/new.php

https://gitlab.com/weedzcokie/phpforum · PHP · 69 lines · 54 code · 11 blank · 4 comment · 27 complexity · f3c56053b1c6b529fc1f318e4c206f43 MD5 · raw file

  1. <?php
  2. include 'common.php';
  3. if (filter_input(INPUT_GET, 'option') && filter_input(INPUT_POST, 'post')) {
  4. $allowed = true;
  5. $option = filter_input(INPUT_GET, 'option');
  6. if ($option == 'topic') {
  7. if ($_SESSION['access_level'] < 1) {
  8. $allowed = false;
  9. }
  10. } else if ($option == 'post') {
  11. if ($_SESSION['access_level'] < 1) {
  12. $allowed = false;
  13. }
  14. if (filter_input(INPUT_POST, 'post-content')) {
  15. $escaped_content = $mysqli->real_escape_string(htmlentities(filter_input(INPUT_POST, 'post-content')));
  16. if (strlen($escaped_content) < 3) {
  17. $allowed = false;
  18. }
  19. $escaped_title = $mysqli->real_escape_string(htmlentities(filter_input(INPUT_POST, 'post-title')));
  20. $user_id = $mysqli->real_escape_string($_SESSION['user_id']);
  21. } else {
  22. $allowed = false;
  23. }
  24. #
  25. # TODO: make sure user is allowed to post in topic
  26. #
  27. if (filter_input(INPUT_GET, 'topic')) {
  28. $topic_id = $mysqli->real_escape_string(filter_input(INPUT_GET, 'topic'));
  29. } else {
  30. $allowed = false;
  31. }
  32. if ($allowed) {
  33. $time = $mysqli->real_escape_string(time());
  34. $query = "INSERT INTO posts(posts_title, posts_content, posts_topic_id, posts_user_id, posts_time) VALUES('".$escaped_title."','".$escaped_content."',".$topic_id.",".$user_id.",".$time.")";
  35. #echo $query;
  36. $mysqli->query($query);
  37. $result = $mysqli->query("SELECT `AUTO_INCREMENT` FROM information_schema.TABLES WHERE TABLE_SCHEMA = '".$mysql_config['database']."' AND TABLE_NAME = 'posts'");
  38. $row = $result->fetch_array();
  39. $result->close();
  40. $mysqli->query("UPDATE topics SET topics_last_post_id = " . ($row[0]-1) . " WHERE topics_id = " . $topic_id);
  41. header('Location: topic.php?t=' . $topic_id . '&p=' . ($row[0]-1) . '#' . ($row[0]-1));
  42. } else {
  43. if (isset($_SERVER['HTTP_REFERER'])) {
  44. header('Location: ' . $_SERVER['HTTP_REFERER']);
  45. } else {
  46. header('Location: index.php');
  47. }
  48. }
  49. } else if ($option == 'announcement') {
  50. } else if ($option == 'category') {
  51. }
  52. } else if (filter_input(INPUT_GET, 'option')) {
  53. } else {
  54. header('Location: index.php');
  55. }
  56. include 'templates/default.php';
  57. include 'templates/footer.php';
  58. ?>