From df49a36e140acc211fdc31480d40281404110310 Mon Sep 17 00:00:00 2001
From: Cflip <36554078+cflip@users.noreply.github.com>
Date: Fri, 22 Jan 2021 20:45:43 -0700
Subject: Inital commit with existing code

---
 create_topic.php | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 90 insertions(+)
 create mode 100644 create_topic.php

(limited to 'create_topic.php')

diff --git a/create_topic.php b/create_topic.php
new file mode 100644
index 0000000..9eab942
--- /dev/null
+++ b/create_topic.php
@@ -0,0 +1,90 @@
+<?php
+
+include 'header.php';
+include_once 'connect.php';
+
+echo '<section><h2>Create a new topic</h2>';
+
+if (!isset($_SESSION['signed_in'])) {
+	echo 'You must be <a href="signin.php">signed in</a> to create a topic.';
+} else {
+	if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+		$sql = "SELECT cat_id, cat_name, cat_description FROM categories";
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			echo 'Error while selecting from database. Please try again later.';
+		} else {
+			if (mysqli_num_rows($result) == 0) {
+				echo 'There are currently no categories to post to.';
+			} else {
+				echo '
+				<form action="" method="post">
+					<label for="topic_subject">Subject: </label><br>
+					<input type="text" name="topic_subject"><br>
+					<label for="topic_cat">Category: </label><br>
+					<select name="topic_cat">';
+
+				while ($row = mysqli_fetch_assoc($result)) {
+					echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
+				}
+
+				echo '
+					</select><br>
+					<label for="post_content">Write your post: </label><br>
+					<textarea name="post_content"></textarea><br>
+					<input type="submit" name="submit">
+				</form>
+				';
+			}
+		}
+	} else {
+		$sql = "BEGIN WORK;";
+		$result = mysqli_query($dbc, $sql);
+
+		if (!$result) {
+			echo 'An error occurred creating your topic. Try again later';
+		} else {
+			$sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_author) VALUES(
+			'" . mysqli_real_escape_string($dbc, $_POST['topic_subject']) . "', 
+			NOW(), 
+			" . mysqli_real_escape_string($dbc, $_POST['topic_cat']) . ", 
+			" . $_SESSION['user_id'] .")";
+
+			$result = mysqli_query($dbc, $sql);
+
+			if (!$result) {
+				echo 'An error occured while creating your post. Please try again later.' . mysql_error();
+				$sql = "ROLLBACK;";
+				mysqli_query($dbc, $sql);
+			} else {
+				$topic_id = mysqli_insert_id($dbc);
+
+				$sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(
+				'" . mysqli_real_escape_string($dbc, $_POST['post_content']) . "',
+				NOW(),
+				" . $topic_id . ",
+				" . $_SESSION['user_id'] . ")";
+
+				$result = mysqli_query($dbc, $sql);
+
+				if (!$result) {
+					echo 'An error occured while creating your post. Please try again later.' . mysqli_error($dbc);
+					$sql = "ROLLBACK;";
+					mysqli_query($dbc, $sql);
+				} else {
+					$sql = "COMMIT;";
+					$result = mysqli_query($dbc, $sql);
+
+					echo 'You have successfully created <a href="topic.php?id='. $topic_id . '">your new topic</a>.';
+				}
+			}
+		}
+	}
+}
+
+echo '</section>';
+
+include 'footer.php';
+
+?>
\ No newline at end of file
-- 
cgit v1.2.3