diff --git a/index.php b/index.php index c59255c..8083457 100644 --- a/index.php +++ b/index.php @@ -20,4 +20,48 @@ include_once 'config.php'; +function check_word($word) { + if (!isset($_POST[$word])) { + return false; + } + $final = trim($_POST[$word]); + if (strlen($final) == 0) { + return false; + } + if (strpos($final, ' ') === false) { + return htmlspecialchars($final); + } else { + return false; + } +} + +if (isset($_POST['words'])) { + // generic check whether all words were entered + $word1 = check_word("word1"); + $word2 = check_word("word2"); + $word3 = check_word("word3"); + if ($word1 === false || $word2 === false || $word3 === false) { + $_SESSION['flash'] = "Not all words entered are valid."; + header("Location: index.php"); + exit(); + } + + $author = htmlspecialchars(trim($_POST['author'])); + if (strlen($author) == 0) { + $author = "Anonymous"; + } + + $sql_str = "INSERT INTO `words` (`word1`, `word2`, `word3`, `author`, `new`) VALUES ('" . $sql->real_escape_string($word1) . "', '" . $sql->real_escape_string($word2) . "', '" . $sql->real_escape_string($word3) . "', '" . $sql->real_escape_string($author) . "', 1);"; + + if (!$sql->query($sql_str)) { + $_SESSION['flash'] = "An error occurred: " . $sql->error; + header("Location: index.php"); + exit(); + } + + $_SESSION['flash'] = "Thank you!"; + header("Location: index.php"); + exit(); +} + $tpl->draw("index"); \ No newline at end of file diff --git a/views/index.html b/views/index.html index acca937..8c0af35 100644 --- a/views/index.html +++ b/views/index.html @@ -5,22 +5,25 @@
{$message}
{/if}

{$site_name}!

-

Want to tell them who you are?

-
-
- +
+

Want to tell them who you are?

+
+
+ +
+
+ +
+
+ +
-
- +
+
+ +
-
- -
-
-
-
- -
-
+ +
{include="footer"} \ No newline at end of file diff --git a/views/navbar.html b/views/navbar.html index 1d630e5..d3f234a 100644 --- a/views/navbar.html +++ b/views/navbar.html @@ -18,7 +18,7 @@
  • {$user_name}