if (isset($_GET['action'])) {
$action = $_GET['action'];
}
$auth = 0;
$status = '';
$title = '';
$body = '';
$thread = 0;
if ("view" == $action) {
$posts = FALSE;
$content = new contentClass();
if (!@$_GET['id'] || !is_numeric($_GET['id'])) {
$status = 'Invalid post id.';
} else {
$thread = $_GET['id'];
$posts = $content->getPost($_GET['id'], TRUE);
if (NULL != $content->error) {
$status = $content->error;
}
}
$templates[] = array('name' => 'post.common', 'vars' => array('content' => $posts['post'], 'error' => $status));
$templates[] = array('name' => 'post.comments', 'vars' => array('comments' => $posts['comments'], 'auth' => $auth, 'thread' => $thread));
renderPage($templates);
// create a new post
} else {
if ("new" == $action) {
// check to see if user is allowed to make posts
if ($_user->getPrivileges($_SESSION['user']['id'], CAN_MAKE_NEW)) {
$auth = 1;
if ("POST" == $_SERVER['REQUEST_METHOD']) {
if (!@empty($_POST['title']) && !@empty($_POST['body'])) {
