From a3b604243b5347fab24e9d9d31380362d489dc6d Mon Sep 17 00:00:00 2001 From: Savetheinternet Date: Tue, 30 Nov 2010 23:12:54 +1100 Subject: [PATCH] Check if thread exists before posting. --- inc/config.php | 1 + inc/functions.php | 18 +++++++++++++++++- post.php | 2 ++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 107f1cbc..f7ab10d6 100644 --- a/inc/config.php +++ b/inc/config.php @@ -49,6 +49,7 @@ define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); define('ERROR_FILEEXT', 'Unsupported image format.', true); define('ERROR_NOBOARD', 'Invalid board!', true); + define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes
Your file\'s size: %filesz% bytes', true); diff --git a/inc/functions.php b/inc/functions.php index c4fd77dd..453f5146 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -44,13 +44,29 @@ function openBoard($uri) { global $sql; - $boards_res = mysql_query(sprintf("SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", mysql_real_escape_string($uri)), $sql) or error(mysql_error($sql)); + $boards_res = mysql_query(sprintf( + "SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", + mysql_real_escape_string($uri) + ), $sql) or error(mysql_error($sql)); + if($_board = mysql_fetch_array($boards_res)) { setupBoard($_board); return true; } else return false; } + function threadExists($id) { + global $sql; + $thread_res = mysql_query(sprintf( + "SELECT 1 FROM `posts` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1", + $id + ), $sql) or error(mysql_error($sql)); + + if(mysql_num_rows($thread_res) > 0) { + return true; + } else return false; + } + function post($post, $OP) { global $sql, $board; if($OP) { diff --git a/post.php b/post.php index d5cb9d13..bdc4819f 100644 --- a/post.php +++ b/post.php @@ -83,6 +83,8 @@ sql_open(); if(!openBoard($post['board'])) error(ERROR_NOBOARD); + if(!$OP && !threadExists($post['thread'])) + error(ERROR_NONEXISTANT); $trip = generate_tripcode($post['name']); $post['name'] = $trip[0];