<?php

session_start();

require_once('db.php');

if (!isset($_SESSION['username']))
{
    $getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_POST['username']) . "\" AND password = \"" . md5(mysql_real_escape_string($_POST['password'])) . "\"";
    $getuser2 = mysql_query($getuser);
    $getuser3 = mysql_fetch_array($getuser2);
    if ($getuser3['username'] == $_POST['username'])
    {
        $_SESSION['username'] = $_POST['username'];
    } else {
        header('Location: http://google.com/');
    }
}

if (!isset($_GET['submit']))
{
?>
<!--BEGIN FORM-->

<!--END FORM-->
<?php
} else {
    $slug = preg_replace('/[^A-Za-z0-9]/', '-', $_POST['title']);

    $inspost = "INSERT INTO posts (title, slug, text, tags) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . $slug . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . mysql_real_escape_string($_POST['tags']) . "\")";
    $inspost2 = mysql_query($inspost);

    header('Location: read.php?id=' . mysql_insert_id());
}

?>