<?php // Example 27-1: functions.php
$dbhost = 'localhost'; // Unlikely to require changing
$dbname = 'robinsnest'; // Modify these...
$dbuser = 'robinsnest'; // ...variables according
$dbpass = 'rnpassword'; // ...to your installation
$connection = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
if ($connection->connect_error) die("Fatal Error");
function createTable($name, $query)
{
queryMysql("CREATE TABLE IF NOT EXISTS $name($query)");
echo "Table '$name' created or already exists.<br>";
}
function queryMysql($query)
{
global $connection;
$result = $connection->query($query);
if (!$result) die("Fatal Error");
return $result;
}
function destroySession()
{
$_SESSION=array();
if (session_id() != "" || isset($_COOKIE[session_name()]))
setcookie(session_name(), '', time()-2592000, '/');
session_destroy();
}
function sanitizeString($var)
{
global $connection;
$var = strip_tags($var);
$var = htmlentities($var);
if (get_magic_quotes_gpc())
$var = stripslashes($var);
return $connection->real_escape_string($var);
}
function showProfile($user)
{
if (file_exists("$user.jpg"))
echo "<img src='$user.jpg' style='float:left;'>";
$result = queryMysql("SELECT * FROM profiles WHERE user='$user'");
if ($result->num_rows)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
echo stripslashes($row['text']) . "<br style='clear:left;'><br>";
}
else echo "<p>Nothing to see here, yet</p><br>";
}
?>
<?php // Example 27-2: header.php
session_start();
echo <<<_INIT
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta name='viewport' content='width=device-width, initial-scale=1'>
<link rel='stylesheet' href='jquery.mobile-1.4.5.min.css'>
<link rel='stylesheet' href='styles.css' type='text/css'>
<script src='javascript.js'></script>
<script src='jquery-2.2.4.min.js'></script>
<script src='jquery.mobile-1.4.5.min.js'></script>
_INIT;
require_once 'functions.php';
$userstr = 'Welcome Guest';
if (isset($_SESSION['user']))
{
$user = $_SESSION['user'];
$loggedin = TRUE;
$userstr = "Logged in as: $user";
}
else $loggedin = FALSE;
echo <<<_MAIN
<title>Robin's Nest: $userstr</title>
</head>
<body>
<div data-role='page'>
<div data-role='header'>
<div id='logo' class='center'>R<img id='robin' src='robin.gif'>bin's Nest</div>
<div class='username'>$userstr</div>
</div>
<div data-role='content'>
_MAIN;
if ($loggedin)
{
echo <<<_LOGGEDIN
<div class='center'>
<a data-role='button' data-inline='true' data-icon='home'
data-transition="slide" href='members.php?view=$user'>Home</a>
<a data-role='button' data-inline='true' data-icon='user'
data-transition="slide" href='members.php'>Members</a>
<a data-role='button' data-inline='true' data-icon='heart'
data-transition="slide" href='friends.php'>Friends</a><br>
<a data-role='button' data-inline='true' data-icon='mail'
data-transition="slide" href='messages.php'>Messages</a>
<a data-role='button' data-inline='true' data-icon='edit'
data-transition="slide" href='profile.php'>Edit Profile</a>
<a data-role='button' data-inline='true' data-icon='action'
data-transition="slide" href='logout.php'>Log out</a>
</div>
_LOGGEDIN;
}
else
{
echo <<<_GUEST
<div class='center'>
<a data-role='button' data-inline='true' data-icon='home'
data-transition='slide' href='index.php'>Home</a>
<a data-role='button' data-inline='true' data-icon='plus'
data-transition="slide" href='signup.php'>Sign Up</a>
<a data-role='button' data-inline='true' data-icon='check'
data-transition="slide" href='login.php'>Log In</a>
</div>
<p class='info'>(You must be logged in to use this app)</p>
_GUEST;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Setting up database</title>
</head>
<body>
<h3>Setting up...</h3>
<?php // Example 27-3: setup.php
require_once 'functions.php';
createTable('members',
'user VARCHAR(16),
pass VARCHAR(16),
INDEX(user(6))');
createTable('messages',
'id INT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
auth VARCHAR(16),
recip VARCHAR(16),
pm CHAR(1),
time INT UNSIGNED,
message VARCHAR(4096),
INDEX(auth(6)),
INDEX(recip(6))');
createTable('friends',
'user VARCHAR(16),
friend VARCHAR(16),
INDEX(user(6)),
INDEX(friend(6))');
createTable('profiles',
'user VARCHAR(16),
text VARCHAR(4096),
INDEX(user(6))');
?>
<br>...done.
</body>
</html>
<?php // Example 27-4: index.php
session_start();
require_once 'header.php';
echo "<div class='center'>Welcome to Robin's Nest,";
if ($loggedin) echo " $user, you are logged in";
else echo ' please sign up or log in';
echo <<<_END
</div><br>
</div>
<div data-role="footer">
<h4>Web App from <i><a href='http://lpmj.net/5thedition'
target='_blank'>Learning PHP MySQL & JavaScript Ed. 5</a></i></h4>
</div>
</body>
</html>
_END;
?>
<?php // Example 27-5: signup.php
require_once 'header.php';
echo <<<_END
<script>
function checkUser(user)
{
if (user.value == '')
{
$('#used').html(' ')
return
}
$.post
(
'checkuser.php',
{ user : user.value },
function(data)
{
$('#used').html(data)
}
)
}
</script>
_END;
$error = $user = $pass = "";
if (isset($_SESSION['user'])) destroySession();
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "")
$error = 'Not all fields were entered<br><br>';
else
{
$result = queryMysql("SELECT * FROM members WHERE user='$user'");
if ($result->num_rows)
$error = 'That username already exists<br><br>';
else
{
queryMysql("INSERT INTO members VALUES('$user', '$pass')");
die('<h4>Account created</h4>Please Log in.</div></body></html>');
}
}
}
echo <<<_END
<form method='post' action='signup.php'>$error
<div data-role='fieldcontain'>
<label></label>
Please enter your details to sign up
</div>
<div data-role='fieldcontain'>
<label>Username</label>
<input type='text' maxlength='16' name='user' value='$user'
onBlur='checkUser(this)'>
<label></label><div id='used'> </div>
</div>
<div data-role='fieldcontain'>
<label>Password</label>
<input type='text' maxlength='16' name='pass' value='$pass'>
</div>
<div data-role='fieldcontain'>
<label></label>
<input data-transition='slide' type='submit' value='Sign Up'>
</div>
</div>
</body>
</html>
_END;
?>
<?php // Example 27-6: checkuser.php
require_once 'functions.php';
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$result = queryMysql("SELECT * FROM members WHERE user='$user'");
if ($result->num_rows)
echo "<span class='taken'> ✘ " .
"The username '$user' is taken</span>";
else
echo "<span class='available'> ✔ " .
"The username '$user' is available</span>";
}
?>
<?php // Example 27-7: login.php
require_once 'header.php';
$error = $user = $pass = "";
if (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == "")
$error = 'Not all fields were entered';
else
{
$result = queryMySQL("SELECT user,pass FROM members
WHERE user='$user' AND pass='$pass'");
if ($result->num_rows == 0)
{
$error = "Invalid login attempt";
}
else
{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
die("<div class='center'>You are now logged in. Please
<a data-transition='slide' href='members.php?view=$user'>click here</a>
to continue.</div></div></body></html>");
}
}
}
echo <<<_END
<form method='post' action='login.php'>
<div data-role='fieldcontain'>
<label></label>
<span class='error'>$error</span>
</div>
<div data-role='fieldcontain'>
<label></label>
Please enter your details to log in
</div>
<div data-role='fieldcontain'>
<label>Username</label>
<input type='text' maxlength='16' name='user' value='$user'>
</div>
<div data-role='fieldcontain'>
<label>Password</label>
<input type='password' maxlength='16' name='pass' value='$pass'>
</div>
<div data-role='fieldcontain'>
<label></label>
<input data-transition='slide' type='submit' value='Login'>
</div>
</form>
</div>
</body>
</html>
_END;
?>
<?php // Example 27-8: profile.php
require_once 'header.php';
if (!$loggedin) die("</div></body></html>");
echo "<h3>Your Profile</h3>";
$result = queryMysql("SELECT * FROM profiles WHERE user='$user'");
if (isset($_POST['text']))
{
$text = sanitizeString($_POST['text']);
$text = preg_replace('/\s\s+/', ' ', $text);
if ($result->num_rows)
queryMysql("UPDATE profiles SET text='$text' where user='$user'");
else queryMysql("INSERT INTO profiles VALUES('$user', '$text')");
}
else
{
if ($result->num_rows)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
$text = stripslashes($row['text']);
}
else $text = "";
}
$text = stripslashes(preg_replace('/\s\s+/', ' ', $text));
if (isset($_FILES['image']['name']))
{
$saveto = "$user.jpg";
move_uploaded_file($_FILES['image']['tmp_name'], $saveto);
$typeok = TRUE;
switch($_FILES['image']['type'])
{
case "image/gif": $src = imagecreatefromgif($saveto); break;
case "image/jpeg": // Both regular and progressive jpegs
case "image/pjpeg": $src = imagecreatefromjpeg($saveto); break;
case "image/png": $src = imagecreatefrompng($saveto); break;
default: $typeok = FALSE; break;
}
if ($typeok)
{
list($w, $h) = getimagesize($saveto);
$max = 100;
$tw = $w;
$th = $h;
if ($w > $h && $max < $w)
{
$th = $max / $w * $h;
$tw = $max;
}
elseif ($h > $w && $max < $h)
{
$tw = $max / $h * $w;
$th = $max;
}
elseif ($max < $w)
{
$tw = $th = $max;
}
$tmp = imagecreatetruecolor($tw, $th);
imagecopyresampled($tmp, $src, 0, 0, 0, 0, $tw, $th, $w, $h);
imageconvolution($tmp, array(array(-1, -1, -1),
array(-1, 16, -1), array(-1, -1, -1)), 8, 0);
imagejpeg($tmp, $saveto);
imagedestroy($tmp);
imagedestroy($src);
}
}
showProfile($user);
echo <<<_END
<form data-ajax='false' method='post'
action='profile.php' enctype='multipart/form-data'>
<h3>Enter or edit your details and/or upload an image</h3>
<textarea name='text'>$text</textarea><br>
Image: <input type='file' name='image' size='14'>
<input type='submit' value='Save Profile'>
</form>
</div><br>
</body>
</html>
_END;
?>
<?php // Example 27-9: members.php
require_once 'header.php';
if (!$loggedin) die("</div></body></html>");
if (isset($_GET['view']))
{
$view = sanitizeString($_GET['view']);
if ($view == $user) $name = "Your";
else $name = "$view's";
echo "<h3>$name Profile</h3>";
showProfile($view);
echo "<a data-role='button' data-transition='slide'
href='messages.php?view=$view'>View $name messages</a>";
die("</div></body></html>");
}
if (isset($_GET['add']))
{
$add = sanitizeString($_GET['add']);
$result = queryMysql("SELECT * FROM friends WHERE user='$add' AND friend='$user'");
if (!$result->num_rows)
queryMysql("INSERT INTO friends VALUES ('$add', '$user')");
}
elseif (isset($_GET['remove']))
{
$remove = sanitizeString($_GET['remove']);
queryMysql("DELETE FROM friends WHERE user='$remove' AND friend='$user'");
}
$result = queryMysql("SELECT user FROM members ORDER BY user");
$num = $result->num_rows;
echo "<h3>Other Members</h3><ul>";
for ($j = 0 ; $j < $num ; ++$j)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
if ($row['user'] == $user) continue;
echo "<li><a data-transition='slide' href='members.php?view=" .
$row['user'] . "'>" . $row['user'] . "</a>";
$follow = "follow";
$result1 = queryMysql("SELECT * FROM friends WHERE
user='" . $row['user'] . "' AND friend='$user'");
$t1 = $result1->num_rows;
$result1 = queryMysql("SELECT * FROM friends WHERE
user='$user' AND friend='" . $row['user'] . "'");
$t2 = $result1->num_rows;
if (($t1 + $t2) > 1) echo " ↔ is a mutual friend";
elseif ($t1) echo " ← you are following";
elseif ($t2) { echo " → is following you";
$follow = "recip"; }
if (!$t1) echo " [<a data-transition='slide'
href='members.php?add=" . $row['user'] . "'>$follow</a>]";
else echo " [<a data-transition='slide'
href='members.php?remove=" . $row['user'] . "'>drop</a>]";
}
?>
</ul></div>
</body>
</html>
<?php // Example 27-10: friends.php
require_once 'header.php';
if (!$loggedin) die("</div></body></html>");
if (isset($_GET['view'])) $view = sanitizeString($_GET['view']);
else $view = $user;
if ($view == $user)
{
$name1 = $name2 = "Your";
$name3 = "You are";
}
else
{
$name1 = "<a data-transition='slide'
href='members.php?view=$view'>$view</a>'s";
$name2 = "$view's";
$name3 = "$view is";
}
// Uncomment this line if you wish the user抯 profile to show here
// showProfile($view);
$followers = array();
$following = array();
$result = queryMysql("SELECT * FROM friends WHERE user='$view'");
$num = $result->num_rows;
for ($j = 0 ; $j < $num ; ++$j)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
$followers[$j] = $row['friend'];
}
$result = queryMysql("SELECT * FROM friends WHERE friend='$view'");
$num = $result->num_rows;
for ($j = 0 ; $j < $num ; ++$j)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
$following[$j] = $row['user'];
}
$mutual = array_intersect($followers, $following);
$followers = array_diff($followers, $mutual);
$following = array_diff($following, $mutual);
$friends = FALSE;
echo "<br>";
if (sizeof($mutual))
{
echo "<span class='subhead'>$name2 mutual friends</span><ul>";
foreach($mutual as $friend)
echo "<li><a data-transition='slide'
href='members.php?view=$friend'>$friend</a>";
echo "</ul>";
$friends = TRUE;
}
if (sizeof($followers))
{
echo "<span class='subhead'>$name2 followers</span><ul>";
foreach($followers as $friend)
echo "<li><a data-transition='slide'
href='members.php?view=$friend'>$friend</a>";
echo "</ul>";
$friends = TRUE;
}
if (sizeof($following))
{
echo "<span class='subhead'>$name3 following</span><ul>";
foreach($following as $friend)
echo "<li><a data-transition='slide'
href='members.php?view=$friend'>$friend</a>";
echo "</ul>";
$friends = TRUE;
}
if (!$friends) echo "<br>You don't have any friends yet.";
?>
</div><br>
</body>
</html>
<?php // Example 27-11: messages.php
require_once 'header.php';
if (!$loggedin) die("</div></body></html>");
if (isset($_GET['view'])) $view = sanitizeString($_GET['view']);
else $view = $user;
if (isset($_POST['text']))
{
$text = sanitizeString($_POST['text']);
if ($text != "")
{
$pm = substr(sanitizeString($_POST['pm']),0,1);
$time = time();
queryMysql("INSERT INTO messages VALUES(NULL, '$user',
'$view', '$pm', $time, '$text')");
}
}
if ($view != "")
{
if ($view == $user) $name1 = $name2 = "Your";
else
{
$name1 = "<a href='members.php?view=$view'>$view</a>'s";
$name2 = "$view's";
}
echo "<h3>$name1 Messages</h3>";
showProfile($view);
echo <<<_END
<form method='post' action='messages.php?view=$view'>
<fieldset data-role="controlgroup" data-type="horizontal">
<legend>Type here to leave a message</legend>
<input type='radio' name='pm' id='public' value='0' checked='checked'>
<label for="public">Public</label>
<input type='radio' name='pm' id='private' value='1'>
<label for="private">Private</label>
</fieldset>
<textarea name='text'></textarea>
<input data-transition='slide' type='submit' value='Post Message'>
</form><br>
_END;
date_default_timezone_set('UTC');
if (isset($_GET['erase']))
{
$erase = sanitizeString($_GET['erase']);
queryMysql("DELETE FROM messages WHERE id=$erase AND recip='$user'");
}
$query = "SELECT * FROM messages WHERE recip='$view' ORDER BY time DESC";
$result = queryMysql($query);
$num = $result->num_rows;
for ($j = 0 ; $j < $num ; ++$j)
{
$row = $result->fetch_array(MYSQLI_ASSOC);
if ($row['pm'] == 0 || $row['auth'] == $user || $row['recip'] == $user)
{
echo date('M jS \'y g:ia:', $row['time']);
echo " <a href='messages.php?view=" . $row['auth'] .
"'>" . $row['auth']. "</a> ";
if ($row['pm'] == 0)
echo "wrote: "" . $row['message'] . "" ";
else
echo "whispered: <span class='whisper'>"" .
$row['message']. ""</span> ";
if ($row['recip'] == $user)
echo "[<a href='messages.php?view=$view" .
"&erase=" . $row['id'] . "'>erase</a>]";
echo "<br>";
}
}
}
if (!$num)
echo "<br><span class='info'>No messages yet</span><br><br>";
echo "<br><a data-role='button'
href='messages.php?view=$view'>Refresh messages</a>";
?>
</div><br>
</body>
</html>
<?php // Example 27-12: logout.php
require_once 'header.php';
if (isset($_SESSION['user']))
{
destroySession();
echo "<br><div class='center'>You have been logged out. Please
<a data-transition='slide' href='index.php'>click here</a>
to refresh the screen.</div>";
}
else echo "<div class='center'>You cannot log out because
you are not logged in</div>";
?>
</div>
</body>
</html>
/* Example 27-13: styles.css */
* {
font-family:verdana,sans-serif;
font-size :14pt;
}
body {
width :700px;
margin :20px auto;
background:#f8f8f8;
border :1px solid #888;
}
html {
background:#fff
}
img {
border :1px solid black;
margin-right :15px;
-moz-box-shadow :2px 2px 2px #888;
-webkit-box-shadow:2px 2px 2px #888;
box-shadow :2px 2px 2px #888;
}
.username {
text-align :center;
background :#eb8;
color :#40d;
font-family:helvetica;
font-size :20pt;
padding :4px;
}
.info {
font-style :italic;
margin :40px 0px;
text-align :center;
}
.center {
text-align:center;
}
.subhead {
font-weight:bold;
}
.taken, .error {
color:red;
}
.available {
color:green;
}
.whisper {
font-style:italic;
color :#006600;
}
#logo {
font-family:Georgia;
font-weight:bold;
font-style :italic;
font-size :97px;
color :red;
}
#robin {
position :relative;
border :0px;
margin-left :-6px;
margin-right :0px;
top :17px;
-moz-box-shadow :0px 0px 0px;
-webkit-box-shadow:0px 0px 0px;
box-shadow :0px 0px 0px;
}
#used {
margin-top:50px;
}
// Example 27-14: javascript.js
function O(i) { return typeof i == 'object' ? i : document.getElementById(i) }
function S(i) { return O(i).style }
function C(i) { return document.getElementsByClassName(i) }
