Table of Context
Create folders , database , users , posts for blog | Part 1 SEO Friendly URLs for dynamic Blog | Part 2 Blog Sidebar | Part 3 Display Recent posts in Blog | Part 4 Create categories for dynamic blog | Part 5 Blog Tags | Part 6 Social Share Icons (Buttons) for blog | Part 7 Display Recommended blog posts | Part 8 Display Previous Posts in Blog | Part 9 Dynamic blog CMS pages | Part 10 Generate Blog Sitemap in PHP | Part 11 Pagination and search box | Part 12 Blog Comment and discussion system | Part 13 In this tutorial, we will learn to create a complete blog CMS using PHP and MYSQL database. To create a blog CMS, along with PHP and MYSQL, you should also have knowledge of CSS HTML
In this tutorial, we will understand all the files, folders and database tables from the beginning and will create a simple blog CMS . In the next series, we will add the features that will make it advance.
Create MYSQL database tables for Blog –
Before creating a blog , it is important to understand the database table structure, only then any blog can be successfully created. In this tutorial, we create two tables. One table is created for inserting and displaying blog posts and another table for admin users data.
techno_blog
2. Create an MYSQL table for Blog Admin – techno_blog_users
Structure of the Blog folders and files –
You must have understood from the above structure that there are separate folders of the admin in which all files related to the blog admin.
All the files other than Admin will work for the interface of the blog. Connect the blog to MYSQL Database.
Displaying the blog posts on the page using PHP.
Create a folder and these files inside the Admin folder –
like-
Add a new user
The image above helps to create another file inside another folder. Kindly check and create a blog folder and PHP files carefully.
blog/includes/config.php
ob_start();
session_start();
//database details
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','technosmarterblog');
$db = new PDO("mysql:host=".DBHOST.";dbname=".DBNAME, DBUSER, DBPASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//set timezone- Asia Kolkata
date_default_timezone_set('Asia/Kolkata');
In the above config.php file code, you have to provide the details listed below –
1. Database Host –
2 Database User –
Localhost - root
3. Database Password –
4. Database Name – Define your database name here-
date_default_timezone_set('Asia/Kolkata');PHP Date and time functions
//load classes when needed
function __autoload($class) {
$class = strtolower($class);
//if call from within assets adjust the path
$classpath = 'classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
//if call from within admin adjust the path
$classpath = '../classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
//if call from within admin adjust the path
$classpath = '../../classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
}
$user = new User($db);
At the end in the above config code ,user class is initialized and passed the database connection ($db ), db is created at the time of new PDO connection ) .Now , the class can access the database .
Complete blog connection (config.php) files code-
blog/includes/config.php
<?php
ob_start();
session_start();
//database details
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','technosmarterblog');
$db = new PDO("mysql:host=".DBHOST.";dbname=".DBNAME, DBUSER, DBPASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//set timezone- Asia Kolkata
date_default_timezone_set('Asia/Kolkata');
//load classes as needed
function __autoload($class) {
$class = strtolower($class);
//if call from within assets adjust the path
$classpath = 'classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
//if call from within admin adjust the path
$classpath = '../classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
//if call from within admin adjust the path
$classpath = '../../classes/class.'.$class . '.php';
if ( file_exists($classpath)) {
require_once $classpath;
}
}
$user = new User($db);
?>
Now, we will create Admin panel – login system
admin/login.php –
require_once('../includes/config.php');
// user looged in or not
if( $user->is_logged_in() ){ header('Location: index.php'); }
First of all , we include the config.php file by require_once() function . Instead of require_once() function , you can use the PHP require() function PHP include() function PHP include() function if condition
//Login form for login
if(isset($_POST['submit'])){
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($user->login($username,$password)){
//If loogedin , then redirects to the index page
header('Location: index.php');
exit;
} else {
$message = 'Invalid username or Password
';
}
}
if(isset($message)){ echo $message; }
post method
admin/login.php
<?php
//Your connection file
require_once('../includes/config.php');
// user looged in or not
if( $user->is_logged_in() ){ header('Location: index.php'); }
?>
<!DOCTYPE html>
<head>
Admin Login
<?php
//Login form for submit
if(isset($_POST['submit'])){
$username = trim($_POST['username']);
$password = trim($_POST['password']);
if($user->login($username,$password)){
//If looged in , the redirects to index page
header('Location: index.php');
exit;
} else {
$message = '
Invalid username or Password
';
}
}
if(isset($message)){ echo $message; }
?>
<form action="" method="POST" class="form">
Username
<input type="text" name="username" value="" required />
Password
<input type="password" name="password" value="" required />
<input type="submit" name="submit" value="SignIn" />
blog/classes/class.user.php
public function create_hash($value)
{
return $hash = crypt($value, '$2a$12.substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22)');
}
The above code , handles the hash converted password .It;s totally secured method to create a blog login .
private function get_user_hash($username){
try {
//echo $this->create_hash('demo');
$stmt = $this->db->prepare('SELECT password FROM techno_blog_users WHERE username = :username');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo ''.$e->getMessage().'
';
}
}
The function get_user_hash handles the selection of username and password from the techno_blog_users table .
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->verify_hash($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
session
public function logout(){
session_destroy();
}
The function logout() handles the user logout operation . It destroys the session . You can understand the PHP session here with deep information .
Complete class user code – blog/classes/class.user.php
<?php
class User{
private $db;
public function __construct($db){
$this->db = $db;
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
public function create_hash($value)
{
return $hash = crypt($value, '$2a$12.substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22)');
}
private function verify_hash($password,$hash)
{
return $hash == crypt($password, $hash);
}
private function get_user_hash($username){
try {
//echo $this->create_hash('demo');
$stmt = $this->db->prepare('SELECT password FROM techno_blog_users WHERE username = :username');
$stmt->execute(array('username' => $username));
$row = $stmt->fetch();
return $row['password'];
} catch(PDOException $e) {
echo ''.$e->getMessage().'
';
}
}
public function login($username,$password){
$hashed = $this->get_user_hash($username);
if($this->verify_hash($password,$hashed) == 1){
$_SESSION['loggedin'] = true;
return true;
}
}
public function logout(){
session_destroy();
}
}
?>
Insert the login details
You should insert the username and password to access the admin panel. Use the query below.
INSERT INTO `techno_blog_users` (`userId`, `username`, `password`, `email`) VALUES
(1, 'admin', '0,6Rbsehdf.9I', '[email protected] ');
Now, log in to the admin panel using the details below. admin admin
Now, design the blog login form – admin/assets folder –
admin/assets/style.css
input[type=text] {
width: 15%;
padding: 10px 20px;
margin: 5px 0;
border: 1px solid black;
}
input[type=password] {
width: 15%;
padding: 10px 20px;
margin: 5px 0;
border: 1px solid black;
}
input[type=submit] {
width: 10%;
margin-left:100px;
padding: 12px 20px;
border: 1px solid #555;
background-color: green;
color:white;
}
.form{
margin-left: 500px;
width: 100%;
}
.invalid {
color:red;
font-family: arial;
margin-left: 500px;
}
}
The CSS code is used to design the login form and error message with a red color.
Now , create a PHP file inside the admin folder and save as index.php
Admin/index.php –
require_once('../includes/config.php');
//check login or not
if(!$user->is_logged_in()){ header('Location: login.php'); }
if(isset($_GET['delpost'])){
$stmt = $db->prepare('DELETE FROM techno_blog WHERE articleId = :articleId') ;
$stmt->execute(array(':articleId' => $_GET['delpost']));
header('Location: index.php?action=deleted');
exit;
Include the connection file .
If the user does not log in, he redirects to the login page.
If condition handles this process.
An unknown user can not open the index.php page without login.
We have already discussed the delete specific data by id using PHP and MYSQL
<?php
try {
$stmt = $db->query('SELECT articleId, articleTitle, articleDate FROM techno_blog ORDER BY articleId DESC');
while($row = $stmt->fetch()){
echo '<tr>';
echo '<td>'.$row['articleTitle'].'</td>';
echo '<td>'.date('jS M Y', strtotime($row['articleDate'])).'</td>';
?>
<td>
<button class="editbtn"><a href="edit-blog-article.php?id=<?php echo $row['articleId'];?>">Edit </button></td>
In the code above , we select the data by the id and display in HTML table
Complete code for index.php file –
admin/index.php
<?php
//include connection file
require_once('../includes/config.php');
//check login or not
if(!$user->is_logged_in()){ header('Location: login.php'); }
if(isset($_GET['delpost'])){
$stmt = $db->prepare('DELETE FROM techno_blog WHERE articleId = :articleId') ;
$stmt->execute(array(':articleId' => $_GET['delpost']));
header('Location: index.php?action=deleted');
exit;
}
?>
<?php include("head.php"); ?>
Admin Page
<?php include("header.php"); ?>
<?php
//show message from add / edit page
if(isset($_GET['action'])){
echo '
Post '.$_GET['action'].'. ';
}
?>
<table>
<tr>
<th>Article Title</th>
<th>Posted Date</th>
<th>Update</th>
<th>Delete</th>
</tr>
<?php
try {
$stmt = $db->query('SELECT articleId, articleTitle, articleDate FROM techno_blog ORDER BY articleId DESC');
while($row = $stmt->fetch()){
echo '<tr>';
echo '<td>'.$row['articleTitle'].'</td>';
echo '<td>'.date('jS M Y', strtotime($row['articleDate'])).'</td>';
?>
<td>
<button class="editbtn" > <a href="edit-blog-article.php?id=<?php echo $row['articleId'];?>" >Edit </a > </button ></td> <td>
<button class="delbtn" > <a href="javascript:delpost('<?php echo $row['articleId'];?>','<?php echo $row['articleTitle'];?>')" >Delete </a > </button >
</td>
<?php
echo '</tr>';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
</table>
<button class="editbtn"><a href='add-blog-article.php'>Add New Article</a></button></p>
If you login now, you will get an error of head, header and footer file on the index page. These error files have to be created to remove these errors. Let's create the first file.
Create a PHP file inside the admin folder –
admin/head.php
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
admin/header.php
<link href="https://localhost/blog/assets/style.css" rel="stylesheet" type="text/css">
<link href="assets/css-min.css" rel="stylesheet" type="text/css">
</head>
<body>
<a href='index.php'>Dashboard</a>
<a href='blog-users.php'>Users</a>
<a href="../" target="_blank">Visit Blog </a>
<a href='logout.php'><font color="red">Logout</font></a>
In the above header.php file code , we added a style from outside the admin folder –
<link href="https://localhost/blog/assets/style.css" rel="stylesheet" type="text/css">
You can see the path blog/assets/style.css
blog/assets/style.css
body {
margin: 0;
font-family: "Lato", sans-serif;
}
h1{
color:black;
text-decoration: none;
}
p{
text-align: justify;
}
.container{
width: 100%;
background-color: #FEFEFE;
margin: 0 auto;
overflow: hidden;
}
.content{
padding: 10px 100px;
width: 60%;
float: left;
border-left-color: #FFF;
border-right-color: #FFF;
}
.content h1{
text-decoration: none;
}
.sidebar a {
display: block;
color: black;
padding: 16px;
text-decoration: none;
}
.sidebar a.active {
background-color: #4CAF50;
color: white;
}
.sidebar a:hover:not(.active) {
background-color: #555;
color: white;
}
.sidebar {
float: right;
width: 20%;
padding-bottom: 10px;
background-color: #eee;
}
.footer{
background-color: #555;
color: #fff;
clear: both;
}
.footer a{
color: #F272EC;
text-decoration: none;
}
.readbtn{
transition: all linear 0.2s;
background: #66ad44;
border: none;
font-size: 13px;
line-height: 22px;
border-radius: 0;
padding: 6px 14px;
font-family: 'Montserrat', sans-serif;
border-radius: 2px;
color: white;
}
.readbtn a{
text-decoration: none;
color: #FEFEFE;
}
@media screen and (max-width: 700px) {
.sidebar {
width: 100%;
height: auto;
position: relative;
display: none;
}
.sidebar a {float: left;}
div.content {margin-left: 0;}
}
@media screen and (max-width: 400px) {
.sidebar a {
text-align: center;
float: none;
}
}
.ulclass {
list-style-type: none;
margin: 0;
padding: 0;
overflow: hidden;
background-color: #333;
}
li {
float: left;
}
li a {
display: block;
color: white;
text-align: center;
padding: 14px 16px;
text-decoration: none;
}
li a:hover {
background-color: #111;
}
The above stylehseet will design the header , footer and the table on admin and blog pages .
Let’s complete the blog CSS part. Create css-min.css file inside the admin/assets/ folder .
admin/assets/css-min.css
.message {
color:red;
font-family: arial;
margin-left: 500px;
}
table {
border-collapse: collapse;
border-spacing: 0;
width: 100%;
border: 1px solid #ddd;
}
th, td {
text-align: left;
padding: 8px;
}
tr:nth-child(even){background-color: #E6DEDC}
.editbtn{
transition: all linear 0.2s;
background: #66ad44;
border: none;
font-size: 13px;
line-height: 22px;
border-radius: 0;
padding: 6px 14px;
font-family: 'Montserrat', sans-serif;
border-radius: 2px;
color: white;
}
.editbtn a{
text-decoration: none;
color: #FEFEFE;
}
.delbtn{
transition: all linear 0.2s;
background: #FC0527;
border: none;
font-size: 13px;
line-height: 22px;
border-radius: 0;
padding: 6px 14px;
font-family: 'Montserrat', sans-serif;
border-radius: 2px;
color: white;
}
.delbtn a{
text-decoration: none;
color: #FEFEFE;
}
.subbtn{
transition: all linear 0.2s;
background: #66ad44;
border: none;
font-size: 13px;
line-height: 22px;
border-radius: 0;
padding: 6px 14px;
font-family: 'Montserrat', sans-serif;
border-radius: 2px;
}
.subbtn a{
text-decoration: none;
color: #FEFEFE;
}
This CSS stylesheet will design the various buttons and tables of admin pages .
admin/footer.php
</body>
</html> admin/index.php(Screenshot)
admin/logout.php
The logout.php file destroyed the session for a user. Instead of the PHP session, you can use the PHP cookies
admin/logout.php
<?php
//include config PHP file
require_once('../includes/config.php');
//log user out
$user->logout();
header('Location: index.php');
?>
Admin/blog-users.php
<?php
//include connection file
require_once('../includes/config.php');
//check logged in or not
if(!$user->is_logged_in()){ header('Location: login.php'); }
// add / edit page
if(isset($_GET['deluser'])){
if($_GET['deluser'] !='1'){
$stmt = $db->prepare('DELETE FROM techno_blog_users WHERE userId = :userId') ;
$stmt->execute(array(':userId' => $_GET['deluser']));
header('Location: users.php?action=deleted');
exit;
}
}
?> ?>PHP header() function
<?php
try {
$stmt = $db->query('SELECT userId, username, email FROM techno_blog_users ORDER BY userId');
while($row = $stmt->fetch()){
echo '<tr>';
echo '<td>'.$row['username'].'</td>';
echo '<td>'.$row['email'].'</td>';
?>
<td>
<button class="editbtn"><a href="edit-blog-user.php?id=<?php echo $row['userId'];?>">Edit</a> </button>
<php if($row['userId'] != 1){>
</td>
<td><button class="delbtn"><a href="javascript:deluser('<php echo $row['userId'];?>','<?php echo $row['username'];?>')">Delete</a></button>
In the code above , we are selecting data from the MYSQL table techno_blog_users using PHP . We select the data by id .We display the username and email with edit and delete button .
Complete code for blog-users.php file –
Create a blog-users.php file inside the admin folder -
admin/blog-users.php
<?php
//include connection file
require_once('../includes/config.php');
//check logged in or not
if(!$user->is_logged_in()){ header('Location: login.php'); }
// add / edit page
if(isset($_GET['deluser'])){
if($_GET['deluser'] !='1'){
$stmt = $db->prepare('DELETE FROM techno_blog_users WHERE userId = :userId') ;
$stmt->execute(array(':userId' => $_GET['deluser']));
header('Location: blog-users.php?action=deleted');
exit;
}
}
?>
<?php include("head.php"); ?>
Users- Techno Smarter Blog
<?php include("header.php"); ?>
<?php
//show message from add / edit page
if(isset($_GET['action'])){
echo '<h3>User '.$_GET['action'].'.</h3>';
}
?>
<table>
<tr>
<th>Username </th>
<th>Email </th>
<th>Edit </th>
<th>Delete </th>
</tr>
<?php
try {
$stmt = $db->query('SELECT userId, username, email FROM techno_blog_users ORDER BY userId');
while($row = $stmt->fetch()){
echo ' <tr>';
echo ' <td>'.$row['username'].' </td>';
echo ' <td>'.$row['email'].' </td>';
?>
<td>
<button class="editbtn"><a href="edit-blog-user.php?id=<?php echo $row['userId'];?>">Edit</a> </button>
<?php if($row['userId'] != 1){?>
</td>
<td><button class="delbtn"><a href="javascript:deluser('<?php echo $row['userId'];?>','<?php echo $row['username'];?>')">Delete</a></button>
<?php }
?>
</td>
<?php
echo '</tr>';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
</table>
<button class="editbtn"><a href='add-blog-user.php'>Add User</a></button>
admin/blog-users.php(screenshot)
admin/add-blog-user.php
//if form has been submitted process it
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validation
if($username ==''){
$error[] = 'Please enter the username.';
}
if($password ==''){
$error[] = 'Please enter the password.';
}
if($passwordConfirm ==''){
$error[] = 'Please confirm the password.';
}
if($password != $passwordConfirm){
$error[] = 'Passwords do not match.';
}
if($email ==''){
$error[] = 'Please enter the email address.';
}
if(!isset($error)){
$hashedpassword = $user->create_hash($password);
try {
//insert into database
$stmt = $db->prepare('INSERT INTO techno_blog_users (username,password,email) VALUES (:username, :password, :email)') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email
));
//redirect to Blog user page
header('Location: blog-users.php?action=added');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
blog/classes/class.password.php –
<?php
if (!defined('PASSWORD_DEFAULT')) {
define('PASSWORD_BCRYPT', 1);
define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
}
Class Password {
public function __construct() {}
/**
* Hash the password using the specified algorithm
*
* @param string $password The password to hash
* @param int $algo The algorithm to use (Defined by PASSWORD_* constants)
* @param array $options The options for the algorithm to use
*
* @return string|false The hashed password, or false on error.
*/
function password_hash($password, $algo, array $options = array()) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
return null;
}
if (!is_string($password)) {
trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
return null;
}
if (!is_int($algo)) {
trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
return null;
}
switch ($algo) {
case PASSWORD_BCRYPT :
// Note that this is a C constant, but not exposed to PHP, so we don't define it here.
$cost = 10;
if (isset($options['cost'])) {
$cost = $options['cost'];
if ($cost < 4 || $cost > 31) {
trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
return null;
}
}
// The length of salt to generate
$raw_salt_len = 16;
// The length required in the final serialization
$required_salt_len = 22;
$hash_format = sprintf("$2y$%02d$", $cost);
break;
default :
trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
return null;
}
if (isset($options['salt'])) {
switch (gettype($options['salt'])) {
case 'NULL' :
case 'boolean' :
case 'integer' :
case 'double' :
case 'string' :
$salt = (string)$options['salt'];
break;
case 'object' :
if (method_exists($options['salt'], '__tostring')) {
$salt = (string)$options['salt'];
break;
}
case 'array' :
case 'resource' :
default :
trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
return null;
}
if (strlen($salt) < $required_salt_len) {
trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING);
return null;
} elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
$salt = str_replace('+', '.', base64_encode($salt));
}
} else {
$buffer = '';
$buffer_valid = false;
if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
$buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
if ($buffer) {
$buffer_valid = true;
}
}
if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
$buffer = openssl_random_pseudo_bytes($raw_salt_len);
if ($buffer) {
$buffer_valid = true;
}
}
if (!$buffer_valid && is_readable('/dev/urandom')) {
$f = fopen('/dev/urandom', 'r');
$read = strlen($buffer);
while ($read < $raw_salt_len) {
$buffer .= fread($f, $raw_salt_len - $read);
$read = strlen($buffer);
}
fclose($f);
if ($read >= $raw_salt_len) {
$buffer_valid = true;
}
}
if (!$buffer_valid || strlen($buffer) < $raw_salt_len) {
$bl = strlen($buffer);
for ($i = 0; $i < $raw_salt_len; $i++) {
if ($i < $bl) {
$buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
} else {
$buffer .= chr(mt_rand(0, 255));
}
}
}
$salt = str_replace('+', '.', base64_encode($buffer));
}
$salt = substr($salt, 0, $required_salt_len);
$hash = $hash_format . $salt;
$ret = crypt($password, $hash);
if (!is_string($ret) || strlen($ret) <= 13) {
return false;
}
return $ret;
}
/**
* Get information about the password hash. Returns an array of the information
* that was used to generate the password hash.
*
* array(
* 'algo' => 1,
* 'algoName' => 'bcrypt',
* 'options' => array(
* 'cost' => 10,
* ),
* )
*
* @param string $hash The password hash to extract info from
*
* @return array The array of information about the hash.
*/
function password_get_info($hash) {
$return = array('algo' => 0, 'algoName' => 'unknown', 'options' => array(), );
if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) {
$return['algo'] = PASSWORD_BCRYPT;
$return['algoName'] = 'bcrypt';
list($cost) = sscanf($hash, "$2y$%d$");
$return['options']['cost'] = $cost;
}
return $return;
}
/**
* Determine if the password hash needs to be rehashed according to the options provided
*
* If the answer is true, after validating the password using password_verify, rehash it.
*
* @param string $hash The hash to test
* @param int $algo The algorithm used for new password hashes
* @param array $options The options array passed to password_hash
*
* @return boolean True if the password needs to be rehashed.
*/
function password_needs_rehash($hash, $algo, array $options = array()) {
$info = password_get_info($hash);
if ($info['algo'] != $algo) {
return true;
}
switch ($algo) {
case PASSWORD_BCRYPT :
$cost = isset($options['cost']) ? $options['cost'] : 10;
if ($cost != $info['options']['cost']) {
return true;
}
break;
}
return false;
}
/**
* Verify a password against a hash using a timing attack resistant approach
*
* @param string $password The password to verify
* @param string $hash The hash to verify against
*
* @return boolean If the password matches the hash
*/
public function password_verify($password, $hash) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
return false;
}
$ret = crypt($password, $hash);
if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) {
return false;
}
$status = 0;
for ($i = 0; $i < strlen($ret); $i++) {
$status |= (ord($ret[$i]) ^ ord($hash[$i]));
}
return $status === 0;
}
} Complete code for add-blog-user.php–
Now, use the code below to add the more blog user.
admin/add-blog-user.php
<?php //include connection file
require_once('../includes/config.php');
//loggedin or not
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<?php include("head.php"); ?>
Techno Smarter Blog
<?php include("header.php"); ?>
Add User
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validation
if($username ==''){
$error[] = 'Please enter the username.';
}
if($password ==''){
$error[] = 'Please enter the password.';
}
if($passwordConfirm ==''){
$error[] = 'Please confirm the password.';
}
if($password != $passwordConfirm){
$error[] = 'Passwords do not match.';
}
if($email ==''){
$error[] = 'Please enter the email address.';
}
if(!isset($error)){
$hashedpassword = $user->create_hash($password);
try {
//insert into database
$stmt = $db->prepare('INSERT INTO techno_blog_users (username,password,email) VALUES (:username, :password, :email)') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email
));
//redirect to user page
header('Location: blog-users.php?action=added');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '
'.$error.'
';
}
}
?>
<form action="" method="post">
Username
Password
Confirm Password
Email
<button name="submit" class="subbtn"> Add User</button>
<?php include("footer.php"); ?>
admin/edit-blog-user.php –
CRUD application in PHP
if(!isset($error)){
try {
if(isset($password)){
$hashedpassword = $user->create_hash($password);
//update into database
$stmt = $db->prepare('UPDATE techno_blog_users SET username = :username, password = :password, email = :email WHERE userId = :userId') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':userId' => $userId
));
} else {
//update database
$stmt = $db->prepare('UPDATE techno_blog_users SET username = :username, email = :email WHERE userId = :userId') ;
$stmt->execute(array(
':username' => $username,
':email' => $email,
':userId' => $userId
));
}
//redirect to users page
header('Location: blog-users.php?action=updated');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
Complete PHP code for edit-blog-user.php file –
admin/edit-blog-user.php
<?php //include config
require_once('../includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<?php include("head.php"); ?>
Edit User- Techno Smarter Blog
<?php include("header.php"); ?>
Edit User
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validation
if($username ==''){
$error[] = 'Please enter the username.';
}
if( strlen($password) > 0){
if($password ==''){
$error[] = 'Please enter the password.';
}
if($passwordConfirm ==''){
$error[] = 'Please confirm the password.';
}
if($password != $passwordConfirm){
$error[] = 'Passwords do not match.';
}
}
if($email ==''){
$error[] = 'Please enter the email address.';
}
if(!isset($error)){
try {
if(isset($password)){
$hashedpassword = $user->create_hash($password);
//update into database
$stmt = $db->prepare('UPDATE techno_blog_users SET username = :username, password = :password, email = :email WHERE userId = :userId') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':userId' => $userId
));
} else {
//update database
$stmt = $db->prepare('UPDATE techno_blog_users SET username = :username, email = :email WHERE userId = :userId') ;
$stmt->execute(array(
':username' => $username,
':email' => $email,
':userId' => $userId
));
}
//redirect to users page
header('Location: blog-users.php?action=updated');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
?>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo $error.'
';
}
}
try {
$stmt = $db->prepare('SELECT userId, username, email FROM techno_blog_users WHERE userId = :userId') ;
$stmt->execute(array(':userId' => $_GET['id']));
$row = $stmt->fetch();
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
<form action="" method="post">
<input type="hidden" name="userId" value="<?php echo $row['userId'];?>">
Username
Password (only to change)
Confirm Password
Email
<input type="submit" name="submit" value="Update">
</form>
<?php include("footer.php"); ?>
admin/add-blog-article.php
//insert into database
$stmt = $db->prepare('INSERT INTO techno_blog (articleTitle,articleDescrip,articleContent,articleDate) VALUES (:articleTitle, :articleDescrip, :articleContent, :articleDate)') ;
$stmt->execute(array(
':articleTitle' => $articleTitle,
':articleDescrip' => $articleDescrip,
':articleContent' => $articleContent,
':articleDate' => date('Y-m-d H:i:s'),
));
admin/add-blog-article.php
<?php require_once('../includes/config.php');
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<?php include("head.php"); ?>
Add New Article - Techno Smarter Blog
<script src="//tinymce.cachefly.net/4.0/tinymce.min.js"></script>
<script>
tinymce.init({
mode : "specific_textareas",
editor_selector : "mceEditor",
plugins: [
"advlist autolink lists link image charmap print preview anchor",
"searchreplace visualblocks code fullscreen",
"insertdatetime media table contextmenu paste"
],
toolbar: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
});
</script>
<?php include("header.php");
?>
Add New Article
<?php
//if form has been submitted process it
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validations
if($articleTitle ==''){
$error[] = 'Please enter the title.';
}
if($articleDescrip ==''){
$error[] = 'Please enter the description.';
}
if($articleContent ==''){
$error[] = 'Please enter the content.';
}
if(!isset($error)){
try {
//insert into database
$stmt = $db->prepare('INSERT INTO techno_blog (articleTitle,articleDescrip,articleContent,articleDate) VALUES (:articleTitle, :articleDescrip, :articleContent, :articleDate)') ;
$stmt->execute(array(
':articleTitle' => $articleTitle,
':articleDescrip' => $articleDescrip,
':articleContent' => $articleContent,
':articleDate' => date('Y-m-d H:i:s'),
));
//add categories
//redirect to index page
header('Location: index.php?action=added');
exit;
}catch(PDOException $e) {
echo $e->getMessage();
}
}
}
//check for any errors
if(isset($error)){
foreach($error as $error){
echo '
'.$error.'
';
}
}
?>
<?php include("footer.php"); ?>
In the PHP file code, we specified the editor selector for only content teaxtarea. We do not need to ad editor for a short description. The short description will be displayed in the meta description, not on-page. It will help in SEO of the blog post.
admin/edit-blog-article.php
$stmt = $db->prepare('UPDATE techno_blog SET articleTitle = :articleTitle, articleDescrip = :articleDescrip, articleContent = :articleContent WHERE articleId = :articleId') ;
The update line above will help to update the form field data by articleId .
$stmt = $db->prepare('SELECT articleId,articleTitle, articleDescrip, articleContent FROM techno_blog WHERE articleId = :articleId') ;
$stmt->execute(array(':articleId' => $_GET['id']));
admin/edit-blog-article.php
<?php require_once('../includes/config.php');
if(!$user->is_logged_in()){ header('Location: login.php'); }
?>
<?php include("head.php"); ?>
Update Article - Techno Smarter Blog
<script src="//tinymce.cachefly.net/4.0/tinymce.min.js"></script>
<script>
tinymce.init({
mode : "specific_textareas",
editor_selector : "mceEditor",
plugins: [
"advlist autolink lists link image charmap print preview anchor",
"searchreplace visualblocks code fullscreen",
"insertdatetime media table contextmenu paste"
],
toolbar: "insertfile undo redo | styleselect | bold italic | alignleft aligncenter alignright alignjustify | bullist numlist outdent indent | link image"
});
</script>
<?php include("header.php"); ?>
Edit Post
<?php
if(isset($_POST['submit'])){
//collect form data
extract($_POST);
//very basic validation
if($articleId ==''){
$error[] = 'This post is missing a valid id!.';
}
if($articleTitle ==''){
$error[] = 'Please enter the title.';
}
if($articleDescrip ==''){
$error[] = 'Please enter the description.';
}
if($articleContent ==''){
$error[] = 'Please enter the content.';
}
if(!isset($error)){
try {
//insert into database
$stmt = $db->prepare('UPDATE techno_blog SET articleTitle = :articleTitle, articleDescrip = :articleDescrip, articleContent = :articleContent WHERE articleId = :articleId') ;
$stmt->execute(array(
':articleTitle' => $articleTitle,
':articleDescrip' => $articleDescrip,
':articleContent' => $articleContent,
':articleId' => $articleId,
));
//redirect to index page
header('Location: index.php?action=updated');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
?>
<?php
//check for any errors
if(isset($error)){
foreach($error as $error){
echo $error.'Article Title Short Description(Meta Description) Long Description(Body Content)
blog/index.php –
Complete PHP code for index.php file – blog/index.php
<?php
//connection File
require_once('includes/config.php'); ?>
<?php
//include head file for language preference
include("head.php"); ?>
Techno Smarter Blog
<?php
//header content //navbar
include("header.php"); ?>
<?php
try {
//selecting data by id
$stmt = $db->query('SELECT articleId, articleTitle,articleDescrip, articleDate FROM techno_blog ORDER BY articleId DESC');
while($row = $stmt->fetch()){
echo '
';
echo '
<a href="show.php?id='.$row['articleId'].'">'.$row['articleTitle'].'</a> ';
echo '
';
//Display the date
echo '
Posted on '.date('jS M Y', strtotime($row['articleDate'])).'
';
echo '
'.$row['articleDescrip'].'
';
echo '
<button class="readbtn"><a href="show.php?id='.$row['articleId'].'">Read More</a></button>
';
echo '
';
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
<?php //footer content
include("footer.php"); ?>
There is a lot of error on the index page. To remove the error, create head.php, header.php, and footer.php inside the blog folder. Do not confuse. Now, we are working on the blog interface.
blog/head.php –
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
blog/header.php –
<link href="https://localhost/blog/assets/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<a href="https://localhost/blog/">Home>/a<
blog/footer.php –
</body>
</html>
blog/index.php(Screenshot)
blog/show.php
$stmt = $db->prepare('SELECT articleId,articleDescrip,articleTitle, articleContent, articleDate FROM techno_blog WHERE articleId = :articleId');
$stmt->execute(array(':articleId' => $_GET['id']));
$row = $stmt->fetch();
//if post does not exists redirect user.
if($row['articleId'] == ''){
header('Location: ./');
exit;
}
This is a similar operation as like edit operation. In the code above, we are selecting the data by id. The id gets from the Http header by the
GET method . We fetch all data by id and if does not exists, then redirects to the blog home page .
HTML Meta tags
Complete PHP blog code for show.php file
blog/show.php
<?php require('includes/config.php');
$stmt = $db->prepare('SELECT articleId,articleDescrip,articleTitle, articleContent, articleDate FROM techno_blog WHERE articleId = :articleId');
$stmt->execute(array(':articleId' => $_GET['id']));
$row = $stmt->fetch();
//if post does not exists redirect user.
if($row['articleId'] == ''){
header('Location: ./');
exit;
}
?>
<?php include("head.php"); ?>
<?php echo $row['articleTitle'];?>-Techno Smarter
<?php
echo '
';
echo '
'.$row['articleTitle'].' ';
echo '
Posted on '.date('jS M Y', strtotime($row['articleDate'])).'
';
echo '
'.$row['articleContent'].'
';
echo '
';
?>
<?php include("footer.php"); ?> The first Blog tutorial is completed. This is the simple blog in PHP. In the next tutorial, we will create an SEO friendly URL using PHP and MYSQL.
Recommended Posts:-
