Jump to content

my toplist site

deathadder

By deathadder
in PHP Coding Help

 Share

Recommended Posts

deathadder Member

deathadder

Posted
Posted

hi, i am developing a toplist site, i have it fully working but... people can register multiple times with the same title, and password not so concerned about password but i dont want 50 of the same titled websites no it here is my code for inserting the data to the mysql database

 

<?php
include("config.php");

$sql="INSERT INTO sites (title, content, link, password)
VALUES
('$_POST[title]','$_POST[content]','$_POST[link]','$_POST[password]')";
if (!mysql_query($sql,$con))

  {
  die('Error: ' . mysql_error());
  }
echo "Site has been registered. Please check the homepage.";

mysql_close($con)
?>

 

and here is the register form code (i dont think you need it though)

<form action="insert.php" method="post">
<table align="center" border="0" bordercolor="" style="background-color:" width="400" cellpadding="3" cellspacing="3">
<tr>
	<td>Site name:</td>
	<td><input type="text" name="title" /></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type="password" name="password" /></td>
</tr>
	<tr>
	<td>Link to site:</td>
	<td><input type="text" name="link" /></td>
</tr>
<tr>
	<td>Description:</td>
	<td><textarea name="content" ></textarea></td>
</tr>
<input type="submit" value="Register" ></input>
</table>

</form>

 

 

Link to comment
Share on other sites
MasterACE14 Advanced Member

MasterACE14

Posted
Posted 

<?php
include("config.php");

$q = mysql_query("SELECT `title` FROM `site` WHERE `title`='".$_POST['title']."'");

if(mysql_num_rows($q) == 0)
{
$sql="INSERT INTO sites (title, content, link, password)
VALUES
('$_POST[title]','$_POST[content]','$_POST[link]','$_POST[password]')";
if (!mysql_query($sql,$con))

  {
  die('Error: ' . mysql_error());
  }
echo "Site has been registered. Please check the homepage.";
} else {
   echo "A site with that title already exists.";
}


mysql_close($con)
?>

 

You need some validation and filtering, this is very insecure.

Link to comment
Share on other sites
deathadder Member

deathadder

Posted
  • Author
Posted

master thanks it works now

 

 

lite bearer what do you mean? my toplist doesent really have that much of a login system its more of a add site once site is added you can edit it in the cpanel

Might want to rethink your setup. Maybe (very rough)...

1. Two tables - users and sites

2. Users has id, username, password and email

3. Sites has id, sitename, url, userid

ALSO consider what happens if url1-page1 and url2-page2 occurs?

 

also while where on the subject the cpanel when editing the site and you type wrong password it still says site updated, but it doesent update the site could you make it so it displays a error message?

<?php
include("config.php");

mysql_query("UPDATE sites SET content = '$_POST[content]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
mysql_query("UPDATE sites SET link = '$_POST[link]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
echo "Site Updated";
mysql_close($con);
?>

Link to comment
Share on other sites
MasterACE14 Advanced Member

MasterACE14

Posted
Posted

I agree with litebearer's suggestion, your system does need to be slightly reworked.

 

<?php
include("config.php");

mysql_query("UPDATE sites SET content = '$_POST[content]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
mysql_query("UPDATE sites SET link = '$_POST[link]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
echo "Site Updated";
mysql_close($con);
?>

that's not a very good way to get the job done.

Link to comment
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

a better way would be

<?php
include("config.php");
$content = $_POST['content'];
$link = $_POST['link'];
$title = $_POST['title'];
$pass = $_POST['password'];
$qry = "UPDATE sites SET content = '$content', link = '$link' WHERE title='$title' and password='$pass'";
mysql_query($qry) or die (mysql_error());
echo "Site Updated";
mysql_close($con);
?>

Link to comment
Share on other sites
MasterACE14 Advanced Member

MasterACE14

Posted
Posted

a better way would be

<?php
include("config.php");
$content = $_POST['content'];
$link = $_POST['link'];
$title = $_POST['title'];
$pass = $_POST['password'];
$qry = "UPDATE sites SET content = '$content', link = '$link' WHERE title='$title' and password='$pass'";
mysql_query($qry) or die (mysql_error());
echo "Site Updated";
mysql_close($con);
?>

with correct validation and filtering on those POST's of course.

Link to comment
Share on other sites
deathadder Member

deathadder

Posted
  • Author
Posted

a better way would be

<?php
include("config.php");
$content = $_POST['content'];
$link = $_POST['link'];
$title = $_POST['title'];
$pass = $_POST['password'];
$qry = "UPDATE sites SET content = '$content', link = '$link' WHERE title='$title' and password='$pass'";
mysql_query($qry) or die (mysql_error());
echo "Site Updated";
mysql_close($con);
?>

 

would this code be ready to use or is it incompletete?

Link to comment
Share on other sites
QuickOldCar Regular Member

QuickOldCar

Posted
Posted

Your main concern should be looking for duplicates of websites, the titles shouldn't matter.

 

also parsing the websites would help to prevent duplicate sites such as different protocols like http versus https.

http://mysite.com, www.mysite.com, mysite.com, mysite.com/index.php, mysite.com/whatever/whatever

 

Your goal is to list the website and just one of them.

Users should be able to post more than one, so as long as check for username,password,email, then continue with the rest of script.

 

Here is just an example of how I do it, although i run them through curl first to see if they are a real url and follow redirects

You probably want to not add any feed and ftp type protocols, can edit all that to how you want.

<form action="" method="POST">
<input type="text" name="site" value="<?php echo $_POST['site'];?>" placeholder="site url" />
<input type="text" name="title" value="<?php echo $_POST['title'];?>" placeholder="site title" />
<input type="submit" value="Add Site" />
</form>


<?php
if (isset($_POST['site']) && $_POST['site'] != "" && isset($_POST['title']) && $_POST['title'] != "") {

$url_input = $_POST['site'];
$title_input = $_POST['title'];

function getparsedHost($new_parse_url) {
                $parsedUrl = parse_url(trim($new_parse_url));
                return strtolower(trim($parsedUrl['host'] ? $parsedUrl['host'] : array_shift(explode('/', $parsedUrl['path'], 2))));
            }

//much easier to resolve urls with curl and also be sure that site exists, but lets try and fix some
if ((substr($url_input, 0,  == "https://") || (substr($url_input, 0, 12) == "https://www.") || (substr($url_input, 0, 7) == "http://") || (substr($url_input, 0, 11) == "http://www.") || (substr($input_parse_url, 0, 6) == "ftp://") || (substr($input_parse_url, 0, 11) == "feed://www.") || (substr($input_parse_url, 0, 7) == "feed://")) {
                $new_parse_url = $url_input;
            } else {
                $new_parse_url = "http://$url_input";
            }

//start mysql connection here
include("config.php");

$site = str_ireplace("www.", "", getparsedHost($new_parse_url));
$site = mysql_real_escape_string($site);
$title = mysql_real_escape_string($title_input);

$q = mysql_query("SELECT * FROM `sites` WHERE `link`='".$site."'");
$check = mysql_num_rows($q);
mysql_query("SET NAMES 'utf8'");

if($check > 0) {
//or you can just display the already submitted site information to them instead of this update
            echo "The site was updated !!";
            mysql_query("UPDATE `sites` SET link='$site',title='$title''");

        } else {
//if doesn't exist, insert new
            echo "The site was added.</h2>";
            mysql_query("INSERT INTO `sites` (link,title) VALUES ('$site', '$title')");
        }

echo "Site: " . $site . "<br /> Title: " . $title;

} else {
echo "Please insert a site and title.";
}
?>

 

 

Link to comment
Share on other sites
deathadder Member

deathadder

Posted
  • Author
Posted

what the hell is that? you trieng to give me an alternative for a register page and a update page? while there is no password box but 2 title boxes when i only need one? example my reigster page is title password description url to webbsite not just site, title and, there needs to be a password, also please explain better what this code does relative to what my code already does? it only gives and error for not typing anything in i asked for an error be displayed on editing the site if the password or title was incorrect

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.