<code>
  <pre>
&lt;?php

include ('includes/header.html');

# This piece of javascript will default the cursor to the Message input box.
echo &quot;&lt;script type=\&quot;text/javascript\&quot;&gt;
window.onload=function(){document.forms['post'].elements['message'].focus();}
&lt;/script&gt;&quot;;

# Only let the user post if their user session is set and their HTTP_USER_AGENT matches
# the one which they signed in with.
if (isset($_SESSION['user']) &amp;&amp; $_SESSION['agent'] == md5($_SERVER['HTTP_USER_AGENT'])) {
	
	# Only execute this block of code if the page ID matches the thread which the user replied to.
    if ($_GET['id'] == $_SESSION['thread']) {
    	$id = $_GET['id'];
    	
    	# A form for the user to post the reply.
        echo '
	&lt;form action=&quot;reply.php?id=' . $id . '&quot; method=&quot;post&quot; name=&quot;post&quot;&gt;
	&lt;p&gt;Message: &lt;textarea name=&quot;message&quot; cols=&quot;60&quot; rows=&quot;10&quot;&gt;&lt;/textarea&gt;&lt;/p&gt;
	&lt;p&gt;&lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;Post&quot; /&gt;&lt;input type=&quot;submit&quot; name=&quot;cancel&quot; value=&quot;Cancel&quot; /&gt;&lt;/p&gt;
	&lt;/form&gt;
	';
		
		# Execute this block of code if the user presses the Post button.
        if ($_POST['submit']) {
			# Validate that a message has been entered.
            if (empty($_POST['message'])) {
                echo &quot;Please enter a message.&quot;;
            } else {
            	# Message must be under 1000 characters.
            	if ((strlen($_POST['message']) &lt; 10000)) {
            		$message = htmlentities($_POST['message']);
            	} else {
            		echo &quot;Your message is too long! Please keep it under 1000 characters.&quot;;
            		exit();
            	}
                                
                $username = $_SESSION['user'];
				
				# Enter the row into the database using all the details provided so far.
                $q = &quot;INSERT into posts (in_thread, post_content, post_date, post_author) VALUES ('$id', '$message', NOW(), '$username')&quot;;
				
				# If the row was inserted successfully, take the user to the thread they created.
                if ($r = mysqli_query($dbc, $q)) {
                    header(&quot;Location:thread.php?id=$id&quot;);
                    # Echo an error if the row was not inserted.
                } else {
                    echo '&lt;p&gt;' . mysqli_error($dbc) . '&lt;br /&gt;&lt;br /&gt;Query: ' . $q . '&lt;/p&gt;';
                }
            }
        }

    } else {
    	# Echo an error if there is an invalid page ID.
        echo &quot;Please click \&quot;Reply\&quot; to reply to a thread.&quot;;
    }

	# Take the user back to the thread they were reading if they hit Cancel.
    if ($_POST['cancel']) {
        header(&quot;Location:thread.php?id=$id&quot;);
    }

# Return the user to the login screen if they are not logged in.
} else {
    unset($_SESSION['user']);
    unset($_SESSION['agent']);
    header(&quot;Location:login.php&quot;);
}

include ('includes/footer.html');

?&gt;
  </pre>
</code>