<?php require('layout/header.php'); ?>
<script type="text/javascript">
function insert(was) {
document.create.post_content.value += was + " ";
document.create.post_content.focus();
}
</script>
<script type="text/javascript">
function showSuccessMessage() {
showNotification({
type : "success",
message: "<?php echo $lang['success_create_topic']; ?>"
});
}
function showErrorMessage() {
showNotification({
type : "error",
message: "<?php echo $lang['couldnot_create_topic']; ?>"
});
}
</script>
<div id="content_wrapper">
<div class="content"><?php
if(!isset($_SESSION['signed_in'])) {
echo '<p class="false">' . $lang['just_for_users'] . '!</p>
<p>' . $lang['you_need_to'] . ' <a href="signin.php">' . $lang['signin_s'] . '</a>.
- ' . $lang['not_yet'] . ' <a href="signup.php">' . $lang['registered'] . '</a>?</p>';
}else{
if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
$id = mysql_real_escape_string($_GET['id']);
$id = intval($_GET['id']);
}else{
echo '<p align="center" class="false">' . $lang['invalid_id'] . '!</p>';
exit();
}
echo '<h1>' . $lang['create_topic'] . '</h1><br>';
if($_SERVER['REQUEST_METHOD'] != 'POST') {
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories
WHERE
cat_id = " . $id;
$result = mysql_query($sql) OR die(mysql_error());
while($row = mysql_fetch_assoc($result)) {
$catename = $row['cat_name'];
}
if(!$result) {
echo '<p>' . $lang['no_selection_db'] . '.</p>';
}else{
if(intval(mysql_num_rows($result)) == 0) {
if($_SESSION['user_level'] == 1) {
echo '<p>' . $lang['no_categories'] . '.</p>';
}else{
echo '<p>' . $lang['first_cat_creation'] . '.</p>';
}
}else{
include_once ('functions/flood.php');
echo '<strong>' . $lang['category'] . ':</strong> <u>' . $catename . '</u>
<form method="post" name="create" action="">
<p><input type="text" class="fields" size="40" maxlength="40" name="topic_subject"> <strong>' . $lang['title'] . '</strong></p>';
echo "<strong>" . $lang['message'] . "</strong><br><textarea name=\"post_content\" class=\"fields_text\"></textarea><br><br>
<p><small>" . $lang['spam_protection_question'] . " *</small><br>
<strong>" . $lang['sum_of'] . " " . $random1 . " + " . $code . " =</strong> <input size=\"5\" name=\"zip\" id=\"Spamschutz\" type=\"text\" class=\"fields\" /><input type=\"hidden\" name=\"zip2\" value=" . $rand_result . "></p>
<p><input type=\"submit\" class=\"button\" value=\"" . $lang['create_topic_button'] . "\" alt=\"" . $lang['create_topic_button'] . "\"></p>
</form>";
}
}
}else{
$query = "BEGIN WORK;";
$result = mysql_query($query) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['error_occurred'] . '.</p>';
}else{
if(sha1($_POST["zip"]) != $_POST["zip2"]) {
echo '<p class="false">' . $lang['invalid_spam'] . '!</p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
}else{
$errors = array();
if(isset($_POST['topic_subject'])) {
if(trim($_POST['topic_subject']) == "") {
$errors[] = '<p>' . $lang['enter_a_title'] . '.</p>';
}
}else{
$errors[] = '<p>' . $lang['enter_a_title'] . '.</p>';
}
if(isset($_POST['post_content'])) {
if(trim($_POST['post_content']) == "") {
$errors[] = '<p>' . $lang['enter_a_text'] . '.</p>';
}
}else{
$errors[] = '<p>' . $lang['enter_a_text'] . '.</p>';
}
if(!empty($errors)) {
echo '<p class="false"><u>' . $lang['not_filled_all'] . '</u></p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
echo '<ul>';
foreach($errors as $key => $value) {
echo '<li>' . $value . '</li>';
}
echo '</ul>';
}else{
$topic_cat = (int)$_GET['id'];
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
'" . $topic_cat . "',
'" . (int)$_SESSION['user_id'] . "'
)";
$result = mysql_query($sql) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['error_occurred'] . '.</p>';
$sql = "ROLLBACK;";
$result = mysql_query($sql) OR die(mysql_error());
}else{
if(sha1($_POST["zip"]) != $_POST["zip2"]) {
echo '<p class="false">' . $lang['invalid_spam'] . '!</p>
<p>[ <a href="create.php?id=' . htmlentities($_GET['id']) . '">' . $lang['back'] . '</a> ]</p>';
}else{
$topicid = mysql_insert_id();
$sql = "INSERT INTO
posts(post_content,
post_date,
post_topic,
post_by)
VALUES ('" . mysql_real_escape_string($_POST['post_content']) . "',
NOW(),
'" . $topicid . "',
'" . (int)$_SESSION['user_id'] . "'
)";
$result = mysql_query($sql) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['couldnot_create_topic'] . '</p>';
echo "<script type=\"text/javascript\">showErrorMessage();</script>";
$sql = "ROLLBACK;";
$result = mysql_query($sql) OR die(mysql_error());
}else{
$sql = "COMMIT;";
$result = mysql_query($sql) OR die(mysql_error());
$autoforward = 3;
echo '<p class="right">' . $lang['success_create_topic'] . '</p>
<p><meta http-equiv="refresh" content="' . $autoforward . '; URL=topic.php?id=' . $topicid . '">
<small>' . $lang['redirected_in'] . ' ' . $autoforward . ' ' . $lang['seconds'] . '...</small></p>';
echo "<script type=\"text/javascript\">showSuccessMessage();</script>";
}
}}}}}}}
echo '<div class="spacer_div"> </div>';
?>
</div>
</div>
<div id="infobox_wrapper">
<div class="infobox">
<?php include('layout/infobox.php'); ?>
</div>
</div>
<?php require('layout/footer.php'); ?>