POST inside of a GET?

[Stalingrad]

Hello. I'm trying to program a simple Forum for my website, but I've run into a bit of a problem. The form is using two GET statements 9the action and the topic ID), and when I fill out the form and press submit, it doesn't do anything. Does anybody know what my problem might be? Here's the code:

 

<?php
include("config.php");
if($_SESSION['username'] ==  "" || $_SESSION['password'] == "") {
notloggedin();
}
if($_SESSION['username'] != "" && $_SESSION['password'] != "") {
start();

$action = $_GET['action'];
$postreply = $_POST['reply'];
$postthread = $_POST['thread'];
$thread_title = $_POST['threadtitle'];
$thread_body = $_POST['threadbody'];
$thread_board = $_POST['threadboard'];
$reply_body = $_POST['replybody'];

echo "<font size=6>Boards</font><br><br><a href=boards.php?action=create>New Topic</a><br><br>";
if(!isset($action)) {
echo "<table border=\"1\" bordercolor=\"black\" cellpadding=\"5\" cellspacing=\"0\"><tr><td><center>Category</center></td><td><center>Description</center></td><td><center>Topics</center></td></tr>";
$boardsquery = mysql_query("SELECT * FROM boards");
while($brow = mysql_fetch_array($boardsquery)) {
echo "<tr><td><center><a href=boards.php?action=view&boardid=$brow[id]>$brow[name]</a></center></td><td><center>$brow[description]</center></td><td><center>$brow[topics]</center></td></tr>";
}
echo "</table>";
}
if($action == "view") {
$boardquery = mysql_query("SELECT * FROM boards WHERE id='$_GET[boardid]'");
while($bsrow = mysql_fetch_array($boardquery)) {
$boardcategory = $bsrow['name'];
}
echo "<font size=5>$boardcategory</font><br><br><table border=\"1\" bordercolor=\"black\" cellpadding=\"5\" cellspacing=\"0\"><tr><td><center>Title</center></td><td><center>Author</center></td><td><center>Date</center></td><td><center>Replies</center></td></tr>";
$showquery = mysql_query("SELECT * FROM boardtopics WHERE category='$_GET[boardid]'");
while($srow = mysql_fetch_array($showquery)) {
echo "<tr><td><center><a href=boards.php?action=topic&topicid=$srow[topicid]>$srow[title]</a></center></td><td><center><a href=search.php?username=$srow[author]>$srow[author]</center></td><td><center>$srow[date]</center></td><td><center>$srow[replies]</center></td></tr>";
}
}

if($action == "topic") {
$showtopicq = mysql_query("SELECT * FROM boardtopics WHERE topicid='$_GET[topicid]'");
while($strow = mysql_fetch_array($showtopicq)) {
$thetopictitle = $strow['title'];
$theauthor = $strow['author'];
$thetopicdate = $strow['date'];
$thetopicbody = $strow['message'];
}
echo "<font size=4>$thetopictitle</font><table border=\"1\" bordercolor=\"black\" cellpadding=\"5\" cellspacing=\"0\"><tr><td>Posted by:<a href=search.php?username=$theauthor>$theauthor</a> on $thetopicdate<br></td></tr><tr><td>$thetopicbody</td></tr></table><br><br><br><br><table border=\"1\" bordercolor=\"black\" cellpadding=\"5\" cellspacing=\"0\">";

$rquery = mysql_query("SELECT * FROM boardposts WHERE topic='$_GET[topicid]'");
while($rrow = mysql_fetch_array($rquery)) {
echo "<tr><td>Posted by: <a href=search.php?username=$rrow[username]>$rrow[username]</a> on $rrow[date]<br></td></tr><tr><td>$rrow[body]</td></tr>";
}
echo "<br><br><br><a href=boards.php?action=reply&topicid=$_GET[topicid]>Post a Reply</a>";
}

if($action == "reply") { // HERE IS WHERE THE REPLY THING STARTS
if(!isset($postreply)) {
?>
<html><form action="<?php echo "$PHP_SELF"; ?>" method="POST">Your Reply: <br><textarea name="replybody" rows="8" cols="30"></textarea><br><br><br><input type="submit" name="postreply" value="Reply"></form></html><?php
}
if(isset($postreply)) {
if($reply_body == "") {
echo "<font color=red>Error! Please type in a Reply.";
?>
<html><form action="<?php echo "$PHP_SELF"; ?>" method="POST">Your Reply: <br><textarea name="replybody" rows="8" cols="30"></textarea><br><br><br><input type="submit" name="postreply" value="Reply"></form></html><?php
}

if($reply_body != "") {
mysql_query("INSERT INTO boardposts (topic, username, date, body) VALUES ('$_GET[topicid]', '$username', '$thedate', '$reply_body')");
mysql_query("UPDATE boardtopics SET replies=replies+1 WHERE topicid='$_GET[topicid]'");
mysql_query("INSERT INTO posthistory (username, body) VALUES ('$username', '$reply_body')");
echo "<font color=green>Success! Your Reply has been Posted.</font>";
}
}
}
// HERE IS WHERE THE REPLY THING ENDS
if($action == "create") {
if(!isset($postthread)) {
?>
<html><form action="<?php echo "$PHP_SELF"; ?>" method="POST">Topic Title: <input type="text" name="threadtitle" maxlength="60"><br><br>Thread Body:<br><textarea name="threadbody" rows="8" cols="30"></textarea><br><br>Board Category: <select name="threadboard"><option>General Discussion Board</option><option>Help Board</option><option>Art Board</option><option>Avatar Board</option><option>Suggestion Board</option><option>Advertisement Board</option><option>Clubs Board</option><option>Restock Board</option></select><br><br><br><input type="submit" name="thread" value="Post Thread"></form></html><?php
}
if(isset($postthread)) {
if($thread_title == "" || $thread_body == "") {
echo "<font color=red>Error! Please fill in the Entire Form.</font><br><br>";
?>
<html><form action="<?php echo "$PHP_SELF"; ?>" method="POST">Topic Title: <input type="text" name="threadtitle" maxlength="60"><br><br>Thread Body:<br><textarea name="threadbody" rows="8" cols="30"></textarea><br><br>Board Category: <select name="threadboard"><option>General Discussion Board</option><option>Help Board</option><option>Art Board</option><option>Avatar Board</option><option>Suggestion Board</option><option>Advertisement Board</option><option>Clubs Board</option><option>Restock Board</option><option>Bug Board</option></select><br><br><br><input type="submit" name="thread" value="Post Thread"></form></html><?php
}
if($thread_body != "" && $thread_title != "") {
if($thread_board == "General Discussion Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('1', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='1'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Help Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('2', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='2");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Art Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('3', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='3'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Avatar Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('4', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='4'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Suggestion Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('5', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='5'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Advertisement Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('6', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='6'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Clubs Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('7', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Restock Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('8', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='8'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
if($thread_board == "Bug Board") {
mysql_query("INSERT INTO boardtopics (category, author, title, date, message, status, replies, pinned) VALUES ('9', '$username', '$thread_title', '$thedate', '$thread_body', 'Open', '0', 'No')");
mysql_query("UPDATE boards SET topics=topics+1 WHERE id='9'");
echo "<font color=green>Success! Your Topic has been Posted.";
}
}
}
}
stop();
}
?>

 

 

Any help is eatly apprecitated, thank you! =]

[jajtiii]

What do you mean when you say it does not work?

 

Are you getting any errors? Is the submit button not working?

 

 

[foxtrotwhiskey]

Assuming the submit button is working.

 

As far as I can see $PHP_SELF is undefined and will leave the form's action value as blank.

 

Try replacing all occurances of:

echo "$PHP_SELF";

 

with:

echo $_SERVER['REQUEST_URI'];

 

Make sure you copy it exactly, there should be NO quotes around $_SERVER['REQUEST_URI'].

 

If $PHP_SELF was somewhere defined as $_SERVER['PHP_SELF'] keep in mind that this var will NOT carry over any GET parameters. So if the URL was "index.php?action=post&reply" it would only contain "index.php". $_SERVER['REQUEST_URI'], on the other hand, includes everything.