Forums are great communication tools for the exchange of ideas, for people teaching others about a specific area of interest, or even for just general social communication. The fact that they are usually so specialized helps get them high up in search results as well as contributing considerably to bodies of knowledge. True, there's a lot of misinformation and putdowns, but this invariably occurs when people communicate. One must learn to take what one learns with a grain of salt.

First, there is a JavaScript function textCounter() that keeps track of your character count for the detail field (the main topic content), displays it on the screen, and even dumps any excess characters once your character count reaches 10,000. There are also form validation scripts in this JavaScript section that make sure only acceptable characters get into the detail, email, name, and topic fields. Once the form's submit button is pressed, the check() function is run by the onsubmit event, and if the data that was input gets through the validators, then the form action is tripped and we get sent to the app page for adding the topic to the database, and there will be PHP validation there as well, but it is well advised to use the JavaScript validators as well to pre-screen data.

On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based forum would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has a username that's in the database. Note that the various pages on our forum app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the db checked for a valid username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our forum app scripts have this same username checker at the top of the PHP section—except for the login script. Anyway, that's all the PHP needed on this page, as the remainder of the page is just the HTML form for entering the detail, email, name, and topic fields.

SAVE THIS PAGE AS: cms-create-topic.php

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Create Forum Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="Create Forum Topic—Content Management System (CMS)">
<meta name="keywords" content="forums,forum,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ddd}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
td {font:normal 13px Verdana;text-align:left;background-color:#eee}
.topic {text-align:left;background-color:#fff}
.mid {text-align:center;background-color:#bbb}
.right {text-align:right;}
.info {position:absolute;top:40px;left:2px;width:128px;border:1px solid blue;padding:6px;background-color:#bbb}
</style>
<script type="text/javascript">

function textCounter(field, countfield, maxlimit) {
if (field.value.length > maxlimit){field.value = field.value.substring(0, maxlimit);}
else{countfield.value = maxlimit - field.value.length;}}

function check(){
var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if(document.form1.email.value.search(ck_email)==-1)
{alert("That email address is not valid.");document.form1.email.focus();return false;}

var ck_topic = /^[A-Za-z0-9! \:\;\.\?\,_-]{6,255}$/;
if (document.form1.topic.value.search(ck_topic)==-1)
{alert("Please enter 6 to 255 letters, numbers, hyphen, space, question mark, exclamation mark, semicolon, colon, comma and underline for the topic.");document.form1.topic.focus();return false;}

var ck_name = /^[A-Za-z0-9_ ]{6,20}$/;
if (document.form1.name.value.search(ck_name)==-1)
{alert("Please enter 6 to 20 letters, numbers, space, and underline for the name.");document.form1.name.focus();return false;}

if (document.form1.detail.value.length<6) {alert("Please enter 6 to 10000 characters for detail."); document.form1.detail.focus(); return false;}

return true;}
</script>
</head>
<body>

<?php
include_once"config.php";

$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){$check_user_data = mysql_query("SELECT * FROM members WHERE username='$U'") or die(mysql_error());if(mysql_num_rows($check_user_data)==0){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("Please login.");window.location="login.php"; </script>';}
?>

<table width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<form id="form1" name="form1" method="post" action="cms-add-topic.php" onsubmit="return check()">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr>
<td colspan="2" class='mid'><b>Create New Forum Topic</b></td>
</tr>
<tr>
<td width="14%"><b>Topic</b></td>
<td width="84%"><input name="topic" type="text" id="topic" size="65" maxlength=255> 6 to 255 characters</td>
</tr>
<tr>
<td valign="top"><b>Detail</b></td>
<td><textarea name="detail" cols="50" rows="3" id="detail" onKeyDown="textCounter(this.form.detail,this.form.remLen,10000);" onKeyUp="textCounter(this.form.detail,this.form.remLen,10000);"></textarea> 6 to 10000 characters
<br>
<input readonly type=text name=remLen size=5 maxlength=5 value="10000"> characters left
</td>
</tr>
<tr>
<td><b>Name</b></td>
<td><input name="name" type="text" id="name" size="65" maxlength=65> 6 to 20 characters</td>
</tr>
<tr>
<td><b>Email</b></td>
<td><input name="email" type="text" id="email" size="65" maxlength=65><input type="hidden" name="username" value=" "> legitimate email</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form><br><br>
</tr>
<tr><td><a href="cms-forum.php?username=<? echo stripslashes($U); ?>"><B>Return to Forum—don't create topic</B> </a></td></tr>
</table>
<div class='info'>In Detail and Reply fields only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain <i>without http://</i>, then (ll-) then link text, then (lll-). For emails, use (e-) then email address <i>with (ee-) instead of @</i>, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). For pictures, use (p-) as start tag, then full URL path to picture, then (pp-) as end tag. If the image is wider than 580 pixels, resave it to 580.</div>

<script language="javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
</script>

</body>
</html>