-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathnewThread.php
More file actions
executable file
·161 lines (135 loc) · 5.57 KB
/
newThread.php
File metadata and controls
executable file
·161 lines (135 loc) · 5.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
<!DOCTYPE html>
<html lang="en">
<!-- SMIPO Create new thread
@author James
-->
<?php
require("connect.php");
$board_id = $_GET['board'];
$req = $_GET['req'];
$sql = 'SELECT * FROM Categories WHERE cat_id = ' . $board_id;
$result = $db->query($sql);
$row = $result->fetchRow();
?>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>New Thread - SMIPO</title>
<!-- Bootstrap Core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Custom CSS -->
<link href="css/smipo.css" rel="stylesheet">
<!-- Fonts -->
<link href="http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800" rel="stylesheet" type="text/css">
<link href="http://fonts.googleapis.com/css?family=Josefin+Slab:100,300,400,600,700,100italic,300italic,400italic,600italic,700italic" rel="stylesheet" type="text/css">
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<?php require_once("navigation.php"); ?>
<div class="container">
<div class="row">
<div class="box">
<div class="col-lg-12">
<hr>
<h2 class="intro-text text-center">
<?php echo "<p>Posting to the " . $row['cat_name'] . " board</p><br />";?>
</h2>
<hr>
</div>
<div class="row">
<!-- main content area -->
<div id="boards">
<center>
<?php
if($req == 'new') {
// request now equal to post
echo "<form method='POST' action='newThread.php?board=" . $board_id . "&req=pos'>";
echo "Topic Name: <input type='text' name='topic'><br>Post Data<br>";
echo "<textarea name='first_reply' cols='75' rows='10'></textarea><br><br>";
echo "<input type='submit' value='Submit'>";
echo "</form>";
echo "<div class='clearfix'></div>";
}
else {
/* Get topic info from post and user info from session variables */
$topic_name = $_POST['topic'];
$first_reply = $_POST['first_reply'];
$username = $_SESSION['user'];
$user_id = $_SESSION['user_id'];
$logged_in = $_SESSION['logged_in'];
$status = $_SESSION['status'];
/* sanitize topic & first_reply */
$topic_name = htmlspecialchars($topic_name);
$topic_name = stripslashes($topic_name);
$topic_name = mysql_real_escape_string($topic_name);
//$first_reply = htmlspecialchars($first_reply);
//$first_reply = stripslashes($first_reply);
//$first_reply = mysql_real_escape_string($first_reply);
/* getting board name */
$board_sql = "SELECT * FROM Categories WHERE cat_id = $board_id";
$board_result = $db->query($board_sql);
$board_row = $board_result->fetchRow();
$board_name = $board_row['cat_name'];
/* end getting board name */
/* user is logged in and allowed to post */
if ($logged_in == true && $status >= 0) {
$insert_sql = "INSERT INTO Topics (topic_subject, topic_date, topic_cat, topic_by, board_id)" .
" VALUES ('$topic_name', CURDATE(), '$board_name', '$username', $board_id)";
$db->query($insert_sql);
/* getting our newly created thread's ID */
// FIX THIS QUERY
$id_sql = "SELECT * FROM Topics WHERE topic_by = '$username' ORDER BY topic_id DESC LIMIT 1";
//$id_sql = "SELECT * FROM Topics WHERE topic_subject = '$topic_name' AND topic_by = '$username' ORDER BY topic_id DESC";
$id_result = $db->query($id_sql);
$id_row = $id_result->fetchRow();
$thread_id = $id_row['topic_id'];
/* end getting thread ID */
/* insert first reply into Replies table */
$insert_sql = "INSERT INTO Replies (reply_content, reply_date, reply_topic, reply_by, thread_id)" .
" VALUES ('$first_reply', CURDATE(), '$topic_name', $user_id, $thread_id)";
$db->query($insert_sql);
/* end insert */
header("Location: thread.php?board=$board_id&thread=$thread_id");
/*
INSERT INTO TOPICS (topic_subject, topic_date, topic_cat, topic_by, board_id)
VALUES ("Hello world", CURDATE(), "Automotive", "jt0021", 1)
*/
}
/* user is not allowed */
else {
echo "Not allowed to post";
}
}
?>
</center>
</div>
</div>
</div>
<div class="clearfix"></div>
</div>
</div>
</div>
<!-- /.container -->
<footer>
<div class="container">
<div class="row">
<div class="col-lg-12 text-center">
<p>Copyright © Radford SMIPO 2016</p>
</div>
</div>
</div>
</footer>
<!-- jQuery -->
<script src="js/jquery.js"></script>
<!-- Bootstrap Core JavaScript -->
<script src="js/bootstrap.min.js"></script>
</body>
</html>