Файл: modules/forum/delete_post.php
Строк: 36
<?php
$locate = 'in_forum';
$edit_post = $db->query("SELECT * FROM `forum_pt` WHERE `id` = '".abs(intval($_GET['post_id']))."'")->fetch();
$user5 = $db->query("SELECT * FROM `users` WHERE `id` = '". $edit_post['user_id'] ."'")->fetch();
if($user['id'] != $edit_post['user_id'] && $user['level'] < 2 && $user['level'] < 5) { go('/'); exit;}
if(isset($_GET['post_id']))
{
if(isset($_POST['yes']))
{
if(!empty($postWithFile['file']))
{
unlink(ROOT.'/files/forum/'.$edit_post['file']);
}
if($db->query("SELECT * FROM `forum_pt` WHERE `topic_id` = '".abs(intval($_GET['topic_id']))."'")->rowCount() == 1)
{
$db->query("DELETE FROM `forum_pt` WHERE `id` = '". abs(intval($_GET['post_id'])) ."'");
$db->query("DELETE FROM `forum_t` WHERE `id` = '". abs(intval($_GET['topic_id'])) ."'");
$db->query("UPDATE `users` SET `rub` = '".($user5['rub']-0.00)."' WHERE `id` = '".$user5['id'] . "'");
go('/forum/');
}
else
{
$db->query("UPDATE `users` SET `rub` = '".($user5['rub']-0.00)."' WHERE `id` = '".$user5['id'] . "'");
$db->query("DELETE FROM `forum_pt` WHERE `id` = '". abs(intval($_GET['post_id'])) ."'");
go('/forum/topic'.abs(intval($_GET['topic_id'])).'/?page=end');
}
}
elseif(isset($_POST['no']))
{
go('/forum/topic'.abs(intval($_GET['topic_id'])).'/?page=end');
}
$title = $lang->word('delete');
require_once(SYS.'/view/header.php');
$tpl->div('title', $lang->word('delete'));
echo '<form action="/forum/delete_post/'. abs(intval($_GET['post_id'])) .'/'.abs(intval(abs(intval($_GET['topic_id'])))).'/" method="post">
<div class="menu">
<b>'. $lang->word('r_sure') .'</b><br/>
<input name="yes" type="submit" value="'. $lang->word('yyes') .'" /> <input name="no" type="submit" value="'. $lang->word('yno') .'" /><br/>
</div>
</form>';
$tpl->div('block', img('forum.png') .'<a href="/forum/">'. $lang->word('forum') .'</a><br/>' . HICO .'<a href="/">'. $lang->word('home').'</a>');
require_once(SYS.'/view/footer.php');
} else { go('/'); }
?>