// index.php
<?php
$website_title = "My Blog";
$website_description = "My blogs description.";
$website_link = "http://www.yourwebsite.com";
$website_name = "Your Name";
$website_email = "you@youremail.com";
$database_server = "localhost";
$database_user = "you_you";
$database_password = "demo123";
$database_name = "you_blog";
$website_password = "demo123";
$website_entries = 5;
function query($sql) {
$results = mysql_query($sql);
echo mysql_error();
return $results;
}
function get_value($table,$id,$column) {
if ($id == 0) {
switch ($table) {
case "content":
switch ($column) {
}
break;
}
}
else {
return mysql_result(query("SELECT $column FROM $table WHERE id=$id"),0,0);
}
}
function get_comments($article_or_comment, $id) {
$sql_where = "parent_id=$id";
if ($article_or_comment == "article") {
$sql_where = "article_id=$id AND parent_id=0";
}
$results = query("SELECT * FROM comments WHERE $sql_where ORDER BY id ASC");
while ($row = mysql_fetch_assoc($results)) {
if ($row['id'] == $_GET['new_comment']) { $return_string .= "<a
name=\"new_comment\"></a>"; }
$return_string .= "".prepare_text($row['content']). "<br />---<br />Posted by "
.$row['posted_by']." on ".date('F dS Y',$row['date_posted'])."<hr />";
if($row['id'] == $_GET['reply_to']) { $return_string .= '<a name="new_message"></a>'.show_form();
}
$return_string .= get_comments('comment', $row['id']);
}
return $return_string;
}
function show_form () {
$return_string = '';
if ($_GET['new_comment'] == 0) { $return_string .= '<a name="new_comment"></a>'; }
$return_string .= '
<form name="comment" method="POST"
action="index.php?id='.$_GET['id'].'&reply_to='.$_GET['reply_to'].'#new_comment">
<input type="hidden" name="parent_id" value="'.$_GET['reply_to'].'">
Name:<br /><input type="text" class=\"text_field\" name="posted_by" size="44"
value="'.stripslashes($_POST['posted_by']).'">
<br /><br />
Security Question (what is 5+7):<br /><input type="text" class=\"text_field\" name="security"
size="44" value="'.stripslashes($_POST['security']).'">
<br /><br />
Comment:<br><textarea class=\"text_field\" name="content" cols="51" rows="5"
wrap="virtual">'.stripslashes($_POST['content']).'</textarea>
<br /><br />
<input type="submit" name="submit" value="Submit Comment"> <small>Allowed
Tags: <b><i><u><a></small>
'.$_GET['message'].'
</form>
';
return $return_string;
}
$allowed_tags = '<a><i><b><u>';
function prepare_text($text) {
global $allowed_tags;
$text = str_replace("\n","\n<br>",strip_tags(stripslashes($text),$allowed_tags));
$text = preg_replace("/([^\"])(http:\/\/[-\/a-zA-Z0-9%_.?&=]*)/","$1<a
href=\"$2\">$2</a>",$text);
$text = close_tags($text);
return $text;
}
function close_tags($text) {
global $allowed_tags;
$tags_array = explode(">",trim($allowed_tags));
array_pop($tags_array);
$closing_tags_needed = array();
foreach($tags_array as $tag) {
$closing_tag = '</'.substr($tag,1);
$lower_tag = strtolower($tag);
$opening_tag_count = preg_match_all("/$lower_tag( |\>)/",strtolower($text),$tmp); // OLD CODE:
substr_count(strtolower($text),strtolower($tag.">"));
$closing_tag_count = substr_count(strtolower($text),strtolower($closing_tag.">"));
$closing_tags_needed[$tag] = $opening_tag_count - $closing_tag_count;
}
foreach ($tags_array as $tag) {
for ($i=0; $i<$closing_tags_needed[$tag]; $i++) {
$text =$text.'</'.substr($tag,1).">";
}
}
return $text;
}
function write_rss($website_title,$website_description) {
$articles = query("SELECT id, author, title, SUBSTRING(content, 1, 256) as content, date_posted FROM content WHERE published='Yes'
ORDER BY date_posted DESC LIMIT 10");
$rss_text = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?><rdf:RDF
xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\"
xmlns=\"http://purl.org/rss/1.0/\">\r\t<channel
rdf:about=\"$_SERVER[SERVER_NAME]\">\r\t\t<title>$website_title</title>\r\t\t<description&
gt;$website_description</description>\r\t\t<link>$website_link</link>\r\t\t<items>\r\t\t&#
92;t<rdf:Seq>";
while ($article = mysql_fetch_assoc($articles)) {
$rss_text .= "\r\t\t\t\t<rdf:li
rdf:resource=\"http://$_SERVER[SERVER_NAME]$_SERVER[PHP_SELF]?id=$article[id]\"/>";
}
$rss_text .= "\r\t\t\t</rdf:Seq>\r\t\t</items>\r\t</channel>";
$articles = query("SELECT id, author, title, SUBSTRING(content, 1, 256) as content, date_posted FROM content WHERE published='Yes'
ORDER BY date_posted DESC LIMIT 10");
while ($article = mysql_fetch_assoc($articles)) {
$rss_text .= "\r\t<item
rdf:about=\"http://$_SERVER[SERVER_NAME]$_SERVER[PHP_SELF]?id=$article[id]\">\r\t\t<title>".stripslashes($
article[title])."</title>\r\t\t<description>".stripslashes(str_replace("&","&",strip
_tags($article[content])))."...</description>\r\t\t<link>http://$_SERVER[SERVER_NAME]$_SERVER[PHP_SELF]?id=$article[id]&l
t;/link>\r\t</item>";
}
$rss_text .= "\r</rdf:RDF>";
$current_directory = $_SERVER[DOCUMENT_ROOT].substr($_SERVER[SCRIPT_NAME],0,strrpos($_SERVER[SCRIPT_NAME],"/"))."/";
$filename = $current_directory.'rss.xml';
$tmp = fopen($filename, 'w');
fclose($tmp);
if (is_writable($filename)) {
if (!$handle = fopen($filename, 'w')) {
echo "Cannot open file ($filename)";
exit;
}
if (fwrite($handle, $rss_text) === FALSE) {
echo "Cannot write to file ($filename)";
exit;
}
fclose($handle);
}
else {
echo "The file $filename is not writable";
}
}
$db = mysql_connect($database_server, $database_user, $database_password);
mysql_select_db($database_name,$db);
echo mysql_error();
if (!$_GET['reply_to']) { $_GET['reply_to'] = 0; }
switch ($_GET['action']) {
case 'admin':
break;
}
$_GET['new_comment'] = 0;
if ($_POST['submit']) {
if ($_POST['posted_by'] == '') { $_GET['message'] = "<br /><br />Please enter your name."; }
else if ($_POST['security'] != '12') { $_GET['message'] = "<br /><br />Security question incorrect.
Please try again."; }
else if ($_POST['content'] == '') { $_GET['message'] = "<br /><br />Please enter a comment."; }
else {
query("INSERT INTO comments (article_id,posted_by,parent_id,security,content,date_posted) VALUES
(".$_GET['id'].",'".$_POST['posted_by']."',".$_POST['parent_id'].",'".
$_POST['security']."','".$_POST['content']."',".mktime().")");
$_GET['new_comment'] = mysql_insert_id();
$_GET['reply_to'] = 0;
$_POST = array();
}
}
?>
<?php require("admin.php"); ?>
<?php
if ($_GET['id'] != "") {
$sql = "SELECT * FROM content WHERE published='Yes' AND id=".$_GET['id'];
$results = query($sql);
while ($row = mysql_fetch_assoc($results)) {
echo "\n\n<b>".stripslashes($row['title'])."</b>";
echo " | <i>Posted by ".$row['author']." on ".date('F dS Y', $row['date_posted']);
echo "</i>\n<br /><br />".prepare_text($row['content'])."<hr />\n";
}
if ($allow_comments == 'yes') {
echo get_comments('article',mysql_result($results,0,0));
?>
<?php if (!$_GET['reply_to']) { echo show_form
($_GET['id'],0,$_POST['posted_by'],$_POST['security'],$_POST['content']); } ?>
<?php
}
?>
<?php
}
else {
if (!$_GET[start]) {
$_GET[start] = 0;
}
if ($_GET['current_subsection'] != 0) {
$sql = "SELECT b.* FROM content a, content b WHERE a.id=".$_GET['current_subsection']." AND a.section=b.section AND
a.subsection=b.subsection AND a.published='Yes' AND b.published='Yes' ORDER BY date_posted DESC LIMIT
$_GET[start],$website_entries";
$possible_records = mysql_result(query("SELECT COUNT(b.id) FROM content a, content b WHERE
a.id=".$_GET['current_subsection']." AND a.section=b.section AND a.subsection=b.subsection AND
a.published='Yes'"),0,0);
}
else if ($_GET[action] == 'search') {
$sql = "SELECT * FROM content WHERE title LIKE '%$_POST[term]%' OR content LIKE '%$_POST[term]%' AND
published='Yes' ORDER BY date_posted DESC";
$possible_records = 0;
}
else {
$sql = "SELECT * FROM content WHERE published='Yes' ORDER BY date_posted DESC LIMIT $_GET[start],$website_entries";
$possible_records = mysql_result(query("SELECT COUNT(id) FROM content WHERE published='Yes'"),0,0);
}
$results = query($sql);
while ($row = mysql_fetch_assoc($results)) {
echo "\n<b>".stripslashes($row['title']);
echo "</b> | ";
echo "<i>Posted by $row[author] on ".date('F dS Y', $row['date_posted']);
echo ".</i><br /><br />";
echo "".prepare_text(substr($row[content],0,1500)."...")."\n";
echo "<p align=\"right\"><a href=\"index.php?id=".$row['id']."\">Read More
(".mysql_result(query("SELECT COUNT(id) FROM comments WHERE article_id=".$row['id']." AND
content<>''"),0,0)." Comments) ➔</a></p>";
echo "<hr />";
}
if (($possible_records-($_GET[start]+$website_entries)) > 0) {
echo "<a href=\"index.php?&start=".($_GET[start]+$website_entries)."\">Previous Blog Entries
(".($possible_records-($_GET[start]+$website_entries)).") ➔</a>";
}
}
?>
// admin.php
<?php if ($_GET['action'] == 'admin') { ?>
<?php
if ($_GET['task'] == 'list') {
$results = query("SELECT * FROM ".$_GET['table']." ORDER BY ".$_GET['orderby']." DESC ");
echo "<table cellspacing=\"5\" cellpadding=\"5\"
border=\"1\"><tr><td> </td>";
for ($i=0;$i<mysql_num_fields($results);$i++) {
$field_info = mysql_fetch_field($results, $i);
echo "<td><a
href=\"index.php?action=admin&task=list&table=".$_GET['table']."&orderby=$field_info->name\"&
gt;".ucwords(str_replace('_',' ',$field_info->name))."</td>";
}
while ($row = mysql_fetch_assoc($results)) {
echo "<tr>\n<tr><td><a
href=\"index.php?action=admin&task=edit&table=".$_GET['table']."&id=".$row['id']."
2;">Edit</a>";
foreach ($row as $cell) {
echo "<td>".strip_tags(stripslashes(substr($cell,0,16)))."</td>";
}
echo "</tr>";
}
echo "</table><br /><br />";
}
?>
<?php
if ($_GET['task'] == 'edit') {
$columns_array = array();
$columns = mysql_query("SHOW COLUMNS FROM $_GET[table]");
while($row = mysql_fetch_object($columns)){
$columns_array[$row->Field] = $row->Type;
}
$results = query("SELECT * FROM ".$_GET['table']." WHERE id=".$_GET['id']);
echo '<form method="post"
action="index.php?action=admin&task=update&table='.$_GET['table'].'&id='.$_GET['id'].'&qu
ot;><table class="left">';
for ($i=0;$i<mysql_num_fields($results);$i++) {
$field_info = mysql_fetch_field($results, $i);
$field_flags = mysql_field_flags($results, $i);
if ($field_info->name != 'id' && substr($field_info->name,0,4) != 'date' && substr($field_info->name,-2)
!= 'id') {
switch (preg_replace("/\(.+\)/","",$columns_array[$field_info->name])) {
case "int":
echo "\r<tr><td>".ucwords(str_replace("_","
",$field_info->name))."</td><td><input type=\"text\" class=\"text_field\"
name=\"$field_info->name\" value=\"".mysql_result($results,0,$i)."\"></td></tr>";
break;
case "varchar":
echo "\r<tr><td>".ucwords(str_replace("_"," ",$field_info->name))."</td><td>";
echo "<input type=\"text\" class=\"text_field\" name=\"$field_info->name\"
size=\"45\" value=\"".stripslashes(mysql_result($results,0,$i))."\">";
echo "</td></tr>";
break;
case "blob":
echo "\r<tr><td>".ucwords(str_replace("_","
",$field_info->name))."</td><td><textarea class=\"text_field\" cols=\"52\"
rows=\"20\"
name=\"$field_info->name\">".stripslashes(mysql_result($results,0,$i))."</textarea></td></tr>"
;;
break;
case "enum":
$values_array = explode(",",preg_replace("/(set|enum)\((.+)\)/","$2",$columns_array[$field_info->name]));
echo "\r<tr><td>".ucwords(str_replace("_"," ",$field_info->name))."</td><td>";
echo "<select name=\"$field_info->name\"
value=\"".stripslashes(mysql_result($results,0,$i))."\">";
echo "\r<option value=\"".mysql_result($results,0,$i)."\">".mysql_result($results,0,$i)."
(current)</option>";
foreach ($values_array as $value) {
if (str_replace("'","",$value) != mysql_result($results,0,$i)) {
$value = str_replace("'","",$value);
echo "\r<option value=\"$value\">$value</option>";
}
}
echo "</select>";
echo "</td></tr>";
break;
}
}
}
echo '<tr><td>Password </td><td><input type="password"
class="text_field" size="45" name="password"><tr><td> </td><td><br /><input
type="submit" class="button" value="Submit
Changes"></td></tr><tr><td> </td></tr></table></form>';
echo '<hr />';
echo '<form
action="index.php?action=admin&task=delete&table='.$_GET['table'].'&id='.$_GET['id'].'&qu
ot; method="post"><div class="article_text">Password: <input type="password" class="text_field"
size="33" name="password"> <input type="submit" class="button" value="Delete
Post"></form>';
echo '<br /><br /><b><u>You will not be able to undo this - be careful!</u></b>';
echo '<hr /><br /><br />';
}
?>
<?php
if ($_GET['task'] == 'update') {
$sql = "UPDATE ".$_GET[table]." SET ";
while(list($key, $value) = each($HTTP_POST_VARS)) {
if ($key != "password") {
$sql .= "$key=";
if (is_numeric($value)) { $sql .= "$value, "; }
else { $sql .= "'".addslashes($value)."', "; }
}
}
$sql .= "date_modified=".mktime()." WHERE id=".$_GET['id'];
if ($_POST['password'] == $website_password) {
query($sql);
echo "Success! Your entry has been posted.<br /><br />";
write_rss(,$website_description);
}
else { echo "Incorrect password. Please try again.<br /><br />"; }
}
?>
<?php
if ($_GET['task'] == 'delete') {
if ($_POST['password'] == $website_password) {
query("DELETE FROM ".$_GET['table']." WHERE id=".$_GET['id']);
echo "Success! Entry deleted.<br /><br />";
write_rss(,$website_description);
}
else { echo "Incorrect password. Please try again.<br /><br />"; }
}
?>
<?php
if ($_GET['task'] == 'add') {
$results = query("SELECT * FROM ".$_GET['table']." LIMIT 1");
$columns_array = array();
$columns = mysql_query("SHOW COLUMNS FROM $_GET[table]");
while($row = mysql_fetch_object($columns)){
$columns_array[$row->Field] = $row->Type;
}
echo '<form method="post"
action="index.php?action=admin&task=insert&table='.$_GET['table'].'"><table
class="left">';
for ($i=0;$i<mysql_num_fields($results);$i++) {
$field_info = mysql_fetch_field($results, $i);
$field_flags = mysql_field_flags($results, $i);
if ($field_info->name != 'id' && substr($field_info->name,0,4) != 'date' && substr($field_info->name,-2)
!= 'id') {
switch (preg_replace("/\(.+\)/","",$columns_array[$field_info->name])) {
case "int":
echo "\r<tr><td>".ucwords(str_replace("_","
",$field_info->name))."</td><td><input type=\"text\" class=\"text_field\"
name=\"$field_info->name\"></td></tr>";
break;
case "varchar":
echo "\r<tr><td>".ucwords(str_replace("_"," ",$field_info->name))."</td><td>";
echo "<input type=\"text\" class=\"text_field\" size=\"45\"
name=\"$field_info->name\">";
echo "</td></tr>";
break;
case "blob":
echo "\r<tr><td>".ucwords(str_replace("_","
",$field_info->name))."</td><td><textarea class=\"text_field\" cols=\"52\"
rows=\"20\" name=\"$field_info->name\"></textarea></td></tr>";
break;
case "enum":
$values_array = explode(",",preg_replace("/(set|enum)\((.+)\)/","$2",$columns_array[$field_info->name]));
echo "\r<tr><td>".ucwords(str_replace("_"," ",$field_info->name))."</td><td>";
echo "<select name=\"$field_info->name\">";
foreach ($values_array as $value) {
$value = str_replace("'","",$value);
echo "\r<option value=\"$value\">$value</option>";
}
echo "</select>";
echo "</td></tr>";
break;
}
}
}
echo '<tr><td>Password </td><td><br /><input type="password"
size="45" class="text_field" name="password"><tr><td> </td><td><br /><input
type="submit" class="button" value="Submit
Entry"></td></tr><tr><td> </td></tr></table></form>';
}
?>
<?php
if ($_GET['task'] == 'insert') {
$sql = "INSERT INTO ".$_GET[table]." (";
while(list($key, $value) = each($HTTP_POST_VARS)) {
if ($key != "password") { $sql .= "$key, "; }
}
$sql .= " date_posted) VALUES (";
reset($HTTP_POST_VARS);
while(list($key, $value) = each($HTTP_POST_VARS)) {
if ($key != "password") {
if (is_numeric($value)) { $sql .= "$value, "; }
else { $sql .= "'".addslashes($value)."', "; }
}
}
$sql .= mktime().")";
if ($_POST['password'] == $website_password) {
query ($sql);
echo "Success! Your entry has been posted.<br /><br />";
write_rss(,$website_description);
}
else { echo "Incorrect password. Please try again.<br /><br />"; }
}
?>
<?php if (!$_GET['task']) { ?>
<b><u>Admin Area</u></b>
<br />
You will need your password to add, edit or remove content.
<br /><br />
<?php } ?>
What do you want to do next?
<br />
<a href="index.php?action=admin&task=add&table=content">Make A Post</a> | <a
href="index.php?action=admin&task=list&table=content&orderby=id">Edit A Post</a> | <a
href="index.php?action=admin&task=list&table=comments&orderby=id">Moderate Comments</a> | <a
href="index.php">« Back To My Blog</a>
<br /><br />
Need some help? Check out the <b>Drag&Drop Blog</b> website for installation instructions, frequently asked questions and more.
<br />
<a href="http://www.dannywesthorpe.co.uk/web-development/"
target="_blank">http://www.dannywesthorpe.co.uk/web-development/</a>
<br /><br /><hr /><hr /><br />
<?php
}
?>
