chiro-canto/public/forum/createtopic.php

<?php 
function create_topic($topic_subject, $topic_cat, $topic_by)
{
    $root = realpath($_SERVER["DOCUMENT_ROOT"]);
    require "$root/database/credentials.php";
    // Connect the database
    try{
        $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
            $user, 
            $password, 
            array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
            ));
    }catch (Exception $e){
        die("Error : ".$e->getMessage());
    }
    $req = $db->prepare('INSERT INTO `topics` (topic_subject, topic_date, topic_cat, topic_by) VALUES (:topic_subject, now(), :topic_cat, :topic_by)');
    $req->execute(array(
        "topic_subject"=>$topic_subject,
        "topic_cat"=>$topic_cat,
        "topic_by"=>$topic_by
    ));
}

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();

$_SESSION['error_msg'] = "";
if (isset($_POST['submit']))
{
    if (isset($_SESSION['username'])) {
        
        $root = realpath($_SERVER["DOCUMENT_ROOT"]);
        require "$root/database/credentials.php";
        // Connect the database
        try{
            $db = new PDO("mysql:host=$host;dbname=$database;charset=utf8", 
                $user, 
                $password, 
                array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
                ));
        }catch (Exception $e){
            die("Error : ".$e->getMessage());
        }
        $req = $db->prepare('SELECT id FROM authors WHERE username=:username');
        $req->execute(array(
            "username"=>$_SESSION['username']
        ));
        if ($data = $req->fetch())
        {
            $user_id = $data['id'];
        }
        if (isset($_POST['topic_subject']))
        {
            $topic_subject = $_POST['topic_subject'];
        } else 
        {
            $_SESSION['error_msg'] .= _("You did not enter a proper topic subject.") . '\n';
        }
        if (isset($_POST['category']))
        {
            $id_cat = $_POST['category'];
        } else 
        {
            $_SESSION['error_msg'] .= _("You did not enter a proper topic category.") . '\n';
        }
    } else {
        $_SESSION['error_msg'] .= _("You did not log in.") . '\n';
        header('Location: '."/auth/login/");
    }
} else  
{
    $_SESSION['error_msg'] .= _("You did not sumit the category creation form.") . '\n';
}

if ($_SESSION['error_msg'] == "")
{
    create_topic($topic_subject, $id_cat, $user_id);
    header('Location: '."/forum");
} else {
    header('Location: '."/auth/login/");
}
?>