1 files changed, 64 insertions, 0 deletions

diff --git a/src/application/actions/viewtopic/post.php b/src/application/actions/viewtopic/post.php
new file mode 100644
index 0000000..1038222
--- /dev/null
+++ b/src/application/actions/viewtopic/post.php
@@ -0,0 +1,64 @@
+<?php
+
+use mystic\forum\orm\Attachment;
+use mystic\forum\orm\Post;
+use mystic\forum\utils\RequestUtils;
+
+if (!$currentUser) {
+    http_response_code(403);
+    msg_error("You need to be logged in to add new posts!");
+    exit;
+}
+
+if ($topic->isLocked) {
+    http_response_code(403);
+    msg_error("This topic is locked!");
+    exit;
+}
+
+$attachments = reArrayFiles($_FILES["files"]);
+
+if (count($attachments) > MAX_ATTACHMENT_COUNT)
+    RequestUtils::triggerFormError(__("Too many attachments"), $formId);
+
+// check all attachments before saving one
+foreach ($attachments as $att) {
+    if ($att["size"] > MAX_ATTACHMENT_SIZE) {
+        RequestUtils::triggerFormError(__("Individual file size exceeded"), $formId);
+    }
+}
+
+$message = trim(RequestUtils::getRequiredField("message", $formId));
+
+if (strlen($message) < 1 || strlen($message) > 0x8000) {
+    RequestUtils::triggerFormError(__("Message too short or too long!"), $formId);
+}
+
+$item = new Post();
+$item->id = $db->generateId();
+$item->authorId = $currentUser->id;
+$item->topicId = $topicId;
+$item->content = $message;
+$item->postDate = new DateTimeImmutable();
+$item->deleted = false;
+$item->edited = false;
+
+$db->insert($item);
+
+foreach ($attachments as $att) {
+    [
+        "name" => $name,
+        "type" => $type,
+        "tmp_name" => $tmpName,
+    ] = $att;
+    $attachment = new Attachment();
+    $attachment->id = $db->generateId();
+    $attachment->name = $name;
+    $attachment->mimeType = $type;
+    $attachment->postId = $item->id;
+    $attachment->contents = file_get_contents($tmpName);
+    
+    $db->insert($attachment);
+}
+
+header("Location: ?_action=viewtopic&topic=" . urlencode($topicId) . "#form");