1. Tạo tên CSDL : "forums_by_php"
2. Tạo bảng CSDL trong "forums_by_php", chúng ta tạo những file *.sql như sau, sau do import vào CSDL:
File "users.sql":
CREATE TABLE IF NOT EXISTS `users` (
`user_id` INT(8) NOT NULL AUTO_INCREMENT,
`user_name` VARCHAR(30) NOT NULL,
`user_pass` VARCHAR(255) NOT NULL,
`user_email` VARCHAR(255) NOT NULL,
`user_date` DATETIME NOT NULL,
`user_level` INT(8) NOT NULL,
UNIQUE INDEX user_name_unique (user_name),
PRIMARY KEY (user_id)
) ENGINE=INNODB;
File "topics.sql" :
CREATE TABLE IF NOT EXISTS `topics` (
`topic_id` INT(8) NOT NULL AUTO_INCREMENT,
`topic_subject` VARCHAR(255) NOT NULL,
`topic_date` DATETIME NOT NULL,
`topic_cat` INT(8) NOT NULL,
`topic_by` INT(8) NOT NULL,
PRIMARY KEY (topic_id)
) ENGINE=INNODB;
File "posts.sql" :
CREATE TABLE IF NOT EXISTS `posts` (
`post_id` INT(8) NOT NULL AUTO_INCREMENT,
`post_content` TEXT NOT NULL,
`post_date` DATETIME NOT NULL,
`post_topic` INT(8) NOT NULL,
`post_by` INT(8) NOT NULL,
PRIMARY KEY (post_id)
) ENGINE=INNODB;
File "categories.sql":
CREATE TABLE IF NOT EXISTS `categories` (
`cat_id` INT(8) NOT NULL AUTO_INCREMENT,
`cat_name` VARCHAR(255) NOT NULL,
`cat_description` VARCHAR(255) NOT NULL,
UNIQUE INDEX cat_name_unique (cat_name),
PRIMARY KEY (cat_id)
) ENGINE=INNODB;
3. Tạo file"style.css" :
4. Tạo file "connect.php":/* BEGIN BASIC FORUM STYLES */body {background-color: #4E4E4E;text-align: center; /* make sure IE centers the page too */}#wrapper {width: 530px;margin: 0 auto; /* center the page */}#content {background-color: #fff;border: 1px solid #000;float: left;font-family: Arial;padding: 20px 30px;text-align: left;width: 85%; /* fill up the entire div */}#menu {float: left;border: 1px solid #000;border-bottom: none; /* avoid a double border */clear: both; /* clear:both makes sure the content div doesn't float next to this one but stays under it */width:85%;height:50px;padding: 0 30px;background-color: #FFF;text-align: left;font-size: 85%;}#menu a:hover {background-color: #009FC1;}#userbar {background-color: #fff;float: right;width: 200px;}#footer {clear: both;}/* begin table styles */table {border-collapse: collapse;width: 100%;}table a {color: #000;}table a:hover {color:#373737;text-decoration: none;}/* Begin font styles */h1, #footer {font-family: Arial;color: #F1F3F1;}h3 {margin: 0; padding: 0;}/* Menu styles */.item {background-color: #00728B;border: 1px solid #032472;color: #FFF;font-family: Arial;padding: 5px;text-decoration: none;}.small {font-size: 75%;color: #373737;}#footer {font-size: 65%;padding: 5px 0 0 0;}.topic-post {height: 100px;overflow: auto;}.post-content {padding: 30px;}textarea {width: 472px;height: 200px;}
<?php
session_start();
//connect.php
$server = "127.0.0.1";
$username = "root";
$password = "";
$database = "forums_by_php";
if(!mysql_connect($server, $username, $password))
{
exit('Error: could not establish database connection');
}
if(!mysql_select_db($database))
{
exit('Error: could not select the database');
}
?>
5. Tạo file"header.php " :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="A short description." />
<meta name="keywords" content="put, keywords, here" />
<title>PHP-MySQL forum</title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>My forum</h1>
<div id="wrapper">
<div id="menu">
<a class="item" href="http://127.0.0.1/source/index.php">Home</a>
<a class="item" href="http://127.0.0.1/source/create_topic.php">Create Topic</a>
<a class="item" href="http://127.0.0.1/source/create_cat.php">Create Category</a>
<div id="userbar">
<?php
if(isset($_SESSION['signed_in']))
{
echo'<br/>';
echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>.<a class="item" href="signout.php">Logout</a>';
}
else
{
echo '<a class="item" href="signin.php">Login</a> or <a class="item" href="signup.php">Regedit</a>';
}
?>
</div>
</div>
<div id="content">
6. Tạo file "footer.php" :
</div>
<!-- content -->
</div>
<!-- wrapper -->
<div id="footer"> CôĐơn Online</div>
</body>
</html>
7. Tạo file "topic.php" :
<?php//create_cat.phpinclude 'connect.php';include 'header.php';$sql = "SELECTtopic_id,topic_subjectFROMtopicsWHEREtopics.topic_id = " . mysql_real_escape_string($_GET['id']);$result = mysql_query($sql);if(!$result){echo 'The topic could not be displayed, please try again later.';}else{if(mysql_num_rows($result) == 0){echo 'This topic doesn′t exist.';}else{while($row = mysql_fetch_assoc($result)){//display post dataecho '<table class="topic" border="1"><tr><th colspan="2">' . $row['topic_subject'] . '</th></tr>';//fetch the posts from the database$posts_sql = "SELECTposts.post_topic,posts.post_content,posts.post_date,posts.post_by,users.user_id,users.user_nameFROMpostsLEFT JOINusersONposts.post_by = users.user_idWHEREposts.post_topic = " . mysql_real_escape_string($_GET['id']);$posts_result = mysql_query($posts_sql);if(!$posts_result){echo '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>';}else{while($posts_row = mysql_fetch_assoc($posts_result)){echo '<tr class="topic-post"><td class="user-post">' . $posts_row['user_name'] . '<br/>' . date('d-m-Y H:i', strtotime($posts_row['post_date'])) . '</td><td class="post-content">' . htmlentities(stripslashes($posts_row['post_content'])) . '</td></tr>';}}if(isset($_SESSION['signed_in'])){//show reply boxecho '<tr><td colspan="2"><h2>Reply:</h2><br /><form method="post" action="reply.php?id=' . $row['topic_id'] . '"><textarea name="reply-content"></textarea><br /><br /><input type="submit" value="Submit reply" /></form></td></tr>';} else{echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';}//finish the tableecho '</table>';}}}include 'footer.php';?>
8. Tạo file "replay.php":
<?php//create_cat.phpinclude 'connect.php';include 'header.php';if($_SERVER['REQUEST_METHOD'] != 'POST'){//someone is calling the file directly, which we don't wantecho 'This file cannot be called directly.';}else{//check for sign in statusif(!$_SESSION['signed_in']){echo 'You must be signed in to post a reply.';}else{//a real user posted a real reply$sql = "INSERT INTOposts(post_content,post_date,post_topic,post_by)VALUES ('" . $_POST['reply-content'] . "',NOW()," . mysql_real_escape_string($_GET['id']) . "," . $_SESSION['user_id'] . ")";$result = mysql_query($sql);if(!$result){echo 'Your reply has not been saved, please try again later.';}else{echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';}}}include 'footer.php';?>
9. Tạo file "create_topic.php" :
<?php//create_topic.phpinclude 'connect.php';include 'header.php';echo '<h2>Create a topic</h2>';if(isset($_SESSION['signed_in'])){//the user is signed inif($_SERVER['REQUEST_METHOD'] != 'POST'){//the form hasn't been posted yet, display it//retrieve the categories from the database for use in the dropdown$sql = "SELECTcat_id,cat_name,cat_descriptionFROMcategories";$result = mysql_query($sql);if(!$result){//the query failed, uh-oh :-(echo 'Error while selecting from database. Please try again later.';}else{if(mysql_num_rows($result) == 0){//there are no categories, so a topic can't be postedif($_SESSION['user_level'] == 1){echo 'You have not created categories yet.';}else{echo 'Before you can post a topic, you must wait for an admin to create some categories.';}}else{echo '<form method="post" action="">Subject: <input type="text" name="topic_subject" /><br />Category:';echo '<select name="topic_cat">';while($row = mysql_fetch_assoc($result)){echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';}echo '</select><br />';echo 'Message: <br /><textarea name="post_content" /></textarea><br /><br /><input type="submit" value="Create topic" /></form>';}}}else{//start the transaction$query = "BEGIN WORK;";$result = mysql_query($query);if(!$result){//Damn! the query failed, quitecho 'An error occured while creating your topic. Please try again later.';}else{//the form has been posted, so save it//insert the topic into the topics table first, then we'll save the post into the posts table$sql = "INSERT INTOtopics(topic_subject,topic_date,topic_cat,topic_by)VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',NOW()," . mysql_real_escape_string($_POST['topic_cat']) . "," . $_SESSION['user_id'] . ")";$result = mysql_query($sql);if(!$result){//something went wrong, display the errorecho 'An error occured while inserting your data. Please try again later.<br /><br />' . mysql_error();$sql = "ROLLBACK;";$result = mysql_query($sql);}else{//the first query worked, now start the second, posts query//retrieve the id of the freshly created topic for usage in the posts query$topicid = mysql_insert_id();$sql = "INSERT INTOposts(post_content,post_date,post_topic,post_by)VALUES('" . mysql_real_escape_string($_POST['post_content']) . "',NOW()," . $topicid . "," . $_SESSION['user_id'] . ")";$result = mysql_query($sql);if(!$result){//something went wrong, display the errorecho 'An error occured while inserting your post. Please try again later.<br /><br />' . mysql_error();$sql = "ROLLBACK;";$result = mysql_query($sql);}else{$sql = "COMMIT;";$result = mysql_query($sql);//after a lot of work, the query succeeded!echo 'You have succesfully created <a href="topic.php?id='. $topicid . '">your new topic</a>.';}}}}} else{//the user is not signed inecho 'Sorry, you have to be <a href="http://127.0.0.1/source/signin.php">signed in</a> to create a topic.';}include 'footer.php';?>
10. Tạo file "create_cat.php" :
<?php
//create_cat.php
include 'connect.php';
include 'header.php';
echo '<h2>Create a category</h2>';
if(isset($_SESSION['signed_in']) )
{
//the user has admin rights
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo '<form method="post" action="">
Category name: <input type="text" name="cat_name" /><br />
Category description:<br /> <textarea name="cat_description" /></textarea><br /><br />
<input type="submit" value="Add category" />
</form>';
}
else
{
//the form has been posted, so save it
$sql = "INSERT INTO categories(cat_name, cat_description)
VALUES('" . mysql_real_escape_string($_POST['cat_name']) . "',
'" . mysql_real_escape_string($_POST['cat_description']) . "')";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Error' . mysql_error();
}
else
{
echo 'New category succesfully added.';
}
}
} else
{
//the user is not an admin
echo 'Sorry, you do not have sufficient rights to access this page.';
}
include 'footer.php';
?>
11. Tạo file "category.php" :
<?php
//category.php
include 'connect.php';
include 'header.php';
//first select the category based on $_GET['cat_id']
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This category does not exist.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{
echo '<h2>Topics in ′' . $row['cat_name'] . '′ category</h2><br />';
}
//do a query for the topics
$sql = "SELECT topic_id,
topic_subject,
topic_date,
topic_cat
FROM
topics
WHERE
topic_cat = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The topics could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are no topics in this category yet.';
}
else
{
//prepare the table
echo '<table border="1">
<tr>
<th>Topic</th>
<th>Created at</th>
</tr>'; while($row = mysql_fetch_assoc($result))
{ echo '<tr>';
echo '<td class="leftpart">';
echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
}
}
}
include 'footer.php';
?>
12. Tạo file "signup.php" :
<?php
//category.php
include 'connect.php';
include 'header.php';
//first select the category based on $_GET['cat_id']
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This category does not exist.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{
echo '<h2>Topics in ′' . $row['cat_name'] . '′ category</h2><br />';
}
//do a query for the topics
$sql = "SELECT topic_id,
topic_subject,
topic_date,
topic_cat
FROM
topics
WHERE
topic_cat = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The topics could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are no topics in this category yet.';
}
else
{
//prepare the table
echo '<table border="1">
<tr>
<th>Topic</th>
<th>Created at</th>
</tr>'; while($row = mysql_fetch_assoc($result))
{ echo '<tr>';
echo '<td class="leftpart">';
echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
}
}
}
include 'footer.php';
?>
13. Tạo file "signin.php " :
<?php
//signin.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign in</h3><br />';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="user_name" /><br />
Password: <input type="password" name="user_pass"><br />
<input type="submit" value="Sign in" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['user_pass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysql_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysql_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
}
echo 'Welcome, ' . $_SESSION['user_name'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
}
}
}
}
}
include 'footer.php';
?>
14. Tạo file "signout.php" :
<?php//signout.phpinclude 'connect.php';include 'header.php';
echo '<h2>Sign out</h2>';
//check if user if signed inif($_SESSION['signed_in'] == true){ //unset all variables $_SESSION['signed_in'] = NULL; $_SESSION['user_name'] = NULL; $_SESSION['user_id'] = NULL;
echo 'Succesfully signed out, thank you for visiting.';}else{ echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';}
include 'footer.php';?>
15. Demo : khi test thử bạn chú ý là xem lại: host , username, password ,tên csdl , đường dẫn đến thư mục chứa file , ..
Chắc còn khoản 2 bài nữa , 1. login ma hóa md5 và sha1 , 2. add khung định dạng văn bản vào forum . Sau đó mình sẽ đề cập đến bảo mật . :)))
0 nhận xét:
Đăng nhận xét