if (isset($_GET['from']) && !isset($_POST['from'])) { $from = $_GET['from']; } else { if (!isset($_GET['from']) && isset($_POST['from'])) { $from = $_POST['from']; } else { echo 'error'; header('Location: ./index.php'); } } if ($from == "add") { if ($_POST['send']) { if (isset($_SESSION['user'])) { if ($dev->isConnected($_SESSION['user']['username'], $_SESSION['user']['password'], $_SESSION['user']['session_id'])) { if ($dev->getForumAdminLevel($_POST['forum']) <= $dev->getAdminLevel($dev->getId($_SESSION['user']['username']))) { $sql = "INSERT INTO `web_threads`(`id`, `forum_id`, `title`, `uuid_author`, `stucked`, `valid`) VALUES ('" . ($dev->getLastThreadID() + 1) . "','" . $_POST['forum'] . "', '" . utf8_decode(addslashes($_POST['title'])) . "', '" . $dev->getId($_SESSION['user']['username']) . "','0','1');"; $sql2 = "INSERT INTO `web_messages`(`uuid_author`, `content`, `thread_id`) VALUES ('" . $dev->getId($_SESSION['user']['username']) . "', '" . addslashes(utf8_decode($_POST['bbcode_field'])) . "','" . ($dev->getLastThreadID() + 1) . "')"; $db2 = new PDO('mysql:host=' . $mysql_hostname . ';dbname=' . $mysql_database, $mysql_username, $mysql_password); $req2 = $db2->prepare($sql . $sql2); $req2->execute(); //var_dump($req2->errorInfo()); Header(sprintf('Location: ./forum_thread.php?id=%d', $dev->getLastThreadID())); } } else { unset($_SESSION['user']); header('Location: ./index.php'); } } else { header('Location: ./index.php'); } }