1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<?php
include_once 'includes/db_inc.php';
include_once 'model/Thread.php';
session_start();
$current = new Thread();
if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
http_response_code(404);
include_once 'templates/404.php';
die();
} else {
$result = $current->get_from_database($_GET['id'], $dbc);
if ($result == 0) {
http_response_code(404);
include_once 'templates/404.php';
die();
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?= $current->subject; ?> - cflip.net forum</title>
<link rel="stylesheet" href="styles/style.css">
</head>
<body>
<?php include_once 'templates/header.php';?>
<h1><?= $current->subject; ?></h1>
created by <b><?= $current->author->name; ?></b>
in <b><?= $current->category->name; ?></b>
<abbr title="<?= date('M d, Y g:ia', strtotime($current->date_created));?>">3 days ago</abbr>
<?php
include_once 'model/User.php';
if (isset($_SESSION['signed_in'])) {
$user = new User();
$user->get_by_id($_SESSION['user_id'], $dbc);
if ($user->level > 0) {
echo '
<form action="moderate.php" method="post">
<p>
<b>Moderator Options</b>
<input type="hidden" name="id" value="' . $current->id . '">
<input type="checkbox" id="delete" name="delete">
<label for="delete">Delete thread</label>
<input type="checkbox" id="lock" name="lock">
<label for="lock">Locked</label>
<input type="checkbox" id="pin" name="pin">
<label for="pin">Pinned</label>
<input type="submit" value="Update thread">
</p>
</form>
';
}
}
?>
<hr>
<?php
$posts = $current->get_posts($dbc);
foreach ($posts as $post) {
$post->display_content($dbc);
}
?>
<hr>
<h2>Reply to this thread</h2>
<form method="post">
<textarea name="post_content" rows="10" cols="50"></textarea>
<br>
<input type="submit" name="submit">
</form>
</body>
</html>
<?php
include_once 'includes/db_inc.php';
include_once 'includes/functions_insert.php';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (!isset($_SESSION['signed_in'])) {
echo 'You must be <a href="signin.php">signed in</a> to reply to this thread.';
return;
}
$post_content = filter_input(INPUT_POST, 'post_content', FILTER_SANITIZE_STRING);
$user_id = filter_var($_SESSION['user_id'], FILTER_SANITIZE_NUMBER_INT);
if (empty($post_content) or !$post_content) {
echo 'Thread subject cannot be empty';
} else {
insert_post($dbc, $post_content, $current->id, $user_id, $current->category->id);
}
}
?>
|
