| Linux premium274.web-hosting.com 4.18.0-553.45.1.lve.el8.x86_64 #1 SMP Wed Mar 26 12:08:09 UTC 2025 x86_64 Path : /home/whagcoha/ledger.mwagalwaservices.com/ |
| Current File : /home/whagcoha/ledger.mwagalwaservices.com/forum.php |
<?php
if ((!isset($_SESSION['gen256'])) ) {
echo "<script>
window.open('login.php','_self');
</script>";
}
?>
<?php
include 'dbconfig/db.php';
// Only logged-in users
if(!isset($_SESSION['gen256']['id'])){
echo "<div class='alert alert-warning text-center mt-4'>Please login to use the forum.</div>";
exit;
}
$user_id = $_SESSION['gen256']['id'];
// Handle new post
if(isset($_POST['new_post'])){
$title = mysqli_real_escape_string($conn, $_POST['title']);
$content = mysqli_real_escape_string($conn, $_POST['content']);
mysqli_query($conn, "INSERT INTO forum_posts(user_id,title,content) VALUES('$user_id','$title','$content')");
}
// Handle edit post
if(isset($_POST['edit_post'])){
$post_id = intval($_POST['post_id']);
$title = mysqli_real_escape_string($conn, $_POST['title']);
$content = mysqli_real_escape_string($conn, $_POST['content']);
mysqli_query($conn, "UPDATE forum_posts SET title='$title', content='$content' WHERE id='$post_id' AND user_id='$user_id'");
}
// Handle delete post
if(isset($_GET['delete_post'])){
$post_id = intval($_GET['delete_post']);
mysqli_query($conn, "DELETE FROM forum_posts WHERE id='$post_id' AND user_id='$user_id'");
}
// Handle new comment
if(isset($_POST['new_comment'])){
$post_id = intval($_POST['post_id']);
$comment = mysqli_real_escape_string($conn, $_POST['comment']);
mysqli_query($conn, "INSERT INTO forum_comments(post_id,user_id,comment) VALUES('$post_id','$user_id','$comment')");
}
// Handle edit comment
if(isset($_POST['edit_comment'])){
$comment_id = intval($_POST['comment_id']);
$comment = mysqli_real_escape_string($conn, $_POST['comment']);
mysqli_query($conn, "UPDATE forum_comments SET comment='$comment' WHERE id='$comment_id' AND user_id='$user_id'");
}
// Handle delete comment
if(isset($_GET['delete_comment'])){
$comment_id = intval($_GET['delete_comment']);
mysqli_query($conn, "DELETE FROM forum_comments WHERE id='$comment_id' AND user_id='$user_id'");
}
// Fetch all posts
$posts = mysqli_query($conn, "SELECT p.*, u.fname, u.oname FROM forum_posts p
JOIN users u ON p.user_id=u.id ORDER BY p.created_at DESC");
?>
<div class="container mt-4">
<h2 class="mb-4">📢 Forum</h2>
<!-- New Post Form -->
<div class="card mb-4 shadow-sm">
<div class="card-body">
<h5 class="card-title">Create a New Post</h5>
<form method="POST">
<div class="mb-3">
<input type="text" name="title" class="form-control" placeholder="Post Title" required>
</div>
<div class="mb-3">
<textarea name="content" class="form-control" rows="3" placeholder="Write something..." required></textarea>
</div>
<button type="submit" name="new_post" class="btn btn-primary">Post</button>
</form>
</div>
</div>
<!-- Display Posts -->
<?php while($post = mysqli_fetch_assoc($posts)): ?>
<div class="card mb-4">
<div class="card-body">
<h5 class="card-title"><?= htmlspecialchars($post['title']) ?></h5>
<p class="card-text"><?= nl2br(htmlspecialchars($post['content'])) ?></p>
<p class="text-muted small">By <?= $post['fname']." ".$post['oname'] ?> on <?= $post['created_at'] ?></p>
<!-- Edit/Delete only if owner -->
<?php if($post['user_id'] == $user_id): ?>
<div class="mb-3">
<form method="POST" class="mb-2">
<input type="hidden" name="post_id" value="<?= $post['id'] ?>">
<input type="text" name="title" class="form-control mb-2" value="<?= htmlspecialchars($post['title']) ?>" required>
<textarea name="content" class="form-control mb-2" required><?= htmlspecialchars($post['content']) ?></textarea>
<button type="submit" name="edit_post" class="btn btn-sm btn-warning">Save Edit</button>
</form>
<a href="?p=forum&delete_post=<?= $post['id'] ?>" class="btn btn-sm btn-danger" onclick="return confirm('Delete this post?')">Delete</a>
</div>
<?php endif; ?>
<!-- Comments -->
<h6 class="mt-3">💬 Comments</h6>
<div class="list-group">
<?php
$comments = mysqli_query($conn, "SELECT c.*, u.fname FROM forum_comments c
JOIN users u ON c.user_id=u.id WHERE post_id='{$post['id']}' ORDER BY c.created_at ASC");
while($comment = mysqli_fetch_assoc($comments)):
?>
<div class="list-group-item">
<p><?= nl2br(htmlspecialchars($comment['comment'])) ?></p>
<small class="text-muted">By <?= $comment['fname'] ?> on <?= $comment['created_at'] ?></small>
<?php if($comment['user_id'] == $user_id): ?>
<form method="POST" class="mt-2">
<input type="hidden" name="comment_id" value="<?= $comment['id'] ?>">
<textarea name="comment" class="form-control mb-2" required><?= htmlspecialchars($comment['comment']) ?></textarea>
<button type="submit" name="edit_comment" class="btn btn-sm btn-warning">Save Edit</button>
<a href="?p=forum&delete_comment=<?= $comment['id'] ?>" class="btn btn-sm btn-danger" onclick="return confirm('Delete this comment?')">Delete</a>
</form>
<?php endif; ?>
</div>
<?php endwhile; ?>
</div>
<!-- Add Comment -->
<form method="POST" class="mt-3">
<input type="hidden" name="post_id" value="<?= $post['id'] ?>">
<textarea name="comment" class="form-control mb-2" rows="2" placeholder="Reply..." required></textarea>
<button type="submit" name="new_comment" class="btn btn-sm btn-primary">Reply</button>
</form>
</div>
</div>
<?php endwhile; ?>
</div>