143 CHAPTER 5 Discussion Forums Create a new file called login.php and add the form: <form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post"> <table> <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Login!"></td> </tr> </table> </form> Don't have an account? Go and <a href="register.php">Register</a>! In the preceding code, you might have noticed something odd in the action attribute of the <form> tag. A function called pf_script_with_get() has been used to process the script name ( $SCRIPT_NAME) to detect which GET variables are added to the current page and then bolt them on to the action of the form. You need to add the GET variable to the action if you want to access it in the code that processes the form. This is fine if you know the name of the GET variable, but if the variables could vary, you need to detect them and add them. The reason you need this function is a result of the redirects. When a user clicks a link that requires her to be logged in (such as the New Topic link), the site should redirect to the login page. When the user has logged in, she should then be redirected to the original link. This would be simple enough if there was just a sin- gle GET variable (such as redirect=page.php), but if you are trying to add a topic to a specific forum and are passing the Add Topic page an id, there are two GET vari- ables—the page and the id of the forum. Instead of trying to hard code this, it makes far more sense to detect which GET variables exist and add them automati- cally to the action part of the forum. The pf_script_with_get() function is a custom function. Create a file called functions.php and add the following code: <?php function pf_script_with_get($script) { $page = $script; $page = $page . "?"; foreach($_GET as $key => $val) { 144 Practical PHP and MySQL $page = $page . $key . "=" . $val . "&"; } return substr($page, 0, strlen($page)-1); } ?> Within this function, you pass the function the page to get the GET variable from ( $script). The first line sets $page to store the contents of $script, and the second line appends a question mark to the page (for example, page.php?). The function then pulls out the GET variables by using the foreach() function to tear open the $_GET array and loop through it. In the foreach, you treat the key as $key and the value as $val and then glue them together in the format key=val&. Finally, you need to remove the final & from the link. To do this, use the substr() function to pass it $page, determine the length with strlen(), and then remove the last character (achieved with the –1 part). With the function complete, process the form: <?php session_start(); require("config.php"); require("functions.php"); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); if($_POST['submit']) { $sql = "SELECT * FROM users WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "';"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); $result = mysql_query($sql); $numrows = mysql_num_rows($result); if($numrows == 1) { $row = mysql_fetch_assoc($result); if($row['active'] == 1) { session_register("USERNAME"); session_register("USERID"); 145 CHAPTER 5 Discussion Forums $_SESSION['USERNAME'] = $row['username']; $_SESSION['USERID'] = $row['id']; It’s now time to perform any necessary redirection. Remember that pages requir- ing a user to be logged in redirect to the login page and then should be redirected to the original page. To handle this redirection, the page that redirects to login.php will also pass it the ref GET variable. This variable can have one of two possible values: ■ newpost. The user has tried to make a new post. This should redirect to newtopic.php. ■ reply. The user has tried to reply to a post. This should redirect to reply.php. The next block reacts to these different options: $_SESSION['USERNAME'] = $row['username']; $_SESSION['USERID'] = $row['id']; switch($_GET['ref']) { case "newpost": if(isset($_GET['id']) == FALSE) { header("Location: " . $config_basedir . "/newtopic.php"); } else { header("Location: " . $config_basedir . "/newtopic.php?id=" . $_GET['id']); } break; case "reply": if(isset($_GET['id']) == FALSE) { header("Location: " . $config_basedir . "/newtopic.php"); } else { header("Location: " . $config_basedir . "/newtopic.php?id=" . $_GET['id']); } break; default: header("Location: " . $config_basedir); break; } Finish the code to process the form: default: 146 Practical PHP and MySQL header("Location: " . $config_basedir); break; } } else { require("header.php"); echo "This account is not verified yet. You were emailed a link to verify the account. Please click on the link in the email to continue."; } echo "This account is not verified yet. You were emailed a link to verify the account. Please click on the link in the email to continue."; } } else { header("Location: " . $config_basedir . "/login.php?error=1"); } } If a login error occurs, the page is redirected, and error=1 is added as a GET variable. This can be used to add an error message: else { header("Location: " . $config_basedir . "/login.php?error=1"); } } else { require("header.php"); if($_GET['error']) { echo "Incorrect login, please try again!"; } ?> <form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post"> Finally, add the footer: Don't have an account? Go and <a href="register.php">Register</a>! <?php } require("footer.php"); ?> 147 CHAPTER 5 Discussion Forums Logging In the Administrator The login page for the administrator is fundamentally the same as the preceding page. Create a new file called admin.php and add the code shown in Example 5-3. EXAMPLE 5-3 The administrator login page is virtually identical to the user login page. <?php session_start(); require("config.php"); require("functions.php"); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); if($_POST['submit']) { $sql = "SELECT * FROM admins WHERE username = '" . $_POST['username'] . "' AND password = '" . $_POST['password'] . "';"; $result = mysql_query($sql); $numrows = mysql_num_rows($result); if($numrows == 1) { $row = mysql_fetch_assoc($result); session_register("ADMIN"); $_SESSION['ADMIN'] = $row['username']; switch($_GET['ref']) { case "add": header("Location: " . $config_basedir . "/addforum.php"); break; case "cat": header("Location: " . $config_basedir . "/addcat.php"); break; case "del": header("Location: " . $config_basedir); break; default: header("Location: " . $config_basedir); break; continues 148 Practical PHP and MySQL EXAMPLE 5-3 Continued } } else { header("Location: " . $config_basedir . "/admin.php?error=1"); } } else { require("header.php"); echo "<h2>Admin login</h2>"; if($_GET['error']) { echo "Incorrect login, please try again!"; } ?> <form action="<?php echo pf_script_with _get($SCRIPT_NAME); ?>" method="post"> <table> <tr> <td>Username</td> <td><input type="text" name="username"></td> </tr> <tr> <td>Password</td> <td><input type="password" name="password"></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Login!"></td> </tr> </table> </form> <?php } require("footer.php"); ?> The code here differs in only two ways: ■ When the admin is successfully identified, the session variable registered is ADMIN, as opposed to USERNAME. 149 CHAPTER 5 Discussion Forums ■ The redirection trick (in which a user clicks a page that requires a login and it redirects to the page after the login page) is also used here. The difference is that the three options are add (redirects to addforum.php), cat (redirects to addcat.php), and del (redirects to delete.php). With the ability for an administrator to log in, add the administrator links above the table on index.php: <?php require("header.php"); if(isset($_SESSION['ADMIN']) == TRUE) { echo "[<a href='addcat.php'>Add new category</a>]"; echo "[<a href='addforum.php'>Add new forum</a>]"; } $catsql = "SELECT * FROM categories;"; $catresult = mysql_query($catsql); Another piece of code to add are the Login and Logout links in footer.php. The same technique used in the header file for checking if the user is logged in and dis- playing the relevant link is used here, but on this page, you check the ADMIN session variable as opposed to the USERNAME variable: <?php &copy; 2005 <?php echo "<a href='mailto:" . $config_adminemail . "'>" .$config_admin . "</a>"; ?> if(isset($_SESSION['ADMIN']) == TRUE) { echo "[<a href='adminlogout.php'>Logout</a>]"; } else { echo "[<a href='admin.php'>Login</a>]"; } ?> Logging Out With user and administration login pages complete, all that is left is to create the logout links. To do this, you use virtually the same code for both the user and administration logout pages, apart from the different ADMIN and USERNAME variables. To log out the user or admin, you simply use session_unregister() to unregister the relevant session variable. 150 Practical PHP and MySQL For the user logout page, create a new file called logout.php and the following code: <?php session_start(); session_unregister("USERNAME"); require("config.php"); header("Location: " . $config_basedir); ?> To create the admin Logout link, create a new page called adminlogout.php and add the following code: <?php session_start(); session_unregister("ADMIN"); require("config.php"); header("Location: " . $config_basedir); ?> POSTS AND REPLIES A fundamental feature in the forum software is the capability to post new content to a chosen forum or to reply to existing conversations. This process should be as sim- ple and intuitive as possible, and it should be convenient to read a discussion and then post a reply. The process of posting a new message and replying are fairly similar. To post a new message, a topic must first be created and then the id of the topic can be used when creating the message. It is important to remember that a new thread must include both a topic and a message. If you will create a reply, you simply need to know the id of the existing topic and then add a new entry to the messages table. Posting a New Topic To post a new topic, the page must essentially have two potential ways of working: ■ The forum id is passed to the page as an id GET variable. This id can be used to determine to which forum the topic will be added. 151 CHAPTER 5 Discussion Forums ■ The user has clicked the main New Topic link in the header.php file, and as such, no forum id is passed to the page. The New Topic page should display a drop-down combo box on the form that contains a list of forums that the user can select to post the topic The only part of the page that is different is that no id is passed to it to deter- mine whether the combo box with the forums should be displayed. Create a new file called newtopic.php and add the following code: <form action="<?php echo pf_script_with_get($SCRIPT_NAME); ?>" method="post"> <table> <?php if($validforum) == 0) { $forumssql = "SELECT * FROM forums ORDER BY name;"; $forumsresult = mysql_query($forumssql); ?> <tr> <td>Forum</td> <td> <select name="forum"> <?php while($forumsrow = mysql_fetch_assoc($forumsresult)) { echo "<option value='" . $forumsrow['id'] . "'>" . $forumsrow['name'] . "</option>"; } ?> </select> </td> </tr> <?php } ?> <tr> <td>Subject</td> <td><input type="text" name="subject"></td> </tr> <tr> <td>Body</td> <td><textarea name="body" rows="10" cols="50"></textarea></td> </tr> <tr> <td></td> <td><input type="submit" name="submit" value="Post!"></td> </tr> </table> </form> 152 Practical PHP and MySQL The usual suspects are present in this forum: the subject, body, and Submit but- ton. At the top of the form, a check is made to see if $validforum is equal to 0. If it is, the combo box is created with the forums inside it. This $validforum variable is the result of the usual validation that exists at the top of the page. Again, the pf_script_with_get() function is used on this page. Add the code at the top of the page: <?php session_start(); require("config.php"); require("functions.php"); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); After this initial code, run a quick query to check if any forums exist: mysql_select_db($dbdatabase, $db); $forchecksql = "SELECT * FROM forums;"; $forcheckresult = mysql_query($forchecksql); $forchecknumrows = mysql_num_rows($forcheckresult); if($forchecknumrows == 0) { header("Location: " . $config_basedir); } The if check redirects the page if there are no rows. Validate the GET variable: if($forchecknumrows == 0) { header("Location: " . $config_basedir); } if(isset($_GET['id']) == TRUE) { if(is_numeric($_GET['id']) == FALSE) { $error = 1; } if($error == 1) { header("Location: " . $config_basedir); } else { [...]... < ?php session_start(); require("config .php" ); require("functions .php" ); Determine if the user is logged in and can access this page: require("functions .php" ); if(isset($_SESSION['ADMIN']) == FALSE) { header("Location: " $config_basedir "/admin .php? ref=cat"); } Process the form: if(isset($_SESSION['ADMIN']) == FALSE) { header("Location: " $config_basedir "/admin .php? ref=cat"); 159 160 Practical PHP. .. "/viewmessages .php? id=" $validtopic); } If the Submit button is not clicked, include the header file and display the form: header("Location: " $config_basedir "/viewmessages .php? id=" $validtopic); } else { require("header .php" ); ?> Finally, add the footer: < ?php } require("footer .php" ); ?> CREATING... the management of the forums and allow you to add and remove categories, forums, and threads CHAPTER 5 Discussion Forums Incorporating these administrative features into the forums involves two steps First, for the addition of content, specific pages are created (addcat .php and addforum .php) Next, for the deletion of content, X links are added next to categories, forums, and threads when the administrator... closing code: < ?php } require("footer .php" ); ?> Your completed page for posting a new message can be seen in Figure 5-10 155 156 Practical PHP and MySQL FIGURE 5-10 Posting a new message Replying to Threads Writing a page to reply to threads is fairly simple The page is passed the topic id as an id GET variable, and this is used to take the content from the form and insert it into the messages... called delete .php and add the following code: < ?php include("config .php" ); $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); Validate the id GET variable as usual: $db = mysql_connect($dbhost, $dbuser, $dbpassword); mysql_select_db($dbdatabase, $db); if(isset($_GET['id']) == TRUE) { if(is_numeric($_GET['id']) == FALSE) { $error = 1; 165 166 Practical PHP and MySQL }... items she needs to her cart and clicks the Go to the Checkout link At the address page, she can choose between a new address and the address stored with her user account She chooses the account address and is taken to the payment screen Pauline chooses to pay by check and is given instructions about where to send the check and to whom to make it payable Ken runs the Web site and wants to see all current... "logout .php' >logout]"; } else { continues 177 178 Practical PHP and MySQL EXAMPLE 6-3 Continued echo "Login"; } ?> Take a moment to review the following interesting points about header .php: ■ ■ ■ At the top of the file, a check is made for a session variable called SESS_CHANGEID If it exists, the session is unset (deleted) and the... logged in, and his username and a Logout link are displayed The username is stored in SESS_USERNAME; this variable is created in login .php, which is covered later The same stylesheet.css file from the previous projects in the book is used here A file called bar .php is also included in the header file This file contains the list of categories shown in Example 6 -4 EXAMPLE 6 -4 Although the code in bar .php could... not have a user account on the Web site but starts shopping anyway He clicks the Beverages category and sees the list of teabags He clicks the Buy link and is taken to another page, where he can choose the quantity He selects 10 boxes of teabags and adds them to his shopping cart The page now refreshes, and he sees the contents of his shopping cart John then buys coffee, and his cart is updated again... < ?php } ?> Name Description Add the usual code at the start of the file: < ?php 161 162 Practical PHP and MySQL session_start(); require("config .php" ); . $config_basedir); break; continues 148 Practical PHP and MySQL EXAMPLE 5-3 Continued } } else { header("Location: " . $config_basedir . "/admin .php? error=1"); } } else { require("header .php& quot;); echo. addforum .php) , cat (redirects to addcat .php) , and del (redirects to delete .php) . With the ability for an administrator to log in, add the administrator links above the table on index .php: < ?php require("header .php& quot;); if(isset($_SESSION['ADMIN']). unregister the relevant session variable. 150 Practical PHP and MySQL For the user logout page, create a new file called logout .php and the following code: < ?php session_start(); session_unregister("USERNAME"); require("config .php& quot;); header("Location: