or die(mysql_error()); //check to see if we're showing the form or adding the post if ($_POST[op] != "addpost") { // showing the form; check for required item in query string if (!$_GET[post_id]) { header("Location: topiclist.php"); exit; } //still have to verify topic and post $verify = "select ft.topic_id, ft.topic_title from forum_posts as fp left join forum_topics as ft on fp.topic_id = ft.topic_id where fp.post_id = $_GET[post_id]"; $verify_res = mysql_query($verify, $conn) or die(mysql_error()); if (mysql_num_rows($verify_res) < 1) { //this post or topic does not exist header("Location: topiclist.php"); exit; } else { //get the topic id and title $topic_id = mysql_result($verify_res,0,'topic_id'); $topic_title = stripslashes(mysql_result($verify_res, 0,'topic_title')); print " <html> <head> <title>Post Your Reply in $topic_title</title> </head> <body> <h1>Post Your Reply in $topic_title</h1> <form method=post action=\"$_SERVER[PHP_SELF]\"> <p><strong>Your E-Mail Address:</strong><br> <input type=\"text\" name=\"post_owner\" size=40 maxlength=150> <P><strong>Post Text:</strong><br> <textarea name=\"post_text\" rows=8 cols=40 wrap=virtual></textarea> <input type=\"hidden\" name=\"op\" value=\"addpost\"> <input type=\"hidden\" name=\"topic_id\" value=\"$topic_id\"> <P><input type=\"submit\" name=\"submit\" value=\"Add Post\"></p> </form> </body> </html>"; } } else if ($_POST[op] == "addpost") { //check for required items from form if ((!$_POST[topic_id]) || (!$_POST[post_text]) || (!$_POST[post_owner])) { header("Location: topiclist.php"); exit; } //add the post $add_post = "insert into forum_posts values ('', '$_POST[topic_id]', '$_POST[post_text]', now(), '$_POST[post_owner]')"; mysql_query($add_post,$conn) or die(mysql_error()); //redirect user to topic header("Location: showtopic.php?topic_id=$topic_id"); exit; } ?> [/code] and here is the form of adding a topic [code] <html> <head> <title>Add a Topic</title> </head> <body> <h1>Add a Topic</h1> <form method=post action="do_addtopic.php"> <p><strong>Your E-Mail Address:</strong><br> <input type="text" name="topic_owner" size=40 maxlength=150> <p><strong>Topic Title:</strong><br> <input type="text" name="topic_title" size=40 maxlength=150> <P><strong>Post Text:</strong><br> <textarea name="post_text" rows=8 cols=40 wrap=virtual></textarea> <P><input type="submit" name="submit" value="Add Topic"></p> </form> </body> </html> [/code] This is just a simple forum... nothing fancy | January 22, 2004, 11:23 PM |
| St0rm.iD | It's sql-injectable. Should check that out asap. | January 23, 2004, 12:59 AM |
| Kaiory | [code] # -------------------------------------------------------- # # Table structure for table 'forum_topics' # topic_id int not null primary key auto_increment, topic_title varchar (150), topic_create_time datetime, topic_owner varchar (150) ); # -------------------------------------------------------- # # Table structure for table 'forum_posts' # post_id int not null primary key auto_increment, topic_id int not null, post_text text, post_create_time datetime post_owner varchar (150) ); [/code] That should work | January 23, 2004, 1:18 AM |
| St0rm.iD | No, it has a security flaw. Should upload it somewhere and let me hax it. | January 23, 2004, 2:27 AM |
| Kaiory | O, I gotcha... | January 23, 2004, 9:38 PM |
| hismajesty | [quote author=St0rm.iD link=board=22;threadid=4854;start=0#msg40755 date=1074824870] No, it has a security flaw. Should upload it somewhere and let me hax it. [/quote] http://www.digitaldoozie.net/st0rm/showtopic.php have fun ;D | January 24, 2004, 4:13 PM |
| St0rm.iD | There were no interesting passwords to fish for...but... http://www.digitaldoozie.net/st0rm/showtopic.php?topic_id=1%20or%201=1 That's a quick example. | January 25, 2004, 3:59 AM |
| Kaiory | Do you like it though? | January 27, 2004, 2:10 AM |
| The-Rabid-Lord | Its good but could do with passwords and admins. Thumbs upo from me though | January 27, 2004, 7:06 PM |
| Kaiory | Thank-you But I did just say it was simple and it would be EXTREMELY easy to set up a login system/admin system But thanks again for likeing my forum | January 28, 2004, 3:57 PM |