diff options
| -rw-r--r-- | create_thread.php | 99 | ||||
| -rw-r--r-- | thread.php | 67 |
2 files changed, 166 insertions, 0 deletions
diff --git a/create_thread.php b/create_thread.php new file mode 100644 index 0000000..3f15f63 --- /dev/null +++ b/create_thread.php @@ -0,0 +1,99 @@ +<?php + +include_once 'header.php'; + +echo '<section><h2>Create a new thread</h2>'; + +if (!isset($_SESSION['signed_in'])) { + die('You must be <a href="signin.php">signed in</a> to create a thread.'); +} +?> + +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> + <label for="thread_subject">Subject: </label><br> + <input type="text" name="thread_subject"><br> + <label for="thread_cat">Category: </label><br> + <?php + include_once 'includes/db_inc.php'; + + $sql = "SELECT cat_id, cat_name, cat_description FROM categories"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + die('Error trying to fetch category list: ' . mysqli_error($dbc)); + } + + if (mysqli_num_rows($result) == 0) { + die('There are currently no categories to post to.'); + } + + echo '<select name="thread_cat">'; + + while ($row = mysqli_fetch_assoc($result)) { + echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>'; + } + + echo '</select><br>'; + ?> + <label for="post_content">Write your post: </label><br> + <textarea name="post_content"></textarea><br> + <input type="submit" name="submit"> +</form> +</section> + +<?php +include_once 'includes/db_inc.php'; + +function create_thread($dbc, $thread_subject, $thread_cat, $thread_author) { + $sql = "INSERT INTO threads(thread_subject, thread_date, thread_cat, thread_author) VALUES(?, NOW(), ?, ?);"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create thread due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); +} + +function create_post($dbc, $post_content, $post_thread, $post_author) { + $sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, NOW(), ?, ?);"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create thread due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); +} + +function validate($data) { + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; +} + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $post_content = validate($_POST['post_content']); + $thread_subject = validate($_POST['thread_subject']); + $thread_cat = validate($_POST['thread_cat']); + $user_id = validate($_SESSION['user_id']); + + create_thread($dbc, $thread_subject, $thread_cat, $user_id); + $thread_id = mysqli_insert_id($dbc); + create_post($dbc, $post_content, $thread_id, $user_id); + + if (!$post_result) { + echo 'An error occurred creating your post: ' . mysqli_error($dbc); + } + + header("Location: thread.php?id=" . $thread_id); +} + +?> + +<?php include_once 'footer.php';?>
\ No newline at end of file diff --git a/thread.php b/thread.php new file mode 100644 index 0000000..52ad8b3 --- /dev/null +++ b/thread.php @@ -0,0 +1,67 @@ +<?php include_once 'header.php'; ?> + +<?php +include_once 'includes/db_inc.php'; + +$sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads LEFT JOIN users ON thread_author = user_id WHERE thread_id = " . mysqli_real_escape_string($dbc, $_GET['id']); +$result = mysqli_query($dbc, $sql); + +if (!$result) { + die('Error trying to display thread page: ' . mysqli_error($dbc)); +} + +if (mysqli_num_rows($result) == 0) { + echo 'This thread does not exist'; +} else { + while ($row = mysqli_fetch_assoc($result)) { + echo '<section><h1>' . $row['thread_subject'] . '</h1>'; + echo 'Created by <b>' . $row['user_name'] . '</b> on ' . date('M d, Y', strtotime($row['thread_date'])) . '</section>'; + $thread_id = $row['thread_id']; + } +} + +echo '</section>'; + +mysqli_free_result($result); + +$sql = "SELECT post_content, post_date, post_author, user_id, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_thread = " . mysqli_real_escape_string($dbc, $_GET['id']); +$result = mysqli_query($dbc, $sql); + +if (!$result) { + die('Error trying to display posts: ' . mysqli_error($dbc)); +} + +if (mysqli_num_rows($result) == 0) { + echo '<section>This thread has no posts</section>'; +} else { + echo '<table>'; + while ($row = mysqli_fetch_assoc($result)) { + echo '<tr class="post"><td class="right">Posted by <b>' . $row['user_name'] . '</b><br><small>' . date('m/d/Y g:ia', strtotime($row['post_date'])) . '</small></td>'; + echo '<td class="left">' . $row['post_content'] . '</td></tr>'; + } + echo '</table>'; +} + +mysqli_free_result($result); + +if (isset($_SESSION['signed_in'])) { + echo ' + <section> + <form action="includes/reply_inc.php?reply_to=' . $thread_id .'" method="post"> + <h2>Reply to this thread</h2> + <textarea name="reply_content"></textarea> + <br> + <input type="submit" name="submit"> + </form> + </section> + '; +} else { + echo ' + <section> + <a href="signin.php">Sign in</a> to reply to this thread</a> + </section> + '; +} + +include_once 'footer.php'; +?>
\ No newline at end of file |