here's the page, please ignore the messy, unsecure code and lack of descriptive comments, I'm pretty inexperienced.
Code: Select all
<?php
include('includes/header.php');
if($isLogin != 1) {
NULL;
} else {
if(isset($_POST['submit'])) {
//validate the forum
$doesExist = doesExist($_POST['thread'], "threads", "id");
if($doesExist == 0) {
//invalid forum error
echo "You either don't have permission to post in this thread, or it doesn't exist!";
} else {
$doesExist = doesExist($_POST['reply'], "replies", "id");
if($_POST['reply'] == "thread") {
$doesExist = 1;
}
if($doesExist == 0) {
//invalid forum error
echo "You either don't have permission to reply to this post, or it doesn't exist!";
} else {
//sanitize subject and message
$subject = sanitize($_POST['subject']);
$message = sanitize($_POST['message']);
$subject = strip_tags($subject);
$message = strip_tags_attributes($message,'<blockquote><hr><br><strong><em><a><font><span><img>','href,style,color,src,alt,size');
//get the date
$date = date("j-n-Y g:i a");
//send the message
$query = "INSERT INTO replies VALUES(NULL, '" . $_POST['thread'] . "', '" . $_POST['reply'] . "', '" . $_COOKIE['greenuser'] . "', '" . $date . "', '" . $subject . "', '" . $message . "')";
mysql_query($query) or die(mysql_error());
$query2 = "UPDATE threads SET lastposter = '" . $_COOKIE['greenuser'] . "', lastpostdate = '" . $date . "', replies = replies +1 WHERE id = '" . $_POST['thread'] . "'";
mysql_query($query2) or die(mysql_error());
$query3 = "UPDATE profile SET posts = posts +1 WHERE id = '" . $_COOKIE['greenuser'] . "'";
mysql_query($query3) or die(mysql_error());
echo "<META http-equiv=\"refresh\" content=\"0;URL=thread.php?id=" . $_POST['thread'] . "#" . $_POST['reply'] . "\">";
}
}
}
//get the message details
$query4 = "SELECT * FROM threads WHERE id = '" . $_REQUEST['threadId'] . "'";
$thread = mysql_fetch_array(mysql_query($query4)) or die(mysql_error());
//get the reply to details
$query5 = "SELECT * FROM replies WHERE id = '" . $_REQUEST['replyToId'] . "'";
$reply = mysql_fetch_array(mysql_query($query5)) or die(mysql_error());
$getUser = getUser($reply['author']);
?>
<script type="text/javascript">
function quoteMessage(){
var quote = document.getElementById('quote').value;
document.getElementById('message').innerHTML = quote;
}
</script>
<br />
<input type="hidden" name="quote" id="quote" value="<?php echo "<blockquote><hr>" . $getUser['username'] . " wrote:<br />" . $reply['message'] . "<hr></blockquote>"; ?>" />
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" >
<input type="hidden" name="thread" value="<?php echo $_REQUEST['threadId']; ?>" />
<input type="hidden" name="reply" value="<?php echo $_REQUEST['replyToId']; ?>" />
<strong>Subj: </strong><input type="text" name="subject" value="<?php echo $thread['subject']; ?>" /><br />
<strong>Message: </strong> <input type="button" onclick="quoteMessage()" value="Quote Message" /><br />
<textarea name="message" id="message" rows="20" cols="50"></textarea><br />
<input type="submit" name="submit" value="Post Thread" />
</form>
<?php
//end
}
?>