Friday, April 1, 2011

PHP GUESTBOOK TUTORIAL

11:37 PM Tutor Malaysia

First off we need phpMyAdmin and to create admin table and insert some admins inside it, here is code you need for phpMyAdmin, use same database as your guestbook is in.

CREATE TABLE admins (
username varchar(50),
password varchar(50),
id int(11) NOT NULL auto_increment,
PRIMARY KEY (id)
) TYPE=MyISAM;

Now over phpMyAdmin you need to add admins, go to admins table and click insert, write in username and password, from scroll down box on left from password select MD5 so it protects it with md5 hash, when you have done that it’s start to do admin part of guestbook, make folder admin where your guestbook is and inside it make first file named form.php, put this code inside.














Username:
Password:


When you have made form we need login.php file that will check for login details and if successful it will log you in.

// Check if login button has been pressed
if(isset($_POST['login'])){
// Define username and password
$username = $_POST['username'];
$password = $_POST['password'];
// Do some stripslashes on them
$username = stripslashes($username);
$password = stripslashes($password);
$password = md5($password);
// Include our config file for mysql server connect and select database
include "../config.php";
// Query admins table and check if admin data is good
$query = "SELECT username, password FROM admins WHERE username = '$username' AND password = '$password' LIMIT 1";
$result = mysql_query($query);
$count = mysql_num_rows($result);
// If result is good start session and register it with s_logged_n
if($count == 1){
session_start();
$_SESSION['s_logged_n'] = 'true';
$_SESSION['s_username'] = $username;
// Display successful login message
echo "You have sucessfully logged in, click here to access admin area";
} else {
// If user or pass is wrong display it
echo "Invalid username or password";
}
} else {
// If someone try to open login.php only tells them to use form
echo "You must login over form, click here to go back to login";
}
?>

Now when we have login.php we need index.php where our post from guestbook and options to edit or delete them will be, so make file index.php and put this code inside

// Start sessions and check if sessions is registered from login form, if it is true display admin data, else display that you must login
session_start();
if($_SESSION['s_logged_n'] == 'true'){
?>
Welcome to admin area echo $_SESSION['s_username']; ?>, here you can administrate guestbook.



= "10";
// Include config file
include "../config.php";
// if we don't get page number get page number 1
if(!isset($_GET['page'])){
$page = 1;
} else {
$page = $_GET['page'];
}
// Max results per page
$max_results = "$max";
$from = (($page * $max_results) - $max_results);
// Do query on database table
$query = "SELECT * FROM guestbook ORDER BY id DESC LIMIT $from, $max_results";
$result = mysql_query($query);
// If query is ok then output messages from guestbook
if ($result) {
while ($row = mysql_fetch_array($result)):
?>









endwhile ?>

Posted by echo $row['name']; ?> if($row['website'] == ''){
echo "";
} else {
echo ". $row['website'] . "\">www";
}
?>
 on echo $row['date']; ?> - echo $row['id']; ?>">click to edit - echo $row['id']; ?>">click to delete
echo $row['message']; ?>
Go to page #:= mysql_result(mysql_query("SELECT COUNT(*) as Num FROM guestbook"),0);
$total_pages = ceil($total_results / $max_results);
for($i = 1; $i <= $total_pages; $i++){
if(($page) == $i){
echo "$i ";
} else {
echo ".$_SERVER['PHP_SELF']."?page=$i\" title=\"Go to page $i\">$i ";
}
}
?>

// If query fails then output it
} else {
echo "Unable to select data from database table";
}
?>
} else {
echo "You must login to access admin area";
}
?>

When index.php is done we need file edit.php and this code that goes in

// Start sessions and check if sessions is registered from login form, if it is true display admin data, else display that you must login
session_start();
if($_SESSION['s_logged_n'] == 'true'){
?>
// Get the id of the post
if(isset($_GET['id'])){
$id = $_GET['id'];
include "../config.php";
$query = "SELECT * FROM guestbook WHERE id = '$id' LIMIT 1";
$result = mysql_query($query);
if (!$result){
echo "Please select what post to edit over index page";
} else {
while ($row = mysql_fetch_array($result)):
?>

echo "$id"; ?>" method="post">





















Name:
echo $row['name']; ?>">
Email:
echo $row['email']; ?>">
Website:
echo $row['website']; ?>">
Message:



endwhile ?>
}
}
} else {
echo "Please login over form.";
}
?>

And now our delete.php file that has this code

// Start sessions and check if sessions is registered from login form, if it is true display admin data, else display that you must login
session_start();
if($_SESSION['s_logged_n'] == 'true'){
?>
// Get the id of the post
if(isset($_GET['id'])){
$id = $_GET['id'];
include "../config.php";
$query = "DELETE FROM guestbook WHERE id = '$id' LIMIT 1";
$result = mysql_query($query);
if ($result){
echo "Successfully deleted post";
} else {
echo "There was an error deleting post";
}
}
} else {
echo "Please login over form.";
}
?>

And now finally our update.php file that have contents of updating posts inside, code goes like this

// Start sessions and check if sessions is registered from login form, if it is true display admin data, else display that you must login
session_start();
if($_SESSION['s_logged_n'] == 'true'){
?>
// If form button has been pressed then do the following
if(isset($_POST['update'])){
// Get id of post
$id = $_GET['id'];
// Include config file
include "../config.php";
$name = $_POST['name'];
$email = $_POST['email'];
$website = $_POST['website'];
$message = $_POST['message'];
// Make some preg replaces
$name = preg_replace("/>/",">",$name);
$name = preg_replace("/,"<",$name);
$email = preg_replace("/>/",">",$email);
$email = preg_replace("/,"<",$email);
$website = preg_replace("/>/",">",$website);
$website = preg_replace("/,"<",$website);
$message = preg_replace("/>/",">",$message);
$message = preg_replace("/,"<",$message);
// Add few stripslashes...
$name = stripslashes($name);
$email = stripslashes($email);
$website = stripslashes($website);
$message = stripslashes($message);
// Check if fields name, email and message are empty
if ((( empty($name) ) || ( empty($email) ) || ( empty($message) ))){
// If they are empty then output message
echo "Please write in all fields, name, email and message";
// Else if they are filled in check if email is valid
} elseif ((!strstr($email , "@")) || (!strstr($email , "."))) {
// If email is invalid then output it
echo "Please use valid email address";
} else {
// If all fields and email is valid then update data to database
// Do the query
$query = "UPDATE guestbook SET name = '$name', email = '$email', website = '$website', message = '$message' WHERE id = '$id' LIMIT 1";
$result = mysql_query($query);
if ($result){
echo "Successfully edited post";
} else {
echo "There was error editing post";
}
}
}
} else {
echo "Please login over form.";
}
?>

And that would be it, all this files must be inside guestbook/admin folder

0 comments:

Post a Comment

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | belt buckles