google-site-verification: googlebaca44933768a824.html My PHP thread - Old Royal Hack Forum

Announcement

Collapse
No announcement yet.

My PHP thread

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    My PHP thread

    So, because this coding section has been so damn dead since n weeks/months, I decided to share my PHP work here (As I'm a nub in C++ and so on, php is for lazy people...)



    That's just register page, I will share php codes as I write it........
    I have done this forum base already (with user integration etc etc.) so I will just integrate it into my site, but make some changes and I think I will improve it a bit so people can check if there are any new comments on their threads. I will also code the search engine from scratch.
    Attached Files
    ok bai
    Tags: None
    #2
    Re: My PHP thread

    Looks pretty good.
    I'm also working on a php project, it's so boring, I'm converting the html template from steampowered.com website, in to a joomla template.

    Comment

      #3
      Re: My PHP thread

      Added email input to the form.
      ended up with this :
      Code:
      <?php

if($_POST['submit'])
{
	echo "asdloldaa";
	$name = htmlspecialchars($_POST['name']);
	$username = htmlspecialchars(clean($_POST['username']));
	$email = htmlspecialchars(clean($_POST['email']));
	$password = htmlspecialchars(clean($_POST['password']));
	$password1 = htmlspecialchars(clean($_POST['password1']));
	$enc_password = md5($password);
	
	if($name && $username && $email && $password && $password1)
	{
		if(strlen($username)>15)
		{
			echo "Your username is a bit too long!";
		}
		else
		{
            if(strlen($password)>30 || strlen($password1)<6)
            {
            	echo "The password should be between 6 and 30 characters long.";
            }
			if($password == $password1)
			{
				
				echo "Your account was created! Now login again.";
			}
			else
			{
				echo "Passwords didn't match.";
			}
		}
	}
	else echo "Fill in all the information.";
}



?>
      improved a bit so there would be no chances to make many accounts with same username etc....

      Code:
      if (isset($_POST['submit']))
{
	$name = clean($_POST['name']);
	$username = clean($_POST['username']);
	$email = clean($_POST['email']);
	$password = clean($_POST['password']);
	$password1 = clean($_POST['password1']);
	$enc_password = md5($password);
	
	
	require_once "config.php";
	$check_uname = mysql_query("SELECT FROM users WHERE username='$username'");
	$row_check_uname = mysql_num_rows($check_uname);
	$check_email = mysql_query("SELECT FROM users WHERE email='$email'");
	$row_check_email = mysql_num_rows($check_email);
				
	if($name && $username && $email && $password && $password1)
	{
		if(strlen($username)>15)
		{
			echo "Your username is a bit too long!";
		}
		else
		{
            if(strlen($password)>30 || strlen($password1)<6)
            {
            	echo "The password should be between 6 and 30 characters long.";
            }
			else
			{
			if($password == $password1)
			{
				if ($row_check_uname != 0)
				{
					echo "There is already an account with that username!";
				}
				else
				{
					if ($row_check_email != 0)
					{
						echo "There is already an account with that email!";
					}
					else
					{
				$query = mysql_query("INSERT INTO users VALUES ('', '$name', '$username', '$email', '$enc_password', '0', '0', '0')") or die ("Something went wrong when adding your information to the db. Please try again.");
				echo "Your account was created! Now login again.";
					}
				}
			}
			else
			{
				echo "Passwords didn't match.";
			}
			}
		}
	}
	else echo "Fill in all the information.";
}
      Last edited by lolimsoasd; 05-09-2012, 08:56 AM.
      ok bai

      Comment

        #4
        Re: My PHP thread

        made a nub proof config:
        Code:
        <?php
// config.php
$host = "localhost"; //input your mySQL databse host here, by default localhost
$username = "root"; //this is your mySQL username.
$password = ""; //this is your password for your mySQL username.
$table = "araden"; //this is your table name


$connect = mysql_connect ("$host", "$username", "$password") or die("Can't connect to mysql!");
mysql_select_db("$table") or die ("The table name is wrong.");
mysql_query("SET NAMES 'utf8'");
?>
        edit: login created. Used the base of register site and integrated small login form to index too.
        Code:
        <?php
if ($_POST['submit'])
{
	$username = htmlspecialchars(clean($_POST['name']));
	$password = htmlspecialchars(clean($_POST['password']));
	$enc_password = md5($password);
				
	if ($username&&$password)
{
    $query = mysql_query("SELECT * FROM users WHERE username='$username'");
	$numrows = mysql_num_rows($query);
	if($numrows != 0)
	{
		if($query['isbanned'] == 1)
		{
			echo "Your account it banned from this site.";
		}
		else
		{
        	$get_password = mysql_query("SELECT * FROM password");
			while ($row = mysql_fetch_assoc($query))
			{
				$dbname = $row['name'];
				$dbusername = $row['username'];
				$dbpassword = $row['password'];
				$dbid = $row['user_id'];
				$isadmin = $row['priviledges'];
			}
			if ($username==$dbusername&&$passwordenc==$dbpassword)
			{
				$_SESSION['name'] = $dbname;
				$_SESSION['username'] = $dbusername;
				$_SESSION['user_id'] = $dbid;
				$_SESSION['isadmin'] = $isadmin;
				echo "Login successful, you will be redirected.";
				header('Refresh: 2;url=index.php');
			}
			else
				die ("Wrong password!");
		}
	}
	else
		die ("That account doesn't exist!");
}
else
{
	echo "Please enter your username and password.";
}

?>
    Please enter your username and password.<br /><br />
  <?php } ?>

        If you see any errors / vulnerabilities in my work please tell me!
        Last edited by lolimsoasd; 05-09-2012, 02:19 PM.
        ok bai

        Comment

          #5
          Re: My PHP thread

          Password recovery complete:

          Code:
          <?php
if (isset($_POST['submit']))
{
	$email = clean($_POST['email']);
	$check_emaile = mysql_query("SELECT * FROM users WHERE email='$email'");
	$row_check_emaile = mysql_num_rows($check_emaile);
				
	if($row_check_emaile != 0)
	{
		echo "A reset-email has been sent!";
		function rand_string( $length ) 
		{
			$chars = "abcdefghijklmnopqrstuvwxyz0123456789";
			$size = strlen( $chars );
			for( $i = 0; $i < $length; $i++ ) 
			{
				$str .= $chars[ rand( 0, $size - 1 ) ];
			}
			return $str;
		}
		$recover_string = rand_string( 20 );
		$getuserid = mysql_query("SELECT * FROM users WHERE email = '" . $email . "'");
		$row_getuserid = mysql_fetch_assoc($getuserid);
		$final_id = $row_getuserid['user_id'];
		$recoverydb = mysql_query("INSERT INTO recovery VALUES ('$recover_string', '$final_id', '$email')");
		$message = "Your account recovery\nPlease click the link under to recover your account.\nhttp://jussi.hietanen.in/recover.php?id='$recover_string'";
		mail('$email', 'Password recovery', $message);
	}
	else
	{
		echo "That email address doesn't exist!";
	}
}
}
else
{
	$get_recover_string = mysql_query("SELECT * FROM recovery WHERE recovery_id=$id");
	$user_stuff = mysql_fetch_assoc($get_recover_string);
	$user_id = $user_stuff['user_id'];
	$user_email = $user_stuff['email'];
	$num_rows = mysql_num_rows($get_recover_string);
	if ($num_rows != 0)
	{
		function new_pass( $length_pass ) 
		{
			$pchars = "abcdefghijklmnopqrstuvwxyz0123456789";
			$psize = strlen( $pchars );
			for( $i = 0; $i < $length_pass; $i++ ) 
			{
				$pstr .= $pchars[ rand( 0, $psize - 1 ) ];
			}
			return $pstr;
		}
		$new_password = new_pass( 10 );
		$enc_new_password = md5($new_password);
		mysql_query("UPDATE users SET password=$enc_new_password WHERE user_id = '$user_id' ");
		$pwmessage = "Your account recovery is complete!\nYour new password is $new_password";
		mail('$user_email', 'Password recovery complete', $pwmessage);
	}
	else
	{
		echo "Invalid recovery ID!";
	}
}
?>
          got to be careful here with mysqli vulnerabilities
          Last edited by lolimsoasd; 05-09-2012, 05:17 PM.
          ok bai

          Comment

            #6
            Re: My PHP thread

            btw if anyone knows other ways to send email from PHP, would like to hear, because this one is not working,
            ok bai

            Comment

              #7
              Re: My PHP thread

              Base of forum created! The source code to get categories from mySQL will be presented underneath the picture:


              Code:
              $categories = mysql_query("SELECT * FROM fo_categories") or die (mysql_error());
$row_categories = mysql_fetch_array($categories);
$result = mysql_query('SET NAMES utf8');
$result = mysql_query('SET CHARACTER SET utf8');

echo "<table width='780' height='120' border='0' cellpadding='10'>";

$i=1;
$numberpage=1;
	do {
	if($i%$numberpage==0) echo "<tr>";?>
	  <td width="120" align="left">
      <a href="forumdisplay.php?fid=<?php echo $row_categories['id']; ?>"><img src=<?php echo $row_categories['image']; ?> height=	"100" width="100"></a></td>
	  <td width="615" align="left">
    <a href="forumdisplay.php?fid=<?php echo $row_categories['id']; ?>"><?php echo $row_categories['name']?></a><br /><?php echo $row_categories['description']; 
	echo "<br /></td>";
$i++; if($i%$numberpage==0) echo "</tr>";
 } while ($row_categories = mysql_fetch_assoc($categories));

echo "</table>";
              the category image is in database VAR variable like mine "upload/logo.png".

              I will make the outlook cleaner once I finish all the coding part...
              ok bai

              Comment

                #8
                Re: My PHP thread

                Change thread to Web Development instead of just PHP
                Pressing thanks helps alot!

                Comment

                  #9
                  Re: My PHP thread

                  Originally posted by Gekk0 View Post
                  Change thread to Web Development instead of just PHP
                  all the code here is PHP. But if I start to put some CSS sheets and stuff then I'll rename this thread :P
                  ok bai

                  Comment

                    #10
                    Re: My PHP thread

                    Originally posted by lolimsoasd View Post
                    all the code here is PHP. But if I start to put some CSS sheets and stuff then I'll rename this thread :P
                    Looking forward to seeing these CSS sheets you are talking about! I wonder what they could be?




                    Originally posted by Tom
                    Your days of trolling on this forum are now over. Troll one more person and its a permanent ban.

                    Tom,

                    Comment

                      #11
                      Re: My PHP thread

                      Originally posted by xtc View Post
                      Looking forward to seeing these CSS sheets you are talking about! I wonder what they could be?

                      you want them?



                      Code:
                      if((strlen($fid)) < 1 || !(is_numeric($fid)))
 {
     echo "<h2 class='mem'><center>Invalid forum ID!</center></h2>";
 }
 else
 {
	 ?>
     
     <table width='780' align='center' cellpadding='5' border='0'>
     <tr>
     <td>
</td>
<td width="500" valign="middle">
Subject and original poster
</td>
<td width="100">
<center>Replies</center>
</td>
<td width="120">
<center>Latest post</center>
</td>
</tr>
     <?php
$last_online = mysql_query("SELECT last_online FROM users WHERE user_id=2");
$last_online1 = mysql_fetch_array($last_online);
$subjects = mysql_query("SELECT `fo_posts`.`post_id`, `fo_posts`.`sentby`, `fo_posts`.`subject`, `fo_posts`.`time`, `fo_posts`.`latest_time`,  `fo_posts`.`latest_poster`, `fo_posts`.`locked`, `fo_posts`.`stickied`, `users`.`username`, `users`.`user_id` FROM `fo_posts` LEFT JOIN `users` ON `fo_posts`.`sentby` = `users`.`user_id` WHERE childof='0' AND area_child=$fid ORDER BY latest_time DESC") or die (mysql_error());
$row_subjects = mysql_fetch_array($subjects);

$i=1;
$numberpage=1;
	do {
		$latestposter_id = $row_subjects['latest_poster'];
		$postid = $row_subjects['post_id'];
		$postsearch = mysql_query("SELECT * FROM fo_posts WHERE childof=$postid");
		$num_posts = mysql_num_rows($postsearch);
		$latestposter = mysql_query("SELECT username FROM users WHERE user_id='$latestposter_id'");
		$latestposter_array = mysql_fetch_array($latestposter);
		$latestposter_name = $latestposter_array['username'];
	if($i%$numberpage==0) echo "<tr>";?>
	  <td>
      <a href="showthread.php?id=<?php echo $row_subjects['post_id'] ?>"><img src=<?php 
	  
	  if (($row_subjects['last_online']) > $row_subjects['latest_time'])
	  {
	  echo "images/unread.png"; 
	  }
	  else
	  {
		  echo "images/read.png";
	  }
	  
	  ?>></a>
      
      </td>
	  <td width="450" valign="top">
    <a href="showthread.php?id=<?php 
	
	echo $row_subjects['post_id'] ?>"><?php 
	echo $row_subjects['subject'] ?></a><br /><?php 
	echo $row_subjects['username'] ?>
	</td><td width='100'>
    <center>
    <?php
	echo $num_posts; ?></center>
	</td><td width='170'>
    <?php
	echo "<center>";
	echo $latestposter_name;
	echo "<br />";
	echo $row_subjects['latest_time'];
	echo "</center>";
$i++; if($i%$numberpage==0) echo "</td></tr>";
 } while ($row_categories = mysql_fetch_assoc($categories));

?>

</table>
<?php }
                      Forum sections ready!
                      ok bai

                      Comment

                        #12
                        Re: My PHP thread


                        navbar made. easy code (just find this thread ID and make some mysql queries to get the area id and name and that's it
                        ok bai

                        Comment

                          #13
                          Re: My PHP thread

                          showthread.php now shows the first post (loads from table fo_posts. Comments are in table fo_comments, that's why only 1st shows up now.)


                          Code:
                          function postcount($posts)
{
$posts_po = mysql_query("SELECT ALL from fo_posts WHERE sentby='$postcount'");
$posts_po_rows = mysql_num_rows($posts_po);
$posts_co = mysql_query("SELECT ALL from fo_comments WHERE sentby='$poscount'");
$posts_co_rows = mysql_query($posts_co);
return $posts_po_rows + $posts_co_rows;
}
$id = mysql_real_escape_string($_GET['id']);
$page = mysql_real_escape_string($_GET['page']);
$user_id = $_SESSION['user_id'];
$thisthread = mysql_query("SELECT * FROM fo_posts WHERE post_id='$id'");
$result_thisthread = mysql_fetch_array($thisthread);
$areachild = $result_thisthread['area_child'];
$category = mysql_query("SELECT * FROM fo_categories WHERE id='$areachild'") or die (mysql_error());
$row_category = mysql_fetch_array($category);
$sentby = $result_thisthread['sentby'];
$sender = mysql_query("select * FROM users WHERE user_id='$sentby'");
$sender1 = mysql_fetch_array($sender);


 if((strlen($id)) < 1 || !(is_numeric($id)))
 {
     echo "<h2 class='mem'><center>Invalid thread ID!</center></h2>";
 }
 else
 {
	 $postcount = $sentby;
     echo "<table width='800' cellpadding='4' style='border-collapse: collapse; border: 1px solid black;'><tr><td align='left' width='200' style='border-bottom: 1px solid black; border-left: hidden; border-top: hidden' class='aSD'>";
	 echo "#1";
     echo "</td><td align='right' style='border-bottom: 1px solid black; border-left: hidden; border-top: hidden; border-right: hidden'>";
	 echo $result_thisthread['time'];
	 echo "</td></tr>";
	 echo "<tr height='100'><td align='middle' width='200' valign='top'>";
	 echo $sender1['username'];
	 echo "<br /><br />";
	 echo $postcount;
	 echo " posts";
	 echo "</td><td width='600' valign='top' style='border-left: 1px solid black; border-top: none; border-right: hidden'>";
	 echo $result_thisthread['content'];
	 echo "</td></tr><tr><td width='200' style='border-right: 1px solid black; border-bottom: hidden;'></td><td width='600' style='border-top:  1px solid black; border-bottom: hidden; border-right: hidden'>";
	 echo $sender1['sig'];
	 echo "</td></tr></table>";
     
     
     
 }
                          comments working:
                          Code:
                          $comments = mysql_query("SELECT `fo_comments`.`com_id`, `fo_comments`.`childof`, `fo_comments`.`sentby`, `fo_comments`.`content`, `fo_comments`.`time`, `users`.`username`, `users`.`avatar`, `users`.`sig`, `users`.`user_id` FROM `fo_comments` LEFT JOIN `users` ON `fo_comments`.`sentby` = `users`.`user_id` WHERE childof='$id' ORDER BY time DESC") or die (mysql_error());
$row_comments = mysql_fetch_array($comments);
	
$i=0;
$numberpage=1;
	do {
		$postcount = $row_comments['user_id'];
	if($i%$numberpage==0)
	echo "<table width='800' cellpadding='4' style='border-collapse: collapse; border: 1px solid black;'><tr><td align='left' width='200' style='border-bottom: 1px solid black; border-left: hidden; border-top: hidden' class='aSD'>";
	 echo "#1";
     echo "</td><td align='right' style='border-bottom: 1px solid black; border-left: hidden; border-top: hidden; border-right: hidden'>";
	 echo $row_comments['time'];
	 echo "</td></tr>";
	 echo "<tr height='100'><td align='middle' width='200' valign='top'>";
	 echo $row_comments['username'];
	 echo "<br /><br />";
	 echo $postcount;
	 echo " posts";
	 echo "</td><td width='600' valign='top' style='border-left: 1px solid black; border-top: none; border-right: hidden'>";
	 echo $row_comments['content'];
	 echo "</td></tr><tr><td width='200' style='border-right: 1px solid black; border-bottom: hidden;'></td><td width='600' style='border-top:  1px solid black; border-bottom: hidden; border-right: hidden'>";
	 echo $row_comments['sig'];
	 echo "</td></tr></table>";
 } while ($row_comments = mysql_fetch_assoc($comments));
                          Last edited by lolimsoasd; 05-14-2012, 07:45 PM.
                          ok bai

                          Comment

                            #14
                            Re: My PHP thread

                            Made postreply.php and newthread.php WITH WYSIWYG text editor (not as fancy as RH's, but still ;)), code (and pix) to follow ---
                            ok bai

                            Comment

                              #15
                              Re: My PHP thread



                              form:
                              Code:
                              <form action="submit_newthread.php" name="newpost" id="newpost" method="post" class="newpost">
Subject:<br>
<input name="title" id="title" type="text" size="80" maxlenght="80" />
<input style="display:none" name="forum" id="forum" type="text" value="<?php echo $fid; ?>" />
<br />Text:<br>
<input type="button" onClick="iBold()" value="B">
<input type="button" onClick="iUnderline()" value="U">
<input type="button" onClick="iItalic()" value="I">
<select id="fontsize" onchange="iFontSize()">
<option value="" selected>Font size</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
</select>
<input type="button" onClick="iForeColor()" value="Text color">
<input type="button" onClick="iLink()" value="Link">
<input type="button" onClick="iUnLink()" value="UnLink">
<input type="button" onClick="iImage()" value="Image">
<br>
<textarea style="display:none;" name="myTextArea" id="myTextArea" cols="100" ro/>ws="14"></textarea>
<iframe name="richTextField" id="richTextField" width="700" height="300"></iframe>
<br /><input name="button" type="button" value="Add post" onClick="javascript:submit_form();" />
</form>
                              js:
                              Code:
                              function iFrameOn() {
	richTextField.document.designMode = 'On';
	richTextField.document.open();
	richTextField.document.write('<head><style type="text/css">body{ font-family:Arial, Helvetica, sans-serif; font-size:14px; color:#B6B6B5;}</style></head>');
richTextField.document.close(); 
}
function iBold() {
	richTextField.document.execCommand('bold', false, null);
}
function iUnderlane() {
	richTextField.document.execCommand('underline',false,null);
}
function iItalic() {
	richTextField.document.execCommand('italic',false,null);
}
function iFontSize() {
	var size = document.getElementById('fontsize').value;
	richTextField.document.execCommand('FontSize',false,size);
}
function iForeColor() {
	var color = prompt('Gimme a color', '');
	richTextField.document.execCommand('ForeColor',false,color);
}
function iLink() {
	var linkURL = prompt("Enter URL", "http://");
	richTextField.document.execCommand('CreateLink',false,linkURL);
}
function iUnLink() {
	richTextField.document.execCommand('Unlink',false,null);
}
function iImage() {
	var imgSrc = prompt('enter image location', '');
	if (imgSrc != null) {
		richTextField.document.execCommand('insertimage',false,imgSrc);
	}
}
function submit_form() {
	var TheForm = document.getElementById("newpost");
	TheForm.elements["myTextArea"].value = window.frames['richTextField'].document.body.innerHTML;
	TheForm.submit();
}
                              ok bai

                              Comment

                                #16
                                Re: My PHP thread

                                make sure all input gets filtered / checked or enjoy nice injections.






                                gibs coins @
                                1KatP9B8KG7mvcoFhdLGua1isG88nYZE8C

                                Comment

                                  #17
                                  Re: My PHP thread

                                  Originally posted by νзηοма View Post
                                  make sure all input gets filtered / checked or enjoy nice injections.
                                  yeah decided to use BBCode editor because of that. no xss vulnerabilities atm, regarding to acunetix
                                  ok bai

                                  Comment

                                  Previous template Next
                                  Working...
                                  X

                                  We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                  By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                  I Agree