if (isset($_GET['action'])) { $action = $_GET['action']; } $auth = 0; $status = ''; $title = ''; $body = ''; $thread = 0; if ("view" == $action) { $posts = FALSE; $content = new contentClass(); if (!@$_GET['id'] || !is_numeric($_GET['id'])) { $status = 'Invalid post id.'; } else { $thread = $_GET['id']; $posts = $content->getPost($_GET['id'], TRUE); if (NULL != $content->error) { $status = $content->error; } } $templates[] = array('name' => 'post.common', 'vars' => array('content' => $posts['post'], 'error' => $status)); $templates[] = array('name' => 'post.comments', 'vars' => array('comments' => $posts['comments'], 'auth' => $auth, 'thread' => $thread)); renderPage($templates); // create a new post } else { if ("new" == $action) { // check to see if user is allowed to make posts if ($_user->getPrivileges($_SESSION['user']['id'], CAN_MAKE_NEW)) { $auth = 1; if ("POST" == $_SERVER['REQUEST_METHOD']) { if (!@empty($_POST['title']) && !@empty($_POST['body'])) {