#!/usr/bin/perl -Tw
############################################################
## Written and copyright 2002 by 
## Jacqueline D. Hamilton (kira@cgi101.com)
##
## This code is excerpted from "CGI Programming 201"
## (http://www.cgi101.com/advanced)
##
## You may use this code on your own website, however
## you may not publish or sell any copy or derivative work
## without permission of the author.
#############################################################
use strict;
use lib '.';
use MyBoard;
use HTML::TagFilter;

my($tf) = HTML::TagFilter->new;
$tf->allow_tags();

my($forum, $sth, $i);

# do some error-checking - be sure they filled out all the fields
# $cgi->param returns an array of the input field names.
foreach $i ($cgi->param()) {
    if ($cgi->param($i) =~ /^\s*$/) {
        &dienice("$i was blank - please fill out all of the fields.");
    }
}
$forum = $cgi->param('forum');

if ($cgi->param('email') !~ /[\w\-]+\@[\w\-]+\.[\w\-]+/) {
   &dienice("You didn't enter a valid e-mail address.");
}

my($subject) = $tf->filter($cgi->param('subject'));
my($message) = $tf->filter($cgi->param('message'));
my($from) = $tf->filter($cgi->param('name'));

$sth = $dbh->prepare("insert into messages(forum, author, subject, 
email, date, ip, message, thread_id) values(?,?,?,?, current_timestamp(),?,?,?)") or &dbdie;

$sth->execute($cgi->param('forum'), $from, $subject, $cgi->param('email'), $ENV{REMOTE_ADDR}, $message, 0) or &dbdie;

print $cgi->redirect("$url/forum.cgi?$forum");