[REQ][300] Need someone to finish up a comment box script

[Wizet]

I just need someone to help me finish a commenting box script. The comment box can be found on the "new additions" link. http://mfhome.us.to

 

[xPlozion]

Re: [OFF][300] Need someone to finish up a comment box script

Do you have any code to work off of or is it all being built from the ground up? I can build one for you if you need it built.

Also, do you have a defined table for the comments? What other features do you want? Do you want an email address to accompany every post, a time stamp (kinda a given though). I can build a simple basic one real quick if you want basics...

PS. I've noticed that you switched from SMF to phpBB. Have you ever heard of Pun/FluxBB? it's very easy to integrate, and an excellent piece of forum software. I'm using it on my website, and it's very, I repeat, very easy to modify, given the fact you've got PHP experience (which unfortunately, by the looks of it, not much...)

 

[Wizet]

Re: [OFF][300] Need someone to finish up a comment box script

<!-- HTML codes by Quackit.com -->
<form action="/html/tags/html_form_tag_action.cfm" method="post">
  Comments:<br />
  <textarea name="comments" id="comments">
  Hey... say something!
  </textarea><br />
  <input type="submit" value="Submit" />
</form>
<p style="font-family:verdana,arial,sans-serif;font-size:10px;"><a href="http://www.quackit.com/html/codes/comment_box_code.cfm">Comment Box</a></p>

That is the code. And yes i Don't have any experience in php whatsoever.

 

[xPlozion]

Sorry about the late response. I didn't want to leave XP because of Google Chrome, and linux is where I develop everything.

Try this:

<?php
mysql_connect("localhost", "cpuser_dbuser", "password"); //practice placing your db information in a non web-accessible directory
mysql_select_db("cpuser_dbname"); // such as the parent directory of public_html (your home directory) 
if ($_POST['add_comment']) {
    if (!empty($_POST['comments']) && !empty($_POST['email']) && !empty($_POST['name'])) {
        $comments = mysql_real_escape_string($_POST['comments']);
        $email = mysql_real_escape_string($_POST['email']);
        $name = mysql_real_escape_string($_POST['name']);
        $time = time();
        $result = mysql_query("INSERT INTO comments (id, comments, email, name, time) VALUES(NULL, $comments, $email, $name, $time)");
        if ($result) {
            echo 'Comment Posted<br /><br />
            Click <a href="http://forums.x10hosting.com/marketplace/?">here</a> to return';
        }
    } else {
        echo 'You Forgot a Field<br /><br />
        Click <a href="javascript:history.go(-1)">here</a> to return';
    }
} else {
?>
<form action="?submit" method="post">
  Comments:<br />
  <textarea name="comments">
  Hey... say something!
  </textarea><br />
  Name: <input name="name" type="text" /><br />
  Email (hidden): <input name="email" type="text" /><br /><br />
  <input type="submit" value="Submit" name="add_comment" />
</form>
<?php
}
?>

I'll be back with the SQL code for a one click db install .

[EDIT]
Back, just go to the database you want this table in, click SQL on the top nav, and copy/paste this in the box

 CREATE TABLE `comments` (
`id` INT( 3 ) NOT NULL AUTO_INCREMENT ,
`comments` VARCHAR( 255 ) NOT NULL ,
`email` VARCHAR( 255 ) NOT NULL ,
`name` VARCHAR( 255 ) NOT NULL ,
`time` INT( 10 ) NOT NULL ,
PRIMARY KEY ( `id` )
) ENGINE = MYISAM

If something doesn't work right, let me know. I haven't tested it, although I should, but I'm confident in the code
-xP

 

[Wizet]

[quote by xploxzon]Sorry about the late response. I didn't want to leave XP because of Google Chrome, and linux is where I develop everything.

Try this:
PHP Code:

[PHP]<?php
mysql_connect("localhost", "cpuser_dbuser", "password"); //practice placing your db information in a non web-accessible directory
mysql_select_db("cpuser_dbname"); // such as the parent directory of public_html (your home directory) 
if ($_POST['add_comment']) {
    if (!empty($_POST['comments']) && !empty($_POST['email']) && !empty($_POST['name'])) {
        $comments = mysql_real_escape_string($_POST['comments']);
        $email = mysql_real_escape_string($_POST['email']);
        $name = mysql_real_escape_string($_POST['name']);
        $time = time();
        $result = mysql_query("INSERT INTO comments (id, comments, email, name, time) VALUES(NULL, $comments, $email, $name, $time)");
        if ($result) {
            echo 'Comment Posted<br /><br />
            Click <a href="http://forums.x10hosting.com/marketplace/?">here</a> to return';
        }
    } else {
        echo 'You Forgot a Field<br /><br />
        Click <a href="javascript:history.go(-1)">here</a> to return';
    }
} else {
?>
<form action="?submit" method="post">
  Comments:<br />
  <textarea name="comments">
  Hey... say something!
  </textarea><br />
  Name: <input name="name" type="text" /><br />
  Email (hidden): <input name="email" type="text" /><br /><br />
  <input type="submit" value="Submit" name="add_comment" />
</form>
<?php
}
?>[/PHP]

[/quote]

Where do I put this?

 

[xPlozion]

the php code you would put in the page that you want to have the comment box on. I don't know where you want the comments results at, but I'll do that tomorrow, as it's late, and i have to get up early tomorrow.

-xP

 

[freecrm]

All in the same file... - your comment form/insert page.

This is a good, basic script that can be inserted anywhere in the "body" of the page

i.e. after

<body>

and before

</body>

The first two lines of the script are connection parameters.

The remaining 1st half asks "if something has been put in the form, then insert it into the database. If nothing has been submitted, go to the next half of the page."

The middle bit checks that all fields have been completed and gives you a warning if they haven't.

The last half of the script produces the form if nothing has been submitted (by default). This is the bit that you will actually see in your page.

 

[xPlozion]

working off of the original code i posted above, this also displays comments above the comment box

<?php
mysql_connect("localhost", "cpuser_dbuser", "password"); //practice placing your db information in a non web-accessible directory
mysql_select_db("cpuser_dbname"); // such as the parent directory of public_html (your home directory) 
if ($_POST['add_comment']) {
    if (!empty($_POST['comments']) && !empty($_POST['email']) && !empty($_POST['name'])) {
        $comments = mysql_real_escape_string($_POST['comments']);
        $email = mysql_real_escape_string($_POST['email']);
        $name = mysql_real_escape_string($_POST['name']);
        $time = time();
        $result = mysql_query("INSERT INTO comments (id, comments, email, name, time) VALUES(NULL, $comments, $email, $name, $time)");
        if ($result) {
            echo 'Comment Posted<br /><br />
            Click <a href="http://forums.x10hosting.com/marketplace/?">here</a> to return';
        }
    } else {
        echo 'You Forgot a Field<br /><br />
        Click <a href="javascript:history.go(-1)">here</a> to return';
    }
} else {
    $result = mysql_query("SELECT comments, name, time FROM comments ORDER BY id DESC LIMIT 20");
    while ($result = mysql_fetch_assoc($result)) {
	$comment = str_replace("\n", '<br />', $result['comments']);
        $name = $result['name'];
        $time_offset = (-5*3600); // If your target base is located in the east-coast (EST -5), then leave alone.  If it's different, then modify -5 to the proper offset
        $date = date('M j, Y g:i a', ($result['time']+$time_offset)); // For date format information, see http://www.php.net/date
        echo '<p>'.$comment.'<br /><strong>By: '.$name.' on '.$date.'</strong></p>';
    }
?>
<form action="?submit" method="post">
  Comments:<br />
  <textarea name="comments">
  Hey... say something!
  </textarea><br />
  Name: <input name="name" type="text" /><br />
  Email (hidden): <input name="email" type="text" /><br /><br />
  <input type="submit" value="Submit" name="add_comment" />
</form>
<?php
}
?>

 

[Wizet]

So you just put the php code in the top of the page right? Im'a test it out first. Maybe it's the way I put it but the code looks all messy with errors and that stuff.

 

[xPlozion]

OK, looking at your page, your error is that the page is an htm file, when it needs to be a php file. Rename new_additions.htm to new_additions.php . also, put the proper values in the top 2 lines where there's mysql_connect and mysql_select_db.

 

[Wizet]

I am still getting the error.

 

[xPlozion]

do you have a mysql database created? did you run sql query in it?
modify those two lines to connect to the database. keep localhost the same, but change cpuser_dbuser to your database user, password to the password that the dbuser has, and make sure that you add the user to the database. then change the cpuser_dbname to the name of the database that you're using. If you would like more help, you can pm me if you need help w/ private information or post below.

mysql_connect("localhost", "cpuser_dbuser", "password"); //practice placing your db information in a non web-accessible directory
mysql_select_db("cpuser_dbname"); // such as the parent directory of public_html (your home directory)

click here to be directed to the mysql database setup page.
From there, under the heading Create New Database, type in what you want your database name to be and click "Create Database"
Then locate MySQL Users, put in a username that you wish to use, and a password (choose random password for best security), and take note of it.
Once you've created a user, go to Add User To Database and add your user to the database.
Make note of the username displayed and the database name. The prefix with your cpanel username is required to connect, as in mysql, the database it looks for is physically named *cpuser*_*dbname* to prevent duplicate tables by different users, same with the username.

 

[Wizet]

There are no tables in my database.

 

[xPlozion]

run the sql code i posted on the front page in phpMyAdmin, under the SQL tab

http://mfhome.us.to:2082/3rdparty/phpMyAdmin/index.php? -link to phpMyAdmin. on the right, you'll see

information_schema (17)
cpuser_dbuser (0)

click on the db u created, then click on SQL on the top and paste the code i posted before in the textbox:

 

[Wizet]

Well it did decrease the number of errors but still I am still getting some errors.

 

[xPlozion]

by the looks of it, you aren't including the whole db username. You've only got kage (assuming it's your db username). It needs to be cpuser_dbuser

where cpuser is the username that you use to log into cpanel, and dbuser is the username you used for the database.

 

[Wizet]

Ohhh I'll edit that right now. I will tell you the results when I am done. Anyways this php code doesn't seem safe. I mean people can just look into the code and hack all my website info and I will have nothing.

 

[kkenny]

xPlozion, have you been paid for your services?

Wizet, it is very hard to hack into a site using PHP and mySQL, x10 servers are pretty secure, and it would be sort of... not harmful if someone hacked a comment script, because the most they could do is spam some link.

 

[Brandon]

xPlozion, have you been paid for your services?

I would like to confirm he hasn't.

 

[xPlozion]

@wizet: actually, as kkenny was saying, it's quite hard. the only way that they would be able to hack it is by sql injection, which mysql_real_escape_string prevents. seeing non-vital source code, such as the code i posted is not going to pose any security threat. Just don't post your db information to the public. never under any circumstance give out your db username/password and the db that you are using

@kkenny: not yet, he hasn't been able to test the code yet, so i don't know if there's any underlying problems, although by the looks of it, there's no errors. but on a side note. i posted on another topic, but the op has not been online since then... http://forums.x10hosting.com/marketplace/78159-req-200-points-solve-my-login-cookie-problem.html is the topic. i don't know his website, so i don't know if he's using it, but hasn't been online to get a free php fix or he's got other issues...