2.7. Adding Posts

The next thing that needs to be provided for is a way for users to post new messages to the forums and have them saved in the database. This is the purpose of add_post.php. Again, it should only be made available to users who have logged in.

Two parameters may be passed in the URL when calling the script. Minimally, you should provide the id of the forum (fid). If the id of a parent message is also passed (mid) then it will be aggregated as a thread. Otherwise the parent message id will default to 0 marking the post as the start of a new thread.

include '401.php';

$user = User::getById($_SESSION['userId']);
if (!$user->userId)
{
    die('<p>Sorry, you must be logged in to post.</p>'),
}

$forum_id = (isset($_GET['fid'])) ? (int)$_GET['fid'] : 0;
$query = sprintf('SELECT FORUM_ID FROM %sFORUM WHERE FORUM_ID = %d',
    DB_TBL_PREFIX, $forum_id);
$result = mysql_query($query, $GLOBALS['DB']);
if (!mysql_num_rows($result))
{
    mysql_free_result($result);
    mysql_close($GLOBALS['DB']);
    die('<p>Invalid forum id.</p>'),
}
mysql_free_result($result);

$msg_id = (isset($_GET['mid'])) ? (int)$_GET['mid'] : 0;
$query = sprintf('SELECT MESSAGE_ID FROM %sFORUM_MESSAGE WHERE ' .
    'MESSAGE_ID = %d', DB_TBL_PREFIX, $msg_id);
$result = mysql_query($query, $GLOBALS['DB']);
if ($msg_id && !mysql_num_rows($result))
{
    mysql_free_result($result);
    mysql_close($GLOBALS['DB']);
    die('<p>Invalid forum id.</p>'),
}
mysql_free_result($result);

The displayed form should collect the message information from the user.

<form method="post"
 action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) . '?fid=' .
 $forum_id . '&mid=' . $msg_id; ?>">
 <div>
  <label for="msg_subject">Subject:</label>
  <input type="input" id="msg_subject" name="msg_subject"/></br>
  <label for="msg_text">Post:</label>
  <textarea id="msg_text" name="msg_text"><textarea>
  <br/>
  <input type="hidden" name="submitted" value="true"/>
  <input type="submit" value="Create"/>
</div>
</form>

Once the form has been submitted back to add_post.php, the incoming values are validated to make sure they exist and added to the database. The user is then redirected back to the forum to view his or her recently posted message.

Here is the full code for public_files/add_post.php:

<?php
// include shared code
include '../lib/common.php';
include '../lib/db.php';
include '../lib/functions.php';
include '../lib/User.php';

// include 401 file because user should be logged in to access this page
include '401.php';

// retrieve user information
$user = User::getById($_SESSION['userId']);
if (!$user->userId)
{
    die('<p>Sorry, you must be logged in to post.</p>'),
}

// validate incoming values
$forum_id = (isset($_GET['fid'])) ? (int)$_GET['fid'] : 0;
$query = sprintf('SELECT FORUM_ID FROM %sFORUM WHERE FORUM_ID = %d',
    DB_TBL_PREFIX, $forum_id);
$result = mysql_query($query, $GLOBALS['DB']);
if (!mysql_num_rows($result))
{
    mysql_free_result($result);
    mysql_close($GLOBALS['DB']);
    die('<p>Invalid forum id.</p>'),
}
mysql_free_result($result);

$msg_id = (isset($_GET['mid'])) ? (int)$_GET['mid'] : 0;
$query = sprintf('SELECT MESSAGE_ID FROM %sFORUM_MESSAGE WHERE ' .
    'MESSAGE_ID = %d', DB_TBL_PREFIX, $msg_id);
$result = mysql_query($query, $GLOBALS['DB']);
if ($msg_id && !mysql_num_rows($result))
{
    mysql_free_result($result);
    mysql_close($GLOBALS['DB']);
    die('<p>Invalid forum id.</p>'),
}
mysql_free_result($result);

$msg_subject = (isset($_POST['msg_subject'])) ?
    trim($_POST['msg_subject']) : '';
$msg_text = (isset($_POST['msg_text'])) ? trim($_POST['msg_text']) : '';

// add entry to the database if the form was submitted and the necessary
// values were supplied in the form

if (isset($_POST['submitted']) && $msg_subject && $msg_text)
{
    $query = sprintf('INSERT INTO %sFORUM_MESSAGE (SUBJECT, ' .
        'MESSAGE_TEXT, PARENT_MESSAGE_ID, FORUM_ID, USER_ID) VALUES ' .
        '("%s", "%s", %d, %d, %d)', DB_TBL_PREFIX,
        mysql_real_escape_string($msg_subject, $GLOBALS['DB']),
        mysql_real_escape_string($msg_text, $GLOBALS['DB']),
        $msg_id, $forum_id, $user->userId);
    mysql_query($query, $GLOBALS['DB']);
    // redirect
    header('Location: view.php?fid=' . $forum_id . (($msg_id) ?
        '&mid=' . $msg_id : ''));
}

// form was submitted but not all the information was correctly filled in
else if (isset($_POST['submitted']))
{
    $message = '<p>Not all information was provided. Please correct ' .
        'and resubmit.</p>';
}

// generate the form
ob_start();
if (isset($message))
{
    echo $message;
}
?>
<form method="post"
 action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) . '?fid=' .
 $forum_id . '&mid=' . $msg_id; ?>">
 <div>
  <label for="msg_subject">Subject:</label>
  <input type="input" id="msg_subject" name="msg_subject" value="<?php
   echo htmlspecialchars($msg_subject); ?>"/><br/>
  <label for="msg_text">Post:</label>
  <textarea id="msg_text" name="msg_text"><?php
   echo htmlspecialchars($msg_text); ?></textarea>
  <br/>
  <input type="hidden" name="submitted" value="true"/>
  <input type="submit" value="Create"/>
 </div>
</form>
<?php
$GLOBALS['TEMPLATE']['content'] = ob_get_clean();

// display the page
include '../templates/template-page.php';
?>

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.26.149