<?php require('style/layout/header.php'); ?>
<div class="content_left">
<ul id="breadcrumbs">
<li><a href="index.php"><?php echo $lang['main_page']; ?></a></li>
<li><a href="create_topic.php" class="actual"><?php echo $lang['create_topic']; ?></a></li>
</ul>
</div>
<div class="content_right"><form method="post" id="search" action="search.php?search">
<input type="text" name="search" placeholder="<?php echo $lang['enter_search_term']; ?>..." class="searchfield">
<input type="hidden" name="submit" value="<?php echo $lang['search']; ?>" alt="<?php echo $lang['search']; ?>">
</form>
</div>
<div class="clear"></div>
<div id="headline"> </div>
<?php
if(!isset($_SESSION['signed_in'])) {
echo '<p class="false">' . $lang['only_for_registered'] . '</p>
<p>' . $lang['you_have_to'] . ' <a href="signin.php">' . $lang['small_signin'] . '</a>. ' . $lang['not_yet'] . ' <a href="signup.php">' . $lang['registered'] . '</a>?</p>';
}else{
echo '<h1>' . $lang['create_a_topic'] . '</h1>';
if($_SERVER['REQUEST_METHOD'] != 'POST') {
$sql = "SELECT
cat_id,
cat_name,
cat_description
FROM
categories";
$result = mysql_query($sql) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['maynot_topic_cat'] . '</p>' . mysql_error();
}else{
if(intval(mysql_num_rows($result)) == 0) {
if($_SESSION['user_level'] == 1) {
echo '<p class="false">' . $lang['maynot_topic_cat'] . '</p>';
}else{
echo '<p class="false">' . $lang['first_create_cats'] . '</p>';
}
}else{
include_once('functions/flood.php');
echo '<form method="post" name="create" action="">
<p><input type="text" class="textfields" size="40" maxlength="40" name="topic_subject"> ' . $lang['title'] . '</p>
<p><select name="topic_cat" class="textfields">';
while($row = mysql_fetch_assoc($result)) {
echo '<option value="' . (int)$row['cat_id'] . '">' . htmlentities($row['cat_name'], ENT_QUOTES) . '</option>';
}
echo '</select> ' . $lang['one_category'] . '</p>
<textarea cols="45" rows="8" name="post_content" id="post_content" class="textareas"></textarea>
<p><small>' . $lang['spam_protection'] . '*</small><br>
<strong>' . $lang['the_sum_of'] . ' ' . $random1 . ' + ' . $code . ' =</strong> <input size="5" name="zip" id="Spamschutz" type="text" class="protection"><input type="hidden" name="zip2" value=' . $rand_result . '></p>
<p><input type="submit" name="submit" value="' . $lang['create_topic'] . '" alt="' . $lang['create_topic'] . '" class="buttons"></p>
<input type="hidden" name="submitted" value="TRUE">
</form>';
}
}
}else{
$query = "BEGIN WORK;";
$result = mysql_query($query) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['error_occured'] . '</p>' . mysql_error();
}else{
if(sha1($_POST["zip"]) != $_POST["zip2"]) {
echo '<p class="false">' . $lang['spam_failed'] . '!</p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
}else{
$errors = array();
if(isset($_POST['topic_subject'])) {
if(trim($_POST['topic_subject']) == "") {
$errors[] = $lang['enter_a_title'];
}
}else{
$errors[] = $lang['enter_a_title'];
}
if(isset($_POST['post_content'])) {
if(trim($_POST['post_content']) == "") {
$errors[] = $lang['enter_a_text'];
}
}else{
$errors[] = $lang['enter_a_text'];
}
if(!empty($errors)) {
echo '<p class="false">' . $lang['not_filled_all'] . '</p>
<p><a href="javascript:history.back();">' . $lang['back'] . '</a></p>';
echo '<ul>';
foreach($errors as $key => $value) {
echo '<li>• ' . $value . '</li>';
}
echo '</ul>';
}else{
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES ('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
'" . mysql_real_escape_string($_POST['topic_cat']) . "',
'" . (int)$_SESSION['user_id'] . "'
)";
$result = mysql_query($sql) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['error_occured'] . '</p>';
$sql = "ROLLBACK;";
$result = mysql_query($sql) OR die(mysql_error());
}else{
if(sha1($_POST["zip"]) != $_POST["zip2"]) {
echo '<p class="false">' . $lang['spam_failed'] . '!</p>
<p>[ <a href="javascript:history.back();">' . $lang['back'] . '</a> ]</p>';
}else{
$topicid = mysql_insert_id();
$sql = "INSERT INTO
posts(post_content,
post_date,
post_topic,
post_by)
VALUES ('" . mysql_real_escape_string($_POST['post_content']) . "',
NOW(),
'" . $topicid . "',
'" . (int)$_SESSION['user_id'] . "'
)";
$result = mysql_query($sql) OR die(mysql_error());
if(!$result) {
echo '<p class="false">' . $lang['topic_creation_failed'] . '</p>';
$sql = "ROLLBACK;";
$result = mysql_query($sql) OR die(mysql_error());
}else{
$sql = "COMMIT;";
$result = mysql_query($sql) OR die(mysql_error());
$autoforward = 3;
echo '<p class="success">' . $lang['topic_creation_success'] . '!</p>
<p><meta http-equiv="refresh" content="' . $autoforward . '; URL=topic.php?id='. $topicid . '"></p>';
}
}
}}}}}}
?>
<?php require('style/layout/footer.php'); ?>