Check if thread exists before posting.

This commit is contained in:
Savetheinternet 2010-11-30 23:12:54 +11:00 committed by Paul Merrill
parent e66c1e7f8d
commit a3b604243b
3 changed files with 20 additions and 1 deletions

View File

@ -49,6 +49,7 @@
define('ERROR_NOMOVE', 'The server failed to handle your upload.', true); define('ERROR_NOMOVE', 'The server failed to handle your upload.', true);
define('ERROR_FILEEXT', 'Unsupported image format.', true); define('ERROR_FILEEXT', 'Unsupported image format.', true);
define('ERROR_NOBOARD', 'Invalid board!', true); define('ERROR_NOBOARD', 'Invalid board!', true);
define('ERROR_NONEXISTANT', 'Thread specified does not exist.', true);
define('ERROR_NOPOST', 'You didn\'t make a post.', true); define('ERROR_NOPOST', 'You didn\'t make a post.', true);
define('ERR_INVALIDIMG','Invalid image.', true); define('ERR_INVALIDIMG','Invalid image.', true);
define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true); define('ERR_FILESIZE', 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes', true);

View File

@ -44,13 +44,29 @@
function openBoard($uri) { function openBoard($uri) {
global $sql; global $sql;
$boards_res = mysql_query(sprintf("SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1", mysql_real_escape_string($uri)), $sql) or error(mysql_error($sql)); $boards_res = mysql_query(sprintf(
"SELECT * FROM `boards` WHERE `uri` = '%s' LIMIT 1",
mysql_real_escape_string($uri)
), $sql) or error(mysql_error($sql));
if($_board = mysql_fetch_array($boards_res)) { if($_board = mysql_fetch_array($boards_res)) {
setupBoard($_board); setupBoard($_board);
return true; return true;
} else return false; } else return false;
} }
function threadExists($id) {
global $sql;
$thread_res = mysql_query(sprintf(
"SELECT 1 FROM `posts` WHERE `id` = '%d' AND `thread` IS NULL LIMIT 1",
$id
), $sql) or error(mysql_error($sql));
if(mysql_num_rows($thread_res) > 0) {
return true;
} else return false;
}
function post($post, $OP) { function post($post, $OP) {
global $sql, $board; global $sql, $board;
if($OP) { if($OP) {

View File

@ -83,6 +83,8 @@
sql_open(); sql_open();
if(!openBoard($post['board'])) error(ERROR_NOBOARD); if(!openBoard($post['board'])) error(ERROR_NOBOARD);
if(!$OP && !threadExists($post['thread']))
error(ERROR_NONEXISTANT);
$trip = generate_tripcode($post['name']); $trip = generate_tripcode($post['name']);
$post['name'] = $trip[0]; $post['name'] = $trip[0];