PHP Code for Create Topic in Blog Database
Content Management System: Blogs
- regular blog: home page
- small blog: home page
- tiny blog: home page
- blog: search
- blog: login
- blog: topic and replies viewing page
- blog: add topic to database
- blog: add reply to database
- blog: edit topic in database
- blog: create topic in database
- blog: delete topic in database
- blog: delete reply in database
- blog: create categories in database
- blog: edit categories in database
- blog: open or close topic
- blog: delete user account in members table
The blog's topic creating page whose code is on this web page is mostly an HTML form. Its only goal is to put a new topic in the topics table of the MySQL db, but submission sends it to the cms-add-blog-topic.php script which does input validation before MySQL interfacing.
On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based blog would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has the administrator's username. Note that the various pages on our blog app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the username checked to ensure it is the administrator's username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our blog app scripts have this same (almost) username checker at the top of the PHP section—except for the login script. We say "almost" because most pages (like this one) only allow the administrator access because most pages are about adding, deleting, or editing topics, replies, or categories. So, seeing if the username is the administrator's is in the user checker on most of these blog app pages.
The administrator's username is a bit silly, as you see. Feel free to change it (to AfDqC_1f3_DkI3j5k9N_ for example) when you register the administrator username and password, but you must use search and replace on ALL blog app pages searching for our silly name and replacing it with your not-as-silly name or you'll have more problems than a pregnant nun.
If your username matches the administrator's username, the blogcategories table is consulted, and the categories are pushed into PHP array $cat[] for use in the form. If your username does not match the administrator's username, you're sent to the login script.
Next comes the HTML form with several input boxes and a select dropdown menu with options composed of categories to select from. This form gets you to input Topic, Detail, Name, Email, and Category. It has JavaScript input validation in the check() function, which is triggered by the onsubmit event, and the cms-add-blog-topic.php script that is the form's action does PHP input validation as well. One can never get too much validation! Note that the Category inputting is done by selecting from a dropdown list created in PHP by the echo command.
There is a JavaScript later on the page that sticks the username into a hidden field in the HTML form. Note that no entrance to the cms-add-blog-topic.php script will be granted unless your username is the administrator's username and without this sticking of the username into the form's hidden field, no username will get POSTed to the cms-add-blog-topic.php script.
At the end of the script is the code for the sidebar with this info about allowable tags in the input:
In Detail and Reply fields only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain without http://, then (ll-) then link text, then (lll-). For emails, use (e-) then email address with (ee-) instead of @, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). For pictures, use (p-) as start tag, then full URL path to picture, then (pp-) as end tag. If the image is wider than 580 pixels, resave it to 580. For YouTube video, use (v-) as start tag, then the letter code after http://www.youtube.com/v/ and before &hl=en_US&fs=1& in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag.
For audio, use (a-) as start tag, then the sound's name, then (aa-), then the sound's file name ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the sound.js file is in the folder your Content Management System is in. Save the following code as sound.js:
function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}
SAVE THIS PAGE AS: cms-create-blog-topic.php
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Create Blog Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="Create Blog Topic—Content Management System (CMS)">
<meta name="keywords" content="Blogs,blog,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ddd}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
td {font:normal 13px Verdana;text-align:left;background-color:#eee}
.topic {text-align:left;background-color:#fff}
.mid {text-align:center;background-color:#bbb}
.right {text-align:right;}
.over {margin-left:240px}
.info {position:absolute;top:40px;left:2px;width:188px;border:1px solid blue;padding:6px;background-color:#bbb;word-wrap:break-word}
</style>
<script type="text/javascript">
function textCounter(field, countfield, maxlimit) {
if (field.value.length > maxlimit){field.value = field.value.substring(0, maxlimit);}
else{countfield.value = maxlimit - field.value.length;}}
function check(){
var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if(document.form1.email.value.search(ck_email)==-1)
{alert("That email address is not valid.");document.form1.email.focus();return false;}
var ck_topic = /^[A-Za-z0-9! \:\;\.\?\,_-]{6,255}$/;
if (document.form1.topic.value.search(ck_topic)==-1)
{alert("Please enter 6 to 255 letters, numbers, hyphen, space, question mark, exclamation mark, semicolon, colon, comma and underline for the topic.");document.form1.topic.focus();return false;}
var ck_name = /^[A-Za-z0-9_ ]{6,20}$/;
if (document.form1.name.value.search(ck_name)==-1)
{alert("Please enter 6 to 20 letters, numbers, space, and underline for the name.");document.form1.name.focus();return false;}
if (document.form1.detail.value.length<6) {alert("Please enter 6 to 10000 characters for detail."); document.form1.detail.focus(); return false;}
return true;}
</script>
</head>
<body>
<?php
include_once"config.php";
$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){if($U<>"DIRTY_dog_DROPPINGS_"){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("You are not the Administrator. Go login again but you can only add replies or just read topics.");window.location="blog-login.php"; </script>';}
$cat=array();
$res = mysql_query("SELECT category FROM blogcategories order by category") or die(mysql_error());
while ($row = mysql_fetch_row($res)) {
array_push ($cat, $row[0]);
}
$num_cats_in_table=mysql_num_rows($res);
?>
<table class='over' width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<form id="form1" name="form1" method="post" action="cms-add-blog-topic.php" onsubmit="return check()">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr>
<td colspan="2" class='mid'><b>Create New Blog Topic</b></td>
</tr>
<tr>
<td width="14%"><b>Topic</b></td>
<td width="84%"><input name="topic" type="text" id="topic" size="65" maxlength=255> 6 to 255 characters</td>
</tr>
<tr>
<td valign="top"><b>Detail</b></td>
<td><textarea name="detail" cols="50" rows="3" id="detail" onKeyDown="textCounter(this.form.detail,this.form.remLen,10000);" onKeyUp="textCounter(this.form.detail,this.form.remLen,10000);"></textarea> 6 to 10000 characters
<br>
<input readonly type=text name=remLen size=5 maxlength=5 value="10000"> characters left
</td>
</tr>
<tr>
<td><b>Name</b></td>
<td><input name="name" type="text" id="name" size="65" maxlength=65> 6 to 20 characters</td>
</tr>
<tr>
<td><b>Email</b></td>
<td><input name="email" type="text" id="email" size="65" maxlength=65><input type="hidden" name="username" value=" "> legitimate email</td>
</tr>
<tr>
<td><b>Category</b></td>
<td>
<?php
echo "<select name='category'>";
for ($i=0;$i<$num_cats_in_table;$i++) {
echo "<option value='".$cat[$i]."'>".$cat[$i]."</option>";}
echo "</select>";
?>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form><br><br>
</tr>
<tr><td><a href="cms-blog.php?username=<? echo stripslashes($U); ?>"><B>Return to Blog—don't create topic</B> </a></td></tr>
</table>
<div class='info'>In Detail and Reply fields only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain <i>without http://</i>, then (ll-) then link text, then (lll-). For emails, use (e-) then email address <i>with (ee-) instead of @</i>, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). For pictures, use (p-) as start tag, then full URL path to picture, then (pp-) as end tag. If the image is wider than 580 pixels, resave it to 580. For YouTube video, use (v-) as start tag, then the letter code <I>after</I> <b>http://www.youtube.com/v/</b> and <I>before</I> <b>&hl=en_US&fs=1&</b> in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag.<br><br>For audio, use (a-) as start tag, then the sound's name, then (aa-), then the sound's file name ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the sound.js file is in the folder your Content Management System is in. Save the following code as sound.js:<BR><b>function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}</div>
<script language="javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
</script>
</body>
</html>