<?php // Example 27-1: functions.php $dbhost = 'localhost'; // Unlikely to require changing $dbname = 'robinsnest'; // Modify these... $dbuser = 'robinsnest'; // ...variables according $dbpass = 'rnpassword'; // ...to your installation $connection = new mysqli($dbhost, $dbuser, $dbpass, $dbname); if ($connection->connect_error) die("Fatal Error"); function createTable($name, $query) { queryMysql("CREATE TABLE IF NOT EXISTS $name($query)"); echo "Table '$name' created or already exists.<br>"; } function queryMysql($query) { global $connection; $result = $connection->query($query); if (!$result) die("Fatal Error"); return $result; } function destroySession() { $_SESSION=array(); if (session_id() != "" || isset($_COOKIE[session_name()])) setcookie(session_name(), '', time()-2592000, '/'); session_destroy(); } function sanitizeString($var) { global $connection; $var = strip_tags($var); $var = htmlentities($var); if (get_magic_quotes_gpc()) $var = stripslashes($var); return $connection->real_escape_string($var); } function showProfile($user) { if (file_exists("$user.jpg")) echo "<img src='$user.jpg' style='float:left;'>"; $result = queryMysql("SELECT * FROM profiles WHERE user='$user'"); if ($result->num_rows) { $row = $result->fetch_array(MYSQLI_ASSOC); echo stripslashes($row['text']) . "<br style='clear:left;'><br>"; } else echo "<p>Nothing to see here, yet</p><br>"; } ?>
<?php // Example 27-2: header.php session_start(); echo <<<_INIT <!DOCTYPE html> <html> <head> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1'> <link rel='stylesheet' href='jquery.mobile-1.4.5.min.css'> <link rel='stylesheet' href='styles.css' type='text/css'> <script src='javascript.js'></script> <script src='jquery-2.2.4.min.js'></script> <script src='jquery.mobile-1.4.5.min.js'></script> _INIT; require_once 'functions.php'; $userstr = 'Welcome Guest'; if (isset($_SESSION['user'])) { $user = $_SESSION['user']; $loggedin = TRUE; $userstr = "Logged in as: $user"; } else $loggedin = FALSE; echo <<<_MAIN <title>Robin's Nest: $userstr</title> </head> <body> <div data-role='page'> <div data-role='header'> <div id='logo' class='center'>R<img id='robin' src='robin.gif'>bin's Nest</div> <div class='username'>$userstr</div> </div> <div data-role='content'> _MAIN; if ($loggedin) { echo <<<_LOGGEDIN <div class='center'> <a data-role='button' data-inline='true' data-icon='home' data-transition="slide" href='members.php?view=$user'>Home</a> <a data-role='button' data-inline='true' data-icon='user' data-transition="slide" href='members.php'>Members</a> <a data-role='button' data-inline='true' data-icon='heart' data-transition="slide" href='friends.php'>Friends</a><br> <a data-role='button' data-inline='true' data-icon='mail' data-transition="slide" href='messages.php'>Messages</a> <a data-role='button' data-inline='true' data-icon='edit' data-transition="slide" href='profile.php'>Edit Profile</a> <a data-role='button' data-inline='true' data-icon='action' data-transition="slide" href='logout.php'>Log out</a> </div> _LOGGEDIN; } else { echo <<<_GUEST <div class='center'> <a data-role='button' data-inline='true' data-icon='home' data-transition='slide' href='index.php'>Home</a> <a data-role='button' data-inline='true' data-icon='plus' data-transition="slide" href='signup.php'>Sign Up</a> <a data-role='button' data-inline='true' data-icon='check' data-transition="slide" href='login.php'>Log In</a> </div> <p class='info'>(You must be logged in to use this app)</p> _GUEST; } ?>
<!DOCTYPE html> <html> <head> <title>Setting up database</title> </head> <body> <h3>Setting up...</h3> <?php // Example 27-3: setup.php require_once 'functions.php'; createTable('members', 'user VARCHAR(16), pass VARCHAR(16), INDEX(user(6))'); createTable('messages', 'id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY, auth VARCHAR(16), recip VARCHAR(16), pm CHAR(1), time INT UNSIGNED, message VARCHAR(4096), INDEX(auth(6)), INDEX(recip(6))'); createTable('friends', 'user VARCHAR(16), friend VARCHAR(16), INDEX(user(6)), INDEX(friend(6))'); createTable('profiles', 'user VARCHAR(16), text VARCHAR(4096), INDEX(user(6))'); ?> <br>...done. </body> </html>
<?php // Example 27-4: index.php session_start(); require_once 'header.php'; echo "<div class='center'>Welcome to Robin's Nest,"; if ($loggedin) echo " $user, you are logged in"; else echo ' please sign up or log in'; echo <<<_END </div><br> </div> <div data-role="footer"> <h4>Web App from <i><a href='http://lpmj.net/5thedition' target='_blank'>Learning PHP MySQL & JavaScript Ed. 5</a></i></h4> </div> </body> </html> _END; ?>
<?php // Example 27-5: signup.php require_once 'header.php'; echo <<<_END <script> function checkUser(user) { if (user.value == '') { $('#used').html(' ') return } $.post ( 'checkuser.php', { user : user.value }, function(data) { $('#used').html(data) } ) } </script> _END; $error = $user = $pass = ""; if (isset($_SESSION['user'])) destroySession(); if (isset($_POST['user'])) { $user = sanitizeString($_POST['user']); $pass = sanitizeString($_POST['pass']); if ($user == "" || $pass == "") $error = 'Not all fields were entered<br><br>'; else { $result = queryMysql("SELECT * FROM members WHERE user='$user'"); if ($result->num_rows) $error = 'That username already exists<br><br>'; else { queryMysql("INSERT INTO members VALUES('$user', '$pass')"); die('<h4>Account created</h4>Please Log in.</div></body></html>'); } } } echo <<<_END <form method='post' action='signup.php'>$error <div data-role='fieldcontain'> <label></label> Please enter your details to sign up </div> <div data-role='fieldcontain'> <label>Username</label> <input type='text' maxlength='16' name='user' value='$user' onBlur='checkUser(this)'> <label></label><div id='used'> </div> </div> <div data-role='fieldcontain'> <label>Password</label> <input type='text' maxlength='16' name='pass' value='$pass'> </div> <div data-role='fieldcontain'> <label></label> <input data-transition='slide' type='submit' value='Sign Up'> </div> </div> </body> </html> _END; ?>
<?php // Example 27-6: checkuser.php require_once 'functions.php'; if (isset($_POST['user'])) { $user = sanitizeString($_POST['user']); $result = queryMysql("SELECT * FROM members WHERE user='$user'"); if ($result->num_rows) echo "<span class='taken'> ✘ " . "The username '$user' is taken</span>"; else echo "<span class='available'> ✔ " . "The username '$user' is available</span>"; } ?>
<?php // Example 27-7: login.php require_once 'header.php'; $error = $user = $pass = ""; if (isset($_POST['user'])) { $user = sanitizeString($_POST['user']); $pass = sanitizeString($_POST['pass']); if ($user == "" || $pass == "") $error = 'Not all fields were entered'; else { $result = queryMySQL("SELECT user,pass FROM members WHERE user='$user' AND pass='$pass'"); if ($result->num_rows == 0) { $error = "Invalid login attempt"; } else { $_SESSION['user'] = $user; $_SESSION['pass'] = $pass; die("<div class='center'>You are now logged in. Please <a data-transition='slide' href='members.php?view=$user'>click here</a> to continue.</div></div></body></html>"); } } } echo <<<_END <form method='post' action='login.php'> <div data-role='fieldcontain'> <label></label> <span class='error'>$error</span> </div> <div data-role='fieldcontain'> <label></label> Please enter your details to log in </div> <div data-role='fieldcontain'> <label>Username</label> <input type='text' maxlength='16' name='user' value='$user'> </div> <div data-role='fieldcontain'> <label>Password</label> <input type='password' maxlength='16' name='pass' value='$pass'> </div> <div data-role='fieldcontain'> <label></label> <input data-transition='slide' type='submit' value='Login'> </div> </form> </div> </body> </html> _END; ?>
<?php // Example 27-8: profile.php require_once 'header.php'; if (!$loggedin) die("</div></body></html>"); echo "<h3>Your Profile</h3>"; $result = queryMysql("SELECT * FROM profiles WHERE user='$user'"); if (isset($_POST['text'])) { $text = sanitizeString($_POST['text']); $text = preg_replace('/\s\s+/', ' ', $text); if ($result->num_rows) queryMysql("UPDATE profiles SET text='$text' where user='$user'"); else queryMysql("INSERT INTO profiles VALUES('$user', '$text')"); } else { if ($result->num_rows) { $row = $result->fetch_array(MYSQLI_ASSOC); $text = stripslashes($row['text']); } else $text = ""; } $text = stripslashes(preg_replace('/\s\s+/', ' ', $text)); if (isset($_FILES['image']['name'])) { $saveto = "$user.jpg"; move_uploaded_file($_FILES['image']['tmp_name'], $saveto); $typeok = TRUE; switch($_FILES['image']['type']) { case "image/gif": $src = imagecreatefromgif($saveto); break; case "image/jpeg": // Both regular and progressive jpegs case "image/pjpeg": $src = imagecreatefromjpeg($saveto); break; case "image/png": $src = imagecreatefrompng($saveto); break; default: $typeok = FALSE; break; } if ($typeok) { list($w, $h) = getimagesize($saveto); $max = 100; $tw = $w; $th = $h; if ($w > $h && $max < $w) { $th = $max / $w * $h; $tw = $max; } elseif ($h > $w && $max < $h) { $tw = $max / $h * $w; $th = $max; } elseif ($max < $w) { $tw = $th = $max; } $tmp = imagecreatetruecolor($tw, $th); imagecopyresampled($tmp, $src, 0, 0, 0, 0, $tw, $th, $w, $h); imageconvolution($tmp, array(array(-1, -1, -1), array(-1, 16, -1), array(-1, -1, -1)), 8, 0); imagejpeg($tmp, $saveto); imagedestroy($tmp); imagedestroy($src); } } showProfile($user); echo <<<_END <form data-ajax='false' method='post' action='profile.php' enctype='multipart/form-data'> <h3>Enter or edit your details and/or upload an image</h3> <textarea name='text'>$text</textarea><br> Image: <input type='file' name='image' size='14'> <input type='submit' value='Save Profile'> </form> </div><br> </body> </html> _END; ?>
<?php // Example 27-9: members.php require_once 'header.php'; if (!$loggedin) die("</div></body></html>"); if (isset($_GET['view'])) { $view = sanitizeString($_GET['view']); if ($view == $user) $name = "Your"; else $name = "$view's"; echo "<h3>$name Profile</h3>"; showProfile($view); echo "<a data-role='button' data-transition='slide' href='messages.php?view=$view'>View $name messages</a>"; die("</div></body></html>"); } if (isset($_GET['add'])) { $add = sanitizeString($_GET['add']); $result = queryMysql("SELECT * FROM friends WHERE user='$add' AND friend='$user'"); if (!$result->num_rows) queryMysql("INSERT INTO friends VALUES ('$add', '$user')"); } elseif (isset($_GET['remove'])) { $remove = sanitizeString($_GET['remove']); queryMysql("DELETE FROM friends WHERE user='$remove' AND friend='$user'"); } $result = queryMysql("SELECT user FROM members ORDER BY user"); $num = $result->num_rows; echo "<h3>Other Members</h3><ul>"; for ($j = 0 ; $j < $num ; ++$j) { $row = $result->fetch_array(MYSQLI_ASSOC); if ($row['user'] == $user) continue; echo "<li><a data-transition='slide' href='members.php?view=" . $row['user'] . "'>" . $row['user'] . "</a>"; $follow = "follow"; $result1 = queryMysql("SELECT * FROM friends WHERE user='" . $row['user'] . "' AND friend='$user'"); $t1 = $result1->num_rows; $result1 = queryMysql("SELECT * FROM friends WHERE user='$user' AND friend='" . $row['user'] . "'"); $t2 = $result1->num_rows; if (($t1 + $t2) > 1) echo " ↔ is a mutual friend"; elseif ($t1) echo " ← you are following"; elseif ($t2) { echo " → is following you"; $follow = "recip"; } if (!$t1) echo " [<a data-transition='slide' href='members.php?add=" . $row['user'] . "'>$follow</a>]"; else echo " [<a data-transition='slide' href='members.php?remove=" . $row['user'] . "'>drop</a>]"; } ?> </ul></div> </body> </html>
<?php // Example 27-10: friends.php require_once 'header.php'; if (!$loggedin) die("</div></body></html>"); if (isset($_GET['view'])) $view = sanitizeString($_GET['view']); else $view = $user; if ($view == $user) { $name1 = $name2 = "Your"; $name3 = "You are"; } else { $name1 = "<a data-transition='slide' href='members.php?view=$view'>$view</a>'s"; $name2 = "$view's"; $name3 = "$view is"; } // Uncomment this line if you wish the user抯 profile to show here // showProfile($view); $followers = array(); $following = array(); $result = queryMysql("SELECT * FROM friends WHERE user='$view'"); $num = $result->num_rows; for ($j = 0 ; $j < $num ; ++$j) { $row = $result->fetch_array(MYSQLI_ASSOC); $followers[$j] = $row['friend']; } $result = queryMysql("SELECT * FROM friends WHERE friend='$view'"); $num = $result->num_rows; for ($j = 0 ; $j < $num ; ++$j) { $row = $result->fetch_array(MYSQLI_ASSOC); $following[$j] = $row['user']; } $mutual = array_intersect($followers, $following); $followers = array_diff($followers, $mutual); $following = array_diff($following, $mutual); $friends = FALSE; echo "<br>"; if (sizeof($mutual)) { echo "<span class='subhead'>$name2 mutual friends</span><ul>"; foreach($mutual as $friend) echo "<li><a data-transition='slide' href='members.php?view=$friend'>$friend</a>"; echo "</ul>"; $friends = TRUE; } if (sizeof($followers)) { echo "<span class='subhead'>$name2 followers</span><ul>"; foreach($followers as $friend) echo "<li><a data-transition='slide' href='members.php?view=$friend'>$friend</a>"; echo "</ul>"; $friends = TRUE; } if (sizeof($following)) { echo "<span class='subhead'>$name3 following</span><ul>"; foreach($following as $friend) echo "<li><a data-transition='slide' href='members.php?view=$friend'>$friend</a>"; echo "</ul>"; $friends = TRUE; } if (!$friends) echo "<br>You don't have any friends yet."; ?> </div><br> </body> </html>
<?php // Example 27-11: messages.php require_once 'header.php'; if (!$loggedin) die("</div></body></html>"); if (isset($_GET['view'])) $view = sanitizeString($_GET['view']); else $view = $user; if (isset($_POST['text'])) { $text = sanitizeString($_POST['text']); if ($text != "") { $pm = substr(sanitizeString($_POST['pm']),0,1); $time = time(); queryMysql("INSERT INTO messages VALUES(NULL, '$user', '$view', '$pm', $time, '$text')"); } } if ($view != "") { if ($view == $user) $name1 = $name2 = "Your"; else { $name1 = "<a href='members.php?view=$view'>$view</a>'s"; $name2 = "$view's"; } echo "<h3>$name1 Messages</h3>"; showProfile($view); echo <<<_END <form method='post' action='messages.php?view=$view'> <fieldset data-role="controlgroup" data-type="horizontal"> <legend>Type here to leave a message</legend> <input type='radio' name='pm' id='public' value='0' checked='checked'> <label for="public">Public</label> <input type='radio' name='pm' id='private' value='1'> <label for="private">Private</label> </fieldset> <textarea name='text'></textarea> <input data-transition='slide' type='submit' value='Post Message'> </form><br> _END; date_default_timezone_set('UTC'); if (isset($_GET['erase'])) { $erase = sanitizeString($_GET['erase']); queryMysql("DELETE FROM messages WHERE id=$erase AND recip='$user'"); } $query = "SELECT * FROM messages WHERE recip='$view' ORDER BY time DESC"; $result = queryMysql($query); $num = $result->num_rows; for ($j = 0 ; $j < $num ; ++$j) { $row = $result->fetch_array(MYSQLI_ASSOC); if ($row['pm'] == 0 || $row['auth'] == $user || $row['recip'] == $user) { echo date('M jS \'y g:ia:', $row['time']); echo " <a href='messages.php?view=" . $row['auth'] . "'>" . $row['auth']. "</a> "; if ($row['pm'] == 0) echo "wrote: "" . $row['message'] . "" "; else echo "whispered: <span class='whisper'>"" . $row['message']. ""</span> "; if ($row['recip'] == $user) echo "[<a href='messages.php?view=$view" . "&erase=" . $row['id'] . "'>erase</a>]"; echo "<br>"; } } } if (!$num) echo "<br><span class='info'>No messages yet</span><br><br>"; echo "<br><a data-role='button' href='messages.php?view=$view'>Refresh messages</a>"; ?> </div><br> </body> </html>
<?php // Example 27-12: logout.php require_once 'header.php'; if (isset($_SESSION['user'])) { destroySession(); echo "<br><div class='center'>You have been logged out. Please <a data-transition='slide' href='index.php'>click here</a> to refresh the screen.</div>"; } else echo "<div class='center'>You cannot log out because you are not logged in</div>"; ?> </div> </body> </html>
/* Example 27-13: styles.css */ * { font-family:verdana,sans-serif; font-size :14pt; } body { width :700px; margin :20px auto; background:#f8f8f8; border :1px solid #888; } html { background:#fff } img { border :1px solid black; margin-right :15px; -moz-box-shadow :2px 2px 2px #888; -webkit-box-shadow:2px 2px 2px #888; box-shadow :2px 2px 2px #888; } .username { text-align :center; background :#eb8; color :#40d; font-family:helvetica; font-size :20pt; padding :4px; } .info { font-style :italic; margin :40px 0px; text-align :center; } .center { text-align:center; } .subhead { font-weight:bold; } .taken, .error { color:red; } .available { color:green; } .whisper { font-style:italic; color :#006600; } #logo { font-family:Georgia; font-weight:bold; font-style :italic; font-size :97px; color :red; } #robin { position :relative; border :0px; margin-left :-6px; margin-right :0px; top :17px; -moz-box-shadow :0px 0px 0px; -webkit-box-shadow:0px 0px 0px; box-shadow :0px 0px 0px; } #used { margin-top:50px; }
// Example 27-14: javascript.js function O(i) { return typeof i == 'object' ? i : document.getElementById(i) } function S(i) { return O(i).style } function C(i) { return document.getElementsByClassName(i) }