This is a rather large function, but there's no need to panic as its pretty simple in operation, and shows off a couple of anti-spam functions too. As you can probably guess, this function processes the shout submissions and puts them into the database, after replacing smilie symbols with user-defined and uploaded images (see admin.php). Before it does this, though, it checks that the user actually came from the form, which is a useful anti-spam feature and stops some degree of remote hijacking. After this, it checks that all the data fields have been filled in properly on the form and displays a nice big error message if the user doesn't fill out their name or a shout. With all of the checking out of the way, our function then gets all the smilies out of the database, replaces the applicable ones in the shout message, and finally adds slashes before passing it on to be processed.  The shout is then processed and added to the database.

As a final anti-spam measure, the script sets a session to indicate that the user has already posted a message. To post a second message the user would have then to restart their browser.

That’s the shout.php file out of the way! Now we can move onto the admin.php file that allows us to add/delete the shouts, add new smilies, etc.

Breakdown of admin.php
We can skip the “building block” because it’s the same as the one at the start of shout.php. The first block of code in our admin.php file defines the login credentials, i.e. the username and password. Pretty simple really:

Next in line is the login checking function:

if ( isset ( $_POST['login'] ) ) { if (( $_POST['username'] === $username ) && ( $_POST['password'] === $password )) { $_SESSION['admin_logged_in'] = 'true'; } }

This function checks that the login button has been pressed, and the user came from the right place (i.e. OUR script). It then checks that the username and password are correct before setting the session so that the user can see the admin cp.

function selectAction ( $mode ) { switch ($mode) { case '': echo 'Welcome to the administration panel, make the selection above.'; break; case 'add': echo ' <form action="admin.php?mode=posting" method="post" name="addSmilie" enctype="multipart/form-data"> <input name="symbol" type="text" value="=)" size="25" maxlength="4"><br> <input name="image" type="file"><br> <input name="addsmilie" type="submit" value="Add Smilie!"><br><br> Check your symbol and filename, I couldnt be bothered writing an "edit smilie" function. Please note, as this is not a gdlib tutorial, there are no file dimensions protections. Please only upload 15x15 pixel smilies, if they are not this size, they will be skewed when they are resized when displayed. </form> '; break; case 'delete': $query = mysql_query("SELECT * FROM smilies") or die(mysql_error()); while($row = mysql_fetch_array($query)){ echo '<a href="admin.php?mode=posting&smilie='.$row['id'].'"> <img src="smilies/'.$row['URL'].'" border="0" width="15" height="15" alt="'.$row['Alt'].'"> </a><br><br> '; } break; case 'clear': mysql_query("TRUNCATE TABLE shouts") or die(mysql_error()); echo 'Shoutbox cleared successfully!'; break; case 'logout': $_SESSION['admin_logged_in'] = ''; header("Location: admin.php"); break; case 'posting': if(isset($_POST['addsmilie'])){ $uploaddir = 'smilies/'; $uploadfile = $uploaddir . $_FILES['image']['name']; //echo '<br><br>'.$uploaddir.'<br>'.$uploadfile.'<br><br>'; $upload = move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile); echo '<pre>'; if( $upload == TRUE ) { echo 'Success'; } else { echo 'Error'; print_r($_FILES); exit; } print "</pre>"; $alt = $_FILES['image']['name']; $symbol = $_POST['symbol']; $url = $_FILES['image']['name']; mysql_query("INSERT INTO smilies(Symbol, URL, Alt) VALUES('$symbol','$url','$alt')") or die(mysql_error()); echo '<br><br>Successfully inserted smilie!<br><br><a href="admin.php">Admin</a> | <a href="shout.php">Shouts</a>'; exit; } if(isset($_GET['smilie'])){ $smilie = $_GET['smilie']; mysql_query("DELETE FROM smilies WHERE id = '$smilie' LIMIT 1") or die(mysql_error()); echo 'Successfully deleted smilie!<br><br><a href="admin.php">Admin</a> | <a href="shout.php">Shouts</a>'; } break; default: } // end switch } // end if

Whoa, this is a big one huh? Let’s break it down into smaller chunks...

- Tutorial written by Scrowler

Pages (3): <Prev 1 [2] 3 Next>

Automatic Translations: