diff options
| author | cflip <36554078+cflip@users.noreply.github.com> | 2021-03-21 20:16:35 -0600 |
|---|---|---|
| committer | cflip <36554078+cflip@users.noreply.github.com> | 2021-03-21 20:16:35 -0600 |
| commit | ebf94d63edecf5263fe59c2ce3f08c7b0528e570 (patch) | |
| tree | 896d1f78af5ffe4b832444056019fdee00e13604 | |
| parent | c84215091e914c81937c3aad2f1fd1775f556aa6 (diff) | |
Fix thread creation form
| -rw-r--r-- | TODO | 4 | ||||
| -rw-r--r-- | create_thread.php | 78 |
2 files changed, 32 insertions, 50 deletions
@@ -1,7 +1,7 @@ IMPROVE EXISTING CODE -[ ] Object-oriented code +[v] Object-oriented code [ ] Clean up table printing code -[ ] Fix thread create page +[v] Fix thread create page [ ] Clean up links [ ] Create 404 pages diff --git a/create_thread.php b/create_thread.php index ae3168b..bc77cc7 100644 --- a/create_thread.php +++ b/create_thread.php @@ -5,50 +5,44 @@ <title>Create a thread - cflip.net forum</title> </head> <body> +<?php include_once 'templates/header.php' ?> <h2>Create a new thread</h2> <?php if (!isset($_SESSION['signed_in'])) { die('You must be <a href="signin.php">signed in</a> to create a thread.'); } ?> - <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> <label for="thread_subject">Subject: </label><br> <input type="text" name="thread_subject"><br> <label for="thread_cat">Category: </label><br> <?php include_once 'includes/db_inc.php'; + include_once 'model/Category.php'; - $sql = "SELECT cat_id, cat_name, cat_description FROM categories"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - die('Error trying to fetch category list: ' . mysqli_error($dbc)); - } + $categories = get_all_categories($dbc); - if (mysqli_num_rows($result) == 0) { - die('There are currently no categories to post to.'); - } - - echo '<select name="thread_cat">'; + if (count($categories) == 0) { + echo 'There are no categories to post to!'; + } else { + echo '<select name="thread_cat">'; - while ($row = mysqli_fetch_assoc($result)) { - echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>'; + foreach ($categories as $category) { + echo '<option value="' . $category->id . '">' . $category->name . '</option>'; + } + + echo '</select><br>'; } - - echo '</select><br>'; ?> <label for="post_content">Write your post: </label><br> <textarea name="post_content"></textarea><br> <input type="submit" name="submit"> </form> - <?php include_once 'includes/db_inc.php'; -function create_thread($dbc, $thread_subject, $thread_cat, $thread_author) { - $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES(?, CONVERT_TZ(NOW(),'SYSTEM','+00:00'), CONVERT_TZ(NOW(),'SYSTEM','+00:00'), ?, ?); - UPDATE categories SET cat_thread_count = cat_thread_count + 1 WHERE cat_id = " . $thread_cat . ';'; +function insert_thread($dbc, $thread_subject, $thread_cat, $thread_author) { + $sql = "INSERT INTO threads(thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; $stmt = mysqli_stmt_init($dbc); if (!mysqli_stmt_prepare($stmt, $sql)) { @@ -60,50 +54,38 @@ function create_thread($dbc, $thread_subject, $thread_cat, $thread_author) { mysqli_stmt_close($stmt); } -function create_post($dbc, $post_content, $post_thread, $post_category, $post_author) { - $sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, CONVERT_TZ(NOW(),'SYSTEM','+00:00'), ?, ?); - UPDATE categories SET cat_post_count = cat_post_count + 1 WHERE cat_id = " . $post_category; +function insert_post($dbc, $post_content, $post_thread, $post_author) { + $sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES (?, CONVERT_TZ(NOW(), 'SYSTEM', '+00:00'), ?, ?);"; $stmt = mysqli_stmt_init($dbc); if (!mysqli_stmt_prepare($stmt, $sql)) { - die('Could not create thread due to internal error: ' . mysqli_error($dbc)); + die('Could not create post due to internal error: ' . mysqli_error($dbc)); } mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author); - $result = mysqli_stmt_execute($stmt); + mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); - return $result; -} - -function validate($data) { - $data = trim($data); - $data = stripslashes($data); - $data = htmlspecialchars($data); - return $data; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $post_result = NULL; - $post_content = validate($_POST['post_content']); - $thread_subject = validate($_POST['thread_subject']); - $thread_cat = validate($_POST['thread_cat']); - $user_id = validate($_SESSION['user_id']); + $post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING); + $thread_subject = filter_input(INPUT_POST, 'thread_subject', FILTER_SANITIZE_STRING); + $thread_cat = filter_input(INPUT_POST, 'thread_cat', FILTER_SANITIZE_NUMBER_INT); + $user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT); - // Disallow empty thread subjects if (empty($thread_subject) or !$thread_subject) { - echo '<br>Thread subject cannot be empty.'; + echo 'Thread subject cannot be empty'; } else { - create_thread($dbc, $thread_subject, $thread_cat, $user_id); + insert_thread($dbc, $thread_subject, $thread_cat, $user_id); $thread_id = mysqli_insert_id($dbc); - $post_result = create_post($dbc, $post_content, $thread_id, $thread_cat, $user_id); - if (!$post_result) { - echo 'An error occurred creating your post: ' . mysqli_error($dbc); - } else { - header("Location: thread.php?id=" . $thread_id); - } + insert_post($dbc, $post_content, $thread_id, $user_id); + + $sql = "UPDATE categories SET `cat_thread_count` = `cat_thread_count` + '1', `cat_post_count` = `cat_post_count` + '1' WHERE cat_id = " . $thread_cat . ";"; + mysqli_query($dbc, $sql); + + header("Location: /forum/thread/" . $thread_id); } } - ?> </body> </html>
\ No newline at end of file |