Show sourcecode
The following files exists in this folder. Click to view.
webbsrvprg/projekt/slutprojekt/
board_random.php
board_travel.php
board_vgy.php
create_comment.php
create_post.php
create_tables.php
darkmode.js
fetch_comments.php
fetch_posts.php
fetch_posts_random.php
forgot_password.php
index.php
login.php
nav.css
nav.php
post.php
register.php
reset_password.php
sql_inject.php
verify.php
create_post.php
47 lines UTF-8 Windows (CRLF)
<?php
session_start();
include('../../incl/dbconnect.php');
// kontrollera login och POST
if($_SERVER['REQUEST_METHOD']!=='POST' || !isset($_SESSION['user_id'])){
http_response_code(400);
exit('Inget inlägg skapades.');
}
$user_id = $_SESSION['user_id'];
$board_id = intval($_POST['board_id']);
$content = trim($_POST['content']);
$image_url = null;
// bilduppladdning
if(!empty($_FILES['image_file']['tmp_name']) && $_FILES['image_file']['error']===UPLOAD_ERR_OK){
$uploaddir = __DIR__ . '/../uploads/';
if(!is_dir($uploaddir)) mkdir($uploaddir,0755,true);
$ext = strtolower(pathinfo($_FILES['image_file']['name'],PATHINFO_EXTENSION));
$allowed = ['jpg','jpeg','png','gif','webp'];
if(in_array($ext,$allowed)){
$newname = uniqid('img_',true).".$ext";
$dest = $uploaddir.$newname;
if(move_uploaded_file($_FILES['image_file']['tmp_name'],$dest)){
$image_url = '../uploads/'.$newname;
}
}
}
// spara inlägget
if($content!==''){
$stmt = $dbconn->prepare("
INSERT INTO Posts_slutprojekt (board_id,user_id,content,image_url,created_at)
VALUES (:b,:u,:c,:i,NOW())
");
$stmt->execute([
':b'=>$board_id,
':u'=>$user_id,
':c'=>$content,
':i'=>$image_url
]);
echo 'Inlägg skapat';
} else {
echo 'Innehåll krävs';
}