Knouen Posted October 19, 2007 Share Posted October 19, 2007 At Pastebin. And here: <?php /*******************************************/ /* Edit this section, add your own */ /* database connection details. */ define('DBHOST', 'blah'); define('DBUSER', 'blah'); define('DBPASS', 'blah'); define('DBNAME', 'blah'); /*******************************************/ /* Include any website header sections, */ /* eg: top.html, header.html, footer.html. */ // EG: include("../html/header.html"); echo '<html><head></head><body>'; /*******************************************/ /*******************************************/ /* Optional colours editing. Change any */ /* fields you like to any colours you */ /* prefer. Default is white background */ /* and black text. A full list of accepted */ /* named colours for HTML can be found at: */ /* http://www.w3schools.com/html/html_colornames.asp */ define('BGCOLOUR1', 'azure'); /* Background colour 1 for alternating table rows. */ define('BGCOLOUR2', 'aliceblue'); /* Background colour 2 for alternating table rows. */ define('TEXTCOLOUR', 'black'); /* Normal text colour. */ define('TEXTSIZE', '4'); /* Normal text size. */ define('MINITEXT', '4'); /* Mini text size. */ define('HEADINGBG', 'cyan'); /* Background colour for table headings. */ define('HEADINGSIZE', '4'); /* Size of heading text. */ define('HEADINGTEXT', 'black'); /* Text colour for table headings. */ define('SPACING', '0'); /* Spacing between table cells. */ define('PADDING', '2'); /* Padding around table cells. */ /*******************************************/ /* DO NOT EDIT BELOW THIS LINE! */ /*******************************************/ session_start(); if(empty($_POST['actiontype'])){ $actiontype = 'showtopics'; } if(empty($_POST['id'])){ $id = 0; } /*******************************************/ /* Make verification image. */ function verificationImage(){ $range = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $rand = substr(str_shuffle($range), 0, 5); $bg = rand(1, 4); $image = imagecreatefromjpeg("background$bg.jpg"); $textColour = imagecolorallocate($image, 0, 0, 0); imagestring ($image, 5, 5, 8, $rand, $textColour); $_SESSION['image_random_value'] = md5($rand); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header('Content-type: image/jpeg'); imagejpeg($image); imagedestroy($image); } /*******************************************/ /* Verification code was wrong, give error message. */ function wrongCode(){ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Image verification code incorrect. <a href="index.php">Return to forum.</a></font><br>'; } /*******************************************/ /* Display the form for starting new threads. */ function showFormTopic(){ echo '<form action="'.$_SERVER['php_self'].'" method="post">'; echo '<center><table width="75%" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'" border="0">'; echo '<tr align="left" valign="top">'; echo '<td width="30%"><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Your name:</b></font></td>'; echo '<td width="70%"><input name="name" type="text" id="name" size="50" maxlength="65"/></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Subject:</b></font></td>'; echo '<td><input name="subject" type="text" id="subject" size="50" maxlength="255"/></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Input verification code:</b></font></td>'; echo '<td><input name="random" type="text" id="random"/> '; echo '<img src="verify.png" alt="Type this into the box" title="Type this into the box" /></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Message:</b></font></td>'; echo '<td><textarea name="message" cols="50" rows="5" id="message"></textarea></td>'; echo '</tr>'; echo '<td align="right"><input type="reset" value="Clear Form" /></td>'; echo '<td align="left"><input type="hidden" name="actiontype" value="makethread" /><input name="id" type="hidden" value="'.$id.'" /><input name="Submit" type="submit" value="Add new topic" /></td>'; echo '</table></center>'; echo '</form>'; } /*******************************************/ /* Display the form for replying to threads. */ function showFormReply(){ echo '<form action="'.$_SERVER['php_self'].'" method="post">'; echo '<center><table width="75%" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'" border="0">'; echo '<tr align="left" valign="top">'; echo '<td width="30%"><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Your name:</b></font></td>'; echo '<td width="70%"><input name="name" id="name" type="text" size="50" maxlength="65"/></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Input verification code:</b></font></td>'; echo '<td><input name="verify" type="text" id="verify"/> '; echo '<img src="verify.png" alt="Type this into the box" title="Type this into the box" /></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Message:</b></font></td>'; echo '<td><textarea name="message" cols="50" rows="5" id="message"></textarea></td>'; echo '</tr>'; echo '<tr valign="top">'; echo '<td align="right"><input type="reset" value="Clear Form" /></td>'; echo '<td align="left"><input type="hidden" name="actiontype" value="makereply" /><input name="id" type="hidden" value="'.$id.'" /><input name="Submit" type="submit" value="Add reply" /></td>'; echo '</tr>'; echo '</table></center>'; echo '</form>'; } /*******************************************/ /* Selects and shows some details of posts which have zero as parentid. */ function showTopics(){ $rowcount = 0; $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){ die('Not connected: ' . mysql_error()); } $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){ die('Can not use database: '. mysql_error()); } $sql = "select * from forum where parentid='0' order by datetime desc"; $result = mysql_query($sql); echo '<center><table border="0" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'">'; echo '<tr bgcolor="'.HEADINGBG.'"><td width="50%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Subject</b></font></td><td width="30%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Name</b></font></td><td width="5%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Views</b></font></td><td width="5%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Replies</b></font></td><td width="10%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Date/Time</b></font></td></tr>'; while($rows=mysql_fetch_array($result)){ $rowbg = ($rowcount % 2) ? BGCOLOUR1 : BGCOLOUR2; echo '<tr bgcolor="'.$rowbg.'">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><a href="view_topic.php?id='.$rows['id'].'">'.$rows['subject'].'</td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['name']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['numviews']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['numreplies']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['datetime']).'</font></td>'; echo '</tr>'; $rowcount++; } mysql_close(); echo '</table></center>'; } /*******************************************/ /* Shows all posts where parentid is equal to selected postid. */ function showReplies(){ $rowcount = 0; $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){ die('Not connected: ' . mysql_error()); } $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){ die('Can not use database: '. mysql_error()); } $id = $_POST['id']; $sql = "select * from forum where id='$id'"; $result = mysql_query($sql); $rows = mysql_fetch_array($result); echo '<h2><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'">Subject: '.stripslashes($rows['subject']).'</font></h2>'; echo '<center><table width="100%" border="0" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'">'; echo '<tr bgcolor="'.HEADINGBG.'"><td width="15%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>User</b></font></td><td width="85%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Message</b></font></td></tr>'; echo '<tr><td><font size="'.TEXTSIZE.'" color="'.TEXTCOLOUR.'">'.stripslashes($rows['name']).'</font><br><font size="'.MINITEXT.'" color="'.TEXTCOLOUR.'">'.stripslashes($rows['datetime']).'</font></td><td><font size="'.TEXTSIZE.'" color="'.TEXTCOLOUR.'">'.stripslashes($rows['message']).'</font></td></tr>'; $sql2 = "select * from forum where parentid='$id' order by datetime asc"; $result2 = mysql_query($sql2); while($rows=mysql_fetch_array($result2)){ $rowbg = ($rowcount % 2) ? $bgcolour1 : $bgcolour2; echo '<tr bgcolor="'.$rowbg.'">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>'.stripslashes($rows['name']).'</b></font><br><font color="'.TEXTCOLOUR.'" size="'.$minitext.'">'.stripslashes($rows['datetime']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['message']).'</font></td>'; echo '</tr>'; $rowcount++; } $sql3 = "select numviews from forum where id='$id'"; $result3 = mysql_query($sql3); $rows = mysql_fetch_array($result3); $view = $rows['numviews']+1; $sql4 = "update forumthread set view='$view' where id='$id'"; $result5 = mysql_query($sql4); mysql_close(); } /*******************************************/ /* Insert new thread into database. */ function addThread(){ $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){ die('Not connected: ' . mysql_error()); } $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){ die('Can not use database: '. mysql_error()); } $name = mysql_real_escape_string(addslashes($_POST['name'])); $message = mysql_real_escape_string(addslashes($_POST['message'])); $subject = mysql_real_escape_string(addslashes($_POST['subject'])); $datetime = date("d/m/y H:i:s"); $sql = "insert into forum(name, message, datetime, subject) values('$name', '$message', '$datetime', '$subject')"; if($result = mysql_query($sql)){ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">New thread successfully created.</font><br>'; } else{ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Could not create thread. <a href="index.php">Return to forum.</a></font><br>'; } mysql_close(); } /*******************************************/ /* Insert new post into database. */ function addReply(){ $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){ die('Not connected: ' . mysql_error()); } $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){ die('Can not use database: '. mysql_error()); } $parentid = mysql_real_escape_string(addslashes($_POST['parentid'])); $name = mysql_real_escape_string(addslashes($_POST['name'])); $message = mysql_real_escape_string(addslashes($_POST['message'])); $datetime = date("d/m/y H:i:s"); $sql = "insert into forum(parentid, name, message, datetime) values('$parentid', '$name', '$message', '$datetime')"; if($result = mysql_query($sql)){ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Post successfully added to thread.</font><br>'; $sql2 = "update forum set numreplies = '$maxpostid' where id='$parentid'"; $result2 = mysql_query($sql2); } else{ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Could not add post. <a href="index.php">Return to forum.</a></font><br>'; } mysql_close(); } /*******************************************/ /* This switch decides which action to perform. */ if(isset($_POST['actiontype'])){ switch($actiontype){ case 'maketopic': if(md5($number) == $_SESSION['image_random_value']){ addThread(); $_SESSION['image_random_value'] = ''; showFormTopic(); showTopics(); } else{ wrongCode(); } break; case 'makereply': if(md5($number) == $_SESSION['image_random_value']){ addReply(); $_SESSION['image_random_value'] = ''; showFormReply(); showReplies(); } else{ wrongCode(); } break; case 'showreplies': showFormReply(); showReplies(); break; case 'showtopics': default: showFormTopic(); showTopics(); break; } } else{ /* Show list of threads and output form. */ showFormTopic(); showTopics(); } /*******************************************/ /* Include page footer. */ // EG: include("forumfooter.html"); echo '</body></html>'; ?> The image verification thing is the only real hurdle now. No idea how to get that working. The rest is just sorting out the logic of what to select from the DB and such. The relevant functions are verificationImage(), showFormTopic(), and showFormReply(). Oh, and also the switch down at the bottom. The verificationImage() function is to produce a verification image used as an input verification tool in those two forms, which is tested in the switch to determine if the functions for altering the database will be called. Yes, I have ripped off and mutilated many tutorials. However, I'm unsure how to work that verification image function into the form functions and the switch properly. Quote Link to comment Share on other sites More sharing options...
steve448 Posted October 19, 2007 Share Posted October 19, 2007 http://www.white-hat-web-design.co.uk/articles/php-captcha.php Is a good image verification script if we're thinking the same type of image verification Quote Link to comment Share on other sites More sharing options...
Knouen Posted October 20, 2007 Author Share Posted October 20, 2007 Yep, that's similar to the one I have already. I may use that one instead. But my main difficulty with it is turning it into a function within the file above, rather than using an external file linked in the IMG tag. Quote Link to comment Share on other sites More sharing options...
steve448 Posted October 20, 2007 Share Posted October 20, 2007 Sorry didn't even read your code, thought you just wanted to know how to do the image verification. Looks like you've already done what you need. You just need to replace echo '<img src="verify.png" alt="Type this into the box" title="Type this into the box" /> With a call to your verificationImage() function. Also, don't forget to set the session inside that function, otherwise its always going to fail. Quote Link to comment Share on other sites More sharing options...
Knouen Posted October 20, 2007 Author Share Posted October 20, 2007 I'll try it now, thanks. Quote Link to comment Share on other sites More sharing options...
Knouen Posted October 21, 2007 Author Share Posted October 21, 2007 Latest attempt. <?php /*******************************************/ /* Edit this section, add your own */ /* database connection details. */ define('DBHOST', 'blah'); define('DBUSER', 'blah'); define('DBPASS', 'blah'); define('DBNAME', 'blah'); /*******************************************/ /* Include any website header sections, */ /* eg: top.html, header.html, footer.html. */ // include("../html/header.html"); // include ("../html/sideMenu.html"); // include_once('../include/dbobj.inc.php'); echo '<html><head></head><body>'; /*******************************************/ /*******************************************/ /* Optional colours editing. Change any */ /* fields you like to any colours you */ /* prefer. Default is white background */ /* and black text. A full list of accepted */ /* named colours for HTML can be found at: */ /* http://www.w3schools.com/html/html_colornames.asp */ define('BGCOLOUR1', 'azure'); /* Background colour 1 for alternating table rows. */ define('BGCOLOUR2', 'aliceblue'); /* Background colour 2 for alternating table rows. */ define('TEXTCOLOUR', 'black'); /* Normal text colour. */ define('TEXTSIZE', '4'); /* Normal text size. */ define('MINITEXT', '4'); /* Mini text size. */ define('HEADINGBG', 'cyan'); /* Background colour for table headings. */ define('HEADINGSIZE', '4'); /* Size of heading text. */ define('HEADINGTEXT', 'black'); /* Text colour for table headings. */ define('SPACING', '0'); /* Spacing between table cells. */ define('PADDING', '2'); /* Padding around table cells. */ /*******************************************/ /* DO NOT EDIT BELOW THIS LINE! */ /*******************************************/ session_start(); if(empty($_POST['actiontype'])){ $actiontype = 'showtopics'; } if(empty($_POST['id'])){ $id = 0; } /*******************************************/ /* Verification code was wrong, give error message. */ function wrongCode(){ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Image verification code incorrect. <a href="index.php">Return to forum.</a></font><br>'; } /*******************************************/ /* Display the form for starting new threads. */ function showFormTopic(){ echo '<form action="'.$_SERVER['php_self'].'" method="post">'; echo '<center><table width="75%" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'" border="0">'; echo '<tr align="left" valign="top">'; echo '<td width="30%"><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Your name:</b></font></td>'; echo '<td width="70%"><input name="name" type="text" id="name" size="50" maxlength="65"/></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Subject:</b></font></td>'; echo '<td><input name="subject" type="text" id="subject" size="50" maxlength="255"/></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Input verification code:</b></font></td>'; echo '<td><input name="security_code" type="text" id="security_code"/> '; echo '<img src="CaptchaSecurityImages.php" alt="Type this into the box" title="Type this into the box" /></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Message:</b></font></td>'; echo '<td><textarea name="message" cols="50" rows="5" id="message"></textarea></td>'; echo '</tr>'; echo '<td align="right"><input type="reset" value="Clear Form" /></td>'; echo '<td align="left"><input type="hidden" name="actiontype" value="makethread" /><input name="id" type="hidden" value="'.$id.'" /><input name="Submit" type="submit" value="Add new topic" /></td>'; echo '</table></center>'; echo '</form>'; } /*******************************************/ /* Display the form for replying to threads. */ function showFormReply(){ echo '<form action="'.$_SERVER['php_self'].'" method="post">'; echo '<center><table width="75%" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'" border="0">'; echo '<tr align="left" valign="top">'; echo '<td width="30%"><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Your name:</b></font></td>'; echo '<td width="70%"><input name="name" id="name" type="text" size="50" maxlength="65"/></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Input verification code:</b></font></td>'; echo '<td><input name="security_code" type="text" id="security_code"/> '; echo '<img src="CaptchaSecurityImages.php" alt="Type this into the box" title="Type this into the box" /></td>'; echo '</tr>'; echo '<tr align="left" valign="top">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>Message:</b></font></td>'; echo '<td><textarea name="message" cols="50" rows="5" id="message"></textarea></td>'; echo '</tr>'; echo '<tr valign="top">'; echo '<td align="right"><input type="reset" value="Clear Form" /></td>'; echo '<td align="left"><input type="hidden" name="actiontype" value="makereply" /><input name="id" type="hidden" value="'.$id.'" /><input name="Submit" type="submit" value="Add reply" /></td>'; echo '</tr>'; echo '</table></center>'; echo '</form>'; } /*******************************************/ /* Selects and shows some details of posts which have zero as parentid. */ function showTopics(){ $rowcount = 0; $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){die('Not connected: ' . mysql_error());} $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){die('Can not use database: '. mysql_error());} $sql = "select * from forum where parentid=0"; $result = mysql_query($sql); echo '<center><table border="0" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'">'; echo '<tr bgcolor="'.HEADINGBG.'"><td width="50%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Subject</b></font></td><td width="30%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Name</b></font></td><td width="5%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Views</b></font></td><td width="5%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Replies</b></font></td><td width="10%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Date/Time</b></font></td></tr>'; while($rows=mysql_fetch_array($result)){ $rowbg = ($rowcount % 2) ? BGCOLOUR1 : BGCOLOUR2; echo '<tr bgcolor="'.$rowbg.'">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><a href="index.php?id='.$rows['id'].'">'.$rows['subject'].'</td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['name']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['numviews']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['numreplies']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['datetime']).'</font></td>'; echo '</tr>'; $rowcount++; } mysql_close(); echo '</table></center>'; } /*******************************************/ /* Shows all posts where parentid is equal to selected postid. */ function showReplies(){ $rowcount = 0; $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){die('Not connected: ' . mysql_error());} $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){die('Can not use database: '. mysql_error());} $id = $_POST['id']; $sql = "select * from forum where id='$id'"; $result = mysql_query($sql); $rows = mysql_fetch_array($result); echo '<h2><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'">Subject: '.stripslashes($rows['subject']).'</font></h2>'; echo '<center><table width="100%" border="0" cellspacing="'.SPACING.'" cellpadding="'.PADDING.'">'; echo '<tr bgcolor="'.HEADINGBG.'"><td width="15%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>User</b></font></td><td width="85%"><font color="'.HEADINGTEXT.'" size="'.HEADINGSIZE.'"><b>Message</b></font></td></tr>'; echo '<tr><td><font size="'.TEXTSIZE.'" color="'.TEXTCOLOUR.'">'.stripslashes($rows['name']).'</font><br><font size="'.MINITEXT.'" color="'.TEXTCOLOUR.'">'.stripslashes($rows['datetime']).'</font></td><td><font size="'.TEXTSIZE.'" color="'.TEXTCOLOUR.'">'.stripslashes($rows['message']).'</font></td></tr>'; $sql2 = "select * from forum where parentid='$id' order by datetime asc"; $result2 = mysql_query($sql2); while($rows=mysql_fetch_array($result2)){ $rowbg = ($rowcount % 2) ? $bgcolour1 : $bgcolour2; echo '<tr bgcolor="'.$rowbg.'">'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'"><b>'.stripslashes($rows['name']).'</b></font><br><font color="'.TEXTCOLOUR.'" size="'.$minitext.'">'.stripslashes($rows['datetime']).'</font></td>'; echo '<td><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">'.stripslashes($rows['message']).'</font></td>'; echo '</tr>'; $rowcount++; } $sql3 = "select numviews from forum where id='$id'"; $result3 = mysql_query($sql3); $rows = mysql_fetch_array($result3); $view = $rows['numviews']+1; $sql4 = "update forum set view='$view' where id='$id'"; $result5 = mysql_query($sql4); mysql_close(); } /*******************************************/ /* Insert new thread into database. */ function addThread(){ $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){ die('Not connected: ' . mysql_error()); } $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){ die('Can not use database: '. mysql_error()); } $name = mysql_real_escape_string(addslashes($_POST['name'])); $message = mysql_real_escape_string(addslashes($_POST['message'])); $subject = mysql_real_escape_string(addslashes($_POST['subject'])); $datetime = date("d/m/y H:i:s"); $parentid = 0; $sql = "insert into forum(name, message, datetime, subject, parentid) values('$name', '$message', '$datetime', '$subject', '$parentid')"; if($result = mysql_query($sql)){ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">New thread successfully created.</font><br>'; } else{ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Could not create thread. <a href="index.php">Return to forum.</a></font><br>'; } mysql_close(); } /*******************************************/ /* Insert new post into database. */ function addReply(){ $link = mysql_connect(DBHOST, DBUSER, DBPASS); if(!$link){ die('Not connected: ' . mysql_error()); } $db_selected = mysql_select_db(DBNAME, $link); if(!$db_selected){ die('Can not use database: '. mysql_error()); } $parentid = mysql_real_escape_string(addslashes($_POST['id'])); $name = mysql_real_escape_string(addslashes($_POST['name'])); $message = mysql_real_escape_string(addslashes($_POST['message'])); $datetime = date("d/m/y H:i:s"); $sql = "insert into forum(parentid, name, message, datetime) values('$parentid', '$name', '$message', '$datetime')"; if($result = mysql_query($sql)){ // $sql2 = "select max(numreplies) from forum"; // $result2 = mysqlquery($sql2)+1; echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Post successfully added to thread.</font><br>'; $sql3 = "update forum set numreplies = '$maxpostid' where id='$parentid'"; $result3 = mysql_query($sql3); } else{ echo '<br><font color="'.TEXTCOLOUR.'" size="'.TEXTSIZE.'">Could not add post. <a href="index.php">Return to forum.</a></font><br>'; } mysql_close(); } /*******************************************/ /* This switch decides which action to perform. */ if(isset($_POST['actiontype'])){ switch($actiontype){ case 'maketopic': if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ){ addThread(); unset($_SESSION['security_code']); showFormTopic(); showTopics(); } else{ wrongCode(); } break; case 'makereply': if(($_SESSION['security_code'] == $_POST['security_code']) && (!empty($_SESSION['security_code'])) ){ addReply(); unset($_SESSION['security_code']); showFormReply(); showReplies(); } else{ wrongCode(); } break; case 'showreplies': showFormReply(); showReplies(); break; case 'showtopics': default: showFormTopic(); showTopics(); break; } } else{ /* Show list of threads and output form. */ showFormTopic(); showTopics(); } /*******************************************/ /* Include page footer. */ // include("forumfooter.html"); echo '</body></html>'; ?> Obviousy it has a lot of problems. Could someone please try running that themselves? I know already my SQL is all messed up. Oh, here's the database table: <?php $sql = " CREATE TABLE `forum` ( `id` int(5) unsigned NOT NULL auto_increment, `parentid` int(5) unsigned NOT NULL default '0', `subject` varchar(255) default NULL, `message` text NOT NULL, `name` varchar(65) NOT NULL, `datetime` varchar(25) NOT NULL, `numviews` int(5) unsigned NOT NULL default '0', `numreplies` int(5) unsigned NOT NULL default '0', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; "; mysql_connect("$host", "$username", "$password")or die("Can not connect to database."); mysql_select_db("$db_name")or die("can not select database."); mysql_query($sql) or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.