From 30570cc0ffb689e5680c3980f7e486299b91a42e Mon Sep 17 00:00:00 2001
From: posweg <posweg@protonmail.com>
Date: Thu, 21 May 2020 18:06:16 +0000
Subject: [PATCH] Separate publish into action folder

---
 action/publish-question.php | 27 +++++++++++++++++++++++++++
 include/settings.php        |  2 +-
 user.php                    | 22 ++--------------------
 3 files changed, 30 insertions(+), 21 deletions(-)
 create mode 100644 action/publish-question.php

diff --git a/action/publish-question.php b/action/publish-question.php
new file mode 100644
index 0000000..ae68021
--- /dev/null
+++ b/action/publish-question.php
@@ -0,0 +1,27 @@
+<?php 
+session_start();
+
+$db = new SQLite3('../ask.db');
+
+$p_user = $db->query("SELECT * FROM users WHERE id = '" . $_POST["uid"] . "';")->fetchArray(SQLITE3_ASSOC);
+if(!$p_user || !$p_user["id"]){
+	echo "user not found";
+	die();
+}
+
+$errorMsg = "";
+if(isset($_POST["post-submit"])){
+	if($_POST["post-text"] == "") $errorMsg = "The question can't be blank.";
+	else if(strlen($_POST["post-text"]) > 400) $errorMsg = "The question can't bee longer than 400 characters";
+	else{
+		$u = $p_user["id"];
+		$by = 0;
+		$question = htmlspecialchars($_POST["post-text"]);
+
+		// Insert user into DB
+		$db->exec("INSERT INTO questions(user,by,question,answered,date) VALUES ('$u','$by','$question',0,". strtotime('now') .");");
+		unset($_POST["post-text"]);
+		header("Location: /user/" . $p_user["username"]);
+	}
+}
+?>
diff --git a/include/settings.php b/include/settings.php
index 9af9fb2..65e9996 100644
--- a/include/settings.php
+++ b/include/settings.php
@@ -4,6 +4,6 @@
 // service is perfectly functional
 // with this as false
 
-$fancy_urls = false;
+$fancy_urls = true;
 
 ?>
diff --git a/user.php b/user.php
index e342745..de64203 100644
--- a/user.php
+++ b/user.php
@@ -14,25 +14,6 @@ if(isset($_SESSION["uid"])){
 		$is_current_user = true;
 	}
 }
-
-if($validUser){
-	header("Location: /"); die();
-}
-
-$errorMsg = "";
-if(isset($_POST["post-submit"])){
-	if($_POST["post-text"] == "") $errorMsg = "The question can't be blank.";
-	else if(strlen($_POST["post-text"]) > 400) $errorMsg = "The question can't bee longer than 400 characters";
-	else{
-		$u = $p_user["id"];
-		$by = 0;
-		$question = htmlspecialchars($_POST["post-text"]);
-
-		// Insert user into DB
-		$db->exec("INSERT INTO questions(user,by,question,answered,date) VALUES ('$u','$by','$question',0,". strtotime('now') .");");
-		unset($_POST["post-text"]);
-	}
-}
 ?>
 
 <html>
@@ -52,11 +33,12 @@ if(isset($_POST["post-submit"])){
 		}
 	?>
 
-	<form name="input" action="" method="post">
+	<form name="input" action="/action/publish-question.php" method="post">
 		<p>Ask me anything</p>
 		<textarea id="post-text" name="post-text"></textarea>
 		<br/>
 		<?php if(isset($errorMsg)) echo "<p>$errorMsg</p>\n"; ?>
+		<input type="hidden" name="uid" value="<?= $p_user["id"] ?>"/>
 		<input type="submit" name="post-submit"/>
 	</form>