PageRenderTime 22ms CodeModel.GetById 11ms app.highlight 7ms RepoModel.GetById 1ms app.codeStats 1ms

/new.php

https://gitlab.com/weedzcokie/phpforum
PHP | 69 lines | 54 code | 11 blank | 4 comment | 27 complexity | f3c56053b1c6b529fc1f318e4c206f43 MD5 | raw file
 1<?php
 2include 'common.php';
 3
 4if (filter_input(INPUT_GET, 'option') && filter_input(INPUT_POST, 'post')) {
 5    $allowed = true;
 6    $option = filter_input(INPUT_GET, 'option');
 7    if ($option == 'topic') {
 8        if ($_SESSION['access_level'] < 1) {
 9            $allowed = false;
10        }
11
12    } else if ($option == 'post') {
13        if ($_SESSION['access_level'] < 1) {
14            $allowed = false;
15        }
16        if (filter_input(INPUT_POST, 'post-content')) {
17            $escaped_content = $mysqli->real_escape_string(htmlentities(filter_input(INPUT_POST, 'post-content')));
18            if (strlen($escaped_content) < 3) {
19                $allowed = false;
20            }
21            $escaped_title = $mysqli->real_escape_string(htmlentities(filter_input(INPUT_POST, 'post-title')));
22            $user_id = $mysqli->real_escape_string($_SESSION['user_id']);
23        } else {
24            $allowed = false;
25        }
26        #
27        #   TODO: make sure user is allowed to post in topic
28        #
29        if (filter_input(INPUT_GET, 'topic')) {
30            $topic_id = $mysqli->real_escape_string(filter_input(INPUT_GET, 'topic'));
31        } else {
32            $allowed = false;
33        }
34
35        if ($allowed) {
36            $time = $mysqli->real_escape_string(time());
37            $query = "INSERT INTO posts(posts_title, posts_content, posts_topic_id, posts_user_id, posts_time) VALUES('".$escaped_title."','".$escaped_content."',".$topic_id.",".$user_id.",".$time.")";
38            #echo $query;
39            $mysqli->query($query);
40            $result = $mysqli->query("SELECT `AUTO_INCREMENT` FROM information_schema.TABLES WHERE TABLE_SCHEMA = '".$mysql_config['database']."' AND TABLE_NAME = 'posts'");
41            $row = $result->fetch_array();
42            $result->close();
43            $mysqli->query("UPDATE topics SET topics_last_post_id = " . ($row[0]-1) . " WHERE topics_id = " . $topic_id);
44            header('Location: topic.php?t=' . $topic_id . '&p=' . ($row[0]-1) . '#' . ($row[0]-1));
45        } else {
46            if (isset($_SERVER['HTTP_REFERER'])) {
47                header('Location: ' . $_SERVER['HTTP_REFERER']);
48            } else {
49                header('Location: index.php');
50            }
51        }
52
53    } else if ($option == 'announcement') {
54
55    } else if ($option == 'category') {
56
57    }
58} else if (filter_input(INPUT_GET, 'option')) {
59
60} else {
61    header('Location: index.php');
62}
63
64include 'templates/default.php';
65
66
67
68include 'templates/footer.php';
69?>