Location: PHPKode > projects > WH Community > wh_community/create.php
<?php require('layout/header.php'); ?>

    <script type="text/javascript">
    	function insert(was) {
    	document.create.post_content.value += was + " ";
    	document.create.post_content.focus();
    	}
    </script>
    
    <script type="text/javascript">
    	function showSuccessMessage() {
    	showNotification({
    	type : "success",
    	message: "<?php echo $lang['success_create_topic']; ?>"
    	});    
        }                                
    
    function showErrorMessage() {
    	showNotification({
    	type : "error",
    	message: "<?php echo $lang['couldnot_create_topic']; ?>"
    	});    
        }                                
    </script>

<div id="content_wrapper">
    <div class="content"><?php

        if(!isset($_SESSION['signed_in'])) {
        
		echo '<p class="false">' . $lang['just_for_users'] . '!</p>
              <p>' . $lang['you_need_to'] . ' <a href="signin.php">' . $lang['signin_s'] . '</a>.
              - ' . $lang['not_yet'] . ' <a href="signup.php">' . $lang['registered'] . '</a>?</p>';

		}else{

		if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {
		
		$id = mysql_real_escape_string($_GET['id']);
		$id = intval($_GET['id']);
		
			}else{
			
			echo '<p align="center" class="false">' . $lang['invalid_id'] . '!</p>';
			exit();
			}

		echo '<h1>' . $lang['create_topic'] . '</h1><br>';
		
		if($_SERVER['REQUEST_METHOD'] != 'POST') {	
	
		$sql = "SELECT
					cat_id,
					cat_name,
					cat_description
				FROM
					categories
				WHERE
					cat_id = " . $id;
	
		$result = mysql_query($sql) OR die(mysql_error());
		
		while($row = mysql_fetch_assoc($result)) {
		
    		$catename = $row['cat_name'];
    		}
		
		if(!$result) {
		
		echo '<p>' . $lang['no_selection_db'] . '.</p>';
		
			}else{
		
			if(intval(mysql_num_rows($result)) == 0) {
			
			if($_SESSION['user_level'] == 1) {
			
			echo '<p>' . $lang['no_categories'] . '.</p>';
		
        		}else{
        		
        		echo '<p>' . $lang['first_cat_creation'] . '.</p>';
        		}
		
		}else{
		
		include_once ('functions/flood.php');
		
		echo '<strong>' . $lang['category'] . ':</strong> <u>' . $catename . '</u>
		      <form method="post" name="create" action="">
		      <p><input type="text" class="fields" size="40" maxlength="40" name="topic_subject"> <strong>' . $lang['title'] . '</strong></p>';
		echo "<strong>" . $lang['message'] . "</strong><br><textarea name=\"post_content\" class=\"fields_text\"></textarea><br><br>
    		  <p><small>" . $lang['spam_protection_question'] . " *</small><br>
    		  <strong>" . $lang['sum_of'] . " " . $random1 . " + " . $code . " =</strong> <input size=\"5\" name=\"zip\" id=\"Spamschutz\" type=\"text\" class=\"fields\" /><input type=\"hidden\" name=\"zip2\" value=" . $rand_result . "></p>
    		  <p><input type=\"submit\" class=\"button\" value=\"" . $lang['create_topic_button'] . "\" alt=\"" . $lang['create_topic_button'] . "\"></p>
    		  </form>";
    		  }
		}
		
			}else{
		
			$query  = "BEGIN WORK;";
			$result = mysql_query($query) OR die(mysql_error());
		
		if(!$result) {
		
		echo '<p class="false">' . $lang['error_occurred'] . '.</p>';
			
            }else{
		
			if(sha1($_POST["zip"]) != $_POST["zip2"]) {
		
			echo '<p class="false">' . $lang['invalid_spam'] . '!</p>
			      <p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
		
		}else{
		
		$errors = array();
		
		if(isset($_POST['topic_subject'])) {
		if(trim($_POST['topic_subject']) == "") {
		$errors[] = '<p>' . $lang['enter_a_title'] . '.</p>';
		}
		
			}else{
			$errors[] = '<p>' . $lang['enter_a_title'] . '.</p>';
			}
		
		if(isset($_POST['post_content'])) {
		if(trim($_POST['post_content']) == "") {
		$errors[] = '<p>' . $lang['enter_a_text'] . '.</p>';
		}
		
			}else{
			$errors[] = '<p>' . $lang['enter_a_text'] . '.</p>';
			}
		
		if(!empty($errors)) {
		
		echo '<p class="false"><u>' . $lang['not_filled_all'] . '</u></p>
		      <p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
		echo '<ul>';
		
		foreach($errors as $key => $value) {
		echo '<li>' . $value . '</li>'; 
		}
		echo '</ul>';
		
			}else{
		
			$topic_cat = (int)$_GET['id'];
		
			$sql = "INSERT INTO 
						topics(topic_subject,
						topic_date,
						topic_cat,
						topic_by)
					VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
						NOW(),
						'" . $topic_cat . "',
						'" . (int)$_SESSION['user_id'] . "'
						)";
		
			$result = mysql_query($sql) OR die(mysql_error());
		
		if(!$result) {
		
		echo '<p class="false">' . $lang['error_occurred'] . '.</p>';
		
        $sql = "ROLLBACK;";
		$result = mysql_query($sql) OR die(mysql_error());
		
			}else{
		
			if(sha1($_POST["zip"]) != $_POST["zip2"]) {
		
			echo '<p class="false">' . $lang['invalid_spam'] . '!</p>
			      <p>[ <a href="create.php?id=' . htmlentities($_GET['id']) . '">' . $lang['back'] . '</a> ]</p>';
		
		}else{
		
		$topicid = mysql_insert_id();
		
		$sql = "INSERT INTO
					posts(post_content,
					post_date,
					post_topic,
					post_by)
				VALUES ('" . mysql_real_escape_string($_POST['post_content']) . "',
					NOW(),
					'" . $topicid . "',
					'" . (int)$_SESSION['user_id'] . "'
					)";
		
		$result = mysql_query($sql) OR die(mysql_error());
		
		if(!$result) {
		
		echo '<p class="false">' . $lang['couldnot_create_topic'] . '</p>';
		echo "<script type=\"text/javascript\">showErrorMessage();</script>";
		
		$sql = "ROLLBACK;";
		$result = mysql_query($sql) OR die(mysql_error());
		
			}else{
		
			$sql = "COMMIT;";
			$result = mysql_query($sql) OR die(mysql_error());
		
			$autoforward = 3;
			
			echo '<p class="right">' . $lang['success_create_topic'] . '</p>
			      <p><meta http-equiv="refresh" content="' . $autoforward . '; URL=topic.php?id=' . $topicid . '">
			      <small>' . $lang['redirected_in'] . ' ' . $autoforward . ' ' . $lang['seconds'] . '...</small></p>';
			echo "<script type=\"text/javascript\">showSuccessMessage();</script>";
			}
		
		}}}}}}}
		
		echo '<div class="spacer_div">&nbsp;</div>';

		?>
    </div>
</div>

<div id="infobox_wrapper">
    <div class="infobox">
        <?php include('layout/infobox.php'); ?>
    </div>
</div>

<?php require('layout/footer.php'); ?>
Return current item: WH Community