public function actionCreate($id) { $forum = Forum::model()->findByPk($id); if (null == $forum) { throw new CHttpException(404, 'Forum not found.'); } if ($forum->is_locked && (Yii::app()->user->isGuest || !Yii::app()->user->isForumAdmin())) { throw new CHttpException(403, 'Forum is locked.'); } $model = new PostForm(); $model->setScenario('create'); // This makes subject required if (isset($_POST['PostForm'])) { if (!isset($_POST['YII_CSRF_TOKEN']) || $_POST['YII_CSRF_TOKEN'] != Yii::app()->getRequest()->getCsrfToken()) { throw new CHttpException(400, 'Invalid request. Please do not repeat this request again.'); } $model->attributes = $_POST['PostForm']; if ($model->validate()) { $thread = new Thread(); $thread->forum_id = $forum->id; $thread->subject = $model->subject; $thread->author_id = Yii::app()->user->id; $thread->lastPost_user_id = Yii::app()->user->id; $thread->lastPost_time = time(); $thread->save(false); $post = new Post(); $post->author_id = Yii::app()->user->id; $post->thread_id = $thread->id; $post->content = $model->content; $post->save(false); $this->redirect($thread->url); } } $this->render('newThread', array('forum' => $forum, 'model' => $model)); }