A simple forum in PHP and MySQL

[Kaiory]

This is a simple little forum that I made.

First lets make the tables

Code Select Expand


mysql> create table  forum_topics (
   topic_id int not null primary key auto_increment,
   topic_title varchar (150),
   topic_create_time datetime,
   topic_owner varchar (150)
   );

mysql> create table forum_posts (
   post_id int not null primary key auto_increment,
   topic_id int not null,
   post_text text,
   post_create_time datetime,
   post_owner varchar (150)
   );


Now heres the code to show the topics

Code Select Expand

<?php//check for required info from the query stringif (!$_GET[topic_id]) {   header("Location: topiclist.php");   exit;}//connect to server and select database$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());mysql_select_db("testDB",$conn)  or die(mysql_error());//verify the topic exists$verify_topic = "select topic_title from forum_topics where topic_id = $_GET[topic_id]";$verify_topic_res = mysql_query($verify_topic, $conn) or die(mysql_error());if (mysql_num_rows($verify_topic_res) < 1) {    //this topic does not exist    $display_block = "<P><em>You have selected an invalid topic. Please <a href=\"topiclist.php\">try again</a>.</em></p>";} else {    //get the topic title   $topic_title = stripslashes(mysql_result($verify_topic_res,0, 'topic_title'));   //gather the posts   $get_posts = "select post_id, post_text, date_format(post_create_time, '%b %e %Y at %r') as fmt_post_create_time, post_owner from forum_posts where topic_id = $_GET[topic_id] order by post_create_time asc";   $get_posts_res = mysql_query($get_posts,$conn) or die(mysql_error());   //create the display string   $display_block = "   <P>Showing posts for the <strong>$topic_title</strong> topic:</p>   <table width=100% cellpadding=3 cellspacing=1 border=1>   <tr>   <th>AUTHOR</th>   <th>POST</th>   </tr>";   while ($posts_info = mysql_fetch_array($get_posts_res)) {       $post_id = $posts_info['post_id'];       $post_text = nl2br(stripslashes($posts_info['post_text']));       $post_create_time = $posts_info['fmt_post_create_time'];       $post_owner = stripslashes($posts_info['post_owner']);       //add to display       $display_block .= "       <tr>       <td width=35% valign=top>$post_owner<br>[$post_create_time]</td>       <td width=65% valign=top>$post_text<br><br>       <a href=\"replytopost.php?post_id=$post_id\"><strong>REPLY TO POST</strong></a></td>       </tr>";   }  //close up the table  $display_block .= "</table>";}?>

<html>
<head>
<title>Posts in Topic</title>
</head>
<body>
<h1>Posts in Topic</h1>

<?php print $display_block; ?>


</body>
</html>


This code is the topic lists

Code Select Expand

<?php//connect to server and select database$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());mysql_select_db("testDB",$conn)  or die(mysql_error());//gather the topics$get_topics = "select topic_id, topic_title, date_format(topic_create_time,  '%b %e %Y at %r') as fmt_topic_create_time, topic_owner from forum_topics order by topic_create_time desc";$get_topics_res = mysql_query($get_topics,$conn) or die(mysql_error());if (mysql_num_rows($get_topics_res) < 1) {   //there are no topics, so say so   $display_block = "<P><em>No topics exist.</em></p>";} else {   //create the display string   $display_block = "   <table cellpadding=3 cellspacing=1 border=1>   <tr>   <th>TOPIC TITLE</th>   <th># of POSTS</th>   </tr>";   while ($topic_info = mysql_fetch_array($get_topics_res)) {      $topic_id = $topic_info['topic_id'];      $topic_title = stripslashes($topic_info['topic_title']);      $topic_create_time = $topic_info['fmt_topic_create_time'];      $topic_owner = stripslashes($topic_info['topic_owner']);      //get number of posts      $get_num_posts = "select count(post_id) from forum_posts where topic_id = $topic_id";      $get_num_posts_res = mysql_query($get_num_posts,$conn) or die(mysql_error());      $num_posts = mysql_result($get_num_posts_res,0,'count(post_id)');      //add to display      $display_block .= "      <tr>      <td><a href=\"showtopic.php?topic_id=$topic_id\"><strong>$topic_title</strong></a><br>      Created on $topic_create_time by $topic_owner</td>      <td align=center>$num_posts</td>      </tr>";   }   //close up the table   $display_block .= "</table>";}?>

<html>
<head>
<title>Topics in My Forum</title>
</head>
<body>
<h1>Topics in My Forum</h1>

<?php print $display_block; ?>


<P>Would you like to <a href="addtopic.html">add a topic</a>?</p>
</body>
</html>


Script to add topic

Code Select Expand

<?php//check for required fields from the formif ((!$_POST[topic_owner]) || (!$_POST[topic_title])|| (!$_POST[post_text])) {    header("Location: addtopic.html");    exit;}//connect to server and select database$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());mysql_select_db("testDB",$conn)  or die(mysql_error());//create and issue the first query$add_topic = "insert into forum_topics values ('', '$_POST[topic_title]', now(), '$_POST[topic_owner]')";mysql_query($add_topic,$conn) or die(mysql_error());//get the id of the last query$topic_id = mysql_insert_id();//create and issue the second query$add_post = "insert into forum_posts values ('', '$topic_id','$_POST[post_text]', now(), '$_POST[topic_owner]')";mysql_query($add_post,$conn) or die(mysql_error());//create nice message for user$msg = "<P>The <strong>$topic_title</strong> topic has been created.</p>";?>

<html>
<head>
<title>New Topic Added</title>
</head>
<body>
<h1>New Topic Added</h1>

<?php print $msg; ?>


</body>
</html>


Script to reply to post

Code Select Expand

<?php//connect to server and select database; we'll need it soon$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());mysql_select_db("testDB",$conn)  or die(mysql_error());//check to see if we're showing the form or adding the postif ($_POST[op] != "addpost") {   // showing the form; check for required item in query string   if (!$_GET[post_id]) {        header("Location: topiclist.php");        exit;   }   //still have to verify topic and post   $verify = "select ft.topic_id, ft.topic_title from forum_posts as fp left join forum_topics as ft on fp.topic_id = ft.topic_id where fp.post_id = $_GET[post_id]";   $verify_res = mysql_query($verify, $conn) or die(mysql_error());   if (mysql_num_rows($verify_res) < 1) {       //this post or topic does not exist       header("Location: topiclist.php");       exit;   } else {       //get the topic id and title       $topic_id = mysql_result($verify_res,0,'topic_id');       $topic_title = stripslashes(mysql_result($verify_res, 0,'topic_title'));       print "       <html>       <head>       <title>Post Your Reply in $topic_title</title>       </head>       <body>       <h1>Post Your Reply in $topic_title</h1>       <form method=post action=\"$_SERVER[PHP_SELF]\">       <p><strong>Your E-Mail Address:</strong><br>       <input type=\"text\" name=\"post_owner\" size=40 maxlength=150>       <P><strong>Post Text:</strong><br>       <textarea name=\"post_text\" rows=8 cols=40 wrap=virtual></textarea>       <input type=\"hidden\" name=\"op\" value=\"addpost\">       <input type=\"hidden\" name=\"topic_id\" value=\"$topic_id\">       <P><input type=\"submit\" name=\"submit\" value=\"Add Post\"></p>       </form>       </body>       </html>";   }} else if ($_POST[op] == "addpost") {   //check for required items from form   if ((!$_POST[topic_id]) || (!$_POST[post_text]) || (!$_POST[post_owner])) {       header("Location: topiclist.php");       exit;   }   //add the post   $add_post = "insert into forum_posts values ('', '$_POST[topic_id]', '$_POST[post_text]', now(), '$_POST[post_owner]')";   mysql_query($add_post,$conn) or die(mysql_error());   //redirect user to topic   header("Location: showtopic.php?topic_id=$topic_id");   exit;}?>




and here is the form of adding a topic

Code Select Expand


<html>
<head>
<title>Add a Topic</title>
</head>
<body>
<h1>Add a Topic</h1>
<form method=post action="do_addtopic.php">
<p><strong>Your E-Mail Address:</strong><br>
<input type="text" name="topic_owner" size=40 maxlength=150>
<p><strong>Topic Title:</strong><br>
<input type="text" name="topic_title" size=40 maxlength=150>
<P><strong>Post Text:</strong><br>
<textarea name="post_text" rows=8 cols=40 wrap=virtual></textarea>
<P><input type="submit" name="submit" value="Add Topic"></p>
</form>
</body>
</html>


This is just a simple forum... nothing fancy

[Banana fanna fo fanna]

It's sql-injectable. Should check that out asap.

[Kaiory]

Code Select Expand


# --------------------------------------------------------
#
# Table structure for table 'forum_topics'
#

           
           topic_id int not null primary key auto_increment,
           topic_title varchar (150),
           topic_create_time datetime,
           topic_owner varchar (150)
           );




# --------------------------------------------------------
#
# Table structure for table 'forum_posts'
#


           
           post_id int not null primary key auto_increment,
           topic_id int not null,
           post_text text,
           post_create_time datetime
           post_owner varchar (150)
           );


That should work

[Banana fanna fo fanna]

No, it has a security flaw. Should upload it somewhere and let me hax it.

[Kaiory]

O, I gotcha...

[hismajesty]

No, it has a security flaw. Should upload it somewhere and let me hax it.

http://www.digitaldoozie.net/st0rm/showtopic.php

have fun  

[Banana fanna fo fanna]

There were no interesting passwords to fish for...but...

http://www.digitaldoozie.net/st0rm/showtopic.php?topic_id=1%20or%201=1

That's a quick example.

[Kaiory]

Do you like it though?

[Meh]

Its good but could do with passwords and admins. Thumbs upo from me though

[Kaiory]

Thank-you
But I did just say it was simple and it would be EXTREMELY easy to set up a login system/admin system
But thanks again for likeing my forum