PHP Comments?

[alexjewell]

I am so lost.
I need a PHP comments script that is easy, clean, and simple.
I want to add a comments feature to my blog, flamehtmlstudios.com/longroad, and I've downloaded a few and even tried writing a few myself...but my server doesn't support MSQL or SQL or any of that stuff. So, I need a simple script.
What I think needs to happen is a .txt doc needs to be imported into the page and when someone submits the form, the .txt doc is edited. Is this correct?
If someone can give me a simple, easy script, it'd be great.
This is really buggine me.
Thanks.

[djr33]

Well... you'd want the comments ADDED to the txt, not editing the txt. I mean... you don't want anyone who clicks 'comment' to just change the whole txt file to their liking

I don't know of any scripts... but here's what I'm thinking...

If you know a bit of php, you could write this, maybe someone else could, or, maybe, depending on my time (which is REALLY limited at the moment), I might be able to...

anyway, here's generally how:

1. Make your html page. This is the one for commenting. You figure out the link to this page, etc.
2. On that page, make a form. This should have any values you need (name, email, and, obviously, comment, plus whatever you want too).
3. Name each of the fields in relations to those names... <input ... name="email"> or something like that.
4. This will then get submitted. The php page will interpret that.
5. On the php page, have it get the values of the variables ($_GET['email'] or $_POST['email'], depending on the 'method' of your form... probably use method="post" (in the form tag... <form ... method="post">)
6. You've got those... stored as variables, or just use the raw "$_POST..." or whatever. Now, you need to interpret them.
7. Have the php generate a new variable, something like this:

PHP Code:

<?php 
$finalcomment = "Posted by: ".$name." -- ".$email."<br>".$comment."<hr><br>";
movefile($finalcomment, "comments.txt") /*use your own directory/filename instead of
comments.txt... whatever you want, if you want. this php is wrong, btw. I'd
have to look up the particlar syntax and function name... not too hard to
use... just can't remember offhand.*/
?>

8. Then, on the page you want the comments DISPLAYED, do something like this code:

PHP Code:

<?php
$comments = file(comments.txt);
echo $comments;
?>

9. Remember to place the above code exactly where the comments should be displayed... remember that it'll just be added to the html right there, so it should be in the right cell of a table, or after the right paragraph, or whatever.


So... that's a general summary of a VERY simple way to do it.

You could obviously mess with the comments and moderate them to your liking, but remember they WILL be live once posted... no verification by you. But... you could add some steps to it, but its kinda complex.

So... how's that sound?

Talk to me if you really want me to code it... I wouldn't mind the practice, I guess.

[djr33]

Alright.... here yo go:

First, notes:
1. This is pretty simple. It functions well, though, so it should serve its purpose just fine.
2. You'll have to make the pages pretty yourself... the code will be easy to use... just don't mess with the php if you aren't sure what it does.
3. There may be slight security holes in this, specifically letting the user input something that gets put on a page. I don't really know what these holes are, but I did my best to get rid of any inputted html via switching all "<" to "&lt;" (and >/&gt which will display on the page as "<" (and >), not function as part of the html. This should close most holes. Important: if you want users to be able to input html, take out the lines in the index.php page with the comment "//security" after them... that won't change how it works, just if it changes those < and > characters or not.
4. Unlike other, more complex systems, this system just uses one text file. All of the comments are just added one after the other to this. As such, it will be a little hard for you to edit it. But... it's just html source code in there, and you can change as you like. Note: "comments.phpdata" is identical in every way to "comments.txt", but I think the .phpdata (it's fake... I made it up for this) makes more sense in this case. Also, it'll be a bit harder for people to find and mess with (not that it would really matter) if they tried to.

Feel free to ask me any questions. I might add some more, but realize that too complex might be too hard, or too much work. This should give you a nice start.


working example: http://ci-pro.com/misc/phptest/comments/
Note: "Sorry, but no comments were found." is displayed if the text file is empty.... if there are no comments yet. This will be replaced by the first, and following, comments.


SOURCE AND HOW-TO:

Pages: There are three pages in this setup. You could actuall, with a bit more coding, add them all into one, but I think this is cleaner and would make more sense to the visitor.
*index.php = This is the page where the comments are displayed. It has php displaying the comments and a link to the add.php page.
*add.php = This page is JUST a form to add a comment. Note that the "action=" of the form must be "sent.php".
*sent.php = When the form is submitted, this page interprets the data. It then redirects the page (using a "meta refresh" which isn't JS and should be compatible with (almost?) all browsers) to index.php where the comment is displayed. The redirect has a 3 second delay. This can be changed if you want, but 3 is about right, I'd say.
Note: sent.php will display an error message (customizable if you want) if (a) the comment field was left blank or (b) if the page was accessed not through the form... if no data was sent to the page.
All three files must be in the same directory unless you modify the code. Also, the comments.phpdata file will be automatically generated and added to the folder.

SOURCE:

index.php:

PHP Code:

<html>
<head>
<title>Comment Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<div align="center"> 
  <p><font size="+1">Comments Demo:</font></p>
  <table width="80%" border="1" cellspacing="0" cellpadding="5">
    <tr>
      <td align="left">
          <?php
               if ($file = @file_get_contents("comments.phpdata")) {
                echo $file."\n";
                }
            else {echo "Sorry, but no comments were found.";}
        ?>
      </td>
    </tr>
  </table>
  <p><a href="add.php">Add Comment</a></p>
</div>
</body>
</html>

add.php:

PHP Code:

<html>
<head>
<title>Add Comment Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<div align="center"> 
  <p><font size="+1">Add Comment Demo:</font></p>
<form name="form1" method="post" action="sent.php">
    Name: <input name="name" type="text"> -- Email: <input name="email" type="text"><br>
    <textarea name="comment" cols="60" rows="10"></textarea><br>
    <input type="submit" value="submit"> - <input type="reset" value="reset">
    </form>
    <a href="index.php">Back</a>
</div>
</body>
</html> 


sent.php:

PHP Code:

<?php
$filename = "comments.phpdata";
if ($name = stripslashes($_POST['comment'])) {
    $comment = str_replace("<","&lt;",$comment); //security
    $comment = str_replace(">", "&gt;", $comment); //security
    if ($email = stripslashes($_POST['email'])) {
        $email = str_replace("<","&lt;",$email); //security
        $email = str_replace(">", "&gt;", $email); //security
        $email = "<a href=\"mailto:".$email."\">".$email."</a>";
        }
    else {
        $email = "(No Email supplied.)";
        }
    $name = stripslashes($_POST['name']);
    $name = str_replace("<","&lt;",$name); //security
    $name = str_replace(">", "&gt;", $name); //security
    if (!$name) {
        $name = "<i>Anonomous</i>";
        }
    $hr = "";    
    if (strlen(@file_get_contents($filename)) > 0) $hr = "\n<hr>";
    $add = $hr."Posted by: <b>".$name."</b> -- ".$email."<br>".$comment;
    $comments = @file_get_contents($filename).$add;
    $file = @fopen($filename, "w+");
    @fwrite($file, $comments);
    @fclose($file);
    $message = "Your comment was successfully added.<br>Redirecting to index.php";
    }
else {
    $message = "You either entered no data or it was entered incorrectly.<br>Redirecting to index.php";
    }
?>
<html>
<head>
<title>Comment Added Demo</title>
<meta http-equiv="refresh" content="3;url=index.php">
</head>
<body>
<div align="center"> 
<p><font size="+1">Comment Added Demo:</font></p>
<?php echo $message; ?>
</div>
</body>
</html>

Please ask if you have questions. I'll try to help.


Sidenote: anyone think I should submit this to DD as a script? Fine by me... but not sure how useful it would be for lots of people...


EDIT: Fixed something above.

Hope this helps!

[Twey]

Code:

    if ($email = stripslashes($_POST['email'])) {
        $email = str_replace("<","&lt;",$email); //security
        $email = str_replace(">", "&gt;", $email); //security
        $email = "<a href=\"mailto:".$email."\">".$email."</a>";
    }

Can be written as:

Code:

($email = urlencode(stripslashes($_POST['email']))) or $email = "(none specified)";

Likewise:

Code:

    $name = stripslashes($_POST['name']);
    $name = str_replace("<","&lt;",$name); //security
    $name = str_replace(">", "&gt;", $name); //security
    if (!$name) {
        $name = "<i>Anonomous</i>";
        }

Code:

($name = htmlentities(stripslashes($_POST['name']))) or $name = "<i>anonymous</i>";

Also, there's an error here:

Code:

if ($name = stripslashes($_POST['comment'])) {

I think you mean $comment there.

[djr33]

Yeah.... $comment. Fix that if you're using this script, heh.

I figured there was an easier way for that stuff.

But... the first thing doesn't cover the < and > symbols. That function in the second one will do the same thing?

[Twey]

But... the first thing doesn't cover the < and > symbols. That function in the second one will do the same thing?

urlencode() will handle them for URIs. I forgot, though, that the emails will be used for plaintext too. Perhaps, then, that line would be better expressed as:

Code:

if($_POST['email']) $email = '<a href="' . urlencode(stripslashes($_POST['email'])) . '">' . htmlentities(stripslashes($_POST['email'])) . "</a>"; else $email = "(none specified)";

htmlentities() will convert all the common and some of the less common HTML special characters to their HTML entity equivalents. This does include &gt; and &lt;, yes.

[skilled1]

not to but in, but why not just write it to a .wddx file? ColdFusion is where it's at.

Code:

<html>
<head>

<!---auto refresh code--->
<script type=text/javascript>
// The time out value is set to be 600,000 milli-seconds (or 600 seconds; 10 minutes)
setTimeout(' document.location=document.location' ,600000);
</script>
<!---end auto refresh code--->

</head>
<body>

<cfset temp= Expandpath("./")>

<cffunction name="WDDXFileWrite" output="no" returnType="void">
	<cfargument name="file" required="yes">
	<cfargument name="var" required="yes">
	
	<cfset var tempPacket = "">

	<!--- serialize --->
	<cfwddx action="cfml2wddx" input="#var#" output="tempPacket">
	<!--- write the file --->
	<cffile action="write" file="#file#" output="#tempPacket#">
</cffunction>

<cffunction name="WDDXFileRead" output="no">
	<cfargument name="file" required="yes">
	
	<cfset var tempPacket = "">
	<cfset var tempVar = "">
	
	<!--- make sure the file exists, otherwise, throw an error --->
	<cfif NOT fileExists(file)>
		<cfthrow message="WDDXFileRead() error: File Does Not Exist" detail="The file #file# called in WDDXFileRead() does not exist">
	</cfif>
	<!--- read the file --->
	<cffile action="read" file="#file#" variable="tempPacket">
	<!--- make sure it is a valid WDDX Packet --->
	<cfif NOT isWDDX(tempPacket)>
		<cfthrow message="WDDXFileRead() error: Bad Packet" detail="The file #file# called in WDDXFileRead() does not contain a valid WDDX packet">		
	</cfif>
	<!--- deserialize --->
	<cfwddx action="wddx2cfml" input="#tempPacket#" output="tempVar">
	<cfreturn tempVar>    
</cffunction>


<cffunction name="addRow" output="yes" returnType="query">
	<cfargument name="theQuery" required="yes">
	<cfargument name="Name" required="yes">
	<cfargument name="reportTime" required="yes">
	<cfargument name="reportType" required="yes">
	<cfargument name="Message" required="yes">
	<cfset newRow = QueryAddRow(theQuery, 1)>
	<cfset temp = QuerySetCell(theQuery, "Name", "#name#")>
	<cfset temp = QuerySetCell(theQuery, "reportTime", "#reportTime#")>
	<cfset temp = QuerySetCell(theQuery, "reportType", "#reportType#")>
	<cfset temp = QuerySetCell(theQuery, "Message", "#message#")>
  <cfreturn thequery>
</cffunction>

<cfset filename="#temp#report.wddx">

<cfif isdefined("form.name")>
 <cfif fileexists(filename)>
        <cfset report = WDDXFileRead(#filename#)>
		<cfset myQuery = QueryNew("Name, reportTime, reportType, Message", "VarChar, Time, VarChar, VarChar")>
		<cfoutput query="report">
			<cfif reportTime gt DateAdd("d",-3,now())>
        			<cfset temp = addRow(myQuery,Name,reportTime,reportType,Message)>
			</cfif>
		</cfoutput>
	<cfset temp = addRow(myQuery,form.name,now(),form.reportType,form.message)>
	<cfset temp=WDDXFileWrite(filename,myQuery)>

 <cfelse>
	<cfset myQuery = QueryNew("Name, reportTime, reportType, Message", "VarChar, Time, VarChar, VarChar")>
        <cfset temp = addRow(myQuery,form.name,now(),form.reportType,form.message)>
   <cfset temp=WDDXFileWrite(filename,myQuery)>
 </cfif>
</cfif>




<cfif fileexists(filename)>
<cfset report = WDDXFileRead(#filename#)>
	<cfquery name="report" dbtype="query">
		select name,reportTime as reporttime, reportType, message from report order by reporttime desc
	</cfquery>
<table cellpadding=0 cellspacing=0><tr width=100%>
    <cfoutput query="report">
 	<td><b>#Name#</b>,#dateformat(reportTime,"long")# #timeformat(reportTime,"HH:mm:ss")#</td></tr><tr><td><b>Type:</b> #reportType#</td></tr><tr><td> #Message# <br><br><br> </td></tr>
    </cfoutput>
</tr></table>
</cfif>

<cfform method="post" name="shiftreport" action="report.cfm" format="html">  
        Name: <cfinput name="name" maxlength="40"  style="BACKGROUND: none; FONT-FAMILY: verdana; face: arial" required = "yes" message="Name is Required">
		<select name="reportType">
		    <option value="">-Select Type-</option>
		    <option value="Outage">Outage</option>
		    <option value="Critical">Critical</option>
		    <option value="Major">Major</option>
		    <option value="Info">Info</option>
		    <option value="MOPs">MOPs</option>
		</select>
	<br> 
        Shift Report:<br>
        <cftextarea cols="50" rows="10" name="message" wrap style="BACKGROUND: none; FONT-FAMILY: verdana; face: arial" required = "yes" message="Message is Required"></cftextarea>
	<br> 
        <input class=button type="submit" value="submit" style=" FONT-FAMILY: verdana; face: arial"><br> 
</cfform> 

</body>
</html>

that setup was made to auto post the type of report selected, and log the time, after 48 hours it hides the message all coded by myself, so edit at will.

[Twey]

not to but in, but why not just write it to a .wddx file? ColdFusion is where it's at.

Except when you don't have ColdFusion, or object to using closed-source software.

[skilled1]

that is true twey, however with the code already typed, just need to modify the <option value="">-Select Type-</option> and set the date to display how many days, its already coded, and the wddx file writes itself. ecluded is most servers have free coldfusion on them, or will if asked.

[Twey]

Mine doesn't, and if it did, I wouldn't have purchased the hosting package.