First We're going to Create our mysql database
CREATE TABLE `shoutbox` (
`id` int( 5 ) NOT NULL AUTO_INCREMENT ,
`name` varchar( 20 ) NOT NULL ,
`email` varchar( 30 ) NOT NULL ,
`website` varchar( 100 ) NOT NULL ,
`message` text NOT NULL ,
`ip` varchar( 40 ) NOT NULL ,
PRIMARY KEY ( `id` )
) TYPE = MYISAM
Code:
<?php
$limit = 20; # this is the limit of how many shouts you want posted on the shoutbox at any time.
$DBHost = 'localhost'; # your database host, usually localhost
$DBUser = 'user_user'; # youer database user, set in cpanel
$DBPass = 'password'; # your database password, set in cpanel
$DBName = 'user_database'; # your database name, set in cpanel :o
# Connects to the database
mysql_connect("$DBHost", "$DBUser", "$DBPass")or die(mysql_error());
mysql_select_db("$DBName")or die(mysql_error());
switch ($_GET['act']){ # start the switch statement, we'll be testing for the variable $_GET['act']
default: # this is if none of the case's match, so it'll be the actual shoutbox and form to post a shout.
$query=mysql_query("SELECT * FROM `shoutbox` ORDER BY id DESC LIMIT $limit");
# this is the query, it uses the $limit variable to limit how many shouts are to be shown.
# Its also in DESC (descending) order newest to oldest.
while ($row=mysql_fetch_array($query)){ # start the while loop to get all the shouts up to the limit in a list.
$name=stripslashes($row['name']); # get the submitted name.
$email=stripslashes($row['email']);
$website=stripslashes($row['website']); # get the submitted website.
$message=stripslashes($row['message']); # get the message.
$ip=stripslashes($row['ip']); # get the submitted ip address, we wont show this though.
$id=$row['id'];
if (!empty($email)){ # this checks to see if the email ISNT empty or NULL
$name="<a href='mailto:$email'>$name</a>"; # if its not null, make the name a link to the email
}
if (!empty($website)){ # this checks to see if the email ISNT empty or NULL
$name="<a href='$website'>$name</a>"; # if its not null, make the name a link to the email
}
##This is where you Change the Variables to say what the posted info says. 3$name is the users inputed name $message is message and so on its self explanatory.
echo "$name: $message "; # echo our $name and $message variable
#This allows the user to delete his or her post. This only allows deletion from the same IP
if ($ip == $_SERVER["REMOTE_ADDR"]) { # only if the ip matches the current browsing ip
echo "<br><a href='?act=del&id=$id'>Delete?</a>"; # shot the link
} #close the if
echo "<hr>"; # echo a horizontal rule to divide the shouts up
}
#this is the form area if you know html you may edit it
echo '
<form action="?act=shout" method="post" name="shout">
Name: <input name="name" type="text" size="20" maxlength="20"><br>
Email: <input name="email" type="text" size="20" maxlength="30"> *<br>
Website: <input name="website" type="text" size="20" maxlength="30"> *<br>
Message:<br>
<textarea name="message" cols="20" rows="3"></textarea><br>
<input type="submit" name="Submit" value="Shout !"><br><br>
* Denotes feild not required
</form>';
break; # break out of the default
case "shout"; # check to see if $_GET['act'] is equal to "shout"
#
## Now we'll get the data submitted from the form, since the form type was "post"
## we'll be using the $_POST global function to recieve the data.
## We must also clean the data. I used:
## addslashes() - this adds backslashes to any of 'these' or "these"
## htmlspecialchars() - this makes html useless by making things like < into < ect.
#
$name=addslashes(htmlspecialchars($_POST['name']));
$email=addslashes(htmlspecialchars($_POST['email']));
$wesbite=addslashes(htmlspecialchars($_POST['wesbite']));
$message=addslashes(htmlspecialchars($_POST['message']));
#
## Now we'll make sure that the required fields have been filled.
## if they haven't we'll redirect the user to the form
#
if ($name == ""){
header("location: ?"); # '?' is just saying go to the default page
}
elseif ($message == ""){
header("location: ?");
}
else { # else, if all the feilds have been filled - run the queries!
$ip=$_SERVER["REMOTE_ADDR"]; # this is the global function for the ip, its for later use :)
$sql=mysql_query("INSERT INTO `shoutbox` ( `id` , `name` , `email` , `website` , `message` , `ip` ) VALUES ('', '$name', '$email', '$website', '$message', '$ip')");
if (!$sql){ # if the query didnt run, tell the user
echo "Error in mysql_query";
exit; # exit; closes the page, so no other queries or print is sent to the screen.
}
##Links back to the shoutbox script
echo "Post added successfully<br>";
echo "<a href='Your URL HERE'>Shoutbox?</a>";
}
break;
case "del";
if (is_numeric($_GET['id'])){
$ip=$_SERVER["REMOTE_ADDR"];
$id=$_GET['id']; # the id is already valid so no cleaning is nessasary
$test=mysql_num_rows(mysql_query("SELECT * FROM `shoutbox` WHERE id ='$id' AND ip ='$ip' LIMIT 1"));
if ($test == 1){
$sql=mysql_query("DELETE FROM `shoutbox` WHERE id =$id LIMIT 1");
if (!$sql){ # if the query didnt run, tell the user
echo "Error in mysql_query";
exit; # exit; closes the page, so no other queries or print is sent to the screen.
}
# Tell the user success and give them a link to the shoutbox.
echo "Success, your shout has been deleted.<br>";
echo "<a href='?'>Shoutbox?</a>";
}
else {
echo "You crafty demon, you didn't make that shout did you?<br>"; # give an error message and dont delete anything.
echo "<a href='?'>Shoutbox?</a>"; #link back to the shoutbox
}
}
else {
echo "Invalid Id!"; # error message, and no delete
}
}
?>
By the way this script only allows the user to post an email or a website address so be sure to go in and edit that yourself in the html
.
Tommorrow if im not lazy perhaps ill add in a smiley mod.
