Location: PHPKode > projects > top serious project > bco/new_topic.php
<?php

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

include("include.php");

if ((isset($_POST)) && ($_POST['submit'] == "add topic")) {
    //
    // Turn the runtime off so things will work like I want them to.
    //
    set_magic_quotes_runtime(0);
	
    bco_authorize_user($_POST['username'],$_POST['password']);
	$userid = bco_get_users_id($_POST['username']);
    $subject = trim(bco_addslashes(strip_tags($_POST['subject'])));
	if ($subject == "") {
		bco_error("Your subject is empty");
	}

    if ($_POST['unhtml'] == "true") {
        $msgbody = trim(htmlentities(bco_addslashes($_POST['msgbody'])));
    } else {
	    $msgbody = trim(addslashes(bco_clean_html($_POST['msgbody'])));
    }

	if ($msgbody == "") {
		bco_error("The message body is empty");
	}

    // Get the time between posts and make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
    $time_between_posts_query = "select config_value from bco_config where config_name='time_between_posts'";
    if (!$time_between_posts = pg_fetch_result(pg_query($time_between_posts_query), 0)) {
        bco_error("Getting config value 'time_between_posts' failed.<br />" . pg_last_error());
    }
    // Make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
    $lastpost_time_query = "select id from users where id=$userid and last_post > NOW() - '$time_between_posts second'::interval";
    if (pg_num_rows(pg_query($lastpost_time_query)) == 1) {
        bco_error("You are posting faster than the limit. Please chill.");
    }

	$forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
	if ($forward_ip == '') {
		$forward_ip = '0.0.0.0';
	}
	
	// If we are an admin, let's look to see if this thread was created as a sticky.
	if ($is_admin) {
		if ((isset($_POST['sticky'])) && ($_POST['sticky'] == "true")) {
			$sticky = "t";
		} else {
			$sticky = "f";
		}
	} else {
		$sticky = "0";
	}

	$insert_subject_query  = "INSERT INTO subject_index (createdby, username, subject, ip,";
	$insert_subject_query .= " ip_fowarded_for, lastpost_date, lastpost_by, sticky, date_created)";
	$insert_subject_query .= " values";
	$insert_subject_query .= " ($userid, '$_POST[username]', '$subject', '$_SERVER[REMOTE_ADDR]',";
	$insert_subject_query .= " '$forward_ip', NOW(), '$_POST[username]', '$sticky', NOW())";
    pg_query("BEGIN");
    if (!pg_query($insert_subject_query)) {
        pg_query("ROLLBACK");
        bco_error("Error with subject query: " .  pg_last_error());
    }
	unset($query);
	$insert_messages_query  = "INSERT INTO messages (id_subject, createdby, username, ip, ip_forwarded_for, postdate, msgbody, subject)";
	$insert_messages_query .= " values";
	$insert_messages_query .= " (currval('subject_index_id_seq'::text), $userid, '$_POST[username]', '$_SERVER[REMOTE_ADDR]', '$forward_ip', NOW(), '$msgbody', '$subject')";
	if (!pg_query($insert_messages_query)) {
        pg_query("ROLLBACK");
        bco_error("Error with messages query: " .  pg_last_error());
    }
/*    $posters_column_update_query = "INSERT INTO active_users 
                                    (username, date, posted, hidden)
                                    values
                                    ('$_POST[username]', NOW(), '1', '$user_data[hidden]')";

    if (!pg_query($posters_column_update_query)) {
        pg_query("ROLLBACK");
        bco_error("PostgreSQL said this: " . pg_last_error());
    }*/

    $query = "update users set posts_started=posts_started+1 where id=$userid";
    if (!pg_query($query)) {
        pg_query("ROLLBACK");
        bco_error("Update user post total failed: " . pg_last_error());
    }

    $query = "UPDATE bco_config_new SET total_topics=total_topics+1";
    if (!pg_query($query)) {
        pg_query("ROLLBACK");
        bco_error("PostgreSQL said this: " . pg_last_error());
    }
    pg_query("COMMIT");
    header("Location: $GLOBALS[base_url]" . "index.php");
    exit;
}
// This ends the posting of the thread.

bco_html_header("Add a new topic.");

bco_index_menu("Add a new topic.");

/* Display form for adding a new topic */
echo <<< END
\n<br />
<form method="post" action="$PHP_SELF">
<table width="100%" cellpadding="1" cellspacing="0" class="replytable">
    <tr>
        <td align="right" width="100">username:</td>
        <td align="left" ><input type="text" size="25" maxlength="25" name="username" value="$user_array[username]" class="textfield" /></td>
    </tr>
    <tr>
        <td align="right" width="100">password:</td>
        <td align="left"><input type="password" size="25" maxlength="12" name="password" value="$user_array[password]" class="textfield" /></td>
    </tr>
    <tr>
        <td align="right" width="100">subject:</td>
        <td align="left"><input type="text" size="53" maxlength="100" name="subject" class="textfield" /></td>
    </tr>
    <tr>
        <td align="right" width="100" valign="top">say it:</td>
        <td align="left"><textarea name="msgbody" rows="7" cols="60" class="textfield"></textarea></td>
    </tr>
    <tr>
        <td align="right" width="100">&nbsp;</td>
        <td align="left">
            <input type="hidden" name="ip" value="$_SERVER[REMOTE_ADDR]" />
            <input type="submit" name="submit" value="add topic" class="button" /><br />
            <input type="checkbox" name="unhtml" value="true" /> Disable html.
END;

if ($is_admin) {
	echo "<br />\n			<input type=\"checkbox\" name=\"sticky\" value=\"true\" /> Make sticky.";
}

echo <<< END
        </td>
    </tr>
</table>
END;
/* End form */

bco_html_footer();

?>
Return current item: top serious project