/new.php

https://gitlab.com/weedzcokie/phpforum · PHP · 69 lines · 54 code · 11 blank · 4 comment · 27 complexity · f3c56053b1c6b529fc1f318e4c206f43 MD5 · raw file 

    

  1. <?php
    2. 

  2. include 'common.php';
    3. 

  3. 

  4. if (filter_input(INPUT_GET, 'option') && filter_input(INPUT_POST, 'post')) {
    5. 

  5.     $allowed = true;
    6. 

  6.     $option = filter_input(INPUT_GET, 'option');
    7. 

  7.     if ($option == 'topic') {
    8. 

  8.         if ($_SESSION['access_level'] < 1) {
    9. 

  9.             $allowed = false;
    10. 

  10.         }
    11. 

  11. 

  12.     } else if ($option == 'post') {
    13. 

  13.         if ($_SESSION['access_level'] < 1) {
    14. 

  14.             $allowed = false;
    15. 

  15.         }
    16. 

  16.         if (filter_input(INPUT_POST, 'post-content')) {
    17. 

  17.             $escaped_content = $mysqli->real_escape_string(htmlentities(filter_input(INPUT_POST, 'post-content')));
    18. 

  18.             if (strlen($escaped_content) < 3) {
    19. 

  19.                 $allowed = false;
    20. 

  20.             }
    21. 

  21.             $escaped_title = $mysqli->real_escape_string(htmlentities(filter_input(INPUT_POST, 'post-title')));
    22. 

  22.             $user_id = $mysqli->real_escape_string($_SESSION['user_id']);
    23. 

  23.         } else {
    24. 

  24.             $allowed = false;
    25. 

  25.         }
    26. 

  26.         #
    27. 

  27.         #   TODO: make sure user is allowed to post in topic
    28. 

  28.         #
    29. 

  29.         if (filter_input(INPUT_GET, 'topic')) {
    30. 

  30.             $topic_id = $mysqli->real_escape_string(filter_input(INPUT_GET, 'topic'));
    31. 

  31.         } else {
    32. 

  32.             $allowed = false;
    33. 

  33.         }
    34. 

  34. 

  35.         if ($allowed) {
    36. 

  36.             $time = $mysqli->real_escape_string(time());
    37. 

  37.             $query = "INSERT INTO posts(posts_title, posts_content, posts_topic_id, posts_user_id, posts_time) VALUES('".$escaped_title."','".$escaped_content."',".$topic_id.",".$user_id.",".$time.")";
    38. 

  38.             #echo $query;
    39. 

  39.             $mysqli->query($query);
    40. 

  40.             $result = $mysqli->query("SELECT `AUTO_INCREMENT` FROM information_schema.TABLES WHERE TABLE_SCHEMA = '".$mysql_config['database']."' AND TABLE_NAME = 'posts'");
    41. 

  41.             $row = $result->fetch_array();
    42. 

  42.             $result->close();
    43. 

  43.             $mysqli->query("UPDATE topics SET topics_last_post_id = " . ($row[0]-1) . " WHERE topics_id = " . $topic_id);
    44. 

  44.             header('Location: topic.php?t=' . $topic_id . '&p=' . ($row[0]-1) . '#' . ($row[0]-1));
    45. 

  45.         } else {
    46. 

  46.             if (isset($_SERVER['HTTP_REFERER'])) {
    47. 

  47.                 header('Location: ' . $_SERVER['HTTP_REFERER']);
    48. 

  48.             } else {
    49. 

  49.                 header('Location: index.php');
    50. 

  50.             }
    51. 

  51.         }
    52. 

  52. 

  53.     } else if ($option == 'announcement') {
    54. 

  54. 

  55.     } else if ($option == 'category') {
    56. 

  56. 

  57.     }
    58. 

  58. } else if (filter_input(INPUT_GET, 'option')) {
    59. 

  59. 

  60. } else {
    61. 

  61.     header('Location: index.php');
    62. 

  62. }
    63. 

  63. 

  64. include 'templates/default.php';
    65. 

  65. 

  66. 

  67. 

  68. include 'templates/footer.php';
    69. 

  69. ?>
    70.