Thứ Năm, 12 tháng 7, 2012

Tạo Forums Bằng PHP - MySQL

Posted by Z-CLICK Thứ Năm, tháng 7 12, 2012, under | No comments

Vấn đề là chúng ta muốn tự mình code PHP kết hợp vói  CSDL của MySQL   để tạo ra 1 forums chứ không dùng chương trình tạo forums . Bài này sẽ hướng dẫn các bạn tạo 1 forums bằng code PHP ,bài sau mình sẽ hướng dẫn cách add bộ định dạng cho văn bản vào forum . Để tạo forums ta thực hiện trình tự các bướ như sau :
1. Tạo tên CSDL : "forums_by_php"

2. Tạo bảng CSDL trong "forums_by_php", chúng ta tạo những file *.sql như sau, sau do import vào CSDL:
  File "users.sql":

CREATE TABLE IF NOT EXISTS `users` (
`user_id` INT(8) NOT NULL AUTO_INCREMENT,
`user_name` VARCHAR(30) NOT NULL,
`user_pass`   VARCHAR(255) NOT NULL,
`user_email` VARCHAR(255) NOT NULL,
`user_date` DATETIME NOT NULL,
`user_level` INT(8) NOT NULL,
UNIQUE INDEX user_name_unique (user_name),
PRIMARY KEY (user_id)
) ENGINE=INNODB;
File "topics.sql" :
CREATE TABLE IF NOT EXISTS `topics` (
`topic_id` INT(8) NOT NULL AUTO_INCREMENT,
`topic_subject`   VARCHAR(255) NOT NULL,
`topic_date` DATETIME NOT NULL,
`topic_cat` INT(8) NOT NULL,
`topic_by` INT(8) NOT NULL,
PRIMARY KEY (topic_id)
) ENGINE=INNODB;
File "posts.sql" :
CREATE TABLE IF NOT EXISTS `posts` (
`post_id` INT(8) NOT NULL AUTO_INCREMENT,
`post_content` TEXT NOT NULL,
`post_date` DATETIME NOT NULL,
`post_topic` INT(8) NOT NULL,
`post_by` INT(8) NOT NULL,
PRIMARY KEY (post_id)
) ENGINE=INNODB;
File "categories.sql":
CREATE TABLE IF NOT EXISTS `categories` (
`cat_id`  INT(8) NOT NULL AUTO_INCREMENT,
`cat_name`  VARCHAR(255) NOT NULL,
`cat_description`  VARCHAR(255) NOT NULL,
UNIQUE INDEX cat_name_unique (cat_name),
PRIMARY KEY (cat_id)
) ENGINE=INNODB;
 


3. Tạo file"style.css" :

/* BEGIN BASIC FORUM STYLES */
body {
background-color: #4E4E4E;
text-align: center; /* make sure IE centers the page too */
}

#wrapper {
width: 530px;
margin: 0 auto; /* center the page */
}

#content {
background-color: #fff;
border: 1px solid #000;
float: left;
font-family: Arial;
padding: 20px 30px;
text-align: left;
width: 85%; /* fill up the entire div */
}

#menu {
float: left;
border: 1px solid #000;
border-bottom: none; /* avoid a double border */
clear: both; /* clear:both makes sure the content div doesn't float next to this one but stays under it */
width:85%;
height:50px;
padding: 0 30px;
background-color: #FFF;
text-align: left;
font-size: 85%;
}

#menu a:hover {
background-color: #009FC1;
}

#userbar {
background-color: #fff;
float: right;
width: 200px;
}

#footer {
clear: both;
}

/* begin table styles */
table {
border-collapse: collapse;
width: 100%;
}

table a {
color: #000;
}

table a:hover {
color:#373737;
text-decoration: none;
}
/* Begin font styles */
h1, #footer {
font-family: Arial;
color: #F1F3F1;
}
h3 {margin: 0; padding: 0;}
/* Menu styles */
.item {
background-color: #00728B;
border: 1px solid #032472;
color: #FFF;
font-family: Arial;
padding: 5px;
text-decoration: none;
}
.small {
font-size: 75%;
color: #373737;
}
#footer {
font-size: 65%;
padding: 5px 0 0 0;
}
.topic-post {
height: 100px;
overflow: auto;
}
.post-content {
padding: 30px;
}
textarea {
width: 472px;
height: 200px;
}
4. Tạo file "connect.php":
<?php
session_start();
//connect.php
$server    = "127.0.0.1";
$username = "root";
$password = "";
$database = "forums_by_php";
if(!mysql_connect($server, $username, $password))
{
  exit('Error: could not establish database connection');
}
if(!mysql_select_db($database))
{
  exit('Error: could not select the database');
}
?> 


5. Tạo file"header.php " :


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  <meta name="description" content="A short description." />
  <meta name="keywords" content="put, keywords, here" />
  <title>PHP-MySQL forum</title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body>
<h1>My forum</h1>
<div id="wrapper">
<div id="menu">
<a class="item" href="http://127.0.0.1/source/index.php">Home</a>
<a class="item" href="http://127.0.0.1/source/create_topic.php">Create Topic</a>
<a class="item" href="http://127.0.0.1/source/create_cat.php">Create Category</a>

<div id="userbar">
<?php
if(isset($_SESSION['signed_in']))
{
echo'<br/>';
echo 'Hello <b>' . htmlentities($_SESSION['user_name']) . '</b>.<a class="item" href="signout.php">Logout</a>';
}
else
{
echo '<a class="item" href="signin.php">Login</a> or <a class="item" href="signup.php">Regedit</a>';
}
?>
</div>
</div>
<div id="content">


6. Tạo file "footer.php" :


</div>
<!-- content -->

</div>
<!-- wrapper -->
<div id="footer"> CôĐơn Online</div>

</body>
</html>


7. Tạo file "topic.php" :

<?php
//create_cat.php
include 'connect.php';
include 'header.php';

$sql = "SELECT
topic_id,
topic_subject
FROM
topics
WHERE
topics.topic_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);

if(!$result)
{
echo 'The topic could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This topic doesn&prime;t exist.';
}
else
{
while($row = mysql_fetch_assoc($result))
{
//display post data
echo '<table class="topic" border="1">
<tr>
<th colspan="2">' . $row['topic_subject'] . '</th>
</tr>';
//fetch the posts from the database
$posts_sql = "SELECT
posts.post_topic,
posts.post_content,
posts.post_date,
posts.post_by,
users.user_id,
users.user_name
FROM
posts
LEFT JOIN
users
ON
posts.post_by = users.user_id
WHERE
posts.post_topic = " . mysql_real_escape_string($_GET['id']);
$posts_result = mysql_query($posts_sql);
if(!$posts_result)
{
echo '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>';
}
else
{
while($posts_row = mysql_fetch_assoc($posts_result))
{
echo '<tr class="topic-post">
<td class="user-post">' . $posts_row['user_name'] . '<br/>' . date('d-m-Y H:i', strtotime($posts_row['post_date'])) . '</td>
<td class="post-content">' . htmlentities(stripslashes($posts_row['post_content'])) . '</td>
 </tr>';
}
}
if(isset($_SESSION['signed_in']))
{
//show reply box
echo '<tr><td colspan="2"><h2>Reply:</h2><br />
<form method="post" action="reply.php?id=' . $row['topic_id'] . '">
<textarea name="reply-content"></textarea><br /><br />
<input type="submit" value="Submit reply" />
</form></td></tr>';
} else
{
echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
}
//finish the table
echo '</table>';
}
}
}

include 'footer.php';
?>
8. Tạo file "replay.php":
<?php
//create_cat.php
include 'connect.php';
include 'header.php';

if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//someone is calling the file directly, which we don't want
echo 'This file cannot be called directly.';
}
else
{
//check for sign in status
if(!$_SESSION['signed_in'])
{
echo 'You must be signed in to post a reply.';
}
else
{
//a real user posted a real reply
$sql = "INSERT INTO 
posts(post_content,
 post_date,
 post_topic,
 post_by) 
VALUES ('" . $_POST['reply-content'] . "',
NOW(),
" . mysql_real_escape_string($_GET['id']) . ",
" . $_SESSION['user_id'] . ")";
$result = mysql_query($sql);
if(!$result)
{
echo 'Your reply has not been saved, please try again later.';
}
else
{
echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
}
}
}

include 'footer.php';
?>
9. Tạo file "create_topic.php" :
<?php
//create_topic.php
include 'connect.php';
include 'header.php';

echo '<h2>Create a topic</h2>';
if(isset($_SESSION['signed_in']))
{
//the user is signed in
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
//retrieve the categories from the database for use in the dropdown
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories";
$result = mysql_query($sql);
if(!$result)
{
//the query failed, uh-oh :-(
echo 'Error while selecting from database. Please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
//there are no categories, so a topic can't be posted
if($_SESSION['user_level'] == 1)
{
echo 'You have not created categories yet.';
}
else
{
echo 'Before you can post a topic, you must wait for an admin to create some categories.';
}
}
else
{
echo '<form method="post" action="">
Subject: <input type="text" name="topic_subject" /><br />
Category:'; 
echo '<select name="topic_cat">';
while($row = mysql_fetch_assoc($result))
{
echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
}
echo '</select><br />';
echo 'Message: <br /><textarea name="post_content" /></textarea><br /><br />
<input type="submit" value="Create topic" />
</form>';
}
}
}
else
{
//start the transaction
$query  = "BEGIN WORK;";
$result = mysql_query($query);
if(!$result)
{
//Damn! the query failed, quit
echo 'An error occured while creating your topic. Please try again later.';
}
else
{
//the form has been posted, so save it
//insert the topic into the topics table first, then we'll save the post into the posts table
$sql = "INSERT INTO 
topics(topic_subject,
  topic_date,
  topic_cat,
  topic_by)
  VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
  NOW(),
  " . mysql_real_escape_string($_POST['topic_cat']) . ",
  " . $_SESSION['user_id'] . "
  )";
 
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'An error occured while inserting your data. Please try again later.<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
//the first query worked, now start the second, posts query
//retrieve the id of the freshly created topic for usage in the posts query
$topicid = mysql_insert_id();
$sql = "INSERT INTO
posts(post_content,
 post_date,
 post_topic,
 post_by)
VALUES
('" . mysql_real_escape_string($_POST['post_content']) . "',
 NOW(),
 " . $topicid . ",
 " . $_SESSION['user_id'] . "
)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'An error occured while inserting your post. Please try again later.<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
$sql = "COMMIT;";
$result = mysql_query($sql);
//after a lot of work, the query succeeded!
echo 'You have succesfully created <a href="topic.php?id='. $topicid . '">your new topic</a>.';
}
}
}
}
} else
{
//the user is not signed in
echo 'Sorry, you have to be <a href="http://127.0.0.1/source/signin.php">signed in</a> to create a topic.';
}

include 'footer.php';
?>

10. Tạo file "create_cat.php" : 

<?php
//create_cat.php
include 'connect.php';
include 'header.php';

echo '<h2>Create a category</h2>';
if(isset($_SESSION['signed_in']) )
{
//the user has admin rights
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//the form hasn't been posted yet, display it
echo '<form method="post" action="">
Category name: <input type="text" name="cat_name" /><br />
Category description:<br /> <textarea name="cat_description" /></textarea><br /><br />
<input type="submit" value="Add category" />
</form>';
}
else
{
//the form has been posted, so save it
$sql = "INSERT INTO categories(cat_name, cat_description)
  VALUES('" . mysql_real_escape_string($_POST['cat_name']) . "',
'" . mysql_real_escape_string($_POST['cat_description']) . "')";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Error' . mysql_error();
}
else
{
echo 'New category succesfully added.';
}
}
} else 
{
//the user is not an admin
echo 'Sorry, you do not have sufficient rights to access this page.';
}

include 'footer.php';
?>

11. Tạo file "category.php" :

<?php
//category.php
include 'connect.php';
include 'header.php';
//first select the category based on $_GET['cat_id']
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This category does not exist.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{
echo '<h2>Topics in &prime;' . $row['cat_name'] . '&prime; category</h2><br />';
}
//do a query for the topics
$sql = "SELECT topic_id,
topic_subject,
topic_date,
topic_cat
FROM
topics
WHERE
topic_cat = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The topics could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are no topics in this category yet.';
}
else
{
//prepare the table
echo '<table border="1">
 <tr>
<th>Topic</th>
<th>Created at</th>
 </tr>'; while($row = mysql_fetch_assoc($result))
{ echo '<tr>';
echo '<td class="leftpart">';
echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
}
}
}
include 'footer.php';
?>

12. Tạo file "signup.php" :

<?php
//category.php
include 'connect.php';
include 'header.php';
//first select the category based on $_GET['cat_id']
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The category could not be displayed, please try again later.' . mysql_error();
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'This category does not exist.';
}
else
{
//display category data
while($row = mysql_fetch_assoc($result))
{
echo '<h2>Topics in &prime;' . $row['cat_name'] . '&prime; category</h2><br />';
}
//do a query for the topics
$sql = "SELECT topic_id,
topic_subject,
topic_date,
topic_cat
FROM
topics
WHERE
topic_cat = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($sql);
if(!$result)
{
echo 'The topics could not be displayed, please try again later.';
}
else
{
if(mysql_num_rows($result) == 0)
{
echo 'There are no topics in this category yet.';
}
else
{
//prepare the table
echo '<table border="1">
 <tr>
<th>Topic</th>
<th>Created at</th>
 </tr>'; while($row = mysql_fetch_assoc($result))
{ echo '<tr>';
echo '<td class="leftpart">';
echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
}
}
}
include 'footer.php';
?>

13. Tạo file "signin.php " :
<?php
//signin.php
include 'connect.php';
include 'header.php';
echo '<h3>Sign in</h3><br />';
//first, check if the user is already signed in. If that is the case, there is no need to display this page
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
 note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="user_name" /><br />
Password: <input type="password" name="user_pass"><br />
<input type="submit" value="Sign in" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['user_pass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysql_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysql_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
}
echo 'Welcome, ' . $_SESSION['user_name'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
}
}
}
}
}
include 'footer.php';
?>
14. Tạo file "signout.php" :

<?php//signout.phpinclude 'connect.php';include 'header.php';
echo '<h2>Sign out</h2>';
//check if user if signed inif($_SESSION['signed_in'] == true){ //unset all variables $_SESSION['signed_in'] = NULL; $_SESSION['user_name'] = NULL; $_SESSION['user_id']   = NULL;
echo 'Succesfully signed out, thank you for visiting.';}else{ echo 'You are not signed in. Would you <a href="signin.php">like to</a>?';}
include 'footer.php';?>
15. Demo : khi test thử bạn chú ý là xem lại: host , username, password ,tên csdl , đường dẫn đến thư mục chứa file , .. 
 Chắc còn khoản 2 bài nữa , 1. login ma hóa md5 và sha1 , 2. add khung định dạng văn bản vào forum .  Sau đó mình sẽ đề cập đến bảo mật .  :)))




Xem Nhiều

Bài đăng phổ biến

Lưu trữ blog

Blog Archive