redirect after posting in noticeboard to counter repost with F5

2024-11-23 23:20:57 +01:00 · 2011-07-30 15:56:57 +10:00 · 2011-07-30 15:56:57 +10:00 · dcba7462d6
commit dcba7462d6
parent 9076118d00
1 changed files with 53 additions and 50 deletions
--- a/mod.php
+++ b/mod.php
@ -488,8 +488,7 @@
 			
 			$body = '';
 			
-			if($mod['type'] >= $config['mod']['noticeboard_post']) {
-				if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
+			if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) {
 					$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)");
 					$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT);
 					$query->bindvalue(':time', time(), PDO::PARAM_INT);
@ -498,60 +497,64 @@
 					markup($_POST['body']);
 					$query->bindValue(':body', $_POST['body']);
 					$query->execute() or error(db_error($query));
+					
+					header('Location: ?/noticeboard', true, $config['redirect_http']);
+			} else {
+				
+				if(hasPermission($config['mod']['noticeboard_post'])) {
+					$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
+					'<tr>' .
+						'<th><label for="subject">Name</label></th>' .
+						'<td>' . $mod['username'] . '</td>' .
+					'</tr><tr>' .
+						'<th>Subject</th>' .
+						'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
+					'</tr><tr>' .
+						'<th>Body</th>' .
+						'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
+					'</tr><tr>' .
+						'<td></td><td><input type="submit" value="Post to noticeboard" /></td>' .
+					'</tr></table>' .
+					'</form></fieldset>';
 				}
 				
-				$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' .
-				'<tr>' .
-					'<th><label for="subject">Name</label></th>' .
-					'<td>' . $mod['username'] . '</td>' .
-				'</tr><tr>' .
-					'<th>Subject</th>' .
-					'<td><input type="text" size="55" name="subject" id="subject" /></td>' .
-				'</tr><tr>' .
-					'<th>Body</th>' .
-					'<td><textarea name="body" style="width:100%;height:100px"></textarea></td>' .
-				'</tr><tr>' .
-					'<td></td><td><input type="submit" value="Post to noticeboard" /></td>' .
-				'</tr></table>' .
-				'</form></fieldset>';
-			}
+				$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
+				$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
+				$query->execute() or error(db_error($query));
+				while($notice = $query->fetch()) {
+					$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
+					$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
+					$m_query->execute() or error(db_error($m_query));
+					if(!$_mod = $m_query->fetch()) {
+						$_mod = Array('username' => '<em>???</em>');
+					}
 			
-			$query = prepare("SELECT * FROM `noticeboard` ORDER BY `id` DESC LIMIT :limit");
-			$query->bindValue(':limit', $config['mod']['noticeboard_display'], PDO::PARAM_INT);
-			$query->execute() or error(db_error($query));
-			while($notice = $query->fetch()) {
-				$m_query = prepare("SELECT `username` FROM `mods` WHERE `id` = :id");
-				$m_query->bindValue(':id', $notice['mod'], PDO::PARAM_INT);
-				$m_query->execute() or error(db_error($m_query));
-				if(!$_mod = $m_query->fetch()) {
-					$_mod = Array('username' => '<em>???</em>');
+					$body .= '<div class="ban">' .
+						($mod['type'] >= $config['mod']['noticeboard_delete'] ?
+							'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
+						: '') .
+					'<h2 id="' . $notice['id'] . '">' .
+						($notice['subject'] ?
+							$notice['subject']
+						:
+							'<em>no subject</em>'
+						) .
+					'<span class="unimportant"> — by ' .
+						$_mod['username'] .
+					' at ' .
+						date($config['post_date'], $notice['time']) .
+					'</span></h2><p>' . $notice['body'] . '</p></div>';
 				}
 			
-				$body .= '<div class="ban">' .
-					($mod['type'] >= $config['mod']['noticeboard_delete'] ?
-						'<span style="float:right;padding:2px"><a class="unimportant" href="?/noticeboard/delete/' . $notice['id'] . '">[delete]</a></span>'
-					: '') .
-				'<h2 id="' . $notice['id'] . '">' .
-					($notice['subject'] ?
-						$notice['subject']
-					:
-						'<em>no subject</em>'
-					) .
-				'<span class="unimportant"> — by ' .
-					$_mod['username'] .
-				' at ' .
-					date($config['post_date'], $notice['time']) .
-				'</span></h2><p>' . $notice['body'] . '</p></div>';
+			
+				echo Element('page.html', Array(
+					'config'=>$config,
+					'title'=>'Noticeboard',
+					'body'=>$body,
+					'mod'=>true
+					)
+				);
 			}
-			
-			
-			echo Element('page.html', Array(
-				'config'=>$config,
-				'title'=>'Noticeboard',
-				'body'=>$body,
-				'mod'=>true
-				)
-			);
 		} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) {
 			if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']);