Hi all,
I am trying to make a conference room in PHP, using a text file to store all inputted information (I can't download the OWASP filters to prevent SQL injection, so I'm going for a text file instead of MySQL for storage). However, I have encountered a problem.
Here is the current code in its entirity:
PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xlmns="http://www.w3.org/1999/xhtml">
<head>
<title>Conference Room</title>
<style type="text/css">
body {margin: 0 0 0 0; padding: 0 0 0 0; background: #333; font-family: Helvetica,Arial,sans-serif;}
#top {
height: 60px; width: 100%;
}
#form {
position: absolute;
left: 50%; margin-left: -200px;
}
#bottom {
height: 100px; width: 100%;
font-size: 13px;
color: yellow;
}
#footer {
font-size: 10px;
color: white;
margin-top: 30px;
}
table, table * {
border-width: 1;
font-family: Helvetica,Arial,sans-serif;
color: white;
}
th {text-align: left; border-bottom: 1px dashed #FFF;}
th#name {width: 250px;}
th#date {width: 150px;}
th#mess {}
</style>
</head>
<body>
<div id="top" align="center">
<img src="images/top.png" style="left: 50%;" />
</div>
<div id="middle">
<?php
// If a user has submitted a post, we want to:
// 1. Validate it;
// 2. Strip unwanted HTML tags;
// 3. Make sure the name isn't too long;
// 4. Add the name and message to our file - text.txt.
if($_POST['submit']) {
// 1. Validate it - let's make sure that all the form inputs were filled in.
if(!$_POST['name']) {
die('Error! No name entered.');
}
if(!$_POST['message']) {
die('Error! No message entered.');
}
// 2. Strip unwanted HTML tags.
// For more information about the strip_tags function, see this page: http://php.net/manual/en/function.strip-tags.php
$name = strip_tags($_POST['name'], '');
$message = strip_tags($_POST['message'], '');
// 3. Make sure name is not too long.
// We will use the strlen() function to count the length of the string.
$name_length = strlen($name);
if($name_length > 50) {
die('Error! Your name was too long; names must be less than 50 characters.');
}
// 4. Append the data to our file.
// There will be three parts added. They will be:
// - the name;
// - the message;
// - the date.
// In that order.
// For more information about the date function, see this page: http://php.net/manual/en/function.date.php
$date = date("h:i A dS M");
// This will produce a date in the format: 11:02 25th Aug
// Set the data.
$input = $name . "<" . $message . "<" . $date . "<";
// Append the data to the file. If it doesn't work, exit with an error message..
if($handle = fopen("text.txt", "a") == FALSE) {
die('Error! Could not open file.');
}
if(fwrite($handle, $input) == FALSE) {
die('Cannot write to text.txt');
} else {
echo 'Thank you for your post<br />' .
'<a href="index.php">View the conference room</a>';
}
fclose($handle);
// If they HAVEN'T submitted a post, we want to:
// 1. Show the latest posts;
// 2. Show the post form.
} else {
// 1. Show the latest posts.
// Open the file with read permissions only.
$handle = fopen("text.txt", "r");
// Get all the text in the file, and shove it into the array $text, separating it into different elements in the process.
$text = explode("<", fgets($handle));
// Now, let's organise all the posts neatly.
// Set the table's details, and shove in the headers.
echo '<table border="0" style="width: 95%;" align="center">' .
'<tr>' .
'<th id="name">Name</th>' .
'<th id="date">Date</th>' .
'<th id="mess">Message</th>' .
'</tr>';
// Now, let's get the posts in.
$k = 0;
for($i = 0; $i < count($text); $i + 1) {
switch($k) {
case 0:
echo '<tr>';
$k++;
break;
case 1:
$k++;
break;
case 2:
echo '</tr>' .
'<tr>';
$k = 0;
break;
default:
break;
}
echo '<td>' . $text[$i] . '</td>';
$i++;
}
echo '</table>' .
'</div>' .
'<br />' .
'<div id="form">' .
'<form action="index.php" method="post">' .
'<span style="font-size: 13px; color: yellow; margin-left: 6px;">' .
'Name: </span>' .
'<input name="Name" type="text" style="margin-left: 43px; padding: 4px;" />' .
'<br /><br />' .
'<span style="font-size: 13px; color: yellow; margin-left: 6px;">' .
'Text: ' .
'<textarea name="message" rows="5" cols="40" style="margin-left: 50px; padding: 4px;" /></textarea></span>' .
'<br />' .
'<input type="submit" value="Submit" style="margin-top: 5px; margin-left: 379px;" />' .
'</form>' .
'</div>';
}
?>
</div>
</body>
</html>
Ok. Now, first of all, the form does not append the data to the file properly, and I'm not sure why - but I think we should leave this problem till later.
At the moment, we need to create the file text.txt in the same directory as the above index.php. In our sample text.txt file, let's pretend that some people have entered information, so that text.txt contains:
Quote:
Max<Thu 28th May<Hey everyone! How are you all? xD<John<Fri 29th May<Great thanks! How about you mate?<Max<Thu 28th May<Brilliant thanks! So how's it going around here?<
|
Now, let's try visiting index.php in our browser.. I was using Firefox, and it returned this:
click for screenshot
What's the actual source code that the script in index.php is producing? Here it is:
Code:
<table border="0" style="width: 95%;" align="center">
<tr>
<th id="name">Name</th>
<th id="date">Date</th>
<th id="mess">Message</th>
</tr>
<tr>
<td>Max</td>
<td>Thu 28th May</td>
</tr>
<tr>
<td>Hey everyone! How are you all? :D</td>
<tr>
<td>John</td>
<td>Fri 29th May</td>
</tr>
<tr>
<td>Great thanks! How about you mate?</td>
<tr>
<td>Max</td>
<td>Thu 28th May</td>
</tr>
<tr>
<td>Brilliant thanks! So how's it going around here?</td>
<tr>
<td>
</td>
</table>
As you can see, some of the <tr> tags aren't closed.. And a new <tr> is begun right before it is meant to. Basically, what I am trying to do is add a <tr> tag, then add three <td> tags containing the content of three of the array's elements, then add a </tr> tag, and then continue for as many messages as there are. But, for some reason (yes, point at me all you want - I am a PHP newbie
), it is not happening.
Any help would be greatly appreciated!