shout.php

1. <?php
2. ####### db config ##########
3. $db_username = 'root';
4. $db_password = '';
5. $db_name = 'db_sell';
6. $db_host = 'localhost';
7. ####### db config end ##########
8.  
9. if($_POST)
10. {
11.     //connect to mysql db
12.     $sql_con = mysqli_connect($db_host, $db_username, $db_password,$db_name)or die('could not connect to database');
13.    
14.     //check if its an ajax request, exit if not
15.     if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
16.         die();
17.     }
18.    
19.     if(isset($_POST["message"]) &&  strlen($_POST["message"])>0)
20.     {
21.         //sanitize user name and message received from chat box
22.         //You can replace username with registerd username, if only registered users are allowed.
23.         $username = filter_var(trim($_POST["username"]),FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
24.         $message = filter_var(trim($_POST["message"]),FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
25.         $user_ip = $_SERVER['REMOTE_ADDR'];
26.        
27.  
28.         //insert new message in db
29.         if(mysqli_query($sql_con,"INSERT INTO shout_box(user, message, ip_address) value('$username','$message','$user_ip')"))
30.         {
31.             $msg_time = date('h:i A M d',time()); // current time
32.             echo '<div class="shout_msg"><time>'.$msg_time.'</time><span class="username">'.$username.'</span><span class="message">'.$message.'</span></div>';
33.         }
34.        
35.         // delete all records except last 10, if you don't want to grow your db size!
36.         mysqli_query($sql_con,"DELETE FROM shout_box WHERE id NOT IN (SELECT * FROM (SELECT id FROM shout_box ORDER BY id DESC LIMIT 0, 10) as sb)");
37.     }
38.     elseif($_POST["fetch"]==1)
39.     {
40.         $results = mysqli_query($sql_con,"SELECT user, message, date_time FROM (select * from shout_box ORDER BY id DESC LIMIT 10) shout_box ORDER BY shout_box.id ASC");
41.         while($row = mysqli_fetch_array($results))
42.         {
43.             $msg_time = date('h:i A M d',strtotime($row["date_time"])); //message posted time
44.             echo '<div class="shout_msg"><time>'.$msg_time.'</time><span class="username">'.$row["user"].'</span> <span class="message">'.$row["message"].'</span></div>';
45.         }
46.     }
47.     else
48.     {
49.         header('HTTP/1.1 500 Are you kiddin me?');
50.         exit();
51.     }
52. }