A simple forum in PHP and MySQL

[Kaiory]

This is a simple little forum that I made.

First lets make the tables

Code Select Expand


mysql> create table  forum_topics (
   topic_id int not null primary key auto_increment,
   topic_title varchar (150),
   topic_create_time datetime,
   topic_owner varchar (150)
   );

mysql> create table forum_posts (
   post_id int not null primary key auto_increment,
   topic_id int not null,
   post_text text,
   post_create_time datetime,
   post_owner varchar (150)
   );


Now heres the code to show the topics

Code Select Expand


<?php
//check for required info from the query string
if (!$_GET[topic_id]) {
   header("Location: topiclist.php");
   exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());
mysql_select_db("testDB",$conn)  or die(mysql_error());

//verify the topic exists
$verify_topic = "select topic_title from forum_topics where topic_id = $_GET[topic_id]";
$verify_topic_res = mysql_query($verify_topic, $conn) or die(mysql_error());

if (mysql_num_rows($verify_topic_res) < 1) {
    //this topic does not exist
    $display_block = "<P><em>You have selected an invalid topic. Please <a href=\"topiclist.php\">try again</a>.</em></p>";
} else {
    //get the topic title
   $topic_title = stripslashes(mysql_result($verify_topic_res,0, 'topic_title'));

   //gather the posts
   $get_posts = "select post_id, post_text, date_format(post_create_time, '%b %e %Y at %r') as fmt_post_create_time, post_owner from forum_posts where topic_id = $_GET[topic_id] order by post_create_time asc";
   $get_posts_res = mysql_query($get_posts,$conn) or die(mysql_error());

   //create the display string
   $display_block = "
   <P>Showing posts for the <strong>$topic_title</strong> topic:</p>

   <table width=100% cellpadding=3 cellspacing=1 border=1>
   <tr>
   <th>AUTHOR</th>
   <th>POST</th>
   </tr>";

   while ($posts_info = mysql_fetch_array($get_posts_res)) {
       $post_id = $posts_info['post_id'];
       $post_text = nl2br(stripslashes($posts_info['post_text']));
       $post_create_time = $posts_info['fmt_post_create_time'];
       $post_owner = stripslashes($posts_info['post_owner']);

       //add to display
       $display_block .= "
       <tr>
       <td width=35% valign=top>$post_owner<br>[$post_create_time]</td>
       <td width=65% valign=top>$post_text<br><br>
       <a href=\"replytopost.php?post_id=$post_id\"><strong>REPLY TO POST</strong></a></td>
       </tr>";
   }

  //close up the table
  $display_block .= "</table>";
}
?>
<html>
<head>
<title>Posts in Topic</title>
</head>
<body>
<h1>Posts in Topic</h1>
<?php print $display_block; ?>
</body>
</html>


This code is the topic lists

Code Select Expand


<?php
//connect to server and select database
$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());
mysql_select_db("testDB",$conn)  or die(mysql_error());

//gather the topics
$get_topics = "select topic_id, topic_title, date_format(topic_create_time,  '%b %e %Y at %r') as fmt_topic_create_time, topic_owner from forum_topics order by topic_create_time desc";
$get_topics_res = mysql_query($get_topics,$conn) or die(mysql_error());
if (mysql_num_rows($get_topics_res) < 1) {
   //there are no topics, so say so
   $display_block = "<P><em>No topics exist.</em></p>";
} else {
   //create the display string
   $display_block = "
   <table cellpadding=3 cellspacing=1 border=1>
   <tr>
   <th>TOPIC TITLE</th>
   <th># of POSTS</th>
   </tr>";

   while ($topic_info = mysql_fetch_array($get_topics_res)) {
      $topic_id = $topic_info['topic_id'];
      $topic_title = stripslashes($topic_info['topic_title']);
      $topic_create_time = $topic_info['fmt_topic_create_time'];
      $topic_owner = stripslashes($topic_info['topic_owner']);

      //get number of posts
      $get_num_posts = "select count(post_id) from forum_posts where topic_id = $topic_id";
      $get_num_posts_res = mysql_query($get_num_posts,$conn) or die(mysql_error());
      $num_posts = mysql_result($get_num_posts_res,0,'count(post_id)');

      //add to display
      $display_block .= "
      <tr>
      <td><a href=\"showtopic.php?topic_id=$topic_id\"><strong>$topic_title</strong></a><br>
      Created on $topic_create_time by $topic_owner</td>
      <td align=center>$num_posts</td>
      </tr>";
   }

   //close up the table
   $display_block .= "</table>";
}
?>
<html>
<head>
<title>Topics in My Forum</title>
</head>
<body>
<h1>Topics in My Forum</h1>
<?php print $display_block; ?>
<P>Would you like to <a href="addtopic.html">add a topic</a>?</p>
</body>
</html>


Script to add topic

Code Select Expand


<?php
//check for required fields from the form
if ((!$_POST[topic_owner]) || (!$_POST[topic_title])|| (!$_POST[post_text])) {
    header("Location: addtopic.html");
    exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());
mysql_select_db("testDB",$conn)  or die(mysql_error());

//create and issue the first query
$add_topic = "insert into forum_topics values ('', '$_POST[topic_title]', now(), '$_POST[topic_owner]')";
mysql_query($add_topic,$conn) or die(mysql_error());

//get the id of the last query
$topic_id = mysql_insert_id();

//create and issue the second query
$add_post = "insert into forum_posts values ('', '$topic_id','$_POST[post_text]', now(), '$_POST[topic_owner]')";
mysql_query($add_post,$conn) or die(mysql_error());

//create nice message for user
$msg = "<P>The <strong>$topic_title</strong> topic has been created.</p>";
?>
<html>
<head>
<title>New Topic Added</title>
</head>
<body>
<h1>New Topic Added</h1>
<?php print $msg; ?>
</body>
</html>


Script to reply to post

Code Select Expand


<?php
//connect to server and select database; we'll need it soon
$conn = mysql_connect("localhost", "joeuser", "somepass") or die(mysql_error());
mysql_select_db("testDB",$conn)  or die(mysql_error());

//check to see if we're showing the form or adding the post
if ($_POST[op] != "addpost") {
   // showing the form; check for required item in query string
   if (!$_GET[post_id]) {
        header("Location: topiclist.php");
        exit;
   }

   //still have to verify topic and post
   $verify = "select ft.topic_id, ft.topic_title from forum_posts as fp left join forum_topics as ft on fp.topic_id = ft.topic_id where fp.post_id = $_GET[post_id]";
   $verify_res = mysql_query($verify, $conn) or die(mysql_error());
   if (mysql_num_rows($verify_res) < 1) {
       //this post or topic does not exist
       header("Location: topiclist.php");
       exit;
   } else {
       //get the topic id and title
       $topic_id = mysql_result($verify_res,0,'topic_id');
       $topic_title = stripslashes(mysql_result($verify_res, 0,'topic_title'));

       print "
       <html>
       <head>
       <title>Post Your Reply in $topic_title</title>
       </head>
       <body>
       <h1>Post Your Reply in $topic_title</h1>
       <form method=post action=\"$_SERVER[PHP_SELF]\">
       <p><strong>Your E-Mail Address:</strong><br>
       <input type=\"text\" name=\"post_owner\" size=40 maxlength=150>

       <P><strong>Post Text:</strong><br>
       <textarea name=\"post_text\" rows=8 cols=40 wrap=virtual></textarea>

       <input type=\"hidden\" name=\"op\" value=\"addpost\">
       <input type=\"hidden\" name=\"topic_id\" value=\"$topic_id\">

       <P><input type=\"submit\" name=\"submit\" value=\"Add Post\"></p>

       </form>
       </body>
       </html>";
   }
} else if ($_POST[op] == "addpost") {
   //check for required items from form
   if ((!$_POST[topic_id]) || (!$_POST[post_text]) || (!$_POST[post_owner])) {
       header("Location: topiclist.php");
       exit;
   }

   //add the post
   $add_post = "insert into forum_posts values ('', '$_POST[topic_id]', '$_POST[post_text]', now(), '$_POST[post_owner]')";
   mysql_query($add_post,$conn) or die(mysql_error());

   //redirect user to topic
   header("Location: showtopic.php?topic_id=$topic_id");
   exit;
}
?>


and here is the form of adding a topic

Code Select Expand


<html>
<head>
<title>Add a Topic</title>
</head>
<body>
<h1>Add a Topic</h1>
<form method=post action="do_addtopic.php">
<p><strong>Your E-Mail Address:</strong><br>
<input type="text" name="topic_owner" size=40 maxlength=150>
<p><strong>Topic Title:</strong><br>
<input type="text" name="topic_title" size=40 maxlength=150>
<P><strong>Post Text:</strong><br>
<textarea name="post_text" rows=8 cols=40 wrap=virtual></textarea>
<P><input type="submit" name="submit" value="Add Topic"></p>
</form>
</body>
</html>


This is just a simple forum... nothing fancy

[Banana fanna fo fanna]

It's sql-injectable. Should check that out asap.

[Kaiory]

Code Select Expand


# --------------------------------------------------------
#
# Table structure for table 'forum_topics'
#

           
           topic_id int not null primary key auto_increment,
           topic_title varchar (150),
           topic_create_time datetime,
           topic_owner varchar (150)
           );




# --------------------------------------------------------
#
# Table structure for table 'forum_posts'
#


           
           post_id int not null primary key auto_increment,
           topic_id int not null,
           post_text text,
           post_create_time datetime
           post_owner varchar (150)
           );


That should work

[Banana fanna fo fanna]

No, it has a security flaw. Should upload it somewhere and let me hax it.

[Kaiory]

O, I gotcha...

[hismajesty]

No, it has a security flaw. Should upload it somewhere and let me hax it.

http://www.digitaldoozie.net/st0rm/showtopic.php

have fun  

[Banana fanna fo fanna]

There were no interesting passwords to fish for...but...

http://www.digitaldoozie.net/st0rm/showtopic.php?topic_id=1%20or%201=1

That's a quick example.

[Kaiory]

Do you like it though?

[Meh]

Its good but could do with passwords and admins. Thumbs upo from me though

[Kaiory]

Thank-you
But I did just say it was simple and it would be EXTREMELY easy to set up a login system/admin system
But thanks again for likeing my forum