0

This is it, I've completed my forum script and I'm sharing it with you!!!!!!!

:O


Hope you like it, if you find any bugs, please post it here


Oh yea, and the first registered person will be the admin

<?php
//save this as style.css
?>







body {
   background-color: #666666;
   border: 10px solid #000000;
   color: #300000;
   text-align: center;
   padding: 5px;
}
#page {
   border: 1px solid #000000;
   color: #300000;
   background-color: #C0C0C0;
   text-align: center;
   padding: 5px;
}
#login {
   position: absolute;
   border: 1px solid black;
   color: #300000;
   background-color: #C0C0C0;
   text-align: center;
   padding: 5px;
   left: 50px;
   margin-top:5px;
}
#register {
   position: absolute;
   border: 1px solid black;
   color: #300000;
   background-color: #C0C0C0;
   text-align: center;
   padding: 5px;
   right: 50px;
   margin-top:5px;
}
#user_info {
   border: 1px solid black;
   margin: 5px;
   padding: 2px;
   text-align: right;
   }
#page2 {
   border: 1px solid black;
   margin: 5px;
   padding: 2px;
   }
#post {
   border: 1px solid black;
   }
a {
   color: #000;
   text-decoration: underline;
}
a:hover {
   text-decoration: none;
   color: #000;
}








<?php
//Save This Page as index.php
?>

<?php
session_start();
include("global.php");
echo "<link href='style.css' rel='stylesheet' type='text/css' />";
?>
<title>Main Forums Page</title>
<div id="page">
<?php
if($_SESSION['username']){
echo "<div id='user_info'>";
echo "<h6>Welcome ".$_SESSION['username']."!";
$result = mysql_query("SELECT `admin` FROM `users` WHERE `username` = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result)){
if($row['admin'] == 1){
echo "<br><a href='new_cat.php'>New Catagory</a>";
}
}
echo "<br>\n<a href='userchange.php'>Edit User Info</a>\n";
echo "<br>\n<a href='logout.php'>Logout</a></h6>";
echo "</div>";
echo "<div id='page2'>\n";
echo "<h2>Categories</h2>\n";
echo "<hr size='1' width='75%'>\n";
$result0 = mysql_query("SELECT * FROM forum_cats ORDER BY date");
while($row = mysql_fetch_array($result0)){
echo "<a href='forums.php?id=".$row['id']."'>".$row['cat_name']."</a><br>Date Added: ".$row['date']."<hr size='1' width='50%'><br>\n";
}
echo "<br>\n";
echo "</div>";
}else{
echo "Welcome Guest! Please login or register to start viewing the categories, topics, and to start posting!";
?>
<div id="login">
<table border=0>
<form action='./index.php' method='post'>
<tr><td colspan="2" align="center" bgcolor="#333333"><font color="#ffffff">Login Form</font></td></tr>
<tr><td>Username:</td><td><input type=text name=user maxsize=20></td></tr>
<tr><td>Password:</td><td><input type=password name=pass maxsize=20></td></tr>
<tr><td colspan="2"><input type="submit" value="Login" name="submit2"/></td></tr>
</form>
</table>
<?php
$sub = $_POST['submit2'];
$u = $_POST['user'];
$p = $_POST['pass'];
if($sub){
$sql = mysql_query("SELECT count(id) FROM users WHERE username='$u' AND password='$p'");
$result = mysql_result($sql, 0);
if($result!=1){
print "<br>Invalid Login Information";
}else{
$result1 = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($result1)){
mysql_query("UPDATE users SET admin = '1' WHERE id = '1'") or die(mysql_error());
}
$_SESSION['username'] = $u;
echo "<br>You are now logged in ".$_SESSION['username']."!";
}
}
?>
</div>

<div id="register">
<table border="0" cellspacing="3" cellpadding="3">
<form method="post" action="index.php">
<tr><td colspan="2" align="center" bgcolor="#333333"><font color="#ffffff">Registration Form</font></td></tr>
    <tr><td>Username</td><td><input type="text" name="username"></td></tr>
    <tr><td>Password</td><td><input type="password" name="password"></td></tr>
    <tr><td>Confirm</td><td><input type="password" name="passconf"></td></tr>
    <tr><td>E-Mail</td><td><input type="text" name="email"></td></tr>
    <tr><td colspan="2" align="center"><input type="submit" name="submit" value="Register"></td></tr>
    </form>
    </table>
    </div>
    <?php
if($_POST['submit']){

function protect($string){
    $string = mysql_real_escape_string($string);
    $string = strip_tags($string);
    $string = addslashes($string);

    return $string;
}
    $username = protect($_POST['username']);
    $password = protect($_POST['password']);
    $confirm = protect($_POST['passconf']);
    $email = protect($_POST['email']);

    $errors = array();

        if(!$username){
            $errors[] = "<br>Username is not defined!";
        }

        if(!$password){
            $errors[] = "<br>Password is not defined!";
        }

        if($password){
            if(!$confirm){
                $errors[] = "<br>Confirmation password is not defined!";
            }
        }

        if(!$email){
            $errors[] = "<br>E-mail is not defined!";
        }



        if($username){
            if(!ctype_alnum($username)){
                $errors[] = "<br>Username can only contain numbers and letters!";
            }

            $range = range(1,32);
            if(!in_array(strlen($username),$range)){
                $errors[] = "<br>Username must be between 1 and 32 characters!";
            }
        }

        if($password && $confirm){
            if($password != $confirm){
                $errors[] = "<br>Passwords do not match!";
            }
        }

        if($email){
            $checkemail = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i";
            if(!preg_match($checkemail, $email)){
                $errors[] = "<br>E-mail is not valid, must be name@server.tld!";
            }
        }


        if($username){
            $sql = "SELECT * FROM `users` WHERE `username`='".$username."'";
            $res = mysql_query($sql) or die(mysql_error());

                if(mysql_num_rows($res) > 0){
                    $errors[] = "<br>The username you supplied is already in use!";
                }
        }

        if($email){
            $sql2 = "SELECT * FROM `users` WHERE `email`='".$email."'";
            $res2 = mysql_query($sql2) or die(mysql_error());

                if(mysql_num_rows($res2) > 0){
                    $errors[] = "<br>The e-mail address you supplied is already in use of another user!";
                }

        }

        if(count($errors) > 0){
            foreach($errors AS $error){
                echo $error . "<br>\n";
            }
        }else {
        $ip = $_SERVER['REMOTE_ADDR'];
            $sql4 = "INSERT INTO `users`
                    (`username`,`password`,`email`, `admin`, `ip`, `displaypic`, `ban`)
                    VALUES ('".$username."','".$password."','".$email."','0', '$ip', 'None!', 'no')";
            $res4 = mysql_query($sql4) or die(mysql_error());
            echo "<font align=\"center\"><br><br>You have successfully<br>\n registered with the username <br>\n<b>".$username."</b> and the <br>\npassword <b>".$password."</b>!</font>";
            echo "</div>";
        }
}
}
?>
</div>




<?php
//Save This As new_cat.php
?>




<?php
session_start();
include("global.php");
echo "<link href='style.css' rel='stylesheet' type='text/css' />";
?>
<title>Adding Category</title>
<div id="page">
<?php
$result000 = mysql_query("SELECT * FROM  users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result000)){
if($row['ban'] == 'yes'){
echo "<a href='logout.php'>logout</a><br>\n";
die("I'm sorry, but you are currently banned and may not view the site.");
}
}
if(!$_SESSION['username']){
header("Location: index.php");
}
$query = mysql_query("SELECT admin FROM users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($query)){
$admin = $row['admin'];
}
if($admin != 1){
die("You are not authorized to be here.");
}
echo "<div id='user_info'>";
echo "<h6>Logged in as: ".$_SESSION['username'].".<br><a href='userchange.php'>Edit User Info</a> | Click here to <a href='logout.php'>logout</a> | <a href='index.php'>Main Page</a></h6>";
?>
</div>
<div id='page2'><center><h2>Adding New Category</h2>
<form action='new_cat.php' method='POST'>
<p>Category Name: <input type='text' name='cat_name'></p>
<p><input type='submit' value='Create Category' name='submit'></p>
</form>
<?php
$sub = $_POST['submit'];
$name = $_POST['cat_name'];
if($sub){
mysql_query("INSERT INTO forum_cats (cat_name) VALUES ('$name')");
echo "Created category <b>".$name."</b>!";
}
?>
</div>




<?php
//Save This as forums.php
?>





<?php
session_start();
include("global.php");
echo "<link href='style.css' rel='stylesheet' type='text/css' />\n";
?>
<title>Forums Page</title>
<div id="page">
<?php
$result000 = mysql_query("SELECT * FROM  users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result000)){
if($row['ban'] == 'yes'){
echo "<a href='logout.php'>logout</a><br>\n";
die("I'm sorry, but you are currently banned and may not view the site.");
}
}
if(!$_SESSION['username']){
die("You must login to view the topics!");
}
echo "<div id='user_info'>\n";
$id = $_GET['id'];
$result2 = mysql_query("SELECT * FROM forum_cats WHERE id = '".$id."'");
while($row = mysql_fetch_array($result2)){
$cat = $row['cat_name'];
}
echo "<h6>Logged in as: ".$_SESSION['username'].".<br><a href='userchange.php'>Edit User Info</a> | Click here to <a href='logout.php'>logout</a> | <a href='index.php'>Main Page</a></h6>";
?>
</div>
<div id='page2'><center><h3>Topics In Category: <?php
echo "<b>".$cat."</b>";
?>.</h3>
<form action='?id=<?php echo $id; ?>' method='POST'>
<input type='submit' value='New Topic' name='submit'>
</form>
<hr size='1' width='75%'>
<?php
$result = mysql_query("SELECT * FROM forum_sub_cats WHERE forum_cat_name = '".$cat."'");
while($row = mysql_fetch_array($result)){
echo "<a href='./topic.php?id=".$row['id']."'>".$row['sub_cat_name']."</a><br>\nDescription: <b>".$row['desc']."</b><br>\nDate Added: ".$row['date']."<hr size='1' width='50%'>\n<br>";
}
$sub = $_POST['submit'];
if($sub){
?>
<table border='0' cellpadding='5'>
<tr><th colspan='2'>New Topic</th></tr>
<form action='?id=<?php echo $id; ?>' method='POST'>
<tr><td>Topic Name: </td><td><input type='text' name='sub_name'></td><tr>
<tr><td>Topic Description: </td><td><input type='text' name='sub_desc'></td></tr>
<tr><td colspan='2' align='right'><input type='submit' value='Create Topic' name='submit2'></td></tr>
</form>
</table>
<?php
}
$sub2 = $_POST['submit2'];
$name = $_POST['sub_name'];
$desc = $_POST['sub_desc'];
if($sub2){
mysql_query("INSERT INTO forum_sub_cats (`sub_cat_name`, `forum_cat_name`, `desc`) VALUES ('$name', '$cat', '$desc')") or die(mysql_error());
echo "Added Topic <b>".$name."</b>!";
}
?>






<?php
//Save this as topic.php
?>





<?php
session_start();
include("global.php");
echo "<link href='style.css' rel='stylesheet' type='text/css' />\n";
?>
<title>Forums Page</title>
<div id="page">
<?php
$result000 = mysql_query("SELECT * FROM  users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result000)){
if($row['ban'] == 'yes'){
echo "<a href='logout.php'>logout</a><br>\n";
die("I'm sorry, but you are currently banned and may not view the site.");
}
}
if(!$_SESSION['username']){
die("You must login to view the posts!");
}
$result = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($result)){
$uslevel = $row['admin'];
}
echo "<div id='user_info'>\n";
$id = $_GET['id'];
$result2 = mysql_query("SELECT * FROM forum_sub_cats WHERE id = '".$id."'");
while($row = mysql_fetch_array($result2)){
$cat = $row['sub_cat_name'];
}
$result1 = mysql_query("SELECT admin FROM users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result1)){
$ulevel = $row['admin'];
}
echo "<h6>Logged in as: ".$_SESSION['username'].".<br><a href='userchange.php'>Edit User Info</a> | Click here to <a href='logout.php'>logout</a> | <a href='index.php'>Main Page</a></h6>";
?>
</div>
<div id='page2'><center><h3>Posts In Topic: <?php
echo "<b>".$cat."</b>";
?>.</h3>
<form action='?id=<?php echo $id; ?>' method='POST'>
</form>
<hr size='1' width='75%'>
<p>Posts:</p>
<?php
echo "<table border='0' cellpadding='5' cellspacing='5'>";
$result3 = mysql_query("SELECT * FROM posts WHERE forum_sub_cat_name = '".$cat."'");
while($row = mysql_fetch_array($result3)){
$user = $row['user'];
$post = $row['post'];
echo "<tr><td colspan='3'><hr size='1'></td></tr>";
echo "<tr align='left'><td colspan='2' align='center' bgcolor='#333333'><font color='#ffffff'>Username: <b>".$user."</b>&nbsp;&nbsp;&nbsp;Userlevel: ";
   if($uslevel == 0){
   echo "<b>Memeber</b>";
      if($ulevel == 1){
      echo " <br>\n<center><form action='?id=".$id."' method='POST'><input type='submit' name='edit' value='Edit'></form><form action='?id=".$id."' method='POST'><input type='submit' name='ban' value='Ban'></form>";
      }
   echo "</font></td></tr><tr><td align='left'>User Forum Pic: <br>\n".$row['display']."</td><td align='center'>Post: <br>\n<textarea rows='15' cols='20' readonly='readonly'>".$post."</textarea></td></tr>\n";
   }else if($uslevel == 1){
   echo "<b>Administrator</b>";
         if($ulevel == 1){
      echo " <br>\n<center><form action='?id=".$id."' method='POST'><input type='submit' name='edit' value='Edit'></form><form action='?id=".$id."' method='POST'><input type='submit' name='ban' value='Ban'></form>";
         }
   echo "</font></td></tr><tr><td align='left'>User Forum Pic: <br>\n".$row['display']."</td><td align='center'><textarea rows='15' cols='15' readonly='readonly'>".$post."</textarea></td></tr>\n";
   }
echo "<tr><td bgcolor='#333333'><font color='#ffffff'>Posted: ".$row['date']."</font></td><td bgcolor='#333333'><font color='#ffffff'>Subject: ".$row['subject']."</font></td></tr>";
echo "<tr><td colspan='3'><hr size='1'></td></tr>";
}
echo "</table>";
?>
<hr size='1' width='75%'>
<form action='?id=<?php echo $id; ?>' method='POST'>
<table border='0' align='center' cellspacing='5'>
<tr><th colspan='2'>Add A Post</th></tr>
<tr><td>Subject: </td><td><input type='text' name='sub' size='20'></td></tr>
<tr><td>Comment: </td><td><textarea name='comment' rows='5' cols='20'></textarea></td></tr>
</tr><td colspan='2' align='right'><input type='submit' value='Add Post' name='submit'></td></tr>
</table>
</form>
<?php
$result3 = mysql_query("SELECT displaypic FROM users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result3)){
$display = $row['displaypic'];
}

$sub = $_POST['submit'];
$subj = $_POST['sub'];
$com = $_POST['comment'];
if($sub){
   if(($subj == '') || ($com == '')){
   die("You did not enter a Subject and/or a Post!");
   }
mysql_query("INSERT INTO posts (`user`, `post`, `subject`, `forum_sub_cat_name`, `display`) VALUES ('".$_SESSION['username']."', '$com', '$subj', '$cat', '<img src=$display width=150 height=150/>')") or die(mysql_error());
echo "Post Added!";
}
$sub2 = $_POST['edit'];
$sub3 = $_POST['ban'];
if($sub2){
?>
<form action='?id=<?php echo $id; ?>' method='POST'>
<p>Current Post: <textarea rows='15' cols='20' readonly='readonly'><?php echo $post; ?></textarea></p>
<p>New Post: <textarea name='npost' rows='5' cols='20'></textarea></p>
<p><input type='submit' name='edit2' value='Edit Post'></p>
</form>
<?php
}
$sub4 = $_POST['edit2'];
$npost = $_POST['npost'];
if($sub4){
mysql_query("UPDATE posts SET post = '".$npost."'") or die(mysql_error());
echo "Post Edited!";
}
if($sub3){
mysql_query("UPDATE users SET ban = 'yes' WHERE username = '".$user."'") or die(mysql_error());
echo "User Banned!";
}
?>




<?php
//Save this as logout.php
?>




<?php
session_start();
session_unset();
session_destroy();
header("Location: index.php");
?>





<?php
//Save this as global.php
//Make sure to edit the database names
?>



<?php
$connect = mysql_connect('localhost', 'username', 'password') OR die("Error: ".mysql_error());
$db = mysql_select_db('forum', $connect) OR die("Error: ".mysql_error());
?>





<?php
//Save this as userchange.php
?>




<?php
session_start();
include("global.php");
echo "<link href='style.css' rel='stylesheet' type='text/css' />\n";
?>
<title>User Administration</title>
<div id="page">
<?php
$result000 = mysql_query("SELECT * FROM  users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result000)){
if($row['ban'] == 'yes'){
echo "<a href='logout.php'>logout</a><br>\n";
die("I'm sorry, but you are currently banned and may not view the site.");
}
}
if(!$_SESSION['username']){
die("You must login to view this page!");
}
echo "<div id='user_info'>\n";
echo "<h6>Logged in as: ".$_SESSION['username'].".<br><a href='userchange.php'>Edit User Info</a> | Click here to <a href='logout.php'>logout</a> | <a href='index.php'>Main Page</a></h6>";
?>
</div>
<div id='page2'><center><h2>User Administration</h2>
<form action='userchange.php' method='POST'>
<table border='0'>
<tr><th>Change Password | </th><th>Current Pass:
<?php
$result = mysql_query("SELECT password FROM users WHERE username = '".$_SESSION['username']."'");
while($row = mysql_fetch_array($result)){
echo $row['password'];
}
?></th></tr>
<tr><td>New Pass</td><td><input type='password' name='pass' maxsize=20 /></td></tr>
<tr><td>Confirm Pass</td><td><input type='password' name='pass2' maxsize=20 /></td></tr>
<tr><td colspan=2><input type="submit" value="Change Pass" name="submit"/></td></tr>
</table>
</form>
<?php
$np = $_POST['submit'];
$p = $_POST['pass'];
$p2 = $_POST['pass2'];

if($np){
 if($p!=$p2){
 die("Passwords Don't Match!<br>");
 }
 if(($p=='') || ($p2=='')){
 die("Passwords Are Blank!<br>");
 }
mysql_query("UPDATE users SET password = '".$p."' WHERE username = '".$_SESSION['username']."'") or die(mysql_error());
echo "Password Changed!";
}
?>
<form action='userchange.php' method='POST'>
<table border='0'>
<tr><th>Change Forum Display Pic </th><th>(Note, this will be resized to 150 x 150)</th></tr>
<tr><td>Forum Pic URL: </td><td><input type='text' name='url'></td></tr>
<tr><td colspan='2'><input type='submit' value='Change Pic' name='submit0'></td></tr>
</table>
</form>
<?php
$sub2 = $_POST['submit0'];
$url = $_POST['url'];
if($sub2){
mysql_query("UPDATE users SET displaypic = '".$url."' WHERE username = '".$_SESSION['username']."'");
echo "Forum Pic Changed!";
}
?>
</div>





<?php
//And finally, import this sql to your database
?>





CREATE TABLE IF NOT EXISTS `users` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
  `username` varchar(20) NOT NULL,
  `password` varchar(20) NOT NULL,
  `email` varchar(50) NOT NULL,
  `admin` varchar(1) NOT NULL,
  `joined` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `displaypic` varchar(500) NOT NULL,
  `ip` varchar(60) NOT NULL,
  `ban` varchar(10) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `posts` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
  `user` varchar(20) NOT NULL,
  `post` text NOT NULL,
  `subject` varchar(20) NOT NULL,
  `forum_sub_cat_name` varchar(60) NOT NULL,
  `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `display` varchar(500) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `forum_sub_cats` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
  `sub_cat_name` varchar(60) NOT NULL,
  `forum_cat_name` varchar(60) NOT NULL,
  `desc` varchar(100) NOT NULL,
  `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

CREATE TABLE IF NOT EXISTS `forum_cats` (
  `id` int(255) NOT NULL AUTO_INCREMENT,
  `cat_name` varchar(60) NOT NULL,
  `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  `admin` varchar(1) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=4 ;
4
Contributors
5
Replies
6
Views
8 Years
Discussion Span
Last Post by smartness
0

This code is horribly insecure. There are sql injection and xss holes. The code is a mess and very hard to follow. You should add some comments.

The way it stands now, I could delete your tables in your database and hijack sessions (there is a lot more I can do as well).

NO ONE USE THIS UNTIL THE ISSUES ARE FIXED!

0

This is dissapointing as I have been looking for a forum script to use for my site,

Would it be possible to add security to this to make this script secure ??

Hoping to hear a reply

0

@LloydFarrell!

Why don't you use phpBB?

@AUTHOR:
Thanks, but looks insecure! Improve it!

Also a lot of errors appear! Use error_reporting(E_ALL); when you code!

Tip:
Don't use:

if($_POST['submit']) {
//Code here
}

Use instead:

if(isset($_POST['submit'])) {
//Code here
}

Edited by smartness: n/a

0

Bug:
When you log-in, the "Welcome Guest" still apears!

After refreshing it's gone, but users will think login was unsuccessful !

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.