check post is visible before displaying thread

opt/base.php

@@ -115,6 +115,31 @@ function check_post_exists($db, $sub, $post_id)
     }
 }
 
+// Check if a message exists and is not shadowed
+function check_post_visible($db, $sub, $post_id)
+{
+
+    $statement = $db->prepare("SELECT post_id
+                               FROM threads
+                               WHERE sub = '$sub'
+                               AND shadow = 'no'
+                               AND post_id = '$post_id'");
+    $result = $statement->execute();
+
+    $counter = 0;
+
+    while ($row = $result->fetchArray(SQLITE3_NUM)) {
+        $counter++;
+    }
+
+    if ( ($counter < 1) ) {
+    // if the counter is smaller 1, there is no match
+        return FALSE;
+    } else {
+        return TRUE;
+    }
+}
+
 // Check if a sub exists before display
 // If the name does not exist, name* is searched
 function check_sub_exists($db, $sub)

srv/index.php

@@ -772,11 +772,20 @@ switch($mode) {
         $link_to_reply = $org_id;
         
         if ( (!check_post_exists($db, $sub, $org_id)) ) {
-            quit($db, "<h1>Post $org_id on sub $sub does not exist.</h1>");
+			$quit_text = "<h1>Post $org_id on sub $sub does not exist."
+		               . "Go <a href='/s/$sub/css=$css/'>back</a>.</h1>";
+            quit($db, $quit_text);
         } elseif ( (!check_org_id_exists($db, $sub, $org_id)) ) {
             $org_id = reset_org_id($db, $sub, $org_id);
         } 
         
+        if ( check_post_visible($db, $sub, $org_id) == FALSE ) {
+			$quit_text = "<h1>Post $org_id on sub $sub was moved and cannot "
+		               . " be accessed from here."
+		               . "Go <a href='/s/$sub/css=$css/'>back</a>.</h1>";
+		    quit($db, $quit_text);
+      	}
+
         $quote = set_quote();
         $msg = ($sub . '/' . $org_id);