creating a message board with php and mysql

[Tavarin]

That's another way of doing it yes. You can do it in multiple pages, which is what I originally started with, but I moved it all onto one page for simplicity, and just to see if I could do it. If I'm unable to find out what's wrong I'll break the page up into multiple pages so that it will definitely work.

And I'm not sure if you're allowed more than one equals sign in a URL at once. It works fine so long as you don't send a doctype, so I never bothered changing it.

Code to come later.

Cheers

[Tavarin]

So I fixed it for me. This is still the single page variation of my script, and it works for me on both IE and Firefox. I split it into multiple pages, but that didn't work, so here is the single page code.

So this is the multiple user variation, an example of which is here:
http://www.actonhighschool.ca/7/Boards.php

First you'll need a table to keep track of users:

<?php
mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database name") or die ('I cannot connect to the database because: ' . mysql_error());

$sql = "CREATE TABLE users
(
number int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(number),
name varchar(50),
password varchar(50),
avatar varchar(50),
signature varchar(1000)
)";

mysql_query($sql) or die ('I cannot create table because: ' . mysql_error());

echo "table created";

?>

Once you have that in you make a registration page (call it Register.php):

mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database name") or die ('I cannot connect to the database because: ' . mysql_error());

/*Get results from users table and then set initial variables*/
$result = mysql_query("SELECT * FROM users");

$userexist="0";

$usercreated="0";

/*Arrange table data into arrays*/
while($row = mysql_fetch_array($result)) {
$number[]= $row['number'];
$l_name[]= $row['name'];
}

/*Run a loop to see if the username entered exists or not*/
for($j = 0; $j < sizeof($number); $j++) {
if ($_POST[txtUsername] == $l_name[$j]) {
$userexist="1";
}
}

/*Check to see if a username and password has been entered and if so
Check to see if the entered passwords match and if they do
Check to see if the user already exists and if not
Register the new username*/
if($mode=="register") {
if($_POST[txtUsername] == "" || $_POST[txtPassword] == "") {
Echo "<p>Please enter a username and/or a password</p>";
}
elseif($_POST[txtPassword]==$_POST[txtPasswordc]) {
if($userexist != "1") {
mysql_query("INSERT INTO users (name, password)
VALUES ('$_POST[txtUsername]', md5('$_POST[txtPassword]'))")
or die ('I cannot add user: ' . mysql_error());
echo "<p>User Added</p>";
echo "<p><a href='Boards.php'>Return To The Boards</a></p>";
$usercreated="1"; }
else {
echo "This username already exists, please enter another";
}
}
else {
echo "Your password did not match, please type it in again";
}
}

/*If a new user hasn't signed up then show a form through which they can enter a username, password and confirmation*/
if($usercreated == "0"){
echo "
<p>
<strong>Register</strong>
<form name='form' method='post' action=\"$PHP_SELF?ID=&mode=register\">
<p><label for='txtUsername'>Username:</label>
<br /><input type='text' title='Enter your Username' name='txtUsername' /></p>
<p><label for='txtpassword'>Password:</label>
<br /><input type='password' title='Enter your password' name='txtPassword' /></p>
<p><label for='txtpasswordc'>Confirm Your Password:</label>
<br /><input type='password' title='Confirm your password' name='txtPasswordc' /></p>
<p><input type='submit' name='Submit' value='Register' /></p>
</form>
</p>";
}

And finally the actual boards page (call it Boards.php):

<?php

session_start();

mysql_connect ("localhost", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database name") or die ('I cannot connect to the database because: ' . mysql_error());

/*Login Variable to check if user logged in. Default is zero*/
$logged="0";

/*Get the current time and date*/
$dateadd=date("j of F Y, \a\\t g.i a", time());

/*Get user name as variable*/
$nameadd=$_SESSION['user'];

/*Add a post if the add post form has been submitted*/
if($mode=="add") {
mysql_query("INSERT INTO messageboards (name, date, title, message)
VALUES ('$nameadd', '$dateadd', '$_POST[titleadd]', '<pre>$_POST[messageadd]</pre>')")
or die ('I cannot add message because: ' . mysql_error());
}

/*Delete a post if the remove button has been clicked*/
if($mode=="remove") {
mysql_query("DELETE FROM messageboards WHERE number = $ID");
}

/*End the users session*/
if($mode=="logout") {
unset($_SESSION['user']);
}

/*Get all the user names and passwords*/
$result = mysql_query("SELECT * FROM users");

while($row = mysql_fetch_array($result)) {
$number[]= $row['number'];
$l_name[]= $row['name'];
$password[]= $row['password'];
}

/*If the login form has been submitted, check the database user names and passwords against the entered ones. Done with encryption.*/
if($mode=="login") {
$enteredpw=md5($_POST['txtPassword']);
for($i = 0; $i < sizeof($number); $i++) {
if ($_POST['txtUsername'] == $l_name[$i] && $enteredpw == $password[$i]) {
$logged = "1";
}
if ($_SESSION['user'] == $l_name[$i]) {
$logged = "2";
}
}

if ($logged == "1") {
session_start();
$_SESSION['user'] = $_POST['txtUsername'];
$nameadd=$_SESSION['user'];
}
}

/*Check to see if a session exists, and if so set logged to be 2*/
for($j = 0; $j < sizeof($number); $j++) {
if ($_SESSION['user'] == $l_name[$j]) {
$logged = "2";
$nameadd=$_SESSION['user'];
}
}

/*echo in the html doctype and head*/
echo "
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1' />
<title>The Boards</title>
</head>
<body>
<font face='Times New Roman' color='#FFFFCC'>";

include("header.inc.php");

/*If the user is logged in print out the table of messages with the remove button. Also print out a form for adding messages.*/
/*If no user if logged in then print the table of messages without a remove button, and print a login form.*/
$i="0";
if ($logged == "2") {
print "<p>". $_SESSION['user'] ." Is logged in </p>";
echo "<a href=\"$PHP_SELF?ID=$number[$i]&mode=logout\">Logout</a><br /><br />";
$result = mysql_query("SELECT * FROM messageboards ORDER BY number DESC");
while($row = mysql_fetch_array($result)) {
$numbers[]= $row['number'];
$n_name[]= $row['name'];
$date[]= $row['date'];
$title[]= $row['title'];
$message[]= $row['message']; }
echo "<table border='1' width='500px'>";
for ($n = 0; $n < sizeof($n_name); $n++) {
echo "<tr><td>" . $n_name[$n] . "</td></tr>";
echo "<tr><td>" . $date[$n] . "</td></tr>";
echo "<tr><td><strong>" . $title[$n] . "</strong></td></tr>";
echo "<tr><td>" . $message[$n] . "</td></tr>";
if($nameadd == $n_name[$n]) {
echo "<tr><td><a href=\"$PHP_SELF?ID=$numbers[$n]&mode=remove\">Delete Message</a></td></tr>";
}
echo "<tr><td><br /><br /></td></tr>"; }
echo "</table>";
echo "
<form method='POST' action=\"$PHP_SELF?mode=add\">
<p><strong>Message Title: </strong><br /><input type='text' size='50' name='titleadd' /><br />
<strong>Message: </strong><br /><textarea cols='70' rows='20' name='messageadd' wrap='virtual'></textarea><br />
<input type='submit' value='Add Message' /></p><br />
</form>";
}
else {
$result = mysql_query("SELECT * FROM messageboards ORDER BY number DESC");
while($row = mysql_fetch_array($result)) {
$number[]= $row['number'];
$n_name[]= $row['name'];
$date[]= $row['date'];
$title[]= $row['title'];
$message[]= $row['message']; }
echo "<table border='1' width='500px'>";
for ($m = 0; $m < sizeof($n_name); $m++) {
echo "<tr><td>" . $n_name[$m] . "</td></tr>";
echo "<tr><td>" . $date[$m] . "</td></tr>";
echo "<tr><td><strong>" . $title[$m] . "</strong></td></tr>";
echo "<tr><td>" . $message[$m] . "</td></tr>";
echo "<tr><td><br /><br /></td></tr>"; }
echo "</table>";
echo "
<p>
<strong>Login</strong>
<form name='form' method='post' action=\"$PHP_SELF?ID=&mode=login\">
<p><label for='txtUsername'>Username:</label>
<br /><input type='text' title='Enter your Username' name='txtUsername' /></p>
<p><label for='txtPassword'>Password:</label>
<br /><input type='password' title='Enter your password' name='txtPassword' /></p>
<p><input type='submit' name='Submit' value='Login' /></p>
</form>
</p>
<p>Don't have a login, <a href='Register.php'>Register</a></p>";
}

echo "</font>";

?>

</body>

</html>

This is actually my page which includes a header file, as well as some fonts. So if you want to use this code as is then you'll need to make a header.inc.php, otherwise remove the include line and change the font tag to whatever font you want. Right now the font is off white, so if you run this and see nothing, just check the font.

Anyway, this is the exact code from my working page so it should work. If you have any problems, or questions let me know.

Cheers

[si-skyline]

lol.. complete madness, it wont add things to the database. even when i try and reg a new user, the registration page stays up with blank fields.. when i look at the db, there is nothing there.

i added a user manually but when i try and log in it seems to just refresh the page with the login fields still apearing, with no option to add, so i suppose it didnt log me in..

[si-skyline]

hmm, well iv managed to get a workable site going, this one uses multifiles, one is the board, add and the other is delete..

live @ <<link removed for reconstruction, siskyline>>

Id thought that i just post snippits of the file, of course the tags and connection are there
do you think there is anything differant in this to the version you had? its clear that there isent a problem posting information to the database from a website

im confussed to the reason why your one file form wont work.

Code:

index/

<form action="latestadded.php" method="post">
          <p><span class ="style3">Create a new message:</span><br />
            <span class = "style2">*You must fill all fields to post a message</span> </p>
          <p><span class="style2">Your name: </span><br />
            <input type="text" name="name" />
</p>
          <p><span class="style1">Title: </span><br />
              <input type="text" name="title" />
              <br />
              <span class="style2">Message: </span><br />
              <textarea name="message" cols="40" rows="6"></textarea>
              <br />
              <br />
              <input type="submit" name="add" value="add message" />
              </p>
          </p>
              </form>
$query = "SELECT * FROM messageboards ORDER BY number DESC";

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
        echo "<p><input type='radio' name='number' value='" .$row['number']."'/>";
		echo "<span class=style1>" .$row['title']."";
		echo " - ".$row['date']."</span><br>";
		echo "<span class = style2>" .$row['message']. "<br>";
		echo "-- " .$row['name']. "</span></p>";

Code:

/add

$name = $_POST['name'];
$title = $_POST['title'];
$dateadd = date("j of F Y, \a\\t g.i a", time());
$message = $_POST['message'];

mysql_query("INSERT INTO messageboards
(name,date,title,message) VALUES('$name','$dateadd','$title','$message') ")
or die(mysql_error());

echo "<span class = style2>Your data has been added to the database,<br>  Please wait while the server processes the new database...</span>";

[Tavarin]

I can't see a difference in our overall code, just that you've done this in multiple pages. In order for my script to work I had to go into the cPanel X and make all the permissions for my page 7.

Have you changed the permissions at all?

And you could easily split my code into multiple pages by pulling commented sections off add and remove onto other pages and changing the form actions.

And I think the only reason the login wouldn't work is because of permissions, since it is the one thing that has never failed for my page.

Sorry for the silence, I had no internet this weekend.

[si-skyline]

ah, no its oki. i dont know how to change permissions tbh. i do have a server with full control. but i would perfer to have it working on the uni one. were i can only use phpmyadmin

[XcOM]

dude, this is well above my head, i used to play about with sql for ages, not my best friend.

[Tavarin]

SQL isn't too bad to work with, it can just be very annoying at times. I just wrote a delete script for a page and even though everything was going through correctly the server refused to get rid of the file. I'm checking my syntax to see if that's the problem, but so far the code looks fine, and on some servers runs fine. I think that mySQL's ability to work is dependent on the server it's running on.