FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


GlacierBoard 0.5 Beta!





DjMilez
http://skysoftnet.co.cc/

Well, I'm almost finished with my SQL forum system. From what I understand, it was working okish until I coded the reply thing, I dunno. I Just need to iron out the bugs and kinks in it.


Edit: can someone take a look at this code?
For some reason, whenever I reply or make a topic, it puts it into an existing topic, and it messes up
Code:
<?php
/* Glacier Board
By ProwerBot of SkySoft Net
Started June 24, 2008
*/

//Connect to the DB and make the skin//
include("functions/connect.php");
include("functions/themename.php");
include("themes/$skin/header.php");

//Create the thing with your user panel//
echo("<hr />
<div class='menubar'>User CP</div>");
if (isset($_COOKIE['username_gb']))
echo("Welcome back, " .$_COOKIE['username_gb']. ".");
else
echo("Welcome Guest. <a href='?view=sign_in'>Sign in</a> or <a href='?view=register'>Register</a>");
echo("</div>
</td>
<td>
<div class='titlebar'>Main Content</div>
<div class='content'>");

//Get a few other things ready//
$view = $_GET['view'];
if (empty($view)) {
$view = home;
}


//Call the switch function//
switch($view) {



//Index page//
case "home":
$sql = "SELECT * FROM news ORDER BY id DESC";
if (!$result = mysql_query($sql)) die(mysql_error());
while($rows = mysql_fetch_array($result)){
 echo ("<b>" . $rows['newstitle'] ."</b><br />
<i>Posted by <b>" .$rows['newsauthor']. "</b> on " .$rows['newsdate']. ".</i><p />
" . $rows['newspost'] . " <br /><hr /><p />");
}
break;




//Forums//
case "forum":
echo("Forums");
$sql = "SELECT * FROM forums ORDER BY forumid DESC";
if (!$result = mysql_query($sql)) die(mysql_error());
while($rows = mysql_fetch_array($result)){
 echo ("<div style='border:1px dashed #000000;background:#F3F4F3;'><a href='?view=showforum&fid=" .$rows['forumid']. "'> " .$rows['forumname']. "</a><br />
" .$rows['forumdes']. "</div>");
}
break;




//Show a forum//
case "showforum":
$fid = $_GET['fid'];
if(empty($fid)) {
echo("No forum selected.");
}
$sql2 = "SELECT * FROM forums WHERE forumid = '$fid'";
if (!$result2 = mysql_query($sql2)) die(mysql_error());
while($rowz = mysql_fetch_array($result2)){
 echo ("<b>Forum index - <a href='?view=forum'>" .$rowz['forumname']. "</b>");
}
echo("<br /><a href='?view=addtopic&fid=$fid'>Create Topic</a>");
$sql = "SELECT * FROM topics WHERE forumid = '$fid' ORDER BY topicid DESC";
if (!$result = mysql_query($sql)) die(mysql_error());
while($rows = mysql_fetch_array($result)){
 echo ("<div style='border:1px dashed #000000;background:#F3F4F3'><a href='?view=topic&tid=" .$rows['topicid']. "'> " .$rows['topicname']. "</a> - " .$rows['topicdate']. "<br />" .$rows['topicauthor']. " </div>");
}
echo("<a href='?view=addtopic&fid=$fid'>Create Topic</a>");
break;





//Show a topic//
case "topic":
$tid = $_GET['tid'];
if(empty($tid)) {
echo("No topic selected.");
}
$sql = "SELECT * FROM topics WHERE topicid = '$tid'";
if (!$result = mysql_query($sql)) die(mysql_error());
while($rows = mysql_fetch_array($result)){
 echo ("<table width='100%'><tr><td style='border:1px dashed #000000;background:#F3F4F3;width:160px' valign='top'>
" .$rows['topicauthor']. "<p />Posted on " .$rows['topicdate']. "</td><td style='border:1px dashed #000000;background:#F3F4F3' valign='top'>
" .$rows['topicpost']. "</td></tr></table><br />");
}
$sql2 = "SELECT * FROM posts WHERE topicid = '$tid'";
if (!$result2 = mysql_query($sql2)) die(mysql_error());
while($rows2 = mysql_fetch_array($result2)){
 echo ("<table width='100%'><tr><td style='border:1px dashed #000000;background:#F3F4F3;width:160px' valign='top'>
" .$rows2['postauthor']. "<p />Posted on " .$rows2['postdate']. "</td><td style='border:1px dashed #000000;background:#F3F4F3' valign='top'>
" .$rows2['postkk']. "</td></tr></table><br />");
}
echo("<a href='?view=reply&tid=$tid'>Post a reply</a>");
break;




//Post a reply//
case "reply":
$tid = $_GET['tid'];
if(empty($tid)) {
echo("No topic selected to reply to.");
}
$sql = "SELECT * FROM topics WHERE topicid = '$tid'";
if (!$result = mysql_query($sql)) die(mysql_error());
if(!mysql_num_rows($result)) {
echo("Topic doesn't exist.");
}
else
{
echo("<form action='index.php?view=reply_action&tid=$tid' method='post'>
Post: <br /><textarea name='post' cols='50' rows='3' id='post'></textarea><br />
<input type='submit' name='submit' value='Post Message' />
</form>");
}
break;




//Adding reply//
case "reply_action":
$tid = $_GET['tid'];
if(empty($tid)) {
echo("No topic selected?");
}
$sql2 = "SELECT * FROM topics WHERE topicid = '$tid'";
if (!$result2 = mysql_query($sql2)) die(mysql_error());
if(!$_POST['submit']) {
die("You didn't post submit!");
}
$post = $_POST['post'];
if(!isset($_COOKIE['username_gb']))
$username = "Guest";
else
$username = $_COOKIE['usename_gb'];

$date = date("m/d/y h:i:s");
$sql = "INSERT INTO `posts` (
`topicid` ,
`postauthor` ,
`postdate` ,
`postkk`
)
VALUES (
'$tid', '$username', '$date', '$post'
);";
$result = mysql_query($sql);
if($result) {
echo("Post was added. <a href='?view=topic&tid=$tid'>Go back to the topic</a>");
}else{
die("Error: " .mysql_error());
}
break;




//Post a topic//
case "addtopic":
$fid = $_GET['fid'];
if(empty($fid)) {
echo("No forum selected to add to.");
}
$sql = "SELECT * FROM forums WHERE forumid = '$fid'";
if (!$result = mysql_query($sql)) die(mysql_error());
if(!mysql_num_rows($result)) {
echo("Forum doesn't exist.");
}
else
{
echo("<form action='index.php?view=addtopic_action&fid=$fid' method='post'>
Topic: <br /><input type='text' name='name' /><p />
Post: <br /><textarea name='post' cols='50' rows='3' id='post'></textarea><br />
<input type='submit' name='submit' value='Post Topic' />
</form>");
}
break;

//Adding topic//
case "addtopic_action":
$fid = $_GET['fid'];
if(empty($fid)) {
echo("No forum selected?");
}
$sql2 = "SELECT * FROM forums WHERE forumid = '$fid'";
if (!$result2 = mysql_query($sql2)) die(mysql_error());
if(!$_POST['submit']) {
die("You didn't press submit!");
}
$post = $_POST['post'];
if(!isset($_COOKIE['username_gb']))
$username = "Guest";
else
$username = $_COOKIE['usename_gb'];

$date = date("m/d/y h:i:s");
$sql = "INSERT INTO `topics` (
`forumid` ,
`topicauthor` ,
`topicdate` ,
`topicpost`
)
VALUES (
'$fid', '$username', '$date', '$post'
);";
$result = mysql_query($sql);
if($result) {
echo("Post was added. <a href='?view=topic&tid=$tid'>Go back to the topic</a>");
}else{
die("Error: " .mysql_error());
}
break;


//404//
default:
echo("<embed src='http://retrohack.org/err/ohnoyoudont.swf' width='425' height='355' />");
break;
}

echo("</div></center>");
mysql_close();
?>
rvec
It looks like it's not even half done, why are you posting it here?

I think you made some mistakes in the sql query, you mixed css and html makeupand made almost nothing we can really see working other than the url structure.

I'll -close- this now, if you got something more to show or you have questions you can pm me and I'll reopen it.

edit: better already Razz

now I'd suggest only posting the part in which the error should be instead of posting the whole script.

that's one strange way to make a forum :S
putting all topics/first posts in one table and all the other replies in another Confused

and "die("You didn't press submit!"); "
wtf, why shouldn't that be allowed or even make a difference, it's not like that's going to protect you against spambots or something.

also you should filter everything you get from the user in get,post and cookie data, this could all be used by the user to hack your script. As well as javascript code which they could now put in their posts, this could be easily abused.

This is not personal, but if I would get a script like this and was asked to fix it I'd rewrite it.
DjMilez
rvec wrote:
It looks like it's not even half done, why are you posting it here?

I think you made some mistakes in the sql query, you mixed css and html makeupand made almost nothing we can really see working other than the url structure.

I'll -close- this now, if you got something more to show or you have questions you can pm me and I'll reopen it.

edit: better already Razz

now I'd suggest only posting the part in which the error should be instead of posting the whole script.

that's one strange way to make a forum :S
putting all topics/first posts in one table and all the other replies in another Confused

and "die("You didn't press submit!"); "
wtf, why shouldn't that be allowed or even make a difference, it's not like that's going to protect you against spambots or something.

also you should filter everything you get from the user in get,post and cookie data, this could all be used by the user to hack your script. As well as javascript code which they could now put in their posts, this could be easily abused.

This is not personal, but if I would get a script like this and was asked to fix it I'd rewrite it.


All replies are one separate table =/
Also I'm working on a bbcode parser thingy, but I'm trying to fix the posting problem first =P
Also, it is half done, thx.
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.