diff options
| author | Cflip <36554078+cflip@users.noreply.github.com> | 2021-01-23 12:25:51 -0700 |
|---|---|---|
| committer | Cflip <36554078+cflip@users.noreply.github.com> | 2021-01-23 12:26:18 -0700 |
| commit | 279d399461e6a66157bb2f0bc8209bf0fcb36c9c (patch) | |
| tree | 779492cc411d6c9171d57cdecf7a43f39e2ca512 /create_thread.php | |
| parent | 0b26a9cd485d5b1ed509d9da998780d8b658eb8a (diff) | |
Change terminology from topics to threads
Diffstat (limited to 'create_thread.php')
| -rw-r--r-- | create_thread.php | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/create_thread.php b/create_thread.php new file mode 100644 index 0000000..3f15f63 --- /dev/null +++ b/create_thread.php @@ -0,0 +1,99 @@ +<?php + +include_once 'header.php'; + +echo '<section><h2>Create a new thread</h2>'; + +if (!isset($_SESSION['signed_in'])) { + die('You must be <a href="signin.php">signed in</a> to create a thread.'); +} +?> + +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> + <label for="thread_subject">Subject: </label><br> + <input type="text" name="thread_subject"><br> + <label for="thread_cat">Category: </label><br> + <?php + include_once 'includes/db_inc.php'; + + $sql = "SELECT cat_id, cat_name, cat_description FROM categories"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + die('Error trying to fetch category list: ' . mysqli_error($dbc)); + } + + if (mysqli_num_rows($result) == 0) { + die('There are currently no categories to post to.'); + } + + echo '<select name="thread_cat">'; + + while ($row = mysqli_fetch_assoc($result)) { + echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>'; + } + + echo '</select><br>'; + ?> + <label for="post_content">Write your post: </label><br> + <textarea name="post_content"></textarea><br> + <input type="submit" name="submit"> +</form> +</section> + +<?php +include_once 'includes/db_inc.php'; + +function create_thread($dbc, $thread_subject, $thread_cat, $thread_author) { + $sql = "INSERT INTO threads(thread_subject, thread_date, thread_cat, thread_author) VALUES(?, NOW(), ?, ?);"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create thread due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); +} + +function create_post($dbc, $post_content, $post_thread, $post_author) { + $sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, NOW(), ?, ?);"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create thread due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); +} + +function validate($data) { + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; +} + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $post_content = validate($_POST['post_content']); + $thread_subject = validate($_POST['thread_subject']); + $thread_cat = validate($_POST['thread_cat']); + $user_id = validate($_SESSION['user_id']); + + create_thread($dbc, $thread_subject, $thread_cat, $user_id); + $thread_id = mysqli_insert_id($dbc); + create_post($dbc, $post_content, $thread_id, $user_id); + + if (!$post_result) { + echo 'An error occurred creating your post: ' . mysqli_error($dbc); + } + + header("Location: thread.php?id=" . $thread_id); +} + +?> + +<?php include_once 'footer.php';?>
\ No newline at end of file |