$topicid = isset($_POST["topicid"]) ? intval($_POST["topicid"]) : false; if (!is_valid_id($forumid) && !is_valid_id($topicid)) { stderr(ERROR, ERR_FORUM_TOPIC); } $newtopic = $forumid > 0; $subject = isset($_POST["subject"]) ? $_POST["subject"] : false; if ($newtopic) { $subject = trim($subject); if (!$subject) { stderr(ERROR, ERR_SUBJECT); } if (strlen($subject) > $maxsubjectlength) { stderr(ERROR, SUBJECT_MAX_CHAR . " " . $maxsubjectlength . " " . CHARACTERS); } } else { $forumid = Cached::get_topic_forum($topicid) or die(ERR_TOPIC_ID); } //------ Make sure sure user has write access in forum $arr = Cached::get_forum_access_levels($forumid) or die(BAD_FORUM_ID); if (user::$current["id_level"] < $arr["write"] || $newtopic && user::$current["id_level"] < $arr["create"]) { stderr(ERROR, ERR_PERM_DENIED); } $body = trim($_POST["body"]); if ($body == "") { stderr(ERROR, ERR_NO_BODY); } $userid = user::$current["uid"]; if ($newtopic) { //---- Create topic $subject = sqlesc(security::html_safe($subject)); $db->query("UPDATE forums SET topiccount = topiccount + 1 WHERE id = " . $forumid);