[PHP] How To Make A Basic News CMS

~~Encryptions!~~ · 16-04-2006, 05:18 PM

Hello.

I haven't made a tutorial for a while, so I decided to write a tutorial about the basic one that I coded around three weeks ago, I have heavily commented the code to help you understand but also I will explain while going along.

This CMS (Content Management System) will run off a MySQL Database and PHP so you will need:

PHP Enabled Server
MySQL Database
PHPMyAdmin
Notepad

First of all open up cPanel and then go to your MySQL Database and set one up and then go into Phpmyadmin and run the following SQL code.

PHP Code:


CREATE TABLE `newscms` ( 
`id` int(10) unsigned NOT NULL auto_increment, 
`date` varchar(50) default NULL, 
`title` varchar(50) NOT NULL default '', 
`message` text NOT NULL, 
`user` varchar(50) NOT NULL default '', 
PRIMARY KEY (`id`), 
KEY `date` (`date`) 
);

That does not need to be changed at all especially if you are a novice to the PHP language so run that and it shows a field for each of them. We know need to start coding.

Database Connection

We will need to connect to the Database so we would use something like this: (I have commented the code. They appear as //)

PHP Code:


<?  
$username = "username"; 

// MySQL Database Username such as danwill_danwill

$password = "password"; 

// MySQL Database Password, don't choose an easy one to guess

$host = "localhost"; 

// MySQL Host it is usually LocalHost so keep that the same

$database = "database"; 

// MySQL Database name

// Don't Change Below Unless You Are Good At PHP!
mysql_connect($host,$username,$password) or die("Error connecting to Database!  " . mysql_error());  
mysql_select_db($database) or die("Cannot select database!  " . mysql_error());  
?>

So basically this establishes a conenction to the Database and we will call this databaseconnection.php.

Displaying The Data

When I write a PHP script I make sure I can display and output the Data from a Database so this comes next, again the code is heavily commented.

PHP Code:


<?  
include('databaseconnection.php'); 

// Includes Database Connection


$result = mysql_query("select * from newscms order by id desc limit 7");  


// Selects The Table So Don't Change Apart From The 7 Which You Can.

while($r=mysql_fetch_array($result)) 
{ 
$id=$r["id"]; 
$title=$r["title"]; 
$date=$r["date"]; 
$user=$r["user"]; 
$message=$r["message"];  

// Grabs All The Data From Your Database Table

echo "$title  <br /> Posted on $date <br />Posted by: <b>$user</b><br>$message <br>"; 
}  
?>

Anyway that basically grabs the data from your Database via the variables which are the names of the table fields and then echos them onto your webpage, know we will need somewhere too add the news.

Add News

This is NOT secure as I used HTAccess so you willl need to add some kind of security precautions such as a password.

Again the code is heavily commented.

PHP Code:



<? 

include('databaseconnection.php'); 

// Database Connection Again

?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<title>Add News Panel</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style type="text/css">
<!--
body{
font-family: verdana;
font-size: 12px;
color: #000000;
}

.container{
width: 400px;
background-color: #ffffff;
margin-left: auto;
margin-right: auto;
margin-top: 15px;
}

.addnews{
width: 380px;
padding-left: 10px;
padding-right: 10px;
}
--!>
</style>
</head>
<body>
<div class="container">
<div class="addnews">
<form action="addnews.php" method="post"> 
<br />Title: 
<br /><input name="title" type="text" value="Title"> 
<br />Author: 
<br /><input name="user" type="text" value="Name"> 
<br />Date: 
<br /><input name="date" type="text" value="<?php print date("F j Y"); ?>">
<br />Message: 
<br /><textarea name="message" cols="40" rows="6" value="Message"> </textarea> 
<?php

$title = addslashes(strip_tags($_POST['title'])); 

// Title

$user = addslashes(strip_tags($_POST['user'])); 

// User

$message = $_POST['message']; 

// Message

$date = addslashes(strip_tags($_POST['date'])); 

// Date

$sql = "INSERT INTO newscms SET title='$title', user='$user', message='$message', date='$date'"; 
if (mysql_query($sql)) {  
echo("Your news has been added.");  
} else {  
echo("Error adding entry: " . mysql_error() . "");  
}  
}  
?>

//SQL and Finished

Don't change anything on Add News as it's important unless you know what you are doing.

Hope you understood and enjoyed this, don't forget it would be easily got past without HTAccess.

Thanks
Encryptions

Closed by Kardan (Forum Moderator): Bumped, thread closed.

Splinter · 16-04-2006, 05:53 PM

Nice tut

Although instead of using this line of code:

PHP Code:


$title = addslashes(strip_tags($_POST['title']));



// Title



$user = addslashes(strip_tags($_POST['user']));



// User



$message = $_POST['message'];



// Message



$date = addslashes(strip_tags($_POST['date']));

you could just as easily use this:

PHP Code:


foreach($_POST as $key => $val) {

$_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));

}

~~Encryptions!~~ · 16-04-2006, 08:00 PM

Originally Posted by Splinter

Nice tut

Although instead of using this line of code:

PHP Code:


$title = addslashes(strip_tags($_POST['title']));

// Title

$user = addslashes(strip_tags($_POST['user']));

// User

$message = $_POST['message'];

// Message

$date = addslashes(strip_tags($_POST['date']));

you could just as easily use this:

PHP Code:


foreach($_POST as $key => $val) {
$_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));
}

Hello.

Yes but that would be a bit more advanced and just doing it my way would help newcomers to get to grasps with editing the code without going into too much detail. I may write a whole new one tomorrow if I have the time.

Thanks,
Encryptions

~~Echo-Host~~ · 27-09-2006, 11:24 AM

Nice tut +rep

Apox · 23-04-2007, 02:28 AM

Originally Posted by Splinter

Nice tut

Although instead of using this line of code:

PHP Code:


$title = addslashes(strip_tags($_POST['title']));



// Title



$user = addslashes(strip_tags($_POST['user']));



// User



$message = $_POST['message'];



// Message



$date = addslashes(strip_tags($_POST['date']));

you could just as easily use this:

PHP Code:


foreach($_POST as $key => $val) {

$_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));

}

Clever piece of code none the less. However it forces all POST variables to be stripped of tags and this is not always required. In-fact the code will strip tags from the 'message' variable which in good company needs to be there for simple HTML formatting.