<code>
  <pre>
&lt;?php

# newthread.php
# Allows the user to create a new thread which will get displayed on index.php

include ('includes/header.html');

# This piece of javascript will default the cursor to the Title input box.
echo &quot;&lt;script type=\&quot;text/javascript\&quot;&gt;
window.onload=function(){document.forms['newthread'].elements['title'].focus();}
&lt;/script&gt;&quot;;

# Only let the user post if their user session is set and their HTTP_USER_AGENT matches
# the one when they signed in with.
if (isset($_SESSION['user']) &amp;&amp; $_SESSION['agent'] == md5($_SERVER['HTTP_USER_AGENT'])) {

	# A form for the user to create the thread.
    echo '
	&lt;form action=&quot;newthread.php&quot; method=&quot;post&quot; name=&quot;newthread&quot;&gt;
	&lt;p&gt;  Title:&lt;input type=&quot;text&quot; name=&quot;title&quot; size=&quot;40&quot; maxlength=&quot;50&quot; /&gt;&lt;/p&gt;
	&lt;p&gt;Message: &lt;textarea name=&quot;message&quot; cols=&quot;60&quot; rows=&quot;10&quot;&gt;&lt;/textarea&gt;&lt;/p&gt;
	&lt;p&gt;&lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;Submit Thread&quot; /&gt;&lt;input type=&quot;submit&quot; name=&quot;cancel&quot; value=&quot;Cancel&quot; /&gt;&lt;/p&gt;
	&lt;/form&gt;
	';
	
	# Execute this block of code once the &quot;Submit Thread&quot; button is pressed.
    if ($_POST['submit']) {

		# Validate that a title has been entered.
        if (empty($_POST['title'])) {
            echo &quot;Please enter a title&quot;;
        } else {
            $title = htmlentities($_POST['title']);

			# Validate that a message has been entered.
            if (empty($_POST['message'])) {
                echo &quot;Please enter a message.&quot;;
            } else {
                $message = htmlentities($_POST['message']);
				
				# If the user passes the validation, this statement will be used to create the thread.
				$id = $_SESSION['user'];
                $q = &quot;INSERT into threads (thread_title, thread_author, thread_date) VALUES ('$title', '$id', NOW())&quot;;

				# Execute this block of code if the thread is created.
                if ($r = mysqli_query($dbc, $q)) {

					# Determine the GET ID of the thread created so that the user can be directed
					# there upon the successful creation of the thread.
                    $q2 = &quot;SELECT thread_id FROM threads ORDER BY thread_id DESC LIMIT 1&quot;;
                    $r2 = mysqli_query($dbc, $q2);
                    $row = mysqli_fetch_array($r2);
                    $pageid = $row['thread_id'];

					# This statement is used to create the first post inside of the thread.
                    $q3 = &quot;INSERT INTO posts (in_thread, post_content, post_date, post_author) VALUES ('$pageid', '$message', NOW(), '$id')&quot;;
                    $r3 = mysqli_query($dbc, $q3);
                    
                    # Redirect the user to the thread they created.
                    header(&quot;Location:thread.php?id=$pageid&quot;);
                    
                } else {
                	# Echo an error if the thread was unable to be created.
                    echo '&lt;p&gt;' . mysqli_error($dbc) . '&lt;br/&gt;' . $q . '&lt;/p&gt;';
                }

            }

        }
    }

	# Take the user back to the home page if they decide not to post.
    if ($_POST['cancel']) {
        header(&quot;Location:index.php&quot;);
    }

# Return the user to the login screen if they are not logged in.
} else {
	unset($_SESSION['user']);
    unset($_SESSION['agent']);
    header(&quot;Location:login.php&quot;);
}

include ('includes/footer.html');

?&gt;
  </pre>
</code>