Exemplo n.º 1
0
 $topicid = isset($_POST["topicid"]) ? intval($_POST["topicid"]) : false;
 if (!is_valid_id($forumid) && !is_valid_id($topicid)) {
     stderr(ERROR, ERR_FORUM_TOPIC);
 }
 $newtopic = $forumid > 0;
 $subject = isset($_POST["subject"]) ? $_POST["subject"] : false;
 if ($newtopic) {
     $subject = trim($subject);
     if (!$subject) {
         stderr(ERROR, ERR_SUBJECT);
     }
     if (strlen($subject) > $maxsubjectlength) {
         stderr(ERROR, SUBJECT_MAX_CHAR . " " . $maxsubjectlength . " " . CHARACTERS);
     }
 } else {
     $forumid = Cached::get_topic_forum($topicid) or die(ERR_TOPIC_ID);
 }
 //------ Make sure sure user has write access in forum
 $arr = Cached::get_forum_access_levels($forumid) or die(BAD_FORUM_ID);
 if (user::$current["id_level"] < $arr["write"] || $newtopic && user::$current["id_level"] < $arr["create"]) {
     stderr(ERROR, ERR_PERM_DENIED);
 }
 $body = trim($_POST["body"]);
 if ($body == "") {
     stderr(ERROR, ERR_NO_BODY);
 }
 $userid = user::$current["uid"];
 if ($newtopic) {
     //---- Create topic
     $subject = sqlesc(security::html_safe($subject));
     $db->query("UPDATE forums SET topiccount = topiccount + 1 WHERE id = " . $forumid);