A few things to remember: all comments will be prefixed by two slashes "//". In programming if something is commented then it doesn't affect the script in any way, so it is useful for explaining certain parts of the code. To make it even more readable, I made all comments this colour. Also, even though I spend a good amount of time making sure that invalid information isn't entered, this actually isn't a good example security. Because mostly only people I know go to the Rumpus Family website, I don't really have to worry about things like XSS injections. But if someone really wanted they could probably mess with this pretty badly. Oh, and the code I have here isn't on the "make your own page" page. Because all that is really there is the form that takes the information typed by the user, it isn't necessary to put it here. This is just the external script that does all the work. Finally, this script is really, really short. Most scripts will be quite a bit larger than this one.
<?php
// Gathers the IP address of the user. That way if necessary I can ban those who abuse the form.
$ip = $_SERVER['REMOTE_ADDR'];// These two variable take the data collected from the previous HTML page$data = $_POST['science'];
$Pagename = $_POST['pagename'];// These three functions will remove any whitespace and capital letters from the file name. The last one will also add an ".html" at the end.
$filename= ereg_replace( ' +', '', $Pagename );
$ToLower = strtolower($filename);
$Filename = trim($ToLower . ".html");
// Here I place the data collected in two of the previous variables. This information will later be written to another file so that it can be placed in the navigation of the site. Basically, this is the link that you will click from the menu to access the newly formed page.
$menu = <<< END
<li><a href="$Filename">$Pagename</a></li>
END;
// This is mostly just the HTML code that will make the new page, so I greyed out everything but the PHP variables. The HTML is important, I'm just not getting into that right now.
$pagedata = <<< ENDING<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<link rel="stylesheet" type="text/css" href="index.css" />
<title>$Pagename</title>
<style>
body {
background: #A5D8F6;
}
</style>
</head>
<body>
<?php include("header.php"); ?>
<br>
<br>
<div id="c">$data
</div>
<?php include("menu.php"); ?>
<center>
<div id="why">
Chuck Testa does not taxidermize pets. If someone who claims to be Chuck Testa offers to taxidermize your pet, then that person is a dirty, rotten liar. Chuck Testa never, and I mean <em>never</em> performs a taxidermization on a pet. Unless the pet is living.
</div>
</center>
</body>
</html>
ENDING;
// Pretty much self-explanatory. If there isn't anything entered in either of the two fields then a message is written and the script doesn't continue.
if (empty($Pagename)) {
echo "Not all of the fields are filled in. Please go back and enter the necessary information";
}
elseif (empty($data)) {
echo "Not all of the fields are filled in. Please go back and enter the necessary information";// Because the file name will be made into a URL I don't allow any characters that aren't alphanumeric. Plus, this helps ensure that the file name isn't spam.
}
elseif (eregi('[^a-z][^A-Z][^0-9][.]', $Filename)) {
echo 'Sorry, that page name is not valid. Please only use letters and number for the file name.';
}// Makes sure that there isn't already a page that has the same name as the one that the user wants to make.
elseif (file_exists("$Filename")) {
echo 'Sorry, that file name is already in use. Please choose another one.';
}// Checks to see how long the file name is. If it is larger than twelve characters then the script does not continue.
elseif (strlen($Pagename) > "12") {
echo 'Sorry, your file name was too large. Please go back and shorten it.';
}
// Finally! This part of the script actually makes the new page.
else {
echo "Hey, it worked! Your page should be up and running now. If not, please let me know and I'll see if I can fix it";// Mails myself the IP address of the user and the initial information entered on the page.
mail("ultraswat@gmail.com", "$ip", "$data");// Writes the name of the file to the menu.
$namepages = fopen("pagenames.txt", "a");
fwrite($namepages, "$menu");
fclose($namepages);// Makes the new page and places all the HTML code there.
$F = fopen("$Filename", "w+");
fwrite($F, "$pagedata");
fclose($F);
}
?>
Sorry that I'm not very good at explaining things. It really is simpler than this.
No comments:
Post a Comment