Search
Left Quote    By failing to prepare, you are preparing to fail.
- Benjamin Franklin    
Right Quote
 
[login] | [Register]
Forum Index » General Discussion » Viewing Topic and Replies
Post Reply


        Viewing Topic: Adapting comment script for adding content
  This user is offline  jazzylee77
  Subject: "Adapting comment script for adding ..." Posted: @ 7:07 pm on Nov 21 2007   

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

I have the comments script running on a test page ok and I'm playing with an idea. I have all kinds of sites where it would be nice to be able to go back and add content. But I'm not really wanting that space fully open to comments. Sure I have sites that run different CMS, drupal, wordpress, etc., but I'm thinking of sites that are developed in different ways. So this would be like a poor mans CMS for those pages.


Desired changes:
1. Only I can post.
2. Only what is entered as the "comment&q uot; is displayed.
3. Form is only displayed to me when I login
4. Allow html
5. Other changes for security

So with this included in my page templates, while logged in, I could browse around my site adding content. Hopefully without opening a big gaping security hole.



    Viewed: 18,320 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 8:09 pm on Nov 21 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

Probably should have put this in php coding, but pushing on...

So far, removing the username/contac t subject and date from displayed comments was simple enough. Just remove those echo lines.

So the first part of the code looks like this


Code:

require_once($ _SERVER['DOCUM ENT_ROOT'].'/ database_connec t.php');

//query comments for this page of this article
$inf = "SELECT * FROM `comments` WHERE page = '".strip slashes($_SERVE R['REQUEST_URI '])."' ORDER BY time ASC";
$info = mysql_query($in f);
if(!$info) die(mysql_error ());

$info_rows = mysql_num_rows( $info);
if($info_rows > 0) {

echo '<table width="95 %">';

while($info2 = mysql_fetch_obj ect($info)) {
echo '<tr>';
echo '<td colspan=" 2"> '.stripslashes ($info2->com ment).' </td>';< br /> echo '</tr>' ;
}//end while
echo '</table> ;';
echo '<hr width="95 %" noshade>';< br /> } else echo '';


I might come up with some other default for the else echo...just don't want to invite comments there.

For the rest I have some learnin to do...




    Viewed: 18,312 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 8:57 pm on Nov 21 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

maybe I can use this simple login script from http://scripts. franciscocharru a.com/login.php ?


Code:

<?
function isLogged($UserN ame, $PassWord, $LogInPage)
{
//Without this, PHP will create a local
//variable called $HTTP_COOKIE_VA RS.
global $HTTP_COOKIE_VA RS;

$Entered_UserNa me = "";
$Entered_PassWo rd = "";

if(isset($HTTP_ COOKIE_VARS[&q uot;UserName&q uot;]) &&
isset($HTTP_COO KIE_VARS[" ;PassWord" ;]))
{
$Entered_UserNa me = $HTTP_COOKIE_VA RS["UserN ame"];
$Entered_PassWo rd = $HTTP_COOKIE_VA RS["PassW ord"];
}

if($Entered_Use rName != $UserName || $Entered_PassWo rd != $PassWord)
{
//$LogInPage should be the name of an existing file
//with alternative web content. If you don't wish to
//provide such content, just pass the empty string.
if($LogInPage != "") include($LogInP age);
return(false);< br /> }
else
return(true); }
?>



The form


Code:
<form name="log in"> <table align="ce nter" cellpadding=&q uot;10" cellspacing=&q uot;0" border="1 ">
<tr>
<td>User Name </td>
<td><i nput type="tex t" name="Use rName" /></td> ;
</tr>

<tr>
<td>Passw ord</td>< br /> <td><i nput type="pas sword" name="Pas sWord" /></td> ;
</tr>

<tr>
<td colspan=" 2" align="ri ght">< br /> <input type="but ton" value="lo g in"
onclick=" document.cookie = 'UserName=' + document.login. UserName.value;
document.cookie = 'PassWord=' + document.login. PassWord.value;
document.EmptyF orm.submit();& quot;>
</td>
</tr>
</table>< br /> </form>
<form name="Emp tyForm" method="p ost">< br /> </form>





    Viewed: 18,304 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Adapting comment script for add..." Posted: @ 9:35 pm on Nov 21 2007    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

The "Creating a Members System" article in PHP on this site is the same concepts used. I really recommend coding all aspects of the site yourself so that you are in full control and do not find yourself wanting a piece of this script, and a piece of that one... Thats why I try to put up more tutorials than code samples, because tutorials teach you how to do it, where code samples are often interpreted as cut-and-paste.

If you have any questions with coding or errors along the way, feel free to post and I will try to help all I can. If I can't, perhaps someone else viewing the forums may assist you in your effors. The best of luck to ya




-bs0d | AllSyntax.com

    Viewed: 18,299 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 11:17 pm on Nov 21 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

Okay I've gone through the tutorial for Complete Members System and have it working with the header code top of my test pages. (I'll include that in the header when I launch the real site)

Now I want to hide the submit comment form from everyone but me.

Best way is?

I suppose I need to change the valid contact part of the code, somehow making me the only valid contact


Code:

//this is for a valid contact
if(substr($_POS T['contact'], 0,7) != 'mailto:' && !strstr($_POST[ 'contact'],' //')) {
if(strstr($_POS T['contact'], '@'))
$_POST['contac t'] = "mailto: ".$_POST[ 'contact'].&q uot;";
else
$_POST['contac t'] = "http:// ".$_POST[ 'contact'].&q uot;";
} //end valid contact

and then Preventing the form from showing to non valids... suppose I need to add an elseif to the show form part. or die if it's not my user? I don't really know at this point.


Code:
//add comment
$q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment) VALUES ('".$_GE T['id'].&quo t;', '".$_POS T['page'].&q uot;', '".$_POS T['date'].&q uot;', '".$_POS T['time'].&q uot;', '".addsl ashes(htmlspeci alchars($_POST[ 'username'])) ."', '".$_SER VER['REMOTE_AD DR']."' , '".addsl ashes(htmlspeci alchars($_POST[ 'contact'])). "', '".addsl ashes(htmlspeci alchars($_POST[ 'subject'])). "', '".addsl ashes(htmlspeci alchars(nl2br($ _POST['comment '])))." ')";

$q2 = mysql_query($q) ;
if(!$q2) die(mysql_error ());

//refresh page so they can see new comment
header('Locati on: http://' . $_SERVER['HTTP _HOST'] . $_POST['page' ] . "#comment s");

} else { //display form




    Viewed: 18,288 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Adapting comment script for add..." Posted: @ 2:49 am on Nov 22 2007    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

if you only want to show "comments " by you, just modify the query; something like this:

$q = mysql_query(&q uot;SELECT * FROM `comments` WHERE `username` = jazzylee77 AND `id` = '".$_GET ['id']." ;'");

The same concept for limiting what is visible to other users. just do:

if($_SESSION ['username'] == "jazzylee 77") {
//show submit button or link
} //end if




-bs0d | AllSyntax.com

    Viewed: 18,279 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 6:01 am on Nov 22 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

I'm slowly catching on. I pulled the form code out and put it in form.php

then
Code:


<? if($_SESSION[' username'] == "jazzylee 77")
include "form.php "; ?>



I'm thinking I'll just remove the register.php, and unless someone finds my login url then breaks my user and pass, it will be fairly secure?

I'm thrilled to get this far with it. Now I need to avoid having to enter Username: Contact: Subject: after I'm logged in. I guess I could put those values in the form, but that sounds pretty insecure. Or maybe use post contact and user. Try again tomorrow...it' s late for me.

I'm not sure if I should go telling everyone how helpful bs0d is or if I should keep it a secret! :)




    Viewed: 18,272 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Adapting comment script for add..." Posted: @ 4:15 pm on Nov 22 2007    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

If you don't want those values as a part of your script (contact, subject and such) just remove them entirely. Delete them from the form, delete the code that checks for them, delete them from the SQL to add them to the database and delete the columns from your table.

If you use the CAPTCHA script, it will help your forms to be more secure from spam bots and such and the passwords are md5 encrypted.




-bs0d | AllSyntax.com

    Viewed: 18,248 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 9:25 pm on Nov 22 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

Thanks for the help. Removing the extra form parts is the simplest way for sure. I think I was too tired to think of that last night. I will work on adding the captcha and password encryption...mo re for the encryption. I'll name the login page something like 4dKq6ysihG.php remove, the register.php after I'm setup and I think I'll feel secure including this on all kinds of sites where I want an easy back door to add extra bits of content to any page.




    Viewed: 18,239 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Adapting comment script for add..." Posted: @ 12:32 am on Nov 23 2007    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

Better yet, put the login page behind a .htaccess protected directory where you must enter in a username and password just to access the file.




-bs0d | AllSyntax.com

    Viewed: 18,231 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 4:03 am on Nov 23 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

Good. Definitely do that one.




    Viewed: 18,222 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 3:17 pm on Dec 28 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

I've got this working in a couple places, but now I have a new wrinkle to add.

One site I'd love to use this is largely created by a perl script, and though php won't work on those pages I can send a parameter to comments.php and include the result.

something like this
<!--#include src="/com ments.php?k={va riable}"- ->

Things to Do let me know where I'm guessing wrong

put the database connect stuff in with comments.php

change the comments sql table removing page column and creating k column

change code to insert k into comments table

I Need to learn how to do this last part with the k parameter




    Viewed: 17,278 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 3:56 pm on Dec 28 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio



There may be no real need to pass that parameter. Since <!--#include src="/com ments.php?{vari able}"--& gt; creates a working url like comments.php?wh atever-the-para meter-is I can stay with the page column idea. This much is tested and working.

getting closer. I think the problem will be with the form.




    Viewed: 17,275 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 4:20 pm on Dec 28 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

Since I have the form included in comments.php via a conditional statement
Code:

<? if($_SESSION[' username'] == "myuserna me"
include "form.php "; ?>

the form shows up when I am logged in and visit a url comments.php?wh atever-the-para meter-is.

However when I include this url, any posted comment shows up fine, but the form does not. I'm only coming up with half-measures at this point like putting a link on the page (nofollow) pointing to comments.php?wh atever-the-para meter-is so I can visit the form.



Edited at 04:42:21 pm on 12/28/07


    Viewed: 17,271 Times | Reply to This | To top
  This user is offline  jazzylee77
  Subject: "re: Adapting comment script for add..." Posted: @ 9:41 pm on Dec 29 2007    

Member #: 484
Rank: User - (14)
Since: 11/21/07
Posts: 14
From: Ohio

After playing around with this for a while, I've decided linking to a special url to compose the new content is sometimes better since it keeps the form out of the layout and you can then pop back to the page and see how it looks. I think later I will want to add the ability to edit, maybe even integrate an html editor with preview. (of course I can always edit the database if I really mess something up)




    Viewed: 17,224 Times | Reply to This | To top
Viewing Page: 1 of 1


1 |

You must be logged in to post on the forums. Login or Register








"AllSyntax.com" Copyright © 2002-2018; All rights lefted, all lefts righted.
Privacy Policy  |  Internet Rank