bobleny Posted February 27, 2007 Share Posted February 27, 2007 Hello! I was hoping you could tell me what you think of my forum script... This is simply a template that I will use for my other site. I've been working on something a little different. You will see what I mean.... You can go to the script here: http://www.firemelt.net/testy/ This is the script: <?php session_start(); error_reporting(0); $database_hostname = ""; $database_username = ""; $database_password = ""; $database_select_1 = ""; function sendem($reurl, $retime) { echo "<META HTTP-EQUIV='Refresh' CONTENT= '" . $retime . "; URL=index.php?page=" . $reurl . "'>"; } if (!isset($_GET['page'])) { $_GET['page'] = "home"; $page = "home"; } else { $page = $_GET['page']; } if ($page == "home") { $title = "Testy - Welcome!"; } elseif ($page == "account_details") { $title = "Testy - Account Details"; } elseif ($page == "members_list") { $title = "Testy - Members List"; } elseif ($page == "users") { $title = "Testy - Profiles..."; } elseif ($page == "signup") { $title = "Testy - You Don't Have An Account Yet!?"; } elseif ($page == "login") { $title = "Testy - Welcome Back!"; } elseif ($page == "logout") { $title = "Testy - Are You Sure You Want To Leav!? :'("; } else { $page = "error"; $title = "Testy - Hmmmm - Something Doesn't seem right"; } ?> <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $title; ?></title> </head> <body> <?php if($page == "home") { if($_SESSION['user_logged_code_5223'] == TRUE) { echo "Welcome " . $_SESSION['username'] . "! (<a href='index.php?page=logout'>Log Out</a> | <a href='index.php?page=account_details'>Account Details</a> | <a href='index.php?page=members_list'>Members List</a>)\r\n"; } else { echo "Welcome friend! - <a href='index.php?page=login'>Log In</a> | <a href='index.php?page=signup'>Sign Up</a>"; } } if($page == "account_details") { if($_SESSION['user_logged_code_5223'] == TRUE) { echo "Account Details-\r\n <br />\r\n"; echo "Account Username: " . $_SESSION['username'] . "\r\n <br />\r\n"; echo "Account Level: " . $_SESSION['level'] . "\r\n <br />\r\n"; echo "Date of Sign Up: " . $_SESSION['signup'] . " (GMT)\r\n <br />\r\n"; echo "Posistion in Table: " . $_SESSION['id'] . "\r\n"; } else { echo "You are not logged in. You must be logged in to view your account deatials. \r\n"; sendem(home, 3); } } if($page == "members_list") { $connect = mysql_connect($database_hostname, $database_username, $database_password); if(!$connect) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $selectdb = mysql_select_db("$database_select_1"); if(!$selectdb) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $sql = "SELECT `name`, `id` FROM `users` ORDER BY `id` ASC"; $query = mysql_query($sql); if(!$query) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } echo "<table width='40%' align='left' border='1'>\r\n"; echo "<tr>\r\n"; echo "<td align='center'>##</td>\r\n"; echo "<td align='center'>Members</td>\r\n"; echo "</tr>\r\n"; $g = 1; while($get = mysql_fetch_assoc($query)) { echo "<tr>\r\n"; echo "<td>" . $g . "</td>\r\n"; echo "<td><a href='index.php?page=users&id=" . $get['id'] . "'>" . $get['name'] . "</a></td>\r\n"; echo "</tr>\r\n"; $g++; } echo "</table>\r\n"; mysql_close(); } if($page == "users") { if($_SESSION['user_logged_code_5223'] == TRUE) { if (preg_match("/[^0-9]+/",$_GET['id'])) { sendem(members_list, .1); die(); } else { $get_id = TRUE; } if($get_id == TRUE) { $connect = mysql_connect($database_hostname, $database_username, $database_password); if(!$connect) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $selectdb = mysql_select_db("$database_select_1"); if(!$selectdb) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $sql = "SELECT * FROM `users` WHERE `id` = '" . $_GET['id'] . "'"; $query = mysql_query($sql); if(!$query) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $get = mysql_fetch_assoc($query); mysql_close(); echo "Account Details-\r\n <br />\r\n"; echo "Account Username: " . $get['name'] . "\r\n <br />\r\n"; echo "Account Level: " . $get['level'] . "\r\n <br />\r\n"; echo "Date of Sign Up: " . $get['signup'] . " (GMT)\r\n <br />\r\n"; echo "Posistion in Table: " . $get['id'] . "\r\n"; } } else { echo "You are not logged in. You must be logged in to view your account deatials. \r\n"; sendem(home, 3); } } if($page == "signup") { if($_SESSION['now_sign'] == FALSE && isset($_POST['sign_username']) == FALSE && $_SESSION['user_logged_code_5223'] == FALSE) { if($_SESSION['sign_username_long'] == TRUE) { $_SESSION['sign_username_long'] = FALSE; echo "Your usermane is too long. Usernames must be between 2-10 characters long. \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } elseif($_SESSION['sign_username_short'] == TRUE) { $_SESSION['sign_username_short'] = FALSE; echo "Your usermane is too short. Usernames must be between 2-10 characters long. \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } elseif($_SESSION['sign_username_bad_char'] == TRUE) { $_SESSION['sign_username_bad_char'] = FALSE; echo "Your usermane contains invalid characters. Usernames may only contain, a-z, A-Z, 0-9, and _ (underscore). \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } elseif($_SESSION['sign_username_no_match'] == TRUE) { $_SESSION['sign_username_no_match'] = FALSE; echo "I'm sorry, the username you have selected is already taken. \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } elseif($_SESSION['sign_password_no_match'] == TRUE) { $_SESSION['wrong_sign_password'] = FALSE; echo "Your passwords did not match! Remember, your password is case sensitive! \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } elseif($_SESSION['sign_password_short'] == TRUE) { $_SESSION['sign_password_short'] = FALSE; echo "Your password is too short. Passwords must be over 5 characters long. \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } else { echo "In order to start useing the site forum and all of the site goodies you must be signed up. To do so, simply fill out the forum below. Your password is case sensitive! \r\n <br /> \r\n"; } echo "<form action='index.php?page=signup' method='post'> \r\n"; echo "Username: <input type='text' name='sign_username' size='21' maxlength='10'> \r\n <br /> \r\n"; echo "Password: <input type='password' name='sign_password' size='21' > \r\n <br /> \r\n"; echo "Verify Password <input type='password' name='sign_varpassword' size='21'> \r\n <br /> \r\n"; echo "<input type='submit' value='Sign Up'> \r\n"; echo "</form>"; } if($_SESSION['user_logged_code_5223'] == TRUE) { echo "You are already have and account... You are now being redirected! \r\n <br /> <br /> \r\n <a href='index.php?page=home'>If you are not automaticly redirected in 10 seconds, click here.</a> \r\n"; sendem(home, 3); } if($_SESSION['now_sign'] == TRUE) { $_SESSION['now_sign'] = FALSE; echo "Congratulations, you are now signed up! You are now being redirected! \r\n <br /> <br /> \r\n <a href='index.php?page=home'>If you are not automaticly redirected in 10 seconds, please click here.</a> \r\n"; sendem(home, 3); } if(isset($_POST['sign_username']) == TRUE) { if(strlen($_POST['sign_username']) <= 10) { if(strlen($_POST['sign_username']) >= 2) { $sign_username_length = TRUE; } else { $_SESSION['sign_username_short'] = TRUE; sendem(signup, .1); die(); } } else { $_SESSION['sign_username_long'] = TRUE; sendem(signup, .1); die(); } if($sign_username_length == TRUE) { if (preg_match("/[^a-zA-Z0-9_]+/",$_POST['sign_username'])) { $_SESSION['sign_username_bad_char'] = TRUE; sendem(signup, .1); die(); } else { $sign_username_char = TRUE; } } if($sign_username_char == TRUE) { $connect = mysql_connect($database_hostname, $database_username, $database_password); if(!$connect) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $selectdb = mysql_select_db("$database_select_1"); if(!$selectdb) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $query = mysql_query("SELECT `name` FROM `users` WHERE `name`='" . $_POST['sign_username'] . "'"); if(!$query) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: 126"; mysql_close(); sendem(error, .1); die(); } $rows = mysql_num_rows($query); if(!$rows) { if($_POST['sign_password'] === $_POST['sign_varpassword']) { if(strlen($_POST['sign_password']) >= 5) { $sign_password_length = TRUE; } else { $_SESSION['sign_password_short'] = TRUE; sendem(signup, .1); die(); } if($sign_password_length == TRUE) { $md5 = md5($_POST['sign_password']); $sign_password = SHA1($md5); $sign_username = $_POST['sign_username']; $sign_level = "Super Noob"; date_default_timezone_set('GMT'); $sign_date = date('l, F jS\, Y'); $sql = "INSERT INTO `users` (`name`, `password`, `level`, `signup`) VALUES ('{$sign_username}','{$sign_password}','{$sign_level}','{$sign_date}')"; $query = mysql_query($sql); if(!$query) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } else { mysql_close(); $_SESSION['now_sign'] = TRUE; sendem(signup, .1); die(); } } } else { $_SESSION['sign_password_no_match'] = TRUE; sendem(signup, .1); die(); } } else { $_SESSION['sign_username_no_match'] = TRUE; sendem(signup, .1); die(); } } } } if($page == "login") { if($_SESSION['user_logged_code_5223'] == FALSE && isset($_POST['username']) == FALSE && $_SESSION['now_logged'] == FALSE) { if($_SESSION['wrong_username'] == TRUE) { $_SESSION['wrong_username'] = FALSE; echo "You have entered an INVALED username! \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } elseif($_SESSION['wrong_password'] == TRUE) { $_SESSION['wrong_password'] = FALSE; echo "You have entered an INVALED password! Passwords ARE case sensitive! \r\n <br /> \r\n"; echo "Please try again... \r\n <br /> \r\n"; } else { echo "Please login below. \r\n <br /> \r\n"; } echo "<form action='index.php?page=login' method='post'> \r\n"; echo "Username: <input type='text' name='username' size='21' maxlength='10'> \r\n <br /> \r\n"; echo "Password: <input type='password' name='password' size='21'> <br /> \r\n"; echo "<input type='Submit' value='Login'> \r\n"; echo "</form> \r\n"; } if($_SESSION['user_logged_code_5223'] == TRUE && $_SESSION['now_logged'] == FALSE) { echo "You are already logged in... You are now being redirected! \r\n <br /> <br /> \r\n <a href='index.php?page=home'>If you are not automaticly redirected in 10 seconds, click here.</a> \r\n"; sendem(home, 3); } if($_SESSION['now_logged'] == TRUE && $_SESSION['user_logged_code_5223'] == TRUE) { $_SESSION['now_logged'] = FALSE; echo "Congratulations, you are now logged in! You are now being redirected! \r\n <br /> <br /> \r\n <a href='index.php?page=home'>If you are not automaticly redirected in 10 seconds, please click here.</a> \r\n"; sendem(home, 3); } if(isset($_POST['username']) == TRUE) { if (preg_match("/[^a-zA-Z0-9_]+/",$_POST['username'])) { $_SESSION['wrong_username'] = TRUE; sendem(login, .1); die(); } else { $username_char = TRUE; } if($username_char == TRUE) { $connect = mysql_connect($database_hostname, $database_username, $database_password); if(!$connect) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $selectdb = mysql_select_db("$database_select_1"); if(!$selectdb) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $sql = "SELECT * FROM `users` WHERE `name` = '" . $_POST['username'] . "'"; $query = mysql_query($sql); if(!$query) { $_SESSION['error_message'] = mysql_error(); $_SESSION['error_location'] = "Page: " . $page . " - Line: " . __LINE__; mysql_close(); sendem(error, .1); die(); } $get = mysql_fetch_assoc($query); if (!$get) { mysql_close(); $_SESSION['wrong_username'] = TRUE; sendem(login, .1); die(); } else { $_SESSION['level'] = $get['level']; $_SESSION['signup'] = $get['signup']; $_SESSION['id'] = $get['id']; $rawpassword = $get['password']; $rawusername = $get['name']; $username_checked = TRUE; mysql_close(); } if($username_checked == TRUE) { $md5 = md5($_POST['password']); $password = SHA1($md5); if ($password === $rawpassword) { $_SESSION['username'] = $rawusername; $_SESSION['user_logged_code_5223'] = TRUE; $_SESSION['now_logged'] = TRUE; sendem(login, .1); die(); } else { $_SESSION['wrong_password'] = TRUE; sendem(login, .1); die(); } } } } } if($page == "logout") { $_SESSION['user_logged_code_5223'] = FALSE; $_SESSION = array(); session_destroy(); echo "You are now logged out. I cant believe you just did that! \r\n <br /> \r\n You are now being redirected! \r\n <br /> <br /> \r\n <a href='index.php?page=home'>If you are not automaticly redirected in 10 seconds, please click here.</a> \r\n"; sendem(home, 3); } if($page == "error") { echo "There has been an unexpected error! If you recieve this message agin, please conatact me.\r\n <br /><br />\r\n" . $_SESSION['error_message'] . "\r\n <br /><br />\r\n" . $_SESSION['error_location']; $_SESSION['error_message'] = ""; $_SESSION['error_location'] = "Line: "; } ?> </body> </html> Yup, it is only one page! I think that is really cool! It is sorta funny too. My site, is 550 lines with out the forum, when I add the forum, I will be basically adding the code above to it, which is about 550 lines as well! That is a long page! So, please, tell me what you think of my script. If you see something in it that you think should be changed, or a comment on a certain spot, please tell me! Oh, and please feel free to try the script on the site, If your good with mysql, I would welcome sql attacks! just so long as you tell me what your tried and weather or not it worked... Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts