How To Create A PHP - MySQL Powered Forum From Scratch - Nettuts+

2/26/12
How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+
Advertise Here
Ho o C ea e a PHP/M SQL Po e ed Fo m f om Sc a ch
Evert Padje on Mar 17th 2010 with 520 comments
T o ial De ail
Technolog : PHP Diffic l : Intermediate-Advanced E ima ed Comple ion Time: 5 Hours In this tutorial, were going to build a PHP/MySQL powered forum from scratch. This tutorial is perfect for getting used to basic PHP and database usage. Lets dive right in!
S ep 1: C ea ing Da aba e Table

Its always a good idea to start with creating a good data model when building an application. Lets describe our application in one sentence: We are going to make a forum which has e who create opic in various ca ego ie . Other users can po replies. As you can see, I highlighted a couple of nouns which represent our table names.
U e
Categories Topics Posts These three objects are related to each other, so well process that in our table design. Take a look at the scheme below.
net.tutsplus.com/tutorials/php/how-to-create-a-phpmysql-powered-forum-from-scratch/
1/27
2/26/12
Looks pretty neat, huh? Every square is a database table. All the columns are listed in it and the lines between them represent the relationships. Ill explain them further, so its okay if it doesnt make a lot of sense to you right now. Ill discuss each table by explaining the SQL, which I created using the scheme above. For your own scripts you can create a similar scheme and SQL too. Some editors like MySQL Workbench (the one I used) can generate .sql files too, but I would recommend learning SQL because its more fun to do it yourself. A SQL introduction can be found at W3Schools.
U e
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
Table
CREATE TABLE users ( user_id INT(8) NOT NULL AUTO_INCREMENT, user_name VARCHAR(30) NOT NULL, user_pass VARCHAR(255) NOT NULL, user_email VARCHAR(255) NOT NULL, user_date DATETIME NOT NULL, user_level INT(8) NOT NULL, UNIQUE INDEX user_name_unique (user_name), PRIMARY KEY (user_id) ) TYPE=INNODB;
view plaincopy to clipboardprint?
The CREATE TABLE statement is used to indicate we want to create a new table, of course. The statement is followed by the name of the table and all the columns are listed between the brackets. The names of all the fields are self-explanatory, so well only discuss the data types below.
e _id
A primary key is used to uniquely identify each row in a table. The type of this field is INT, which means this field holds an integer. The field cannot be empty (NOT NULL) and increments which each record inserted. At the bottom of the table you can see the user_id field is declared as a primary key. A primary key is used to uniquely identify each row in a table. No two distinct rows in a table can have the same value (or combination of values) in all columns. That might be a bit unclear, so heres a little example. There is a user called John Doe. If another users registers with the same name, theres a problem, because: which user is which? You cant tell and the database cant tell either. By using a primary key this problem is solved, because both topics are unique. All the other tables have got primary keys too and they work the same way.
net.tutsplus.com/tutorials/php/how-to-create-a-phpmysql-powered-forum-from-scratch/ 2/27
2/26/12
e _name
This is a text field, called a VARCHAR field in MySQL. The number between brackets is the maximum length. A user can choose a username up to 30 characters long. This field cannot be NULL. At the bottom of the table you can see this field is declared UNIQUE, which means the same username cannot be registered twice. The UNIQUE INDEX part tells the database we want to add a unique key. Then we define the name of the unique key, user_name_unique in this case. Between brackets is the field the unique key applies to, which is user_name.
e _pa
This field is equal to the user_name field, except the maximum length. Since the user password, no matter what length, is hashed with sha1(), the password will always be 40 characters long.
e _email
This field is equal to the user_pass field.
e _da e
This is a field in which well store the date the user registered. Its type is DATETIME and the field cannot be NULL.
e _le el
This field contains the level of the user, for example: 0 for a regular user and 1 for an admin. More about this later.
Ca ego ie Table
view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. CREATE TABLE categories ( cat_id INT(8) NOT NULL AUTO_INCREMENT, cat_name VARCHAR(255) NOT NULL, cat_description VARCHAR(255) NOT NULL, UNIQUE INDEX cat_name_unique (cat_name), PRIMARY KEY (cat_id) ) TYPE=INNODB;
These data types basically work the same way as the ones in the users table. This table also has a primary key and the name of the category must be an unique one.
Topic Table
view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. CREATE TABLE topics ( topic_id INT(8) NOT NULL AUTO_INCREMENT, topic_subject VARCHAR(255) NOT NULL, topic_date DATETIME NOT NULL, topic_cat INT(8) NOT NULL, topic_by INT(8) NOT NULL, PRIMARY KEY (topic_id) ) TYPE=INNODB;
This table is almost the same as the other tables, except for the topic_by field. That field refers to the user who created the topic. The topic_cat
2/26/12
refers to the category the topic belongs to. We cannot force these relationships by just declaring the field. We have to let the database know this field must contain an existing user_id from the users table, or a valid cat_id from the categories table. Well add some relationships after Ive discussed the posts table.
Po
1. 2. 3. 4. 5. 6. 7. 8.
Table
CREATE TABLE posts ( post_id INT(8) NOT NULL AUTO_INCREMENT, post_content TEXT NOT NULL, post_date DATETIME NOT NULL, post_topic INT(8) NOT NULL, post_by INT(8) NOT NULL, PRIMARY KEY (post_id) ) TYPE=INNODB;
This is the same as the rest of the tables; theres also a field which refers to a user_id here: the post_by field. The post_topic field refers to the topic the post belongs to. A foreign key is a referential constraint between two tables. The foreign key identifies a column or a set of columns in one (referencing) table that refers to a column or set of columns in another (referenced) table. Now that weve executed these queries, we have a pretty decent data model, but the relations are still missing. Lets start with the definition of a relationship. Were going to use something called a foreign key. A foreign key is a referential constraint between two tables. The foreign key identifies a column or a set of columns in one (referencing) table that refers to a column or set of columns in another (referenced) table. Some conditions: The column in the referencing table the foreign key refers to must be a primary key The values that are referred to must exist in the referenced table By adding foreign keys the information is linked together which is very important for database normalization. Now you know what a foreign key is and why were using them. Its time to add them to the tables weve already made by using the ALTER statement, which can be used to change an already existing table. Well link the topics to the categories first: view plaincopy to clipboardprint?
1. ALTER TABLE topics ADD FOREIGN KEY(topic_cat) REFERENCES categories(cat_id) ON DELETE CASCADE ON UPDATE CASCAD The last part of the query already says what happens. When a category gets deleted from the database, all the topics will be deleted too. If the cat_id of a category changes, every topic will be updated too. Thats what the ON UPDATE CASCADE part is for. Of course, you can reverse this to protect your data, so that you cant delete a category as long as it still has topics linked to it. If you would want to do that, you could replace the ON DELETE CASCADE part with ON DELETE RESTRICT. There is also SET NULL and NO ACTION, which speak for themselves. Every topic is linked to a category now. Lets link the topics to the user who creates one. view plaincopy to clipboardprint? 1. ALTER TABLE topics ADD FOREIGN KEY(topic_by) REFERENCES users(user_id) ON DELETE RESTRICT ON UPDATE CASCADE This foreign key is the same as the previous one, but there is one difference: the user cant be deleted as long as there are still topics with the user id of the user. We dont use CASCADE here because there might be valuable information in our topics. We wouldnt want that information to get deleted if someone decides to delete their account. To still give users the opportunity to delete their account, you could build some feature that anonymizes all their topics and then delete their account. Unfortunately, that is beyond the scope of this tutorial. Link he po o he opic :
4/27
2/26/12
1. ALTER TABLE posts ADD FOREIGN KEY(post_topic) REFERENCES topics(topic_id) ON DELETE CASCADE ON UPDATE CASCADE And finall , link each po o he e ho made i :
view plaincopy to clipboardprint? 1. ALTER TABLE posts ADD FOREIGN KEY(post_by) REFERENCES users(user_id) ON DELETE RESTRICT ON UPDATE CASCADE Thats the database part! It was quite a lot of work, but the result, a great data model, is definitely worth it.
S ep 2: In od c ion o he Heade /Foo e S
em
Each page of our forum needs a few basic things, like a doctype and some markup. Thats why well include a header.php file at the top of each page, and a footer.php at the bottom. The header.php contains a doctype, a link to the stylesheet and some important information about the forum, such as the title tag and metatags.
heade .php
view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="A short description." /> <meta name="keywords" content="put, keywords, here" /> <title>PHP-MySQL forum</title> <link rel="stylesheet" href="style.css" type="text/css"> </head> <body> <h1>My forum</h1> <div id="wrapper"> <div id="menu"> <a class="item" href="/forum/index.php">Home</a> <a class="item" href="/forum/create_topic.php">Create a topic</a> <a class="item" href="/forum/create_cat.php">Create a category</a> <div id="userbar"> <div id="userbar">Hello Example. Not you? Log out.</div> </div> <div id="content">
The wrapper div will be used to make it easier to style the entire page. The menu div obviously contains a menu with links to pages we still have to create, but it helps to see where were going a little bit. The userbar div is going to be used for a small top bar which contains some information like the username and a link to the logout page. The content page holds the actual content of the page, obviously. The attentive reader might have already noticed were missing some things. There is no </body> or </html> tag. Theyre in the footer.php page, as you can see below. view plaincopy to clipboardprint? 1. </div> 2. </div> 3. <div id="footer">Created for Nettuts+</div>
2/26/12
4. </body> 5. </html> 6. When we include a header and a footer on each page the rest of the page get embedded between the header and the footer. This method has got some advantages. First and foremost, everything will be styled correctly. A short example: view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. <?php $error = false; if($error = false) { //the beautifully styled content, everything looks good echo '<div id="content">some text</div>'; } else { //bad looking, unstyled error :-( } ?>
As you can see, a page without errors will result in a nice page with the content. But if theres an error, everything looks really ugly; so thats why its better to make sure not only real content is styled correctly, but also the errors we might get. Another advantage is the possibility of making quick changes. You can see for yourself by editing the text in footer.php when youve finished this tutorial; youll notice that the footer changes on every page immediately. Finally, we add a stylesheet which provides us with some basic markup nothing too fancy. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. body { background-color: #4E4E4E; text-align: center; /* make sure IE centers the page too */ } #wrapper { width: 900px; margin: 0 auto; }
/* center the page */
#content { background-color: #fff; border: 1px solid #000; float: left; font-family: Arial; padding: 20px 30px; text-align: left; width: 100%; /* fill up the entire div */ } #menu { float: left; border: 1px solid #000; border-bottom: none; /* avoid a double border */ clear: both; /* clear:both makes sure the content div doesn't float next to this one but stays under it */ width:100%; height:20px; padding: 0 30px;
6/27
2/26/12
29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86.
background-color: #FFF; text-align: left; font-size: 85%; } #menu a:hover { background-color: #009FC1; } #userbar { background-color: #fff; float: rightright; width: 250px; } #footer { clear: both; } /* begin table styles */ table { border-collapse: collapse; width: 100%; } table a { color: #000; } table a:hover { color:#373737; text-decoration: none; } th { background-color: #B40E1F; color: #F0F0F0; } td { padding: 5px; } /* Begin font styles */ h1, #footer { font-family: Arial; color: #F1F3F1; } h3 {margin: 0; padding: 0;} /* Menu styles */ .item { background-color: #00728B; border: 1px solid #032472; color: #FFF; font-family: Arial; padding: 3px;
7/27
2/26/12
87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120.
text-decoration: none; } .leftpart { width: 70%; } .rightpart { width: 30%; } .small { font-size: 75%; color: #373737; } #footer { font-size: 65%; padding: 3px 0 0 0; } .topic-post { height: 100px; overflow: auto; } .post-content { padding: 30px; } textarea { width: 500px; height: 200px; }
S ep 3: Ge ing Read fo Ac ion

Before we can read anything from our database, we need a connection. Thats what connect.php is for. Well include it in every file we are going to create. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. <?php //connect.php $server = 'localhost'; $username = 'usernamehere'; $password = 'passwordhere'; $database = 'databasenamehere'; if(!mysql_connect($server, $username, $password)) { exit('Error: could not establish database connection'); } if(!mysql_select_db($database) { exit('Error: could not select the database'); }
8/27
2/26/12
16. ?> 17. Simply replace the default values of the variables at the top of the page with your own date, save the file and youre good to go!
S ep 4: Di pla ing he Fo m O e ie
Since were just started with some basic techniques, were going to make a simplified version of the forum overview for now. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. <?php //create_cat.php include 'connect.php'; include 'header.php'; echo '<tr>'; echo '<td class="leftpart">'; echo '<h3><a href="category.php?id=">Category name</a></h3> Category description goes here'; echo '</td>'; echo '<td class="rightpart">'; echo '<a href="topic.php?id=">Topic subject</a> at 10-10'; echo '</td>'; echo '</tr>'; include 'footer.php'; ?>
There you have it: a nice and clean overview. Well be updating this page throughout the tutorial so that it becomes more like the end result, step by step!
S ep 5: Signing p a U e
Lets start by making a simple HTML form so that a new user can register.
A PHP page is needed to process the form. Were going to use a $_SERVER variable. The $_SERVER variable is an array with values that are automatically set with each request. One of the values of the $_SERVER array is REQUEST_METHOD. When a page is requested with GET, this variable will hold the value GET. When a page is requested via POST, it will hold the value POST. We can use this value to check if a form has been posted. See the signup.php page below. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. <?php //signup.php include 'connect.php'; include 'header.php'; echo '<h3>Sign up</h3>'; if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action="">
9/27
2/26/12
13. Username: <input type="text" name="user_name" /> 14. Password: <input type="password" name="user_pass"> 15. Password again: <input type="password" name="user_pass_check"> 16. E-mail: <input type="email" name="user_email"> 17. <input type="submit" value="Add category" /> 18. </form>'; 19. } 20. else 21. { 22. /* so, the form has been posted, we'll process the data in three steps: 23. 1. Check the data 24. 2. Let the user refill the wrong fields (if necessary) 25. 3. Save the data 26. */ 27. $errors = array(); /* declare the array for later use */ 28. 29. if(isset($_POST['user_name'])) 30. { 31. //the user name exists 32. if(!ctype_alnum($_POST['user_name'])) 33. { 34. $errors[] = 'The username can only contain letters and digits.'; 35. } 36. if(strlen($_POST['user_name']) > 30) 37. { 38. $errors[] = 'The username cannot be longer than 30 characters.'; 39. } 40. } 41. else 42. { 43. $errors[] = 'The username field must not be empty.'; 44. } 45. 46. if(isset($_POST['user_pass'])) 47. { 48. if($_POST['user_pass'] != $_POST['user_pass_check']) 49. { 50. $errors[] = 'The two passwords did not match.'; 51. } 52. } 53. else 54. { 55. $errors[] = 'The password field cannot be empty.'; 56. } 57. 58. if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ 59. { 60. echo 'Uh-oh.. a couple of fields are not filled in correctly..'; 61. echo '<ul>'; 62. foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ 63. { 64. echo '<li>' . $value . '</li>'; /* this generates a nice error list */ 65. } 66. echo '</ul>'; 67. } 68. else 69. { 70. //the form has been posted without, so save it
2/26/12
71. //notice the use of mysql_real_escape_string, keep everything safe! 72. //also notice the sha1 function which hashes the password 73. $sql = "INSERT INTO 74. users(user_name, user_pass, user_email ,user_date, user_level) 75. VALUES('" . mysql_real_escape_string($_POST['user_name']) . "', 76. '" . sha1($_POST['user_pass']) . "', 77. '" . mysql_real_escape_string($_POST['user_email']) . "', 78. NOW(), 79. 0)"; 80. 81. $result = mysql_query($sql); 82. if(!$result) 83. { 84. //something went wrong, display the error 85. echo 'Something went wrong while registering. Please try again later.'; 86. //echo mysql_error(); //debugging purposes, uncomment when needed 87. } 88. else 89. { 90. echo 'Successfully registered. You can now <a href="signin.php">sign in</a> and start posting! :-)'; 91. } 92. } 93. } 94. 95. include 'footer.php'; 96. ?> 97. A lot of explanation is in the comments I made in the file, so be sure to check them out. The processing of the data takes place in three parts: Validating the data If the data is not valid, show the form again If the data is valid, save the record in the database The PHP part is quite self-explanatory. The SQL-query however probably needs a little more explanation. view plaincopy to clipboardprint? 1. INSERT INTO 2. users(user_name, user_pass, user_email ,user_date, user_level) 3. VALUES('" . mysql_real_escape_string($_POST['user_name']) . "', 4. '" . sha1($_POST['user_pass']) . "', 5. '" . mysql_real_escape_string($_POST['user_email']) . "', 6. NOW(), 7. 0); 8. On line 1 we have the INSERT INTO statement which speaks for itself. The table name is specified on the second line. The words between the brackets represent the columns in which we want to insert the data. The VALUES statement tells the database were done declaring column names and its time to specify the values. There is something new here: mysql_real_escape_string. The function escapes special characters in an unescaped string , so that it is safe to place it in a query. This function MUST always be used, with very few exceptions. There are too many scripts that dont use it and can be hacked real easy. Dont take the risk, use mysql_real_escape_string(). Never insert a plain password as-is. You MUST always encrypt it. Also, you can see that the function sha1() is used to encrypt the users password. This is also a very important thing to remember. Never insert a plain password as-is. You MUST always encrypt it. Imagine a hacker who somehow manages to get access to your database. If he sees all the plain-text passwords he could log into any (admin) account he wants. If the password columns contain sha1 strings he has to crack them first which is almost impossible.
2/26/12
Note: its also possible to use md5(), I always use sha1() because benchmarks have proved its a tiny bit faster, not much though. You can replace sha1 with md5 if you like. If the signup process was successful, you should see something like this:
Try refreshing your phpMyAdmin screen, a new record should be visible in the users table.
S ep 6: Adding A hen ica ion and U e Le el

An important aspect of a forum is the difference between regular users and admins/moderators. Since this is a small forum and adding features like adding new moderators and stuff would take way too much time, well focus on the login process and create some admin features like creating new categories and closing a thread. Now that youve completed the previous step, were going to make your freshly created account an admin account. In phpMyAdmin, click on the users table, and then Browse. Your account will probably pop up right away. Click the edit icon and change the value of the user_level field from 0 to 1. Thats it for now. You wont notice any difference in our application immediately, but when weve added the admin features a normal account and your account will have different capabilities. The sign-in process works the following way: A visitor enters user data and submits the form If the username and password are correct, we can start a session If the username and password are incorrect, we show the form again with a message
The signin.php file is below. Dont think Im not explaining what Im doing, but check out the comments in the file. Its much easier to understand that way. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. <?php //signin.php include 'connect.php'; include 'header.php'; echo '<h3>Sign in</h3>'; //first, check if the user is already signed in. If that is the case, there is no need to display this page if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) { echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.'; } else { if($_SERVER['REQUEST_METHOD'] != 'POST') { /*the form hasn't been posted yet, display it note that the action="" will cause the form to post to the same page it is on */ echo '<form method="post" action=""> Username: <input type="text" name="user_name" /> Password: <input type="password" name="user_pass"> <input type="submit" value="Sign in" /> </form>'; } else
12/27
2/26/12
26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. 49. 50. 51. 52. 53. 54. 55. 56. 57. 58. 59. 60. 61. 62. 63. 64. 65. 66. 67. 68. 69. 70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83.
{ /* so, the form has been posted, we'll process the data in three steps: 1. Check the data 2. Let the user refill the wrong fields (if necessary) 3. Varify if the data is correct and return the correct response */ $errors = array(); /* declare the array for later use */ if(!isset($_POST['user_name'])) { $errors[] = 'The username field must not be empty.'; } if(!isset($_POST['user_pass'])) { $errors[] = 'The password field must not be empty.'; } if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ { echo 'Uh-oh.. a couple of fields are not filled in correctly..'; echo '<ul>'; foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */ { echo '<li>' . $value . '</li>'; /* this generates a nice error list */ } echo '</ul>'; } else { //the form has been posted without errors, so save it //notice the use of mysql_real_escape_string, keep everything safe! //also notice the sha1 function which hashes the password $sql = "SELECT user_id, user_name, user_level FROM users WHERE user_name = '" . mysql_real_escape_string($_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass']) . "'"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Something went wrong while signing in. Please try again later.'; //echo mysql_error(); //debugging purposes, uncomment when needed } else { //the query was successfully executed, there are 2 possibilities //1. the query returned data, the user can be signed in //2. the query returned an empty result set, the credentials were wrong if(mysql_num_rows($result) == 0) {
13/27
2/26/12
84. echo 'You have supplied a wrong user/password combination. Please try again.'; 85. } 86. else 87. { 88. //set the $_SESSION['signed_in'] variable to TRUE 89. $_SESSION['signed_in'] = true; 90. 91. //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages 92. while($row = mysql_fetch_assoc($result)) 93. { 94. $_SESSION['user_id'] = $row['user_id']; 95. $_SESSION['user_name'] = $row['user_name']; 96. $_SESSION['user_level'] = $row['user_level']; 97. } 98. 99. echo 'Welcome, ' . $_SESSION['user_name'] . '. <a href="index.php">Proceed to the forum overview</a>.'; 100. } 101. } 102. } 103. } 104. } 105. 106. include 'footer.php'; 107. ?> 108. This is the query thats in the signin.php file:
view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. SELECT user_id, user_name, user_level FROM users WHERE user_name = '" . mysql_real_escape_string($_POST['user_name']) . "' AND user_pass = '" . sha1($_POST['user_pass'])
Its obvious we need a check to tell if the supplied credentials belong to an existing user. A lot of scripts retrieve the password from the database and compare it using PHP. If we do this directly via SQL the password will be stored in the database once during registration and never leave it again. This is safer, because all the real action happens in the database layer and not in our application. If the user is signed in successfully, were doing a few things:
2/26/12
view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. <?php //set the $_SESSION['signed_in'] variable to TRUE $_SESSION['signed_in'] = true; //we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages while($row = mysql_fetch_assoc($result)) { $_SESSION['user_id'] = $row['user_id']; $_SESSION['user_name'] = $row['user_name']; } ?>
First, we set the signed_in $_SESSION var to true, so we can use it on other pages to make sure the user is signed in. We also put the username and user id in the $_SESSION variable for usage on a different page. Finally, we display a link to the forum overview so the user can get started right away. Of course signing in requires another function, signing out! The sign-out process is actually a lot easier than the sign-in process. Because all the information about the user is stored in $_SESSION variables, all we have to do is unset them and display a message. Now that weve set the $_SESSION variables, we can determine if someone is signed in. Lets make a last simple change to header.php: Replace: view plaincopy to clipboardprint? 1. <di id="userbar">Hello Example. Not you? Log out.</di > 2. With: view plaincopy to clipboardprint? 1. <?php 2. <div id="userbar"> 3. if($_SESSION['signed_in']) 4. { 5. echo 'Hello' . $_SESSION['user_name'] . '. Not you? <a href="signout.php">Sign out</a>'; 6. } 7. else 8. { 9. echo '<a href="signin.php">Sign in</a> or <a href="sign up">create an account</a>.'; 10. } 11. </div> 12. If a user is signed in, he will see his or her name displayed on the front page with a link to the signout page. Our authentication is done! By now our forum should look like this:
S ep 7: C ea ing a Ca ego
We want to create categories so lets start with making a form. view plaincopy to clipboardprint? 1. <fo m method="post" action=""> 2. Category name: <inp type="text" name="cat_name" />
2/26/12
3. Category description: < e a ea name="cat_description" /></ e a ea> 4. <inp type="submit" value="Add category" /> 5. </fo m> 6. This step looks a lot like Step 4 (Signing up a user), so Im not going to do an in-depth explanation here. If you followed all the steps you should be able to understand this somewhat quickly. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. <?php //create_cat.php include 'connect.php'; if($_SERVER['REQUEST_METHOD'] != 'POST') { //the form hasn't been posted yet, display it echo '<form method='post' action=''> Category name: <input type='text' name='cat_name' /> Category description: <textarea name='cat_description' /></textarea> <input type='submit' value='Add category' /> </form>'; } else { //the form has been posted, so save it $sql = INSERT INTO categories(cat_name, cat_description) VALUES('' . mysql_real_escape_string($_POST['cat_name']) . ', '' . mysql_real_escape_string($_POST['cat_description']) . ')'; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'Error' . mysql_error(); } else { echo 'New category successfully added.'; } } ?>
As you can see, weve started the script with the $_SERVER check, after checking if the user has admin rights, which is required for creating a category. The form gets displayed if it hasnt been submitted already. If it has, the values are saved. Once again, a SQL query is prepared and then executed.
S ep 8: Adding Ca ego ie
view plaincopy to clipboardprint? 1. SELECT 2. categories.cat_id,
o inde .php
Weve created some categories, so now were able to display them on the front page. Lets add the following query to the content area of index.php.
16/27
2/26/12
3. categories.cat_name, 4. categories.cat_description, 5. FROM 6. categories 7. This query selects all categories and their names and descriptions from the categories table. We only need a bit of PHP to display the results. If we add that part just like we did in the previous steps, the code will look like this. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. 45. 46. 47. 48. <?php //create_cat.php include 'connect.php'; include 'header.php'; $sql = "SELECT cat_id, cat_name, cat_description, FROM categories"; $result = mysql_query($sql); if(!$result) { echo 'The categories could not be displayed, please try again later.'; } else { if(mysql_num_rows($result) == 0) { echo 'No categories defined yet.'; } else { //prepare the table echo '<table border="1"> <tr> <th>Category</th> <th>Last topic</th> </tr>'; while($row = mysql_fetch_assoc($result)) { echo '<tr>'; echo '<td class="leftpart">'; echo '<h3><a href="category.php?id">' . $row['cat_name'] . '</a></h3>' . $row['cat_description']; echo '</td>'; echo '<td class="rightpart">'; echo '<a href="topic.php?id=">Topic subject</a> at 10-10'; echo '</td>'; echo '</tr>'; } } } include 'footer.php';
17/27
2/26/12
49. ?> 50. Notice how were using the cat_id to create links to category.php. All the links to this page will look like this: category.php?cat_id=x, where x can be any numeric value. This may be new to you. We can check the url with PHP for $_GET values. For example, we have this link: view plaincopy to clipboardprint? 1. category.php?cat_id=23 2. The statement echo $_GET[cat_id']; will display 23 . In the next few steps well use this value to retrieve the topics when viewing a single category, but topics cant be viewed if we havent created them yet. So lets create some topics!
S ep 9: C ea ing a Topic
In this step, were combining the techniques we learned in the previous steps. Were checking if a user is signed in, well use an input query to create the topic and create some basic HTML forms. The structure of create_topic.php can hardly be explained in a list or something, so I rewrote it in pseudo-code. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. <?php if(user is signed in) { //the user is not signed in } else { //the user is signed in if(form has not been posted) { //show form } else { //process form } } ?>
Heres the real code of this part of our forum, check the explanations below the code to see what its doing. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. <?php //create_cat.php include 'connect.php'; include 'header.php'; echo '<h2>Create a topic</h2>'; if($_SESSION['signed_in'] == false) { //the user is not signed in echo 'Sorry, you have to be <a href="/forum/signin.php">signed in</a> to create a topic.'; }
18/27
2/26/12
12. else 13. { 14. //the user is signed in 15. if($_SERVER['REQUEST_METHOD'] != 'POST') 16. { 17. //the form hasn't been posted yet, display it 18. //retrieve the categories from the database for use in the dropdown 19. $sql = "SELECT 20. cat_id, 21. cat_name, 22. cat_description 23. FROM 24. categories"; 25. 26. $result = mysql_query($sql); 27. 28. if(!$result) 29. { 30. //the query failed, uh-oh :-( 31. echo 'Error while selecting from database. Please try again later.'; 32. } 33. else 34. { 35. if(mysql_num_rows($result) == 0) 36. { 37. //there are no categories, so a topic can't be posted 38. if($_SESSION['user_level'] == 1) 39. { 40. echo 'You have not created categories yet.'; 41. } 42. else 43. { 44. echo 'Before you can post a topic, you must wait for an admin to create some categories.'; 45. } 46. } 47. else 48. { 49. 50. echo '<form method="post" action=""> 51. Subject: <input type="text" name="topic_subject" /> 52. Category:'; 53. 54. echo '<select name="topic_cat">'; 55. while($row = mysql_fetch_assoc($result)) 56. { 57. echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>'; 58. } 59. echo '</select>'; 60. 61. echo 'Message: <textarea name="post_content" /></textarea> 62. <input type="submit" value="Create topic" /> 63. </form>'; 64. } 65. } 66. } 67. else 68. { 69. //start the transaction
2/26/12
70. 71. 72. 73. 74. 75. 76. 77. 78. 79. 80. 81. 82. 83. 84. 85. 86. 87. 88. 89. 90. 91. 92. 93. 94. 95. 96. 97. 98. 99. 100. 101. 102. 103. 104. 105. 106. 107. 108. 109. 110. 111. 112. 113. 114. 115. 116. 117. 118. 119. 120. 121. 122. 123. 124. 125. 126. 127.
$query = "BEGIN WORK;"; $result = mysql_query($query); if(!$result) { //Damn! the query failed, quit echo 'An error occured while creating your topic. Please try again later.'; } else { //the form has been posted, so save it //insert the topic into the topics table first, then we'll save the post into the posts table $sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_by) VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "', NOW(), " . mysql_real_escape_string($_POST['topic_cat']) . ", " . $_SESSION['user_id'] . " )"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'An error occured while inserting your data. Please try again later.' . mysql_error(); $sql = "ROLLBACK;"; $result = mysql_query($sql); } else { //the first query worked, now start the second, posts query //retrieve the id of the freshly created topic for usage in the posts query $topicid = mysql_insert_id(); $sql = "INSERT INTO posts(post_content, post_date, post_topic, post_by) VALUES ('" . mysql_real_escape_string($_POST['post_content']) . "', NOW(), " . $topicid . ", " . $_SESSION['user_id'] . " )"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'An error occured while inserting your post. Please try again later.' . mysql_error(); $sql = "ROLLBACK;"; $result = mysql_query($sql); }
20/27
2/26/12
128. else 129. { 130. $sql = "COMMIT;"; 131. $result = mysql_query($sql); 132. 133. //after a lot of work, the query succeeded! 134. echo 'You have successfully created <a href="topic.php?id='. $topicid . '">your new topic</a>.'; 135. } 136. } 137. } 138. } 139. } 140. 141. include 'footer.php'; 142. ?> 143. Ill discuss this page in two parts, showing the form and processing the form. Sho ing he fo m Were starting with a simple HTML form. There is actually something special here, because we use a dropdown. This dropdown is filled with data from the database, using this query: view plaincopy to clipboardprint? 1. SELECT 2. cat_id, 3. cat_name, 4. cat_description 5. FROM 6. categories 7. Thats the only potentially confusing part here; its quite a piece of code, as you can see when looking at the create_topic.php file at the bottom of this step. P oce ing he fo m The process of saving the topic consists of two parts: saving the topic in the topics table and saving the first post in the posts table. This requires something quite advanced that goes a bit beyond the scope of this tutorial. Its called a transaction, which basically means that we start by executing the start command and then rollback when there are database errors and commit when everything went well. More about transactions. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. <?php //start the transaction $query = "BEGIN WORK;"; $result = mysql_query($query); //stop the transaction $sql = "ROLLBACK;"; $result = mysql_query($sql); //commit the transaction $sql = "COMMIT;"; $result = mysql_query($sql); ?>
The first query being used to save the data is the topic creation query, which looks like this: view plaincopy to clipboardprint?
2/26/12
1. INSERT INTO 2. topics(topic_subject, 3. topic_date, 4. topic_cat, 5. topic_by) 6. VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "', 7. NOW(), 8. " . mysql_real_escape_string($_POST['topic_cat']) . ", 9. " . $_SESSION['user_id'] . ") 10. At first the fields are defined, then the values to be inserted. Weve seen the first one before, its just a string which is made safe by using mysql_real_escape_string(). The second value, NOW(), is a SQL function for the current time. The third value, however, is a value we havent seen before. It refers to a (valid) id of a category. The last value refers to an (existing) user_id which is, in this case, the value of $_SESSION[user_id']. This variable was declared during the sign in process. If the query executed without errors we proceed to the second query. Remember we are still doing a transaction here. If we wouldve got errors we would have used the ROLLBACK command. view plaincopy to clipboardprint? 1. INSERT INTO 2. posts(post_content, 3. post_date, 4. post_topic, 5. post_by) 6. VALUES 7. ('" . mysql_real_escape_string($_POST['post_content']) . "', 8. NOW(), 9. " . $topicid . ", 10. " . $_SESSION['user_id'] . ") 11. The first thing we do in this code is use mysql_insert_id() to retrieve the latest generated id from the topic_id field in the topics table. As you may remember from the first steps of this tutorial, the id is generated in the database using auto_increment. Then the post is inserted into the posts table. This query looks a lot like the topics query. The only difference is that this post refers to the topic and the topic referred to a category. From the start, we decided to create a good data model and here is the result: a nice hierarchical structure.
S ep 10: Ca ego
A short list of the things we need:
Vie
Were going to make an overview page for a single category. Weve just created a category, it would be handy to be able to view all the topics in it. First, create a page called category.php.
Needed fo di pla ing he ca ego

cat_name cat_description Needed for displa ing all the topics topic_id topic_subject
2/26/12
topic_date topic_cat Lets create the two SQL queries that retrieve exactly this data from the database. view plaincopy to clipboardprint? 1. SELECT 2. cat_id, 3. cat_name, 4. cat_description 5. FROM 6. categories 7. WHERE 8. cat_id = " . mysql_real_escape_string($_GET['id']) 9. The query above selects all the categories from the database. view plaincopy to clipboardprint? 1. SELECT 2. topic_id, 3. topic_subject, 4. topic_date, 5. topic_cat 6. FROM 7. topics 8. WHERE 9. topic_cat = " . mysql_real_escape_string($_GET['id']) 10. The query above is executed in the while loop in which we echo the categories. By doing it this way, well see all the categories and the latest topic for each of them. The complete code of category.php will be the following: view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. <?php //create_cat.php include 'connect.php'; include 'header.php'; //first select the category based on $_GET['cat_id'] $sql = "SELECT cat_id, cat_name, cat_description FROM categories WHERE cat_id = " . mysql_real_escape_string($_GET['id']); $result = mysql_query($sql); if(!$result) { echo 'The category could not be displayed, please try again later.' . mysql_error(); } else
23/27
2/26/12
23. { 24. if(mysql_num_rows($result) == 0) 25. { 26. echo 'This category does not exist.'; 27. } 28. else 29. { 30. //display category data 31. while($row = mysql_fetch_assoc($result)) 32. { 33. echo '<h2>Topics in ' . $row['cat_name'] . ' category</h2>'; 34. } 35. 36. //do a query for the topics 37. $sql = "SELECT 38. topic_id, 39. topic_subject, 40. topic_date, 41. topic_cat 42. FROM 43. topics 44. WHERE 45. topic_cat = " . mysql_real_escape_string($_GET['id']); 46. 47. $result = mysql_query($sql); 48. 49. if(!$result) 50. { 51. echo 'The topics could not be displayed, please try again later.'; 52. } 53. else 54. { 55. if(mysql_num_rows($result) == 0) 56. { 57. echo 'There are no topics in this category yet.'; 58. } 59. else 60. { 61. //prepare the table 62. echo '<table border="1"> 63. <tr> 64. <th>Topic</th> 65. <th>Created at</th> 66. </tr>'; 67. 68. while($row = mysql_fetch_assoc($result)) 69. { 70. echo '<tr>'; 71. echo '<td class="leftpart">'; 72. echo '<h3><a href="topic.php?id=' . $row['topic_id'] . '">' . $row['topic_subject'] . '</a><h3>'; 73. echo '</td>'; 74. echo '<td class="rightpart">'; 75. echo date('d-m-Y', strtotime($row['topic_date'])); 76. echo '</td>'; 77. echo '</tr>'; 78. } 79. } 80. }
2/26/12
81. } 82. } 83. 84. include 'footer.php'; 85. ?> 86. And here is the final result of our categories page:
S ep 11: Topic Vie

The SQL queries in this step are complicated ones. The PHP-part is all stuff that youve seen before. Lets take a look at the queries. The first one retrieves basic information about the topic: view plaincopy to clipboardprint? 1. SELECT 2. topic_id, 3. topic_subject 4. FROM 5. topics 6. WHERE 7. topics.topic_id = " . mysql_real_escape_string($_GET['id']) 8. This information is displayed in the head of the table we will use to display all the data. Next, we retrieve all the posts in this topic from the database. The following query gives us exactly what we need: view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. SELECT posts.post_topic, posts.post_content, posts.post_date, posts.post_by, users.user_id, users.user_name FROM posts LEFT JOIN users ON posts.post_by = users.user_id WHERE posts.post_topic = " . mysql_real_escape_string($_GET['id'])
This time, we want information from the users and the posts table so we use the LEFT JOIN again. The condition is: the user id should be the same as the post_by field. This way we can show the username of the user who replied at each post. The final topic view looks like this:
S ep 12: Adding a Repl

2/26/12
Lets create the last missing part of this forum, the possibility to add a reply. Well start by creating a form: view plaincopy to clipboardprint? 1. <fo m method="post" action="reply.php?id=5"> 2. < e a ea name="reply-content"></ e a ea> 3. <inp type="submit" value="Submit reply" /> 4. </fo m> 5.
The complete reply.php code looks like this. view plaincopy to clipboardprint? 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. 35. 36. 37. 38. 39. 40. 41. 42. 43. 44. <?php //create_cat.php include 'connect.php'; include 'header.php'; if($_SERVER['REQUEST_METHOD'] != 'POST') { //someone is calling the file directly, which we don't want echo 'This file cannot be called directly.'; } else { //check for sign in status if(!$_SESSION['signed_in']) { echo 'You must be signed in to post a reply.'; } else { //a real user posted a real reply $sql = "INSERT INTO posts(post_content, post_date, post_topic, post_by) VALUES ('" . $_POST['reply-content'] . "', NOW(), " . mysql_real_escape_string($_GET['id']) . ", " . $_SESSION['user_id'] . ")"; $result = mysql_query($sql); if(!$result) { echo 'Your reply has not been saved, please try again later.'; } else { echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.'; } } } include 'footer.php';
26/27
2/26/12
45. ?> 46. The comments in the code pretty much detail whats happening. Were checking for a real user and then inserting the post into the database.
Fini hing Up
Now that youve finished this tutorial, you should have a much better understanding of what it takes to build a forum. I hope my explanations were clear enough! Thanks again for reading.
Like 209 e le
Tags: forummysqlPHPphp forum
B E e
Padje
Hello, my name is Evert Padje, and I specialize in web design and development. I've been doing web stuff for about 4 years and am just starting out with AE and 3dsMax. You can check out more work at http://creativecaptain.com!
27/27

How To Create A PHP - MySQL Powered Forum From Scratch - Nettuts+

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Create A PHP - MySQL Powered Forum From Scratch - Nettuts+

Uploaded by

Copyright:

Available Formats

2/26/12

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

S ep 1: C ea ing Da aba e Table

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

view plaincopy to clipboardprint?

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

view plaincopy to clipboardprint?

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

view plaincopy to clipboardprint?

S ep 2: In od c ion o he Heade /Foo e S

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

/* center the page */

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

S ep 3: Ge ing Read fo Ac ion

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

S ep 6: Adding A hen ica ion and U e Le el

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

Needed fo di pla ing he ca ego

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

S ep 11: Topic Vie

S ep 12: Adding a Repl

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

How to Create a PHP/MySQL Powered Forum from Scratch Nettuts+

Tags: forummysqlPHPphp forum

You might also like