So I went to grab the content management system that I used for one of my old sites, that a friend of mine designed. But it was gone.
Well, i figured now is as good a time as any to learn PHP and MySQL, so I whipped this up over the past month. I'm looking for ways to improve it. Things I may have done in 3 lines that can be done in one function, stuff like that. So, here it is. The page it runs is at http://www.screevo.com
A test of the system is visable at http://test.screevo.com and you can access the administration panel at http://test.screevo.com/?id=admin using username "test" and password "test".
Please give me ideas on how I can change this to make it better.
Changes that need to be made:
1. I need to add links back to the front page of the Admin panel from each stage of the admin process.
2. I think the front page of the administration panel needs to be switched to links as opposed to radio switches.
3. The admin panel needs an option to upload files and images, especially images for use in links on the sidebar.
Code: Select all
<?php
/*
ScreevoCMS v1.1
August 23, 2006
Author: Stephen Martin - stephen@screevo.com
---------------------------
A simple content management system for reading,
writing, and creating content in an SQL database to
be used in an easily managed webpage.
Pages are stored in a table called 'pages'.
Users who are allowed to edit content are
stored in a table called 'users'.
The authorization functions authenticateUser() and
checkUser() rely on hooks that are not usable when
running PHP as CGI. Thus, you must be running mod_php under
Apache in a Unix-based environmentfor this to function properly.
The header and footers in which the content is wrapped
are set by the constants HEADER and FOOTER at the
beginning of the file and must be the absolute
file location, relative to /, and not to your domain name.
Also set will be the SQL Server (SQLSERVER), the SQL user
(SQLUSER), the SQL password (SQLPASSWORD). and the database
in which the information is stored (SQLDB)
The variable 'carat' is set while in the administration
panel to direct the CMS to the right administrative function.
The next release will allow pages to be reordered, and
previewed before posting.
*/
//====== CONSTANTS ======//
define("HEADER","/location/of/header/head.php");
define("FOOTER","/location/of/footer/foot.php");
define("SQLSERVER","MySQL Server");
define("SQLUSER","Username");
define("SQLPASSWORD","Pass");
define("SQLDB","Database");
//========================//
//====== FUNCTIONS =======//
//Opens Database Connection
function openDatabaseScreevo() {
mysql_connect(SQLSERVER, SQLUSER, SQLPASSWORD) or die("Can not connect to DB server.");
mysql_select_db(SQLDB) or die("Can not connect to database.");
}
//End Function
//Prompts User for Credentials
function authenticateUser() {
header('WWW-Authenticate: Basic realm="Private"');
header("HTTP/1.0 401 Unauthorized");
echo 'Invalid username and password.';
exit;
}
//End Function
//Checks Credentials against Database
function checkUser() {
if (!isset ($_SERVER['PHP_AUTH_USER'])) {
authenticateUser();
} else {
openDatabaseScreevo();
$user = mysql_real_escape_string($_SERVER['PHP_AUTH_USER']);
$pass = md5(mysql_real_escape_string($_SERVER['PHP_AUTH_PW']));
$result = mysql_query("SELECT username FROM users WHERE username = '$user' AND pswd = '$pass'");
if (mysql_num_rows($result) == 0) {
authenticateUser();
}
}
}
//End Function
//Gathers links for use in the includes. Modify the echo statement to reflect how you want the links displayed.
function screevoLinks() {
openDatabaseScreevo();
$result = mysql_query("SELECT link, linkimage, title FROM pages WHERE id > 0 ORDER by id asc");
$num_rows = mysql_num_rows($result);
while ($row = mysql_fetch_array($result)) {
$link = $row["link"];
$linkimage = $row["linkimage"];
$title = $row["title"];
print '<img src="/siteimages/spacer.gif" alt=" ">
<a href="'.$link.'"><img src="'.$linkimage.'" alt="'.$title.'" border="0"></a>
<br>';
}
}
//End Function
function makeVariables($available, $wanted) {
foreach($wanted as $wanted) {
if (array_key_exists($wanted, $available)) {
${$wanted} = mysql_real_escape_string($available[$wanted]);
}
}
}
//Admin Panel Default Page - Carat is blank
function screevoStart() {
print ' <h2>Content Management System</h2>
<form action="/?id=admin" method="post">
<input type="radio" name="carat" value="update">Update Existing Page<br>
<input type="radio" name="carat" value="new">Create New Page<br>
<input type="radio" name="carat" value="delete">Delete a Page<br><br>
<input type="submit" value="Go">
</form>';
} //End function
//Create New Page - Carat = "new"
function screevoNew() {
print 'Content Creator<br><br>
<form action="/?id=admin" method="post">
<input type="text" name="id" size="4" value="id">
<input type="text" name="title" size="20" value="title"><br>
<input type="text" name="link" size="5" value="/?id=">
<input type="text" name="linkimage" size="30" value="/siteimages/image.jpg"><br>
<textarea id="content" name="content" rows="50" cols="50">
The content of your new page goes here. HTML is allowed. PHP is not.
</textarea>
<input type="hidden" name="carat" value="preview">
<input type="submit" value="Preview New Page"> </p> </form> <br>';
}
// End Function
//Update Existing Page - Carat = "update"
function screevoUpdate() {
openDatabaseScreevo();
if (!$_POST["id"]) {
$result = mysql_query("SELECT id, title FROM pages WHERE id > '0' ORDER by id ASC");
echo 'Content Updater<br><form action="/?id=admin" method="post">';
$num_rows = mysql_num_rows($result);
while ($row = mysql_fetch_array($result)) {
$id = $row["id"];
$title = $row["title"];
echo '<input type="radio" name="id" value="' . $id . '">' . $id . ' - ' . $title . '<br>';
}
echo '<input type="hidden" name="carat" value="update"><br>';
echo '<input type="submit" value="Edit selected page."></p></form>';
} else {
if (isset ($_POST["id"])) {
$id = intval($_POST["id"]);
} else {
$id = "1";
}
$result = mysql_query("SELECT content, title, link, linkimage FROM pages WHERE id = '$id'");
if (!$result) {
echo 'FAILED! <br>';
echo mysql_error();
} else {
$num_rows = mysql_num_rows($result);
if ($num_rows == 0)
echo 'OMG H4XX0RZ. Making up random numbers will get you nowhere. Try again from the menu on the left.';
else {
while ($row = mysql_fetch_array($result)) {
extract($row);
print '<h1>Now editing: ' . $title . ' Section number:' . $id . '<br>
<form action="/?id=admin" method="post">
<input type="text" name="id" size="4" readonly value="' . $id . '">
<input type="text" name="title" size="20" value="' . $title . '"><br>
<input type="text" name="link" size="5" value="' . $link . '">
<input type="text" name="linkimage" size="20" value="' . $linkimage . '"><br>
<textarea name="content" rows="30" cols="70">' . $content . '</textarea>
<input type="hidden" name="carat" value="preview">
<input type="submit" value="Preview Changes"></p></form>';
}
}
}
}
mysql_close();
}
// End Function
// Delete Existing Page - Carat = "Delete"
function screevoDelete() {
openDatabaseScreevo();
if (!$_POST["id"]) { //select page to be deleted
$result = mysql_query("SELECT id, title FROM pages WHERE id > 0 ORDER by id ASC");
$num_rows = mysql_num_rows($result);
echo 'Delete a page.<br> n <form action="index.php?id=admin" method="post">';
while ($row = mysql_fetch_array($result)) {
$id = $row["id"];
$title = $row["title"];
echo '<input type="radio" name="id" value="' . $id . '">' . $id . ' - ' . $title . '<br>';
}
print '<input type="hidden" name="carat" value="delete">
<input type="submit" value="Delete selected page.">n</p>n</form>';
}
elseif (isset ($_POST["id"]) AND !isset ($_POST["confirm"])) { //confirm deletion
$id = intval($_POST['id']);
$result = mysql_query("SELECT id, title FROM pages WHERE id = '$id'");
$num_rows = mysql_num_rows($result);
while ($row = mysql_fetch_array($result)) {
$id = $row["id"];
$title = $row["title"];
}
print 'Are you absolutely, positively sure you want to delete page ' . $id . ' - ' . $title . '?<br>
If you do, and you change your mind, you will have to recreate the page from scratch.<br>
To confirm, click Submit. Or else, <a href="/index.php?id=admin"> click here to go back.</a><br>
<form action="/?id=admin" method="post">
<input type="hidden" name="id" value="' . $id . '">
<input type="hidden" name="title" value="' . $title . '">
<input type="hidden" name="confirm" value="1"> <input type="hidden" name="carat" value="delete">
<input type="submit" value="Yes, I am sure I want to delete the page.">';
}
elseif (isset ($_POST["id"]) AND $_POST["confirm"] == "1") {
$id = intval($_POST["id"]);
$title = $_POST["title"];
$result = mysql_query("DELETE FROM pages WHERE id = '$id'");
if (!$result) {
echo "FAILED!";
echo mysql_error();
} else {
echo 'You have successfully deleted page number ' . $id . ' called ' . $title . '.';
mysql_close();
}
}
}
// End Function
//Preview Page - Carat = "preview" // This does not work 100% yet. Still bugs out a bit if the HTML contains a form.
function screevoPreview() {
extract($_POST);
print 'Previewing: '.$title.'
<hr>
'.$content.'
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<hr>
If you need to make more changes, please go back. If you are satisfied with how this looks, click submit.<br>
<form action="/?id=admin" method="post">
<input type="hidden" name="id" value="'.$id.'">
<input type="hidden" name="title" value="'.$title.'">
<input type="hidden" name="content" value="'.htmlentities($content).'">
<input type="hidden" name="link" value="'.$link.'">
<input type="hidden" name="linkimage" value="'.$linkimage.'">
<input type="hidden" name="carat" value="put">
<input type="submit" value="Submit">';
}
//End Function
// "Put" - Makes changes to the database.
function screevoPut()
{
openDatabaseScreevo();
$post=array_map('mysql_real_escape_string',$_POST);
extract($post);
$result = mysql_query( "REPLACE INTO pages (id,title,link,linkimage,content) VALUES ('$id','$title','$link','$linkimage','$content')" );
if (!$result) {
echo 'Failed: '.mysql_error();
} else {
print 'Successfully completed operation on page #'.$id.'called '.$title.'.';
}
mysql_close();
}
//End Function
//==========END FUNCTIONS==========//
//========ADMIN PANEL=========//
if ($_GET['id'] == "admin") {
checkUser(); //Get username and Password
include (HEADER);
switch (mysql_real_escape_string($_POST['carat'])) {
case 'new' :
screevoNew();
break;
case 'update' :
screevoUpdate();
break;
case 'preview' :
screevoPreview();
break;
case 'delete' :
screevoDelete();
break;
case 'put' :
screevoPut();
break;
default :
screevoStart();
break;
}
include (FOOTER);
}
//=======GENERATE PAGE========//
else {
include(HEADER);
openDatabaseScreevo();
if(!isset($_GET['id']))
$id="1";
else
$id=mysql_real_escape_string($_GET['id']);
$result = mysql_query("SELECT content AS content FROM pages WHERE id = '$id'");
if(!$result)
echo "Things are broken, people are dying, this page isn't working!";
else {
$num_rows = mysql_num_rows($result);
if($num_rows == 0)
echo 'Quoth the database, "404". It appears the page you are trying to reach is not there.';
else {
while ($row = mysql_fetch_array($result)) {
$content = $row["content"];
echo $content;
}
}
mysql_close();
}
include(FOOTER);
}
?>