threadr.lostcave.ddnss.de/threadr/board/board.php

58 lines
2.0 KiB
PHP

<?php
$pdo = new PDO('mysql:host=%DB_SERVER%;dbname=%DB_NAME%', '%DB_USERNAME%', '%DB_PASSWORD%');
$statement = $pdo->prepare("SELECT * FROM posts WHERE board_id=:bid ORDER BY post_time asc");
$statement->execute(array("bid"=>$id));
foreach($statement->fetchAll() as $ROW) {
// get post creator
$statement = $pdo->prepare("SELECT * FROM users WHERE id=:uid");
$statement->execute(array("uid"=>$ROW[user_id]));
$post_creator = $statement->fetch();
// get post content and make sure it doesn't mess with the website
$post_id = $ROW['id'];
$post_title = htmlspecialchars($ROW['title']);
$post_creator_name = htmlspecialchars($post_creator['name']);
$post_time = htmlspecialchars($ROW['post_time']);
$post_content = htmlspecialchars($ROW['content']);
// add line breaks to post content, to be replaced with proper makrdown support in the future (see #44)
$newlines = array("\r\n", "\n\r", "\r", "\n"); // two-character newlines first to prevent placing two line breaks instead of one
$post_content = str_replace($newlines, "<br />", $post_content);
// if this is a reply, build reference
$reply_to = $ROW['reply_to'];
if ($reply_to > -1) {
$reply_reference = "<p class=\"post_reply\" >This is a reply to <a href=./?id=" . $_GET['id'] . "#$reply_to >this</a> message.</p>";
} else {
$reply_reference = "";
}
// determine whether to put a reply button
if ($login) {
$reply_button = "<a href=\"./?id=" . $_GET['id'] . "&action=post&reply_to=$post_id&end\" class=\"post_reply\"><button class=\"post_reply\">Reply</button></a>";
} else {
$reply_button = ""
}
echo "<section id=\"$post_id\" >
<div>
$reply_button
<h1 class=\"post\">$post_title</h1>
$reply_reference
</div>
<article>
<header>
<div>
<p class='beige'> $post_creator_name <time datetime='$post_time'>$post_time</time></p>
</div>
</header>
<div class='postcontent'>
<p>$post_content</p>
</div>
</article>
</section>";
}
?>