kit
/
hackernewsclone
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import files

This commit is contained in:
sart dert 2024-02-23 20:40:00 +00:00
parent 83ecd9aef4
commit c6440b2d8d
20 changed files with 1304 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -1,7 +1,27 @@
# hacker news clone
![](https://img.photouploads.com/file/PhotoUploads-com/SRE3.png)
a bad hacker news clone made in php
this was created on garbage free hosting so it probably works anywhere you can get php 7.3 and some new version of mysql
(yes it breaks after php 8.0 i dont care to figure out why)
# setup
wip
1. copy the files over to your server
2. modify `config.php` to use your database login, base url, and email
3. import `database.sql` into your database
4. go to whatever your base url is set as
5. profit i think idk
# why you shouldn't use this
- the account system is from some tutorial
- there's probably some vulnerability that allows code execution
- comments SUCK!!! they look so awful
- it uses mysqli instead of something more secure like pdo
- i think you can post without an account and i forgot to fix that
- the logout button is always visible even when you log out
- the navbar buttons are inconsistent

31
account/activate.php Executable file
View File

@ -0,0 +1,31 @@
<?php
// Change this to your connection info.
include('../config.php');
// Try and connect using the info above.
$con = mysqli_connect($servername, $username, $password, $dbname);
if (mysqli_connect_errno()) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// First we check if the email and code exists...
if (isset($_GET['email'], $_GET['code'])) {
if ($stmt = $con->prepare('SELECT * FROM accounts WHERE email = ? AND activation_code = ?')) {
$stmt->bind_param('ss', $_GET['email'], $_GET['code']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
if ($stmt->num_rows > 0) {
// Account exists with the requested email and code.
if ($stmt = $con->prepare('UPDATE accounts SET activation_code = ? WHERE email = ? AND activation_code = ?')) {
// Set the new activation code to 'activated', this is how we can check if the user has activated their account.
$newcode = 'activated';
$stmt->bind_param('sss', $newcode, $_GET['email'], $_GET['code']);
$stmt->execute();
echo 'Your account is now activated! You can now <a href="index.php">login</a>!';
}
} else {
echo 'The account is already activated or doesn\'t exist!';
}
}
}
?>

52
account/authenticate.php Executable file
View File

@ -0,0 +1,52 @@
<?php
session_start();
// Change this to your connection info.
include('../config.php');
// Try and connect using the info above.
$con = mysqli_connect($servername, $username, $password, $dbname);
if ( mysqli_connect_errno() ) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if ( !isset($_POST['username'], $_POST['password']) ) {
// Could not get the data that should have been sent.
exit('Please fill both the username and password fields!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($id, $password);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($_POST['password'], $password)) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
header('Location: home.php');
} else {
// Incorrect password
echo 'Incorrect username and/or password!';
}
} else {
// Incorrect username
echo 'Incorrect username and/or password!';
}
$stmt->close();
}
?>

37
account/home.php Executable file
View File

@ -0,0 +1,37 @@
<?php
// We need to use sessions, so you should always start sessions using the below code.
session_start();
include('../config.php');
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: index.php');
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Settings</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?></h1>
<a href="../index.php"><i class="fas fa-house"></i>Home</a>
<a href="profile.php"><i class="fas fa-user-circle"></i>Info</a>
<a href="../users.php"><i class="fas fa-users"></i>Users</a>
<a href="logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<div class="content">
<h2>Settings</h2>
<p>Welcome back, <?=htmlspecialchars($_SESSION['name'], ENT_QUOTES)?>!</p>
</div>
</body>
</html>

34
account/index.php Executable file
View File

@ -0,0 +1,34 @@
<?php
session_start();
if (isset($_SESSION['loggedin'])) {
header('Location: home.php');
exit;
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="login">
<h1>Login</h1>
<form action="authenticate.php" method="post">
<label for="username">
<i class="fas fa-user"></i>
</label>
<input type="text" name="username" placeholder="Username" id="username" required>
<label for="password">
<i class="fas fa-lock"></i>
</label>
<input type="password" name="password" placeholder="Password" id="password" required>
<input type="submit" value="Login">
</form>
</div>
<center><a href="register.html"><button style="cursor: pointer; outline: 0; color: #fff; background-color: #0d6efd; border-color: #0d6efd; display: inline-block; font-weight: 400; line-height: 1.5; text-align: center; border: 1px solid transparent; padding: 6px 12px; font-size: 16px; border-radius: .25rem; transition: color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out; :hover { color: #fff; background-color: #0b5ed7; border-color: #0a58ca; }">Register</button></center>
</body>
</html>

6
account/logout.php Executable file
View File

@ -0,0 +1,6 @@
<?php
session_start();
session_destroy();
// Redirect to the login page:
header('Location: index.php');
?>

67
account/profile.php Executable file
View File

@ -0,0 +1,67 @@
<?php
// We need to use sessions, so you should always start sessions using the below code.
session_start();
include('../config.php');
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: index.php');
exit;
}
$con = mysqli_connect($servername, $username, $password, $dbname);
if (mysqli_connect_errno()) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// We don't have the password or email info stored in sessions, so instead, we can get the results from the database.
$stmt = $con->prepare('SELECT password, email FROM accounts WHERE id = ?');
// In this case we can use the account ID to get the account info.
$stmt->bind_param('i', $_SESSION['id']);
$stmt->execute();
$stmt->bind_result($password, $email);
$stmt->fetch();
$stmt->close();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Profile</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?></h1>
<a href="../index.php"><i class="fas fa-house"></i>Home</a>
<a href="profile.php"><i class="fas fa-user-circle"></i>Info</a>
<a href="../users.php"><i class="fas fa-users"></i>Users</a>
<a href="logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<div class="content">
<h2>Profile Page</h2>
<div>
<p>Your account details are below:</p>
<table>
<tr>
<td>Username:</td>
<td><?=htmlspecialchars($_SESSION['name'], ENT_QUOTES)?></td>
</tr>
<tr>
<td>Password:</td>
<td><?=htmlspecialchars($password, ENT_QUOTES)?></td>
</tr>
<tr>
<td>Email:</td>
<td><?=htmlspecialchars($email, ENT_QUOTES)?></td>
</tr>
</table>
<form action="updatebio.php" method="post">
<textarea type="text" id="bio" name="bio"></textarea>
<input type="submit" value="Submit">
</form>
</div>
</div>
</body>
</html>

31
account/register.html Executable file
View File

@ -0,0 +1,31 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Register</title>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div class="register">
<h1>Register</h1>
<form action="register.php" method="post" autocomplete="off">
<label for="username">
<i class="fas fa-user"></i>
</label>
<input type="text" name="username" placeholder="Username" id="username" required>
<label for="password">
<i class="fas fa-lock"></i>
</label>
<input type="password" name="password" placeholder="Password" id="password" required>
<label for="email">
<i class="fas fa-envelope"></i>
</label>
<input type="email" name="email" placeholder="Email" id="email" required>
<input type="submit" value="Register">
</form>
</div>
<center><a href="index.php"><button style="cursor: pointer; outline: 0; color: #fff; background-color: #0d6efd; border-color: #0d6efd; display: inline-block; font-weight: 400; line-height: 1.5; text-align: center; border: 1px solid transparent; padding: 6px 12px; font-size: 16px; border-radius: .25rem; transition: color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out; :hover { color: #fff; background-color: #0b5ed7; border-color: #0a58ca; }">Login</button></center>
</body>
</html>

68
account/register.php Executable file
View File

@ -0,0 +1,68 @@
<?php
// Change this to your connection info.
include('../config.php');
// Try and connect using the info above.
$con = mysqli_connect($servername, $username, $password, $dbname);
if (mysqli_connect_errno()) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data was submitted, isset() function will check if the data exists.
if (!isset($_POST['username'], $_POST['password'], $_POST['email'])) {
// Could not get the data that should have been sent.
exit('Please complete the registration form!');
}
// Make sure the submitted registration values are not empty.
if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
// One or more values are empty.
exit('Please complete the registration form');
}
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
exit('Email is not valid!');
}
if (preg_match('/^[a-zA-Z0-9]+$/', $_POST['username']) == 0) {
exit('Username is not valid!');
}
if (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 5) {
exit('Password must be between 5 and 20 characters long!');
}
// We need to check if the account with that username exists.
if ($stmt = $con->prepare('SELECT id, password FROM accounts WHERE username = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), hash the password using the PHP password_hash function.
$stmt->bind_param('s', $_POST['username']);
$stmt->execute();
$stmt->store_result();
// Store the result so we can check if the account exists in the database.
if ($stmt->num_rows > 0) {
// Username already exists
echo 'Username exists, please choose another!';
} else {
// Username doesn't exists, insert new account
if ($stmt = $con->prepare('INSERT INTO accounts (username, password, email, activation_code) VALUES (?, ?, ?, ?)')) {
// We do not want to expose passwords in our database, so hash the password and use password_verify when a user logs in.
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$uniqid = uniqid();
$stmt->bind_param('ssss', $_POST['username'], $password, $_POST['email'], $uniqid);
$stmt->execute();
$from = $verifyemail;
$subject = 'Account Activation Required';
$headers = 'From: ' . $from . "\r\n" . 'Reply-To: ' . $from . "\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . 'MIME-Version: 1.0' . "\r\n" . 'Content-Type: text/html; charset=UTF-8' . "\r\n";
// Update the activation variable below
$activate_link = $baseurl . '/account/activate.php?email=' . $_POST['email'] . '&code=' . $uniqid;
$message = '<p>Please click the following link to activate your account "'. $_POST['username'] . '": <a href="' . $activate_link . '">' . $activate_link . '</a></p>';
mail($_POST['email'], $subject, $message, $headers);
echo 'Please check your email to activate your account!';
} else {
// Something is wrong with the SQL statement, so you must check to make sure your accounts table exists with all three fields.
echo 'Could not prepare statement!';
}
}
$stmt->close();
} else {
// Something is wrong with the SQL statement, so you must check to make sure your accounts table exists with all 3 fields.
echo 'Could not prepare statement!';
}
$con->close();
?>

189
account/style.css Executable file
View File

@ -0,0 +1,189 @@
* {
box-sizing: border-box;
font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif;
font-size: 16px;
}
body {
background-color: #435165;
}
.login {
width: 400px;
background-color: #ffffff;
box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
margin: 100px auto;
}
.login h1 {
text-align: center;
color: #5b6574;
font-size: 24px;
padding: 20px 0 20px 0;
border-bottom: 1px solid #dee0e4;
}
.login form {
display: flex;
flex-wrap: wrap;
justify-content: center;
padding-top: 20px;
}
.login form label {
display: flex;
justify-content: center;
align-items: center;
width: 50px;
height: 50px;
background-color: #3274d6;
color: #ffffff;
}
.login form input[type="password"], .login form input[type="text"] {
width: 310px;
height: 50px;
border: 1px solid #dee0e4;
margin-bottom: 20px;
padding: 0 15px;
}
.login form input[type="submit"] {
width: 100%;
padding: 15px;
margin-top: 20px;
background-color: #3274d6;
border: 0;
cursor: pointer;
font-weight: bold;
color: #ffffff;
transition: background-color 0.2s;
}
.login form input[type="submit"]:hover {
background-color: #2868c7;
transition: background-color 0.2s;
}
.navtop {
background-color: #2f3947;
height: 60px;
width: 100%;
border: 0;
}
.navtop div {
display: flex;
margin: 0 auto;
width: 1000px;
height: 100%;
}
.navtop div h1, .navtop div a {
display: inline-flex;
align-items: center;
}
.navtop div h1 {
flex: 1;
font-size: 24px;
padding: 0;
margin: 0;
color: #eaebed;
font-weight: normal;
}
.navtop div a {
padding: 0 20px;
text-decoration: none;
color: #c1c4c8;
font-weight: bold;
}
.navtop div a i {
padding: 2px 8px 0 0;
}
.navtop div a:hover {
color: #eaebed;
}
body.loggedin {
background-color: #f3f4f7;
}
.content {
width: 1000px;
margin: 0 auto;
}
.content h2 {
margin: 0;
padding: 25px 0;
font-size: 22px;
border-bottom: 1px solid #e0e0e3;
color: #4a536e;
}
.content > p, .content > div {
box-shadow: 0 0 5px 0 rgba(0, 0, 0, 0.1);
margin: 25px 0;
padding: 25px;
background-color: #fff;
}
.content > p table td, .content > div table td {
padding: 5px;
}
.content > p table td:first-child, .content > div table td:first-child {
font-weight: bold;
color: #4a536e;
padding-right: 15px;
}
.content > div p {
padding: 5px;
margin: 0 0 10px 0;
}
* {
box-sizing: border-box;
font-family: -apple-system, BlinkMacSystemFont, "segoe ui", roboto, oxygen, ubuntu, cantarell, "fira sans", "droid sans", "helvetica neue", Arial, sans-serif;
font-size: 16px;
}
body {
background-color: #435165;
margin: 0;
}
.register {
width: 400px;
background-color: #ffffff;
box-shadow: 0 0 9px 0 rgba(0, 0, 0, 0.3);
margin: 100px auto;
}
.register h1 {
text-align: center;
color: #5b6574;
font-size: 24px;
padding: 20px 0 20px 0;
border-bottom: 1px solid #dee0e4;
}
.register form {
display: flex;
flex-wrap: wrap;
justify-content: center;
padding-top: 20px;
}
.register form label {
display: flex;
justify-content: center;
align-items: center;
width: 50px;
height: 50px;
background-color: #3274d6;
color: #ffffff;
}
.register form input[type="password"], .register form input[type="text"], .register form input[type="email"] {
width: 310px;
height: 50px;
border: 1px solid #dee0e4;
margin-bottom: 20px;
padding: 0 15px;
}
.register form input[type="submit"] {
width: 100%;
padding: 15px;
margin-top: 20px;
background-color: #3274d6;
border: 0;
cursor: pointer;
font-weight: bold;
color: #ffffff;
transition: background-color 0.2s;
}
.register form input[type="submit"]:hover {
background-color: #2868c7;
transition: background-color 0.2s;
}

29
account/updatebio.php Executable file
View File

@ -0,0 +1,29 @@
<?php
// this is the script that actually submits the bio into the db
session_start();
include('../config.php');
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// $sql = "INSERT INTO accounts (bio)
// VALUES ('". substr($_POST['bio'],0,150). "')";
$sql = "UPDATE accounts
SET bio = '".substr($_POST['bio'],0,150)."'
WHERE username = '".htmlspecialchars($_SESSION['name'], ENT_QUOTES)."';";
if ($conn->query($sql) === TRUE) {
header('Location: profile.php');
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

68
account/userprofile.php Executable file
View File

@ -0,0 +1,68 @@
<?php
// We need to use sessions, so you should always start sessions using the below code.
session_start();
include('../config.php');
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: index.php');
exit;
}
$con = mysqli_connect($servername, $username, $password, $dbname);
if (mysqli_connect_errno()) {
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$quersy = $con->query("SELECT bio FROM accounts WHERE username = '".htmlspecialchars($_GET['user'])."'");
$con->query("SELECT * FROM accounts WHERE username = '".htmlspecialchars($_GET['user'])."'");
while($rows = mysqli_fetch_assoc($quersy)) {
$userbio = htmlspecialchars($rows['bio']);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Profile</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
<style>
.hnlink {
text-decoration:none;
color: #09BC8A;
}
</style>
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?></h1>
<a href="../index.php"><i class="fas fa-house"></i>Home</a>
<a href="profile.php"><i class="fas fa-user-circle"></i>Info</a>
<a href="../users.php"><i class="fas fa-users"></i>Users</a>
<a href="logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<div class="content">
<h2>Profile of <?= htmlspecialchars($_GET['user']); ?></h2>
<div>
<table>
<tr>
<td>Username:</td>
<td><?=htmlspecialchars($_GET['user']);?></td>
</tr>
<tr>
<td>Bio:</td>
<td><?=$userbio; ?></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>

30
com.php Executable file
View File

@ -0,0 +1,30 @@
<?php
// this is the script that actually submits the post into the db
session_start();
include('config.php');
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_POST['comment'] == "") {
die('Empty');
}
$sql = "INSERT INTO comments (commenter, postid, comment)
VALUES ('". htmlspecialchars($_SESSION['name'], ENT_QUOTES). "', '". htmlspecialchars($_GET['postid']) ."', '".substr(htmlspecialchars($_POST['comment']), 0, 150)."')";
if ($conn->query($sql) === TRUE) {
header('Location: comments.php?postid='.htmlspecialchars($_GET['postid']));
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

91
comments.php Executable file
View File

@ -0,0 +1,91 @@
<?php include('config.php'); ?>
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
table {
font-family: arial, sans-serif;
border-collapse: collapse;
width: 70%;
}
td, th {
border: 1px solid #dddddd;
text-align: left;
padding: 8px;
}
tr:nth-child(even) {
background-color: #dddddd;
}
.hnlink {
text-decoration:none;
color: #09BC8A;
}
.hntable {
padding-top: 50px;
padding-right: 30px;
padding-bottom: 50px;
padding-left: 80px;
}
#remarkbox-div {
padding-top: 0px;
padding-right: 80px;
padding-bottom: 50px;
padding-left: 80px
}
</style>
<meta charset="utf-8">
<title><?= $siteName; ?></title>
<link href="account/style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?></h1>
<a href="account/index.php"><i class="fas fa-gear"></i>Account</a>
<a href="submit.php"><i class="fas fa-pencil"></i>Post</a>
<a href="users.php"><i class="fas fa-users"></i>Users</a>
<a href="account/logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<br>
<center>
<?php $theurl = '"com.php?postid='.htmlspecialchars($_GET['postid']).'"'; ?>
<form action=<?=$theurl;?> method="post">
<input type="text" name="comment">
<input type="submit" value="Comment">
</form>
</center><br><br>
<?php
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$quersy = $conn->query("SELECT * FROM comments WHERE postid = '".htmlspecialchars($_GET['postid'])."' ORDER BY id DESC");
// $conn->query($query)
// $conn->query("SELECT * FROM users");
while($rows = mysqli_fetch_assoc($quersy)) {
print "<center><a class='hnlink' href='account/userprofile.php?user=".htmlspecialchars($rows['commenter'])."'>".htmlspecialchars($rows['commenter'])."</a><br>".htmlspecialchars($rows['comment'])."</center>";
}
?>
</body>
</html>

15
config.php Executable file
View File

@ -0,0 +1,15 @@
<?php
$siteName = "Hacker News"; // Site name (used in headers and titles)
// Database login info
$servername = "localhost";
$username = "database";
$password = "password";
$dbname = "database";
$verifyemail = "email@host.local"; // email used to send verification messages
$baseurl = "http://localhost/hn"; // Base URL of website
?>

112
database.sql Normal file
View File

@ -0,0 +1,112 @@
-- phpMyAdmin SQL Dump
-- version 5.2.1
-- https://www.phpmyadmin.net/
--
-- Host: localhsot
-- Generation Time: Feb 23, 2024 at 08:14 PM
-- Server version: 5.7.40-log
-- PHP Version: 8.1.27
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `hndatabase`
--
-- --------------------------------------------------------
--
-- Table structure for table `accounts`
--
CREATE TABLE `accounts` (
`id` int(11) NOT NULL,
`username` varchar(50) NOT NULL,
`password` varchar(255) NOT NULL,
`email` varchar(100) NOT NULL,
`activation_code` varchar(50) DEFAULT '',
`bio` text NOT NULL COMMENT 'bio'
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- Table structure for table `comments`
--
CREATE TABLE `comments` (
`id` int(11) NOT NULL,
`commenter` varchar(50) NOT NULL,
`postid` varchar(255) NOT NULL,
`comment` varchar(100) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- Table structure for table `posts`
--
CREATE TABLE `posts` (
`id` int(6) UNSIGNED NOT NULL,
`url` varchar(255) NOT NULL,
`title` varchar(30) NOT NULL,
`poster` varchar(50) DEFAULT NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `accounts`
--
ALTER TABLE `accounts`
ADD PRIMARY KEY (`id`);
--
-- Indexes for table `comments`
--
ALTER TABLE `comments`
ADD PRIMARY KEY (`id`);
--
-- Indexes for table `posts`
--
ALTER TABLE `posts`
ADD PRIMARY KEY (`id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `accounts`
--
ALTER TABLE `accounts`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
--
-- AUTO_INCREMENT for table `comments`
--
ALTER TABLE `comments`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT;
--
-- AUTO_INCREMENT for table `posts`
--
ALTER TABLE `posts`
MODIFY `id` int(6) UNSIGNED NOT NULL AUTO_INCREMENT;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

138
index.php Executable file
View File

@ -0,0 +1,138 @@
<?php include('config.php'); ?>
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
/* * {box-sizing: border-box;}
body {
margin: 0;
font-family: Arial, Helvetica, sans-serif;
}
.header {
overflow: hidden;
background-color: #f1f1f1;
padding: 20px 10px;
}
.header a {
float: left;
color: black;
text-align: center;
padding: 12px;
text-decoration: none;
font-size: 18px;
line-height: 25px;
border-radius: 4px;
}
.header a.logo {
font-size: 25px;
font-weight: bold;
}
.header a:hover {
background-color: #ddd;
color: black;
}
.header a.active {
background-color: dodgerblue;
color: white;
}
.header-right {
float: right;
}
@media screen and (max-width: 500px) {
.header a {
float: none;
display: block;
text-align: left;
}
.header-right {
float: none;
}
}
*/
table {
font-family: arial, sans-serif;
border-collapse: collapse;
width: 70%;
}
td, th {
border: 1px solid #dddddd;
text-align: left;
padding: 8px;
}
tr:nth-child(even) {
background-color: #dddddd;
}
.hnlink {
text-decoration:none;
color: #09BC8A;
}
.commentslink {
text-decoration:none;
color: #13ECB0;
font-size: 60%
}
.hntable {
padding-top: 50px;
padding-right: 30px;
padding-bottom: 50px;
padding-left: 80px;
}
</style>
<meta charset="utf-8">
<title><?= $siteName; ?></title>
<link href="account/style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?></h1>
<a href="account/index.php"><i class="fas fa-gear"></i>Account</a>
<a href="submit.php"><i class="fas fa-pencil"></i>Post</a>
<a href="users.php"><i class="fas fa-users"></i>Users</a>
<a href="account/logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<br>
<?php
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$quersy = $conn->query("SELECT * FROM posts ORDER BY id DESC");
// $conn->query($query)
$conn->query("SELECT * FROM users");
print "<div class='hntables'><center><table>";
while($rows = mysqli_fetch_assoc($quersy)) {
print "<tr><td><a class='hnlink' href='".htmlspecialchars($rows['url'])."'>".htmlspecialchars($rows['title'])."</a> <a class='commentslink' href='comments.php?postid=".htmlspecialchars($rows['id'])."'>comments</a></td><td>Posted by: ".htmlspecialchars($rows['poster'])."</td></tr>";
}
print "</table></center></div>";
?>
</body>
</html>

32
sub.php Executable file
View File

@ -0,0 +1,32 @@
<?php
// this is the script that actually submits the post into the db
session_start();
include('config.php');
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_POST['url'] == "") {
die('Empty');
}
if ($_POST['title'] == "") {
die('Empty');
}
$sql = "INSERT INTO posts (url, title, poster)
VALUES ('". $_POST['url']. "', '". $_POST['title'] ."', '".htmlspecialchars($_SESSION['name'], ENT_QUOTES)."')";
if ($conn->query($sql) === TRUE) {
header('Location: index.php');
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

116
submit.php Executable file
View File

@ -0,0 +1,116 @@
<?php include('config.php');
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
/* * {box-sizing: border-box;}
body {
margin: 0;
font-family: Arial, Helvetica, sans-serif;
}
.header {
overflow: hidden;
background-color: #f1f1f1;
padding: 20px 10px;
}
.header a {
float: left;
color: black;
text-align: center;
padding: 12px;
text-decoration: none;
font-size: 18px;
line-height: 25px;
border-radius: 4px;
}
.header a.logo {
font-size: 25px;
font-weight: bold;
}
.header a:hover {
background-color: #ddd;
color: black;
}
.header a.active {
background-color: dodgerblue;
color: white;
}
.header-right {
float: right;
}
@media screen and (max-width: 500px) {
.header a {
float: none;
display: block;
text-align: left;
}
.header-right {
float: none;
}
}
*/
table {
font-family: arial, sans-serif;
border-collapse: collapse;
width: 70%;
}
td, th {
border: 1px solid #dddddd;
text-align: left;
padding: 8px;
}
tr:nth-child(even) {
background-color: #dddddd;
}
.hnlink {
text-decoration:none;
color: #09BC8A;
}
.hntable {
padding-top: 50px;
padding-right: 30px;
padding-bottom: 50px;
padding-left: 80px;
}
</style>
<meta charset="utf-8">
<title><?= $siteName; ?></title>
<link href="account/style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?></h1>
<a href="index.php"><i class="fas fa-house"></i>Home</a>
<a href="account/index.php"><i class="fas fa-gear"></i>Account</a>
<a href="users.php"><i class="fas fa-users"></i>Users</a>
<a href="account/logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<br>
<center>
<form action="sub.php" method="post">
URL: <input type="text" name="url"><br><br>
Title: <input type="text" name="title"><br><br>
<input type="submit">
</form>
</center>
</body>
</html>

137
users.php Executable file
View File

@ -0,0 +1,137 @@
<?php include('config.php'); ?>
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
/* * {box-sizing: border-box;}
body {
margin: 0;
font-family: Arial, Helvetica, sans-serif;
}
.header {
overflow: hidden;
background-color: #f1f1f1;
padding: 20px 10px;
}
.header a {
float: left;
color: black;
text-align: center;
padding: 12px;
text-decoration: none;
font-size: 18px;
line-height: 25px;
border-radius: 4px;
}
.header a.logo {
font-size: 25px;
font-weight: bold;
}
.header a:hover {
background-color: #ddd;
color: black;
}
.header a.active {
background-color: dodgerblue;
color: white;
}
.header-right {
float: right;
}
@media screen and (max-width: 500px) {
.header a {
float: none;
display: block;
text-align: left;
}
.header-right {
float: none;
}
}
*/
table {
font-family: arial, sans-serif;
border-collapse: collapse;
width: 70%;
}
td, th {
border: 1px solid #dddddd;
text-align: left;
padding: 8px;
}
tr:nth-child(even) {
background-color: #dddddd;
}
.hnlink {
text-decoration:none;
color: #09BC8A;
}
.hntable {
padding-top: 50px;
padding-right: 30px;
padding-bottom: 50px;
padding-left: 80px;
}
</style>
<meta charset="utf-8">
<title><?= $siteName; ?></title>
<link href="account/style.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.0/css/all.min.css" integrity="sha512-xh6O/CkQoPOWDdYTDqeRdPCVd1SpvCA9XXcUnZS2FmJNp1coAFzvtCN9BmamE+4aHK8yyUHUSCcJHgXloTyT2A==" crossorigin="anonymous" referrerpolicy="no-referrer">
<style>
.hnlink {
text-decoration:none;
color: #09BC8A;
}
</style>
</head>
<body class="loggedin">
<nav class="navtop">
<div>
<h1><?= $siteName; ?> Users</h1>
<a href="index.php"><i class="fas fa-house"></i>Home</a>
<a href="account/index.php"><i class="fas fa-gear"></i>Account</a>
<a href="submit.php"><i class="fas fa-pencil"></i>Post</a>
<a href="account/logout.php"><i class="fas fa-sign-out-alt"></i>Logout</a>
</div>
</nav>
<br>
<?php
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$quersy = $conn->query("SELECT * FROM accounts");
// $conn->query($query)
$conn->query("SELECT * FROM users");
print "<div class='hntables'><center><table>";
while($rows = mysqli_fetch_assoc($quersy)) {
print "<tr><td><a class='hnlink' href='account/userprofile.php?user=".htmlspecialchars($rows['username'])."'>".htmlspecialchars($rows['username'])."</a></td></tr>";
}
print "</table></center></div>";
?>
</body>
</html>