I am trying to fix a post feature to my boards, and it says its successful but its not entering anything into the database.
It was working fine til added the preview feature. Heres the code.
<html>
<?
# [url]http://www.damakalaka.com/[/url]
#
# Do not alter without permission under penalty of law. BITCH!
include('conf.php');
# --------- Functions --------
# ------------ Go ------------
# ----------- Here -----------
$sql="SELECT * FROM topics WHERE topicid='$topic'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
$board=$myrow['board'];
function getuserid($user)
{
$sql="SELECT * FROM users WHERE username='$user'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
return $myrow["userid"];
}
# Authorizes this is the correct user
function auth($userid, $password) {
$sql="SELECT username FROM users WHERE username='$userid' AND userpass='$password'";
$result=mysql_query($sql);
if(!mysql_num_rows($result)){ return 0;
} else {
$query_data=mysql_fetch_row($result);
return $query_data[0];
}
}
function getplvl($board) {
$sql="SELECT * FROM boards WHERE boardid='$board'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
return $myrow["lvlpost"];
}
function verifypost($userlevel,$blvl,$closed) {
if ($userlevel >= $blvl AND $closed != 1) {
echo "";
} else {
echo "You cannot post here.";
exit;
}
}
function getclosed($topic) {
$sql="SELECT * FROM topics WHERE topicid='$topic'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
return $myrow["closed"];
}
function boardex($topic) {
$sql="SELECT * FROM topics WHERE topicid='$topic'";
$result=mysql_query($sql);
if(!mysql_num_rows($result))
{
return 0;
} else {
return 1;
}
}
function blvl($board) {
$sql="SELECT * FROM boards WHERE boardid='$board'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
return $myrow["boardlevel"];
}
function getlevel($username)
{
$sql="SELECT * FROM users WHERE username='$username'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
return $myrow["level"];
}
function getsig($username)
{
$sql="SELECT * FROM users WHERE username='$username'";
$result=mysql_query($sql);
$myrow=mysql_fetch_array($result);
return $myrow["sig"];
}
# ------------------------------
# ----------- CODE -----------
# ------------------------------
include('top.inc');
$username=auth($uname, $pword);
if(!$username)
{
echo "You are not <a href='login.php'>logged in</a>.";
exit;
}
$userlevel=getlevel($username);
$plvl = getplvl($board);
$blvl = blvl($board);
$boardex = boardex($topic);
$closed = getclosed($topic);
verifypost($userlevel,$blvl,$closed);
if ($boardex == 0){
echo "No such topic.";
exit;
}
if ($submit)
{
if (strlen($message) <= 4)
{
echo "All messages must be at least 5 characters in length.<br>Please go back and try again.";
exit;
} else {
mysql_query("UPDATE users SET lastsid='$thissid' WHERE username='$userid'");
mysql_query("UPDATE users SET posted='1' WHERE username='$userid'");
$result=mysql_query("SELECT * FROM users WHERE lastsid='$thissid'");
$posdate = date('m/d/Y H:i:s');
$postim1 = date('H:i:s');
$posdat1 = date('m/d/Y');
$body=$message;
if ($userlevel<$admin) $body=htmlspecialchars($body);
$body=ereg_replace("\n","<BR>",$body);
$body=ereg_replace("<i>","<I>",$body);
$body=ereg_replace("</i>","</I>",$body);
$body=ereg_replace("<I>","<I>",$body);
$body=ereg_replace("</I>","</I>",$body);
$body=ereg_replace("<b>","<B>",$body);
$body=ereg_replace("</b>","</B>",$body);
$body=ereg_replace("<B>","<B>",$body);
$body=ereg_replace("</B>","</B>",$body);
$body=ereg_replace("<i></i>","",$body);
$body=ereg_replace("<b></b>","",$body);
$body=ereg_replace(" ","",$body);
$body=ereg_replace("<BR><BR>","<BR>",$body);
$body=ereg_replace("\n \n","\n",$body);
$body=ereg_replace("","",$body);
$body=ereg_replace("_","",$body);
$sql="INSERT INTO `messages` (`messby`,`messbody`,`topic`,`posttime`,`postdate`,`board`) VALUES (\"".$uname."\", \"".$body."\", \"".$topic."\", \"".$postim1."\", \"".$posdat1."\",\"".$board."\")";
mysql_query($sql);
$sql="UPDATE `topics` SET lastpost='".$posdate."' WHERE topicid='".$topic."'";
mysql_query($sql);
$sql="UPDATE `boards` SET lastpost='".$posdate."' WHERE boardid='".$board."'";
mysql_query($sql);
echo "Your message has been added.<br>Return to the <a href=message.php?topic=".$topic.">message list</a>.<br>Return to the <a href=message.php?board=".$board.">topic list</a>.";
}} else {
if ($preview){
$body=$message;
if ($userlevel<$admin) $body=htmlspecialchars($body);
$body=ereg_replace("\n","<BR>",$body);
$body=ereg_replace("<i>","<I>",$body);
$body=ereg_replace("</i>","</I>",$body);
$body=ereg_replace("<I>","<I>",$body);
$body=ereg_replace("</I>","</I>",$body);
$body=ereg_replace("<b>","<B>",$body);
$body=ereg_replace("</b>","</B>",$body);
$body=ereg_replace("<B>","<B>",$body);
$body=ereg_replace("</B>","</B>",$body);
$body=ereg_replace("<i></i>","",$body);
$body=ereg_replace("<b></b>","",$body);
$body=ereg_replace(" ","",$body);
$body=ereg_replace("<BR><BR>","<BR>",$body);
$body=ereg_replace("\n \n","\n",$body);
$body=ereg_replace("","",$body);
$body=ereg_replace("_","",$body);
?>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="11%" class=u1><b>Message</b></td>
<td width="89%" class=u2><?=$body?></td>
</tr>
</table>
<form action="post.php?topic=<?=$topic?>" method=post name="form1" id="form1">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr class=p3>
<td colspan=2> <div align="center">Edit your message</div></td>
</tr>
<tr>
<td width="11%"> <p> </p>
<p> </p>
<p> </p>
<p>Message</p>
<p> </p>
<p><br>
<br>
<br>
</p>
<p><br>
</p></td>
<td width="89%">
<p>
<textarea name="message" cols="75" rows="15" id="message"><?= $message ?></textarea>
</p></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="submit" type="submit" id="submit" value="Post">
<input name="preview" type="submit" id="preview" value="Preview Message">
<input type="reset" name="Submit2" value="Reset">
</div></td>
</tr>
</table>
</form>
<br>
<?
} else {
$sig1=getsig($username);
if ($sig1){
$sig2=addslashes($sig1);
$sig="\n\n---\n".$sig2."";
} else {
$sig="";
}
?>
<form action="post.php?topic=<?=$topic?>" method=post name="form1" id="form1">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr class=p3>
<td colspan=2> <div align="center">Create a message</div></td>
</tr>
<tr>
<td width="11%"> <p> </p>
<p> </p>
<p> </p>
<p>Message</p>
<p> </p>
<p><br>
<br>
<br>
</p>
<p><br>
</p></td>
<td width="89%">
<p>
<textarea name="message" cols="75" rows="15" id="message"><?= $sig ?></textarea>
</p></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="submit" type="submit" id="submit" value="Post">
<input name="preview" type="submit" id="preview" value="Preview Message">
<input type="reset" name="Submit2" value="Reset">
</div></td>
</tr>
</table>
</form>
<br>
<?
}}
include('footer.inc');
?>
</html>
