Location: PHPKode > scripts > WH Board > wh_board/create.php
<?php require('style/layout/header.php'); ?>

    <div class="content_left">
        <ul id="breadcrumbs">
            <li><a href="index.php"><?php echo $lang['main_page']; ?></a></li>
            <li><a href="create.php" class="actual"><?php echo $lang['create_topic']; ?></a></li>
        </ul>
    </div>
    <div class="content_right"><form method="post" id="search" action="search.php?search">
        <input type="text" name="search" placeholder="<?php echo $lang['enter_search_term']; ?>..." class="searchfield">
        <input type="hidden" name="submit" value="<?php echo $lang['search']; ?>" alt="<?php echo $lang['search']; ?>">
        </form>
    </div>

    <div class="clear"></div>

    <div id="headline">&nbsp;</div>

    <?php

        if(!isset($_SESSION['signed_in'])) {

		echo '<p class="false">' . $lang['only_for_registered'] . '</p>
        <p>' . $lang['you_have_to'] . ' <a href="signin.php">' . $lang['small_signin'] . '</a>. ' . $lang['not_yet'] . ' <a href="signup.php">' . $lang['registered'] . '</a>?</p>';

		}else{

		if((isset($_GET['id'])) && (is_numeric($_GET['id']))) {

		$id = mysql_real_escape_string($_GET['id']);
		$id = intval($_GET['id']);

			}else{

			echo '<p>' . $lang['invalid_id'] . '!</p>';
			exit();
			}

		echo '<h1>' . $lang['create_a_topic'] . '</h1>';

		if($_SERVER['REQUEST_METHOD'] != 'POST') {	

		$sql = "SELECT
					cat_id,
					cat_name,
					cat_description
				FROM
					categories
				WHERE
					cat_id = " . $id;

		$result = mysql_query($sql) OR die(mysql_error());

		while($row = mysql_fetch_assoc($result)) {

    		$catename = htmlentities($row['cat_name']);
    		}

		if(!$result) {

		echo '<p class="false">' . $lang['maynot_topic_cat'] . '</p>' . mysql_error();

			}else{

			if(intval(mysql_num_rows($result)) == 0) {

			if($_SESSION['user_level'] == 1) {

			echo '<p class="false">' . $lang['maynot_topic_cat'] . '</p>';

        		}else{

        		echo '<p class="false">' . $lang['first_create_cats'] . '</p>';
        		}

		}else{

		include_once ('functions/flood.php');

        echo '' . $lang['one_category'] . ': <u>' . $catename . '</u>
        <form method="post" name="create" action="">
        <p><input type="text" class="textfields" size="40" maxlength="40" name="topic_subject"> ' . $lang['title'] . '</p>
        <textarea cols="45" rows="8" name="post_content" id="post_content" class="textareas"></textarea>
        <p><small>' . $lang['spam_protection'] . '*</small><br>
        <strong>' . $lang['the_sum_of'] . ' ' . $random1 . ' + ' . $code . ' =</strong> <input size="5" name="zip" id="Spamschutz" type="text" class="protection"><input type="hidden" name="zip2" value=' . $rand_result . '></p>
        <p><input type="submit" name="submit" value="' . $lang['create_topic'] . '" alt="' . $lang['create_topic']. '" class="buttons"></p>
        <input type="hidden" name="submitted" value="TRUE">
        </form>';
    	}
		}

			}else{

			$query  = "BEGIN WORK;";
			$result = mysql_query($query) OR die(mysql_error());

		if(!$result) {

		echo '<p class="false">' . $lang['error_occured'] . '</p>' . mysql_error();

            }else{

			if(sha1($_POST["zip"]) != $_POST["zip2"]) {

			echo '<p class="false">' . $lang['spam_failed'] . '!</p>
			<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';

		}else{

		$errors = array();

		if(isset($_POST['topic_subject'])) {
		if(trim($_POST['topic_subject']) == "") {
		$errors[] = $lang['enter_a_title'];
		}

			}else{
			$errors[] = $lang['enter_a_title'];
			}

		if(isset($_POST['post_content'])) {
		if(trim($_POST['post_content']) == "") {
		$errors[] = $lang['enter_a_text'];
		}

			}else{
			$errors[] = $lang['enter_a_text'];
			}

		if(!empty($errors)) {

        echo '<p class="false">' . $lang['not_filled_all'] . '</p>
        <p><a href="javascript:history.back();">' . $lang['back'] . '</a></p>';
		echo '<ul>';

		foreach($errors as $key => $value) {
		echo '<li>&#8226; ' . $value . '</li>'; 
		}
		echo '</ul>';

			}else{

			$topic_cat = (int)$_GET['id'];

			$sql = "INSERT INTO 
						topics(topic_subject,
						topic_date,
						topic_cat,
						topic_by)
					VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
						NOW(),
						'" . $topic_cat . "',
						'" . (int)$_SESSION['user_id'] . "'
						)";

			$result = mysql_query($sql) OR die(mysql_error());

		if(!$result) {

		echo '<p class="false">' . $lang['error_occured'] . '</p>';

        $sql = "ROLLBACK;";
		$result = mysql_query($sql) OR die(mysql_error());

			}else{

			if(sha1($_POST["zip"]) != $_POST["zip2"]) {

				echo '<p class="false">' . $lang['spam_failed'] . '!</p>
			    <p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';

		}else{

		$topicid = mysql_insert_id();

		$sql = "INSERT INTO
					posts(post_content,
					post_date,
					post_topic,
					post_by)
				VALUES ('" . mysql_real_escape_string($_POST['post_content']) . "',
					NOW(),
					'" . (int)$topicid . "',
					'" . (int)$_SESSION['user_id'] . "'
					)";

		$result = mysql_query($sql) OR die(mysql_error());

		if(!$result) {

		echo '<p class="false">' . $lang['topic_creation_failed'] . '</p>';

		$sql = "ROLLBACK;";
		$result = mysql_query($sql) OR die(mysql_error());

			}else{

			$sql = "COMMIT;";
			$result = mysql_query($sql) OR die(mysql_error());

			$autoforward = 3;

			echo '<p class="success">' . $lang['topic_creation_success'] . '!</p>
			<p><meta http-equiv="refresh" content="' . $autoforward . '; URL=topic.php?id='. (int)$topicid . '"></p>';
			}
        }

        }}}}}}

	?>

<?php require('style/layout/footer.php'); ?>
Return current item: WH Board