Article Content Management System

• Content Management System Introduction
  
• Content Management System navigation
  
• Index
  
• Edit
  
• Search
  
• Delete
  
• Write
  
• Read
  
• CSS-Resources

Okay, here is the entire article writing PHP script. This script gets you to input an article title and its contents and save them in the "articles" MySQL table and if it finds unallowed characters, it erases them from the input strings using the old faithful PHP function preg_replace(). For security purposes, it also uses the PHP functions strip_tags() and mysql_real_escape_string(). The former dumps all HTML tags, and we did this first, since if we had waited until the preg_replace() function dumped the < and > characters, the strip_tags() function would have found no tags so the inner contents of all HTML tags would be left behind as an ugly residue. The latter PHP function, mysql_real_escape_string(), escapes the dangerous characters like ' and " so the article is rendered relatively safe for MySQL table storage.

However, just because the input filters in our PHP script dump all HTML tags doesn't mean you cannot have HTML tags. Far from it! You're allowed to have bold, underscore, italics, links, email links, pictures, videos, and audios. The only limitation is that you must use our tag system. And here it is:

No single or double quotes or Enter/Return allowed in titles. Use letters, numbers, spaces and these: , . ) ? : ( ; _ - ! in title and content. In content only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain without http://, then (ll-) then link text, then (lll-). For emails, use (e-) then email address with (ee-) instead of @, then (eee-) then subject, then (eeee-) then link text, then (eeeee-).

For pictures, use (p-) as start tag, then picture name with .jpg or .png or .gif or .bmp extension, then (pp-) as end tag. If the picture is in a higher level folder than the subfolder your Content Management System is in, put 2 dots before the name. If it's in a subfolder like "images", then move it to the higher level folder or the subfolder your Content Management System is in. If the image is wider than 580 pixels, resave it to 580.

For YouTube video, use (v-) as start tag, then the letter code after http://www.youtube.com/v/ and before &hl=en_US&fs=1& in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag.

For audio, use (a-) as start tag, then the sound's name, then (aa-), then the sound's file name ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the sound.js file is in the folder your Content Management System is in, and do not try to put this JavaScript on the web page—it needs to be a separate file. Save the following code (exactly, without adding script tags or anything else!) as sound.js: function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}

Now let's look at the CMS article writing script: After some elementary browser sniffing, and DHTML for fine-tuning display style anomalies, we have CSS styling, followed by the PHP script. In this script, we create the article table if there is none. Next we save the titles in the articles table into a PHP array $TT(). Then we set up some replacement patterns for title and content. The only difference is that we allow single and double quotes in content, but not in the title. Then we receive the POSTing of the title and content fields from the HTML form.

Next we strip the HTML tags out of title and content with strip_tags(), then run the preg_replace() function using the patterns just defined which allows the punctuation needed for article writing. The '/[^ that starts this pattern contains a ^ which means "if it is not these values that follow, it's not allowed so it gets replaced with an empty string, thereby erasing it. The 047 is just a way of saying single quote. Next, we replace double hyphens with single hyphens twice since the first time doesn't quite get them all. Finally, mysql_real_escape_string() is used to make the title and content safe for MySQL table storage, since all user input is by definition suspect.

If either title or content is less than 3 characters, you're asked to start over. Then we search the articles table for the maximum value of N, add 1 to it, and use that for the N value of the new article we just wrote. The N field is what is used to indicate which article is being referenced in our various apps for CMS article functions. Next we check to see if the title has already been used—if so, you must restart. However, this routine is ordinarily unnecessary since duplicate title should have been handled in JavaScript and you won't need to restart and therefore retype the article—unless you turned off JavaScript in the middle of your submitting or something else equally lame.

If we make it past this, the article is saved and we're told it is and the page reloads so values will be empty and the way PHP hands values over to JavaScript for duplicate title testing will work right. If the saving goofs up, we're told that as well. The directions for paragraphs or custom tags come next, followed by the form for title and contents inputting. The form submits the data to itself, reloading the page, and POSTing the data to the PHP script.

However, it also uses a JavaScript function run by the onsubmit event in the form tag. This function, check(), has a parameter sent to it that is the form's title input tag value. It's easy enough to check this value against the array of titles in the
tt() array which we got from taking the PHP array $TT() of article titles we saved above and using the following conversion on it inside a block of JavaScript: var tt = <?php echo json_encode($TT); ?>; This JSON stuff is pretty powerful stuff! Anyway, if your title is already used, you'll get a chance to put in another one without having to retype your article.

SAVE THIS PAGE AS: cms-write-articles.php



<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Writing Articles—Content Management System (CMS)</TITLE>
<meta name="description" content="Writing Articles—Content Management System (CMS)">
<meta name="keywords" content="Writing Articles,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
<script language="javascript">
var tt=new Array();

mactest=(navigator.userAgent.indexOf("Mac")!=-1) //My browser sniffers
is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1
Netscape=(navigator.appName.indexOf("Netscape") != -1)
msafari=(navigator.userAgent.indexOf("Safari")!= -1)
wsafari=0; if(!mactest&&msafari){wsafari=1;msafari=0}
is_opera = 0; if(window.opera){is_opera=1}
is_ie_mac = 0; is_ie=0;if(document.all){is_ie=1}
if(is_ie&&mactest){is_ie_mac=1}

function fix(){if(Netscape||is_opera){e=document.getElementById('top');e.style.marginTop='-20px';e=document.getElementById('info');e.style.marginTop='20px';}}
</script>
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ddd}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
.title {position:absolute;top:0px;left:10px;width:989px}
.form {position:absolute;top:140px;left:200px;width:600px}
.info {position:absolute;top:40px;left:45px;width:900px;border:1px solid blue;padding:6px;background-color:#bbb}
.side {position:absolute;top:160px;left:715px;width:277px;padding:6px;background-color:#bbb;border:1px solid blue}
</style>
</head>
<body onload='fix()'>

<?php

include_once"config.php";

$sql = "CREATE TABLE IF NOT EXISTS articles (
id int(11) NOT NULL auto_increment,
title varchar(255) NOT NULL,
content TEXT NOT NULL,
date varchar(255) NOT NULL,
N int NOT NULL,
PRIMARY KEY (id)
) ENGINE=MyISAM AUTO_INCREMENT=1";

// Execute query
mysql_query($sql);

$TT=array();

$res = mysql_query("SELECT title FROM articles") or die(mysql_error());
while ($row = mysql_fetch_row($res)) {
array_push ($TT, $row[0]);
}

$num=mysql_num_rows($res);

$pattern1 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\;\\-\\_\\?\\:\\(\\)]/i';
$pattern2 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\;\\-\\_\\"\\?\\047\\:\\(\\)]/i';
$replacement = '';
$T=$_POST['title'];
$C=$_POST['content'];
$T=strip_tags($T);
$C=strip_tags($C);
$T=preg_replace($pattern1, $replacement, $T);
$C=preg_replace($pattern2, $replacement, $C);
$pattern3 = '/--/i';
$replacement = ' -';
$T=preg_replace($pattern3, $replacement, $T);
$T=preg_replace($pattern3, $replacement, $T);
$C=preg_replace($pattern3, $replacement, $C);
$C=preg_replace($pattern3, $replacement, $C);
$T=mysql_real_escape_string($T);
$C=mysql_real_escape_string($C);

$D=date("d-m-Y");

if (strlen($T)<3||strlen($C)<3) {unset($C); unset($T);
echo '<script language="javascript">alert("Please enter both title and text.");</script>';
}else{

$r = mysql_query("SELECT max(N) FROM articles") or die(mysql_error());
$row = mysql_fetch_row($r);
$j=$row[0]+1;

$check_user_data = mysql_query("SELECT title FROM articles WHERE title='$T'") or die(mysql_error());
if(mysql_num_rows($check_user_data) >0)
{echo '<script language="javascript">alert("This title exists. Please try again.")</script>;';
unset($T);unset($C);
}else{

mysql_query("INSERT INTO articles (id, title, content, date, N)
VALUES ('','$T','$C','$D','$j')") or die('Error ,saving failed');
$rc = mysql_affected_rows();
if ($rc>0){unset($T);unset($C);
echo '<script language="javascript">alert("The saving was successfully accomplished.");window.location = "cms-write-articles.php"; </script>';}
else{echo '<script language="javascript">alert("The saving was unsuccessful.");</script>';}
}}
mysql_close();

?>

<div id='top' class='title'>
<h1>Writing Articles—Content Management System (CMS)</h1>
<div id='info' class='info'>No single or double quotes or Enter/Return allowed in titles. Use letters, numbers, spaces and these: <B> , . ) ? : ( ; _ - ! </b> in title and content. In content only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain <i>without http://</i>, then (ll-) then link text, then (lll-). For emails, use (e-) then email address <i>with (ee-) instead of @</i>, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). <br></div>
</div>

<div id='side' class='side'>For pictures, use (p-) as start tag, then picture name with .jpg or .png or .gif or .bmp extension, then (pp-) as end tag. If the picture is in a higher level folder than the subfolder your Content Management System is in, put 2 dots before the name. If it's in a subfolder like "images", then move it to the higher level folder or the subfolder your Content Management System is in. If the image is wider than 580 pixels, resave it to 580.<br><br>For YouTube video, use (v-) as start tag, then the letter code <I>after</I> <b>http://www.youtube.com/v/</b> and <I>before</I> <b>&hl=en_US&fs=1&</b> in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag.<br><br>For audio, use (a-) as start tag, then the sound's name, then (aa-), then the sound's file name ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the sound.js file is in the folder your Content Management System is in. Save the following code as sound.js:<BR><b>function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}</b></div>
</div>

<script language="javascript">

var tt = <?php echo json_encode($TT); ?>;
num = <?php echo $num; ?>;

function check(ti){
for (i=0;i<num;i++) {
if (tt[i]==ti){alert("This title exists. Please try a different one.");return false}
}
return true;}

</script>

<div class='form'>
<form name='myform' method="post" action="cms-write-articles.php" onsubmit="return check(document.myform.title.value)">
<table width="700" border="0" cellpadding="2" cellspacing="2" align="center">
<tr>
<td width="60">Title</td>
<td><input name="title" type="text" size='66'></td>
</tr>
<tr>
<td width="60">Content</td>
<td><textarea name="content" cols="50" rows="22"></textarea></td>
</tr>
<tr>
<td> </td><td><input name="save" type="submit" value="Save Article in DB">
<input name="reset" type="reset" value="Reset"></td></tr>
</table>
</form>
</div>

<div style='position:absolute;top:70px;left:0px;width:160px'>
<?php include("navigation.html"); ?>
</div>

</body>
</html>