From f2814f2a8d49833f0800ad482be7973243622e8e Mon Sep 17 00:00:00 2001
From: h5p9sl <21267024+h5p9sl@users.noreply.github.com>
Date: Sun, 24 Jan 2021 10:36:27 -0700
Subject: using wrong variable: 'user_name' instead of 'user_pass

---
 register.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/register.php b/register.php
index a318170..efa4486 100644
--- a/register.php
+++ b/register.php
@@ -68,7 +68,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 		$user_pass = $_POST['user_pass'];
 		$pass_check = $_POST['user_pass_check'];
 
-		if (preg_match("/^[a-zA-Z0-9\W]*$/", $user_name) === false) {
+		if (preg_match("/^[a-zA-Z0-9\W]*$/", $user_pass) === false) {
 			$errors[] = "Password contains invalid characters!";
 		}
 
@@ -104,4 +104,4 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
 
 </section>
 
-<?php include_once 'footer.php';?>
\ No newline at end of file
+<?php include_once 'footer.php';?>
-- 
cgit v1.2.3


From f78ad3e81c2bf8dca6b491ee8f09b99d40903d77 Mon Sep 17 00:00:00 2001
From: h5p9sl <21267024+h5p9sl@users.noreply.github.com>
Date: Sun, 24 Jan 2021 11:07:53 -0700
Subject: Disallow empty thread subjects

---
 create_thread.php | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/create_thread.php b/create_thread.php
index 3f15f63..51bfe10 100644
--- a/create_thread.php
+++ b/create_thread.php
@@ -39,7 +39,6 @@ if (!isset($_SESSION['signed_in'])) {
 	<textarea name="post_content"></textarea><br>
 	<input type="submit" name="submit">
 </form>
-</section>
 
 <?php
 include_once 'includes/db_inc.php';
@@ -66,8 +65,9 @@ function create_post($dbc, $post_content, $post_thread, $post_author) {
 	}
 
 	mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author);
-	mysqli_stmt_execute($stmt);
+	$result = mysqli_stmt_execute($stmt);
 	mysqli_stmt_close($stmt);
+	return $result;
 }
 
 function validate($data)  {
@@ -78,22 +78,29 @@ function validate($data)  {
 }
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	$post_result = NULL;
 	$post_content = validate($_POST['post_content']);
 	$thread_subject = validate($_POST['thread_subject']);
 	$thread_cat = validate($_POST['thread_cat']);
 	$user_id = validate($_SESSION['user_id']);
 
-	create_thread($dbc, $thread_subject, $thread_cat, $user_id);
-	$thread_id = mysqli_insert_id($dbc);
-	create_post($dbc, $post_content, $thread_id, $user_id);
-
-	if (!$post_result) {
-		echo 'An error occurred creating your post: ' . mysqli_error($dbc);
+	// Disallow empty thread subjects
+	if (empty($thread_subject) or !$thread_subject) {
+		echo '<br>Thread subject cannot be empty.';
+	} else {
+		create_thread($dbc, $thread_subject, $thread_cat, $user_id);
+		$thread_id = mysqli_insert_id($dbc);
+		$post_result = create_post($dbc, $post_content, $thread_id, $user_id);
+		if (!$post_result) {
+			echo 'An error occurred creating your post: ' . mysqli_error($dbc);
+		} else {
+			header("Location: thread.php?id=" . $thread_id);
+		}
 	}
-
-	header("Location: thread.php?id=" . $thread_id);
 }
 
 ?>
 
-<?php include_once 'footer.php';?>
\ No newline at end of file
+</section>
+
+<?php include_once 'footer.php';?>
-- 
cgit v1.2.3