<?php
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
include("include.php");
if ((isset($_POST)) && ($_POST['submit'] == "add topic")) {
//
// Turn the runtime off so things will work like I want them to.
//
set_magic_quotes_runtime(0);
bco_authorize_user($_POST['username'],$_POST['password']);
$userid = bco_get_users_id($_POST['username']);
$subject = trim(bco_addslashes(strip_tags($_POST['subject'])));
if ($subject == "") {
bco_error("Your subject is empty");
}
if ($_POST['unhtml'] == "true") {
$msgbody = trim(htmlentities(bco_addslashes($_POST['msgbody'])));
} else {
$msgbody = trim(addslashes(bco_clean_html($_POST['msgbody'])));
}
if ($msgbody == "") {
bco_error("The message body is empty");
}
// Get the time between posts and make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
$time_between_posts_query = "select config_value from bco_config where config_name='time_between_posts'";
if (!$time_between_posts = pg_fetch_result(pg_query($time_between_posts_query), 0)) {
bco_error("Getting config value 'time_between_posts' failed.<br />" . pg_last_error());
}
// Make sure the user hasn't posted within that timeframe.. if he/she has, then spew an error.
$lastpost_time_query = "select id from users where id=$userid and last_post > NOW() - '$time_between_posts second'::interval";
if (pg_num_rows(pg_query($lastpost_time_query)) == 1) {
bco_error("You are posting faster than the limit. Please chill.");
}
$forward_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
if ($forward_ip == '') {
$forward_ip = '0.0.0.0';
}
// If we are an admin, let's look to see if this thread was created as a sticky.
if ($is_admin) {
if ((isset($_POST['sticky'])) && ($_POST['sticky'] == "true")) {
$sticky = "t";
} else {
$sticky = "f";
}
} else {
$sticky = "0";
}
$insert_subject_query = "INSERT INTO subject_index (createdby, username, subject, ip,";
$insert_subject_query .= " ip_fowarded_for, lastpost_date, lastpost_by, sticky, date_created)";
$insert_subject_query .= " values";
$insert_subject_query .= " ($userid, '$_POST[username]', '$subject', '$_SERVER[REMOTE_ADDR]',";
$insert_subject_query .= " '$forward_ip', NOW(), '$_POST[username]', '$sticky', NOW())";
pg_query("BEGIN");
if (!pg_query($insert_subject_query)) {
pg_query("ROLLBACK");
bco_error("Error with subject query: " . pg_last_error());
}
unset($query);
$insert_messages_query = "INSERT INTO messages (id_subject, createdby, username, ip, ip_forwarded_for, postdate, msgbody, subject)";
$insert_messages_query .= " values";
$insert_messages_query .= " (currval('subject_index_id_seq'::text), $userid, '$_POST[username]', '$_SERVER[REMOTE_ADDR]', '$forward_ip', NOW(), '$msgbody', '$subject')";
if (!pg_query($insert_messages_query)) {
pg_query("ROLLBACK");
bco_error("Error with messages query: " . pg_last_error());
}
/* $posters_column_update_query = "INSERT INTO active_users
(username, date, posted, hidden)
values
('$_POST[username]', NOW(), '1', '$user_data[hidden]')";
if (!pg_query($posters_column_update_query)) {
pg_query("ROLLBACK");
bco_error("PostgreSQL said this: " . pg_last_error());
}*/
$query = "update users set posts_started=posts_started+1 where id=$userid";
if (!pg_query($query)) {
pg_query("ROLLBACK");
bco_error("Update user post total failed: " . pg_last_error());
}
$query = "UPDATE bco_config_new SET total_topics=total_topics+1";
if (!pg_query($query)) {
pg_query("ROLLBACK");
bco_error("PostgreSQL said this: " . pg_last_error());
}
pg_query("COMMIT");
header("Location: $GLOBALS[base_url]" . "index.php");
exit;
}
// This ends the posting of the thread.
bco_html_header("Add a new topic.");
bco_index_menu("Add a new topic.");
/* Display form for adding a new topic */
echo <<< END
\n<br />
<form method="post" action="$PHP_SELF">
<table width="100%" cellpadding="1" cellspacing="0" class="replytable">
<tr>
<td align="right" width="100">username:</td>
<td align="left" ><input type="text" size="25" maxlength="25" name="username" value="$user_array[username]" class="textfield" /></td>
</tr>
<tr>
<td align="right" width="100">password:</td>
<td align="left"><input type="password" size="25" maxlength="12" name="password" value="$user_array[password]" class="textfield" /></td>
</tr>
<tr>
<td align="right" width="100">subject:</td>
<td align="left"><input type="text" size="53" maxlength="100" name="subject" class="textfield" /></td>
</tr>
<tr>
<td align="right" width="100" valign="top">say it:</td>
<td align="left"><textarea name="msgbody" rows="7" cols="60" class="textfield"></textarea></td>
</tr>
<tr>
<td align="right" width="100"> </td>
<td align="left">
<input type="hidden" name="ip" value="$_SERVER[REMOTE_ADDR]" />
<input type="submit" name="submit" value="add topic" class="button" /><br />
<input type="checkbox" name="unhtml" value="true" /> Disable html.
END;
if ($is_admin) {
echo "<br />\n <input type=\"checkbox\" name=\"sticky\" value=\"true\" /> Make sticky.";
}
echo <<< END
</td>
</tr>
</table>
END;
/* End form */
bco_html_footer();
?>