#!/usr/bin/perl -wT
############################################################
## Written and copyright 2002 by 
## Jacqueline D. Hamilton (kira@cgi101.com)
##
## This code is excerpted from "CGI Programming 201"
## (http://www.cgi101.com/advanced)
##
## You may use this code on your own website, however
## you may not publish or sell any copy or derivative work
## without permission of the author.
#############################################################
use strict;
use lib '../';
use MyBoard;

# the expire time should always be a number, so untaint it.

# if it's NOT a number, we won't bother untainting, we'll just set it to a
# default of 90 days.

my($expire) = 90;

if ($cgi->param('expire') =~ /^(\d+)$/ and $1 > 0) {
   $expire = $1;
} 

# the forum name shouldn't have any HTML tags in it, since we're going to
# use it in the <title> tag of each specific forum.  Just untaint it by
# requiring alphanumeric characters only.  (If you installed the 
# HTML::TagFilter module, you may want to use that instead.)

my($name);
if ($cgi->param('name') =~ /^([\w\-\s]+)$/) {
   $name = $1;
} else {
   &dienice("'" . $cgi->param('name') . "' is not a valid forum name.");
}

my($sth) = $dbh->prepare("insert into forums(name, description, rank, expiretime) values (?, ?, ?, ?)");
$sth->execute($cgi->param('name'), $cgi->param('desc'), $cgi->param('rank'), $expire) or &dbdie;

# redirect back to the admin index page

print $cgi->redirect("$url/admin/");