58 lines
1.6 KiB
PHP
58 lines
1.6 KiB
PHP
<?php
|
|
$path = $_SERVER['DOCUMENT_ROOT'];
|
|
require_once($path . '/core/database.php');
|
|
|
|
//function for image validation
|
|
function validate_iamge() {
|
|
}
|
|
|
|
// function to handle the creation of a new thread
|
|
function new_thread(string $board_id, string $title, string $username) {
|
|
|
|
$conn = get_database_conn();
|
|
$insert_thread_sql = "INSERT INTO thread (title, user_id, board, posted)
|
|
VALUES (?, (SELECT id FROM user WHERE username = ?), ?, NOW())";
|
|
$stmt = mysqli_prepare($conn, $insert_thread_sql);
|
|
mysqli_stmt_bind_param($stmt, "sss", $title, $username, $board_id);
|
|
mysqli_stmt_execute($stmt);
|
|
|
|
if (mysqli_stmt_affected_rows($stmt) != 1) {
|
|
//todo: handle error
|
|
}
|
|
|
|
//todo: return actual thread id
|
|
}
|
|
|
|
// function to handle the creation of a new post
|
|
function new_post(int $thread_id, string $message, string $username, string $file_path) {
|
|
}
|
|
|
|
// handle non-post requests
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
echo 'this isn\'t for you!';
|
|
header('refresh:1; url=/');
|
|
}
|
|
|
|
if ($_POST['type'] == 'new_thread') {
|
|
// get the variables from the post request
|
|
$title = $_POST['title'] or die('invalid request!');
|
|
$upload = $_POST['upload'] or die('invalid request!');
|
|
$board_id = $_POST['board_id'] or die('invalid request!');
|
|
$message = $_POST['message'] ?? '';
|
|
|
|
// get the posters username
|
|
session_start();
|
|
$username = $_SESSION['username'] or die('not logged in, nice try.');
|
|
|
|
// clean up user input
|
|
$title = htmlspecialchars($title);
|
|
$message = htmlspecialchars($message);
|
|
|
|
//todo: validate the image and move it into the filesystem
|
|
|
|
$thread_id = new_thread($board_id, $title, $username);
|
|
|
|
} elseif ($_POST['type'] == 'thread_reply') {
|
|
} else {
|
|
}
|