Project assignment 4. Due Thursday, Dec. 7 at 10 pm

For this part of the project you need to provide forms for users to post and comment, verify the user data and store it into the database.

User posts

Add a link on the front page (and possibly on other pages, as a part of the menu bar, if any) to let the user post a new post. Clicking on the link should open a page with a post form. The post form should require a user to enter the following data:
  1. their login name (this will go away after we implement sessions and login, but we need it for now).
  2. the post subject (can be empty)
  3. the post contents
You need to validate the data as follows:
  1. Check that the user name is not too long and consists only of valid characters (letters, digits, underscores, possibly other symbols, but explain why these symbols are OK, i.e. can't cause troubles when passed as a part of an SQL query). Note that you NEED to check this BEFORE the next step (why?)
  2. Check that the user name exists in the database. You may want to get the user ID as well since you will need it when the post is added to the database.
  3. Check that the subject is not too long and has only valid characters (you probably want to allow spaces in addition to the symbols in part 1, what else?)
  4. Check that the post message is not too long and not empty. Think of which HTML tags you allow and why (and how many - say, how many links?). You don't need to make your system complete, just use some tags as examples of those that should be allowed, disallow everything else. Here is the list of all HTML tags.
If the data did not pass validation on any of the counts, display the form with a meaningful error message to the user. Make sure to display all entries that passed the validation so that they don't need to be retyped.

After the data has been validated you need to add it to the database. Use your group login name and password.

User comments

The user should be able to comment on a post by clicking the "Comment on this" link of the post. The link should bring the user to a page with a form. Note that you need to pass the post ID (through a GET method) to the comment form. Since you need to pass it further to the php file that handles the form, you may include it as a hidden field in the form: 


<input type="hidden" name="post_id" value="..."
where the value is the post ID. Then you can obtain it in the php file that handles the form like this: $_POST["post_id"].

The rest of the comment form is similar to the post form. It requires the user to enter (at least):

  1. their login name
  2. the comment contents
You need to check the validity of both (you may use the same functions as you used for validating post data, in this case store the functions in a separate file and include the file in both files that handle forms).

After you have validated the data, insert it into the database. Make sure to increment the comment count in the wp_posts table.

Test your forms carefully to make sure that all the data is stored correctly and that the data is validated so that the incorrect data does not get stored.

Additional features

Since all groups of at least two people will be required to implement at least one additional feature (of your choice) for the final installment, here are some suggestions of things that you can start working on:
  1. Threads of comments (the ability to reply to a comment rather than just a post)
  2. Post categories - let the user choose a category (out of a pull-down menu?) for their posts and provide a search option to find all posts in a category.
  3. Allow the user to turn off comments for their own post (set comment_status to "close" and check before inserting a comment; you might also just not provide the comment link for such posts)

This page is a part of CSci 1101 course web site.