Disallow empty thread subjects

1 files changed, 18 insertions, 11 deletions

diff --git a/create_thread.php b/create_thread.php
index 3f15f63..51bfe10 100644
--- a/create_thread.php
+++ b/create_thread.php
@@ -39,7 +39,6 @@ if (!isset($_SESSION['signed_in'])) {
 	<textarea name="post_content"></textarea><br>
 	<input type="submit" name="submit">
 </form>
-</section>
 
 <?php
 include_once 'includes/db_inc.php';
@@ -66,8 +65,9 @@ function create_post($dbc, $post_content, $post_thread, $post_author) {
 	}
 
 	mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author);
-	mysqli_stmt_execute($stmt);
+	$result = mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
+	return $result;
 }
 
 function validate($data)  {
@@ -78,22 +78,29 @@ function validate($data)  {
 }
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	$post_result = NULL;
 	$post_content = validate($_POST['post_content']);
 	$thread_subject = validate($_POST['thread_subject']);
 	$thread_cat = validate($_POST['thread_cat']);
 	$user_id = validate($_SESSION['user_id']);
 
-	create_thread($dbc, $thread_subject, $thread_cat, $user_id);
-	$thread_id = mysqli_insert_id($dbc);
-	create_post($dbc, $post_content, $thread_id, $user_id);
-
-	if (!$post_result) {
-		echo 'An error occurred creating your post: ' . mysqli_error($dbc);
+	// Disallow empty thread subjects
+	if (empty($thread_subject) or !$thread_subject) {
+		echo '<br>Thread subject cannot be empty.';
+	} else {
+		create_thread($dbc, $thread_subject, $thread_cat, $user_id);
+		$thread_id = mysqli_insert_id($dbc);
+		$post_result = create_post($dbc, $post_content, $thread_id, $user_id);
+		if (!$post_result) {
+			echo 'An error occurred creating your post: ' . mysqli_error($dbc);
+		} else {
+			header("Location: thread.php?id=" . $thread_id);
+		}
 	}
-
-	header("Location: thread.php?id=" . $thread_id);
 }
 
 ?>
 
-<?php include_once 'footer.php';?>
\ No newline at end of file
+</section>
+
+<?php include_once 'footer.php';?>