Thứ Năm, 26 tháng 7, 2012

Add Công Cụ Định Dạng Văn Bản Kind Editor Vào Forums

Posted by Z-CLICK Thứ Năm, tháng 7 26, 2012, under | No comments

Vấn đề là nếu chúng ta tạo 1 cái forum bằng code PHP thì nó  không có công cụ gì cho việc đinh dạng văn bản như : tô màu chữ, màu nền , .. , chèn hình ảnh , công thức toán nè ... thế thì cái forum của chúng ta nó quá điệu ( hay nó quá cùi ) . Vậy làm sao ta có được những thứ kể trên, ta dùng công cụ "  Kind Editor " , đây là chương trình định dạng văn bảng "free", các bạn tìm và tải nó trên mạng , sau khi tải về bạn giải nén ra  và thưc  hiện những bước sau:
1. Chép toàn bộ thư mục giải nén vào thư mục web root .

2. Vào thư mục "examples" của thư mục vừa copy trên, bạn sẽ  thấy rất nhiều file " *.html " và 1 file "index.css" . Mõi file " *.html" nó sẽ  cung cấp cho bạn cách đinh dạng khác nhau, ở đây mình chọn file " full mode ... .html " file này mình chọn là vì thấy nó cung cấp khá đầy đủ tính năng, những file " *.html" còn lại bạn không dùng có thể xóa bỏ để giảm dung lượng. Chú trọng phần chữ đỏ.

3. View code file " full mode... .html" sẽ có dạng như sau :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8" />
  <title>KindEditor</title>
  <style type="text/css" rel="stylesheet">
    form {
        margin: 0;
    }
    .editor {
        margin-top: 5px;
        margin-bottom: 5px;
    }
  </style>
  <script type="text/javascript" charset="utf-8" src="./../kindeditor.js"></script>
  <script type="text/javascript">
    KE.show({
        id : 'content1',
        cssPath : './index.css'
    });
  </script>

</head>
<body>

<h3>Default Mode</h3>
<form name="example" method="post" action="./../php/demo.php">
<div class="editor">
<textarea id="content1" name="content" tyle="width:530px;height:300px;visibility:hidden;">


<p>
Kind editor is a powerful yet easy to use, online web-base html editor, which allows users to edit web page in WYSIWYG way. It is compatible with IE, Firefox, Chrome, Safari, Opera and other popular browsers over different platforms.<br />
Written in Javascript, Kind editor could be integrated with any backend technology, such as Java, .NET, PHP, ASP and RoR.
Kind editor has been widely used in different CMS(Content Management System), shopping, forum, blog, wiki, email and other web based applications.  
With excellent user experience, it is becoming one of the most poplular editors.
</p>
</textarea>
</div>
<input type="button" name="button" value="Formate Text"
onclick="javascript:alert(KE.util.getData('content1'));" />
    <input type="button" name="button" value="Plain Text" onclick="javascript:alert(KE.util.getPureData('content1'));" />
    <input type="submit" name="button" value="Submit" />
  </form>
</body>
</html>
4. Đặt đoạn code sau vào phần " <head>... </head> " của file chứa form nhập liệu :
<style type="text/css" rel="stylesheet">    form {        margin: 0;    }    .editor {        margin-top: 5px;        margin-bottom: 5px;    }  </style>  <script type="text/javascript" charset="utf-8" src="./../kindeditor.js"></script> // thay doi duong dan theo web root cua ban */  <script type="text/javascript">    KE.show({        id : 'content1',        cssPath : './index.css' /* thay doi duong dan chua file  inde.css theo web root cua ban */    });  </script>



5. Thay thế form nhập liệu của bạn bằng form sau, chú ý <textarea id="content1" name="content" tyle="width:530px;height:300px;visibility:hidden;"> nên thay đổi phần "width " "height " cho phù hợp, nhớ tên name="" của thẻ " </textarea> </textarea> " ở form nhập liệu lúc đầu của bạn để sau này biết mà gọi biến để lấy giá trị . Sau đó dổi action="./../php/demo.php" như form lúc đầu của bạn.

<form name="example" method="post" action=" ./../php/demo.php"> /* thay doi cho phu hop */
<div class="editor">

<textarea id="content1" name="content" tyle="width:530px;height:300px;visibility:hidden;">
</textarea>

</div>
<input type="button" name="button" value="Formate Text"



6. Vào thư mục " php " ở thư mục copy trên , view code fiel "demo.php" sẽ thấy như sau 

:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>KindEditor 3.0</title><meta http-equiv="content-type"
content="text/html; charset=utf-8" />
<link href="../examples/index.css" rel="stylesheet" type="text/css" />
<link href="../skins/common/editor.css" rel="stylesheet" type="text/css" />

</head>
<body>
<div class="ke-content"><?php
if (get_magic_quotes_gpc()) {
echo(stripslashes($_POST['content']));
} else {
echo($_POST['content']);
}

?>
</div><center><br /><br /><input type="button" value="Go Back" onclick="javascript:history.back();" /></center>
</body>
</html>


7. Đặt đoạn code sau vào phần  đầu của file mà form " acction = " tới , nhớ thay đổi đường dẫn các file " *.css" cho phù hợp. 
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link href="../examples/index.css" rel="stylesheet" type="text/css" />
<link href="../skins/common/editor.css" rel="stylesheet" type="text/css" />
8. Đặt đoạn code sau vào trước phần xuất dữ liệu hoặc trước khi đưa dữ liệu vào table - CSDL của Server, giả sử bạn có tên name="replay_topic" của thẻ " </textarea> </textarea> " ở form nhập liệu lúc đầu , khi đưa vào CCSDL là $_POST['replay_topic'] .
if (get_magic_quotes_gpc()) {
$tmp=stripslashes($_POST['content']);
} else {
$tmp=$_POST['content'];
}
           $_POST['replay_topic'] =$tmp;

9. Demo : Khi nào rãnh mình demo sau nha : ))


Thứ Năm, 12 tháng 7, 2012

Tạo Forums Bằng PHP - MySQL

Posted by Z-CLICK Thứ Năm, tháng 7 12, 2012, under | No comments

Vấn đề là chúng ta muốn tự mình code PHP kết hợp vói  CSDL của MySQL   để tạo ra 1 forums chứ không dùng chương trình tạo forums . Bài này sẽ hướng dẫn các bạn tạo 1 forums bằng code PHP ,bài sau mình sẽ hướng dẫn cách add bộ định dạng cho văn bản vào forum . Để tạo forums ta thực hiện trình tự các bướ như sau :
1. Tạo tên CSDL : "forums_by_php"

2. Tạo bảng CSDL trong "forums_by_php", chúng ta tạo những file *.sql như sau, sau do import vào CSDL:
  File "users.sql":

CREATE TABLE IF NOT EXISTS `users` (
`user_id` INT(8) NOT NULL AUTO_INCREMENT,
`user_name` VARCHAR(30) NOT NULL,
`user_pass`   VARCHAR(255) NOT NULL,
`user_email` VARCHAR(255) NOT NULL,
`user_date` DATETIME NOT NULL,
`user_level` INT(8) NOT NULL,
UNIQUE INDEX user_name_unique (user_name),
PRIMARY KEY (user_id)
) ENGINE=INNODB;
File "topics.sql" :
CREATE TABLE IF NOT EXISTS `topics` (
`topic_id` INT(8) NOT NULL AUTO_INCREMENT,
`topic_subject`   VARCHAR(255) NOT NULL,
`topic_date` DATETIME NOT NULL,
`topic_cat` INT(8) NOT NULL,
`topic_by` INT(8) NOT NULL,
PRIMARY KEY (topic_id)
) ENGINE=INNODB;
File "posts.sql" :
CREATE TABLE IF NOT EXISTS `posts` (
`post_id` INT(8) NOT NULL AUTO_INCREMENT,
`post_content` TEXT NOT NULL,
`post_date` DATETIME NOT NULL,
`post_topic` INT(8) NOT NULL,
`post_by` INT(8) NOT NULL,
PRIMARY KEY (post_id)
) ENGINE=INNODB;
File "categories.sql":
CREATE TABLE IF NOT EXISTS `categories` (
`cat_id`  INT(8) NOT NULL AUTO_INCREMENT,
`cat_name`  VARCHAR(255) NOT NULL,
`cat_description`  VARCHAR(255) NOT NULL,
UNIQUE INDEX cat_name_unique (cat_name),
PRIMARY KEY (cat_id)
) ENGINE=INNODB;
 


3. Tạo file"style.css" :

/* BEGIN BASIC FORUM STYLES */
body {
background-color: #4E4E4E;
text-align: center; /* make sure IE centers the page too */
}

#wrapper {
width: 530px;
margin: 0 auto; /* center the page */
}

#content {
background-color: #fff;
border: 1px solid #000;
float: left;
font-family: Arial;
padding: 20px 30px;
text-align: left;
width: 85%; /* fill up the entire div */
}

#menu {
float: left;
border: 1px solid #000;
border-bottom: none; /* avoid a double border */
clear: both; /* clear:both makes sure the content div doesn't float next to this one but stays under it */
width:85%;
height:50px;
padding: 0 30px;
background-color: #FFF;
text-align: left;
font-size: 85%;
}

#menu a:hover {
background-color: #009FC1;
}

#userbar {
background-color: #fff;
float: right;
width: 200px;
}

#footer {
clear: both;
}

/* begin table styles */
table {
border-collapse: collapse;
width: 100%;
}

table a {
color: #000;
}

table a:hover {
color:#373737;
text-decoration: none;
}
/* Begin font styles */
h1, #footer {
font-family: Arial;
color: #F1F3F1;
}
h3 {margin: 0; padding: 0;}
/* Menu styles */
.item {
background-color: #00728B;
border: 1px solid #032472;
color: #FFF;
font-family: Arial;
padding: 5px;
text-decoration: none;
}
.small {
font-size: 75%;
color: #373737;
}
#footer {
font-size: 65%;
padding: 5px 0 0 0;
}
.topic-post {
height: 100px;
overflow: auto;
}
.post-content {
padding: 30px;
}
textarea {
width: 472px;
height: 200px;
}
4. Tạo file "connect.php":
<?php
session_start();
//connect.php
$server    = "127.0.0.1";
$username = "root";
$password = "";
$database = "forums_by_php";
if(!mysql_connect($server, $username, $password))
{
  exit('Error: could not establish database connection');
}
if(!mysql_select_db($database))
{
  exit('Error: could not select the database');
}
?> 


5. Tạo file"header.php " :


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <meta name="description" content="A short description." />
  <meta name="keywords" content="put, keywords, here" />
  <title>PHP-MySQL forum</title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>My forum</h1>
<div id="wrapper">
<div id="menu">
<a class="item" href="http://127.0.0.1/source/index.php">Home</a>
<a class="item" href="http://127.0.0.1/source/create_topic.php">Create Topic</a>
<a class="item" href="http://127.0.0.1/source/create_cat.php">Create Category</a>

<div id="userbar">
<?php
if(isset($_SESSION['signed_in']))
{
echo'<br/>';
echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>.<a class="item" href="signout.php">Logout</a>';
}
else
{
echo '<a class="item" href="signin.php">Login</a> or <a class="item" href="signup.php">Regedit</a>';
}
?>
</div>
</div>
<div id="content">


6. Tạo file "footer.php" :


</div>
<!-- content -->

</div>
<!-- wrapper -->
<div id="footer"> CôĐơn Online</div>

</body>
</html>


7. Tạo file "topic.php" :

<?php
//create_cat.php
include 'connect.php';
include 'header.php';

$sql = "SELECT
topic_id,
topic_subject
FROM
topics
WHERE
topics.topic_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);

if(!$result)
{
echo 'The topic could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This topic doesn&prime;t exist.';
}
else
{
while($row = mysql_fetch_assoc($result))
{
//display post data
echo '<table class="topic" border="1">
<tr>
<th colspan="2">' . $row['topic_subject'] . '</th>
</tr>';
//fetch the posts from the database
$posts_sql = "SELECT
posts.post_topic,
posts.post_content,
posts.post_date,
posts.post_by,
users.user_id,
users.user_name
FROM
posts
LEFT JOIN
users
ON
posts.post_by = users.user_id
WHERE
posts.post_topic = " . mysql_real_escape_string($_GET['id']);
$posts_result = mysql_query($posts_sql);
if(!$posts_result)
{
echo '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>';
}
else
{
while($posts_row = mysql_fetch_assoc($posts_result))
{
echo '<tr class="topic-post">
<td class="user-post">' . $posts_row['user_name'] . '<br/>' . date('d-m-Y H:i', strtotime($posts_row['post_date'])) . '</td>
<td class="post-content">' . htmlentities(stripslashes($posts_row['post_content'])) . '</td>
 </tr>';
}
}
if(isset($_SESSION['signed_in']))
{
//show reply box
echo '<tr><td colspan="2"><h2>Reply:</h2><br />
<form method="post" action="reply.php?id=' . $row['topic_id'] . '">
<textarea name="reply-content"></textarea><br /><br />
<input type="submit" value="Submit reply" />
</form></td></tr>';
} else
{
echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
}
//finish the table
echo '</table>';
}
}
}

include 'footer.php';
?>
8. Tạo file "replay.php":
<?php
//create_cat.php
include 'connect.php';
include 'header.php';

if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//someone is calling the file directly, which we don't want
echo 'This file cannot be called directly.';
}
else
{
//check for sign in status
if(!$_SESSION['signed_in'])
{
echo 'You must be signed in to post a reply.';
}
else
{
//a real user posted a real reply
$sql = "INSERT INTO 
posts(post_content,
 post_date,
 post_topic,
 post_by) 
VALUES ('" . $_POST['reply-content'] . "',
NOW(),
" . mysql_real_escape_string($_GET['id']) . ",
" . $_SESSION['user_id'] . ")";
$result = mysql_query($sql);
if(!$result)
{
echo 'Your reply has not been saved, please try again later.';
}
else
{
echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
}
}
}

include 'footer.php';
?>
9. Tạo file "create_topic.php" :
<?php
//create_topic.php
include 'connect.php';
include 'header.php';

echo '<h2>Create a topic</h2>';
if(isset($_SESSION['signed_in']))
{
//the user is signed in
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
//retrieve the categories from the database for use in the dropdown
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories";
$result = mysql_query($sql);
if(!$result)
{
//the query failed, uh-oh :-(
echo 'Error while selecting from database. Please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
//there are no categories, so a topic can't be posted
if($_SESSION['user_level'] == 1)
{
echo 'You have not created categories yet.';
}
else
{
echo 'Before you can post a topic, you must wait for an admin to create some categories.';
}
}
else
{
echo '<form method="post" action="">
Subject: <input type="text" name="topic_subject" /><br />
Category:'; 
echo '<select name="topic_cat">';
while($row = mysql_fetch_assoc($result))
{
echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
}
echo '</select><br />';
echo 'Message: <br /><textarea name="post_content" /></textarea><br /><br />
<input type="submit" value="Create topic" />
</form>';
}
}
}
else
{
//start the transaction
$query  = "BEGIN WORK;";
$result = mysql_query($query);
if(!$result)
{
//Damn! the query failed, quit
echo 'An error occured while creating your topic. Please try again later.';
}
else
{
//the form has been posted, so save it
//insert the topic into the topics table first, then we'll save the post into the posts table
$sql = "INSERT INTO 
topics(topic_subject,
  topic_date,
  topic_cat,
  topic_by)
  VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
  NOW(),
  " . mysql_real_escape_string($_POST['topic_cat']) . ",
  " . $_SESSION['user_id'] . "
  )";
 
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'An error occured while inserting your data. Please try again later.<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
//the first query worked, now start the second, posts query
//retrieve the id of the freshly created topic for usage in the posts query
$topicid = mysql_insert_id();
$sql = "INSERT INTO
posts(post_content,
 post_date,
 post_topic,
 post_by)
VALUES
('" . mysql_real_escape_string($_POST['post_content']) . "',
 NOW(),
 " . $topicid . ",
 " . $_SESSION['user_id'] . "
)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'An error occured while inserting your post. Please try again later.<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
$sql = "COMMIT;";
$result = mysql_query($sql);
//after a lot of work, the query succeeded!
echo 'You have succesfully created <a href="topic.php?id='. $topicid . '">your new topic</a>.';
}
}
}
}
} else
{
//the user is not signed in
echo 'Sorry, you have to be <a href="http://127.0.0.1/source/signin.php">signed in</a> to create a topic.';
}

include 'footer.php';
?>

10. Tạo file "create_cat.php" : 

<?php
//create_cat.php
include 'connect.php';
include 'header.php';

echo '<h2>Create a category</h2>';
if(isset($_SESSION['signed_in']) )
{
//the user has admin rights
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo '<form method="post" action="">
Category name: <input type="text" name="cat_name" /><br />
Category description:<br /> <textarea name="cat_description" /></textarea><br /><br />
<input type="submit" value="Add category" />
</form>';
}
else
{
//the form has been posted, so save it
$sql = "INSERT INTO categories(cat_name, cat_description)
  VALUES('" . mysql_real_escape_string($_POST['cat_name']) . "',
'" . mysql_real_escape_string($_POST['cat_description']) . "')";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Error' . mysql_error();
}
else
{
echo 'New category succesfully added.';
}
}
} else 
{
//the user is not an admin
echo 'Sorry, you do not have sufficient rights to access this page.';
}

include 'footer.php';
?>

11. Tạo file "category.php" :

<?php
//category.php
include 'connect.php';
include 'header.php';
//first select the category based on $_GET['cat_id']
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This category does not exist.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{
echo '<h2>Topics in &prime;' . $row['cat_name'] . '&prime; category</h2><br />';
}
//do a query for the topics
$sql = "SELECT topic_id,
topic_subject,
topic_date,
topic_cat
FROM
topics
WHERE
topic_cat = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The topics could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are no topics in this category yet.';
}
else
{
//prepare the table
echo '<table border="1">
 <tr>
<th>Topic</th>
<th>Created at</th>
 </tr>'; while($row = mysql_fetch_assoc($result))
{ echo '<tr>';
echo '<td class="leftpart">';
echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
}
}
}
include 'footer.php';
?>

12. Tạo file "signup.php" :

<?php
//category.php
include 'connect.php';
include 'header.php';
//first select the category based on $_GET['cat_id']
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This category does not exist.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{
echo '<h2>Topics in &prime;' . $row['cat_name'] . '&prime; category</h2><br />';
}
//do a query for the topics
$sql = "SELECT topic_id,
topic_subject,
topic_date,
topic_cat
FROM
topics
WHERE
topic_cat = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The topics could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are no topics in this category yet.';
}
else
{
//prepare the table
echo '<table border="1">
 <tr>
<th>Topic</th>
<th>Created at</th>
 </tr>'; while($row = mysql_fetch_assoc($result))
{ echo '<tr>';
echo '<td class="leftpart">';
echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
}
}
}
include 'footer.php';
?>

13. Tạo file "signin.php " :
<?php
//signin.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign in</h3><br />';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
 note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="user_name" /><br />
Password: <input type="password" name="user_pass"><br />
<input type="submit" value="Sign in" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['user_pass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysql_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysql_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
}
echo 'Welcome, ' . $_SESSION['user_name'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
}
}
}
}
}
include 'footer.php';
?>
14. Tạo file "signout.php" :

<?php//signout.phpinclude 'connect.php';include 'header.php';
echo '<h2>Sign out</h2>';
//check if user if signed inif($_SESSION['signed_in'] == true){ //unset all variables $_SESSION['signed_in'] = NULL; $_SESSION['user_name'] = NULL; $_SESSION['user_id']   = NULL;
echo 'Succesfully signed out, thank you for visiting.';}else{ echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';}
include 'footer.php';?>
15. Demo : khi test thử bạn chú ý là xem lại: host , username, password ,tên csdl , đường dẫn đến thư mục chứa file , .. 
 Chắc còn khoản 2 bài nữa , 1. login ma hóa md5 và sha1 , 2. add khung định dạng văn bản vào forum .  Sau đó mình sẽ đề cập đến bảo mật .  :)))




Xem Nhiều

Bài đăng phổ biến

Lưu trữ blog

Blog Archive