<?php
session_start();
mysql_connect ("localhost", "
username", "
password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("
database name") or die ('I cannot connect to the database because: ' . mysql_error());
/*Login Variable to check if user logged in. Default is zero*/
$logged="0";
/*Get the current time and date*/
$dateadd=date("j of F Y, \a\\t g.i a", time());
/*Get user name as variable*/
$nameadd=$_SESSION['user'];
/*Add a post if the add post form has been submitted*/
if($mode=="add") {
mysql_query("INSERT INTO messageboards (name, date, title, message)
VALUES ('$nameadd', '$dateadd', '$_POST[titleadd]', '<pre>$_POST[messageadd]</pre>')")
or die ('I cannot add message because: ' . mysql_error());
}
/*Delete a post if the remove button has been clicked*/
if($mode=="remove") {
mysql_query("DELETE FROM messageboards WHERE number = $ID");
}
/*End the users session*/
if($mode=="logout") {
unset($_SESSION['user']);
}
/*Get all the user names and passwords*/
$result = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($result)) {
$number[]= $row['number'];
$l_name[]= $row['name'];
$password[]= $row['password'];
}
/*If the login form has been submitted, check the database user names and passwords against the entered ones. Done with encryption.*/
if($mode=="login") {
$enteredpw=md5($_POST['txtPassword']);
for($i = 0; $i < sizeof($number); $i++) {
if ($_POST['txtUsername'] == $l_name[$i] && $enteredpw == $password[$i]) {
$logged = "1";
}
if ($_SESSION['user'] == $l_name[$i]) {
$logged = "2";
}
}
if ($logged == "1") {
session_start();
$_SESSION['user'] = $_POST['txtUsername'];
$nameadd=$_SESSION['user'];
}
}
/*Check to see if a session exists, and if so set logged to be 2*/
for($j = 0; $j < sizeof($number); $j++) {
if ($_SESSION['user'] == $l_name[$j]) {
$logged = "2";
$nameadd=$_SESSION['user'];
}
}
/*echo in the html doctype and head*/
echo "
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1' />
<title>The Boards</title>
</head>
<body>
<font face='Times New Roman' color='#FFFFCC'>";
include("header.inc.php");
/*If the user is logged in print out the table of messages with the remove button. Also print out a form for adding messages.*/
/*If no user if logged in then print the table of messages without a remove button, and print a login form.*/
$i="0";
if ($logged == "2") {
print "<p>". $_SESSION['user'] ." Is logged in </p>";
echo "<a href=\"$PHP_SELF?ID=$number[$i]&mode=logout\">Logout</a><br /><br />";
$result = mysql_query("SELECT * FROM messageboards ORDER BY number DESC");
while($row = mysql_fetch_array($result)) {
$numbers[]= $row['number'];
$n_name[]= $row['name'];
$date[]= $row['date'];
$title[]= $row['title'];
$message[]= $row['message']; }
echo "<table border='1' width='500px'>";
for ($n = 0; $n < sizeof($n_name); $n++) {
echo "<tr><td>" . $n_name[$n] . "</td></tr>";
echo "<tr><td>" . $date[$n] . "</td></tr>";
echo "<tr><td><strong>" . $title[$n] . "</strong></td></tr>";
echo "<tr><td>" . $message[$n] . "</td></tr>";
if($nameadd == $n_name[$n]) {
echo "<tr><td><a href=\"$PHP_SELF?ID=$numbers[$n]&mode=remove\">Delete Message</a></td></tr>";
}
echo "<tr><td><br /><br /></td></tr>"; }
echo "</table>";
echo "
<form method='POST' action=\"$PHP_SELF?mode=add\">
<p><strong>Message Title: </strong><br /><input type='text' size='50' name='titleadd' /><br />
<strong>Message: </strong><br /><textarea cols='70' rows='20' name='messageadd' wrap='virtual'></textarea><br />
<input type='submit' value='Add Message' /></p><br />
</form>";
}
else {
$result = mysql_query("SELECT * FROM messageboards ORDER BY number DESC");
while($row = mysql_fetch_array($result)) {
$number[]= $row['number'];
$n_name[]= $row['name'];
$date[]= $row['date'];
$title[]= $row['title'];
$message[]= $row['message']; }
echo "<table border='1' width='500px'>";
for ($m = 0; $m < sizeof($n_name); $m++) {
echo "<tr><td>" . $n_name[$m] . "</td></tr>";
echo "<tr><td>" . $date[$m] . "</td></tr>";
echo "<tr><td><strong>" . $title[$m] . "</strong></td></tr>";
echo "<tr><td>" . $message[$m] . "</td></tr>";
echo "<tr><td><br /><br /></td></tr>"; }
echo "</table>";
echo "
<p>
<strong>Login</strong>
<form name='form' method='post' action=\"$PHP_SELF?ID=&mode=login\">
<p><label for='txtUsername'>Username:</label>
<br /><input type='text' title='Enter your Username' name='txtUsername' /></p>
<p><label for='txtPassword'>Password:</label>
<br /><input type='password' title='Enter your password' name='txtPassword' /></p>
<p><input type='submit' name='Submit' value='Login' /></p>
</form>
</p>
<p>Don't have a login, <a href='Register.php'>Register</a></p>";
}
echo "</font>";
?>
</body>
</html>