<?php
include 'connect.php';
include 'header.php';
//gets the ID of the board that the topic is going to be created on, using HTTP GET
$bid = mysql_real_escape_string($_GET['bid']);
$uid = mysql_real_escape_string($_GET['uid']);
//ensures that the user is logged in (you must be logged in to post!)
if($_SESSION['signed_in'])
{
//this query fetches the board that the topic will be created on, and detects if the board exists
//if the board does not exist, a 404 error is returned
$levelQuery = "SELECT signature FROM users WHERE user_id = $uid";
$levelResult = mysql_query($levelQuery);
{
if ($levelRow['users'] <= $_SESSION['user_level'])
{
//this checks to ensure that the user is a high enough level to create a topic on the board.
if($_SERVER['REQUEST_METHOD'] != 'POST')
//this checks to see if there is a current HTTP POST request. If so, the form is processed. If not, a new form is displayed
{
echo '<form method="post" action="">
Signature: <input type="text" maxlength=80 name="topic-title" /><br />
<input type="submit" value="post signature" />
</form>';
}
else //There is a current POST request to be processed.
{
//Note the use of the strip_tags() function. This PHP function discards
//any HTML tags that are input by the user in their posts, which can often
//create glitches and exploits.
$value1 = strip_tags(mysql_real_escape_string($_POST['signature']));
$value3 = $_SESSION['user_id'];
//this sql query creates a new topic, with the subject being specified by the user
$sql = "INSERT INTO users (user_id, user_name, user_pass, user_email, user_date, user_level, avatar, signature)
VALUES ('$value1', '$value3')";
$result = mysql_query($sql);
if(!$result)
{
die('Error: ' . mysql_error());
} else
{ //if there is no error creating the topic, we will create the first post in the topic
//this function returns the ID of the topic that we just created, so we can use the topic ID
//when we are adding the first post to the database
$tid = mysql_insert_id();
$messageText = strip_tags(mysql_real_escape_string($_POST['topic-message']), '<p><br>');
$result2 = mysql_query($addMessage);
$result3 = mysql_query($updateTopicTime);
if(!$result2)
{
die('Error: ' . mysql_error());
} else
{ //if there are no errors with posting, this confirmation message is returned
//a link back to the current topic is constructed based on the topic id
echo '<div class="error">Signature posted. <a href="me.php">Return Here</a></div>';
}
}
}
} else
{ //if the user is not a high enough level to create topics, this message is returned.
echo '<div class="error"><B>Access Restricted</B>: You do not have permission to create topics on this board. <a href="index.php">Return to Home</a></div>';
}
}
}
else
{ //if the user is not logged in, they cannot create any topics.
echo '<div class="error">You must be <a href="login.php">logged in</a> to do that.</div>';
}
include 'footer.php';
?>