0

Below is my post script. I'm trying to make it have a flood check (or something to stop people from spamming and crashing my servers) and my solution is to make a message appear saying "You've posted" when they hit the Post button. I tried adding Javascript alerts in multiple places, but it won't appear... any help? ;o

<?php

if(!$_SESSION['uid']){
    header("Location: index.php");
}

if(!$_POST['submit']){
    echo "Invalid usage of file";
}else {
    $tid = mss($_GET['id']);
    $msg = mss($_POST['reply']);
    
    if(!$tid){
        echo "You did not supply a topic to add a reply to";
    }else {
        $sql = "SELECT * FROM `forum_topics` WHERE `id`='".$tid."'";
        $res = mysql_query($sql) or die(mysql_error());
        if(mysql_num_rows($res) == 0){
            echo "This topic does not exist";
        }else {
            $row = mysql_fetch_assoc($res);
            $sql2 = "SELECT admin FROM `forum_sub_cats` WHERE `id`='".$row['cid']."'";
            $res2 = mysql_query($sql2) or die(mysql_error());
            $row2 = mysql_fetch_assoc($res2);
            if($row2['admin'] == 1 && $admin_user_level == 0){
                echo "You do not have sufficient priveleges to add a reply to this topic";
            }else {
                if(!$msg){
                    echo "You did not supply a reply";
                }else {
                    if(strlen($msg) < 10 || strlen($msg) > 10000){
                        echo "Your reply must be between 10 and 10,000 characters!";
                    }else {
                   
                        $date = date("m-d-y") . " at " . date("h:i:s");
                        $time = time();
                        $sql3 = "INSERT INTO `forum_replies` (`tid`,`uid`,`message`,`date`,`time`) VALUES('".$tid."','".$_SESSION['uid']."','".$msg."','".$date."','".$time."')";
                        $res3 = mysql_query($sql3) or die(mysql_error());
                        $sql4 = "UPDATE `forum_topics` SET `time`='".time()."' WHERE `id`='".$tid."'";
                        $res4 = mysql_query($sql4) or die(mysql_error()); 
                        
                        header("Location: ./index.php?act=topic&id=".$tid);
                      
                    }
                }
            }
        }
    }
}

?>
2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by SikoSoft
0

Where is the rest of the code for this - like the code where you have the javascript alert(), and the actual code for the form itself?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.