Untitled

<?php
include('../functions.php');
include('../config.php');

if(!isset($_COOKIE['user'])) redirect('index.php');

//lets make our id variable
if(isset($_POST['forum']) || !isset($_GET['forum']))
{
    $id = $_POST['forum'];
}
elseif(isset($_GET['forum']) && !isset($_POST['forum']))
{
    $id = $_GET['forum'];
}

//start working
if(!ctype_digit($id))
{
    redirect('index.php');
}
else
{
    //make sure the parent exists
    $query_parent = mysql_query("SELECT `type` FROM `forums` WHERE id = '$id'");
    $ex_parent = mysql_fetch_assoc($query_parent);

    if(mysql_num_rows($query_parent) < 1)
    {
        redirect('index.php');
    }
    elseif($ex_parent['type'] == 2 && acc_status($_COOKIE['user']) < 2)
    {
        $content = '<div class="frame e">Only staff members can create new threads in this section. <a href="viewforum.php?forum='. $id .'">Back</a></div>';
    }
    else
    {
        if(!isset($_POST['forum']) && !isset($_POST['title']) && !isset($_POST['content']))
        {
            (acc_status($_COOKIE['user']) < 3) ? $chars = 2000 : $chars = 20000;

            $content = '
            <div id="nocontrols" class="phold"></div>
            <div id="command">
            <form method="post" action="create.php">
            <input type="hidden" name="forum" value="'. $id .'">
            <table>
            <tr>
                <td class="commandtitle">Thread Title:</td>
                <td class="commandinput"><input size="40" maxlength="30" id="charlimit_text_b" type="text" class="textinput" name="title"/>
                </td>
            </tr>
            <tr>
                <td class="commandtwo" colspan="2">You have <span id="charlimit_count_b">30</span> characters <span id="charlimit_info_b" style="display: none">remaining</span> for your title.</td>
            </tr>
            <tr>
                <td class="commandtwo" colspan="2">
                <textarea id="charlimit_text_a" name="content" rows="20" cols="60"></textarea><br />
                You have <span id="charlimit_count_a">'. $chars .'</span> characters <span id="charlimit_info_a" style="display: none">remaining</span> for your message.</td>
            </tr>
            <tr>
            <td class="commandtwo" colspan="2"><br />
                <input type="submit" name="add" value="Add thread" /> &nbsp; &nbsp;
                <!--<input type="submit" name="preview" value="Preview" /> &nbsp; &nbsp;-->
                <input type="submit" name="cancel" value="Cancel" /> &nbsp; &nbsp;
            </td>
            </tr>
            </table>
            </form>
            </div>';
        }
        else
        {
            $title = mysql_real_escape_string(nl2br(trim($_POST['title'])));

            if(acc_status($_COOKIE['user']) > 2)
            {
                $content = mysql_real_escape_string(nl2br(trim($_POST['content'])));
            }
            else
            {
                $content = mysql_real_escape_string(nl2br(strip_tags(trim($_POST['content']))));
            }

            //lets get the current option
            $flood = mysql_query("SELECT `floodlimit` FROM `floodlimit`");
            $get_flood = mysql_fetch_assoc($flood);

            //lets get the users last post
            $lastpost = mysql_query("SELECT `lastpost` FROM `users` WHERE `username` = '{$_COOKIE['user']}'");
            $get_lastpost = mysql_fetch_assoc($lastpost);

            if(strlen($title) < 3)
            {
                $content =  '<div class="frame e">Your title needs to be at least three characters long.</div>';
            }
            elseif(word_count($content) < 10)
            {
                $content = '<div class="frame e">Your thread needs to be at least ten words.</div>';
            }
            elseif(strlen($content) > 2000 && acc_status($_COOKIE['user']) < 3)
            {
                $content = '<div class="frame e">Your post cannot be greater than 2000 characters.</div>';
            }
            elseif((time()-$get_lastpost['lastpost']) < $get_flood['floodlimit'])
            {
                $content = '<div class="frame e">You must wait '. $get_flood['floodlimit'] .' seconds in-between posts.</div>';
            }
            else
            {
                //if the category type is 2, make the thread automatically hidden
                if($ex_parent['type'] == 3) { $s = 1; } else { $s = 0; }

                //update their lastpost field
                mysql_query("UPDATE `users` SET `lastpost` = '". time() ."' WHERE `username` = '{$_COOKIE['user']}'");

                //insert new thread
                mysql_query("INSERT INTO `threads` VALUES (null, '$id','$title', '$content', '{$_COOKIE['user']}', NOW(), '". qfc() ."', NOW(), '{$_COOKIE['user']}', '','{$_SERVER['REMOTE_ADDR']}', '0', '0', '$s', '')");

                //send them to their new thread
                redirect('viewthread.php?forum='. $id .'&id='. mysql_insert_id());
            }
        }
    }
}
?>