-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate.php
110 lines (100 loc) · 4.88 KB
/
create.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Create Post | O Blog</title>
<?php
session_start();
include("connect.php"); ?>
<link rel="icon" type="image/x-icon" href="img/o_favicon.png">
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<header>
<div class="navbar-icon">
<a href="index.php" style="text-decoration: none; display: flex; align-items: center;">
<img src="img/o_favicon.png">
<h1>Blog</h1>
</a>
</div>
<?php
include("nav.php");
?>
</header>
<main>
<?php
if (isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == true) {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$title = mysqli_real_escape_string($checkdb, $_POST["postTitle"]);
$content = mysqli_real_escape_string($checkdb, $_POST["postContent"]);
$category = mysqli_real_escape_string($checkdb, $_POST["postCategory"]);
$userId = $_SESSION["userid"];
if (!empty($title) && !empty($content) && !empty($category)) {
$categoryQuery = mysqli_query($checkdb, "SELECT id FROM category WHERE category = '$category'");
if (mysqli_num_rows($categoryQuery) == 1) {
$categoryRow = mysqli_fetch_assoc($categoryQuery);
$categoryId = $categoryRow["id"];
$postQuery = mysqli_query($checkdb, "SELECT * FROM post WHERE title = '$title'");
if (mysqli_num_rows($postQuery) == 0) {
$insertQuery = mysqli_query($checkdb, "INSERT INTO post (title, text, authorid, categoryid) VALUES ('$title', '$content', '$userId', '$categoryId')");
if ($insertQuery) {
header("Location: my-posts.php");
exit;
} else {
echo "An error occurred while creating the post.";
}
} else {
$_SESSION["error"] = true;
header("Location: create.php");
exit;
}
} else {
$_SESSION["error"] = true;
header("Location: create.php");
exit;
}
} else {
$_SESSION["error"] = true;
header("Location: create.php");
exit;
}
} else {
echo "<h1 class='page-title-custom'>Create Content</h1>";
$categoryQuery = mysqli_query($checkdb, "SELECT * FROM category");
if (mysqli_num_rows($categoryQuery) == 0) {
echo "<p class='error-message-custom'>ERROR: The site is undergoing maintenance.</p>";
} else {
echo "<p class='welcome-message-custom'><b>" . $_SESSION["username"] . "</b>, you can write your article and share your ideas with the world.</p>";
echo "<p class='error-message-custom'>To create a post, please fill out the form below.</p>";
echo "<div class='form-container-custom'>";
echo "<form action='" . htmlspecialchars($_SERVER["PHP_SELF"]) . "' method='POST'>";
echo "<input type='text' name='postTitle' placeholder='Title' class='form-title-custom' maxlength='100' required><br><br>";
echo "<textarea name='postContent' placeholder='Content' class='form-text-custom' maxlength='3500' required></textarea><br><br>";
echo "<b>Category:</b> <select name='postCategory' class='form-check-custom'>";
echo "<option value='0'>Select</option>";
while ($category = mysqli_fetch_assoc($categoryQuery)) {
echo "<option value='" . $category["category"] . "'>" . $category["category"] . "</option>";
}
echo "</select><br><br>";
echo "<input type='submit' value='Create' class='submit-button-custom'>";
echo "</form>";
echo "</div>";
}
if (isset($_SESSION["error"]) && $_SESSION["error"] == true) {
$_SESSION["error"] = false;
echo "<p class='error-message-custom'>* Please fill in all fields to create a post.</p><br>";
}
}
} else {
header("Location: login.php");
exit;
}
?>
</main>
<?php
include("footer.php");
?>
</body>
</html>