Файл: vkollektive2014/soo/forum.php
Строк: 251
<?
include_once '../connect.php';
include_once '../core/panel.php';
include_once '../core/bb_code.php';
if (isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."'"),0)==1
&& isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forums` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."'"),0)==1
&& isset($_GET['id_them']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forum_thems` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."'"),0)==1
&& isset($_GET['id_post']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forum_mess` WHERE `id` = '".intval($_GET['id_post'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."'"),0)==1
)
{
$soo=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '".intval($_GET['s'])."' LIMIT 1"));
$forum=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forums` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1"));
$them=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forum_thems` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1"));
$post=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forum_mess` WHERE `id` = '".intval($_GET['id_post'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1"));
$post2=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forum_mess` WHERE `id_them` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' ORDER BY `id` DESC LIMIT 1"));
$u_s = mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_users` WHERE `id_soo`='$soo[id]' AND `id_user`='$u[id]' LIMIT 1"));
if (isset($u)){
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '$post[id_user]' LIMIT 1"));
if (isset($_GET['act']) && $_GET['act']=='edit' && isset($_POST['msg']) && isset($_POST['post']) &&
// редактирование поста
(
$u_s['level']>'0'
// права группы на редактирование
||
(isset($u) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 && $post['time']>time()-600 && $post['id_user']==$post2['id_user'])
// право на редактирование своего поста, если он поседний в теме
)
)
{
$msg=check(stripcslashes(htmlspecialchars($_POST['msg'])));
mysql_query("UPDATE `soo_forum_mess` SET `mess` = '".$msg."' WHERE `id` = '$post[id]' LIMIT 1");
include_once '../head.php';
ok('Пост упешно изменен!');
echo "«<a href="?s=$soo[id]&id_forum=$forum[id]&id_them=$them[id]&page=end" title='Вернуться в тему'>В тему</a><br />n";}
elseif (isset($_GET['act']) && $_GET['act']=='edit' && isset($u) && ($u['id']==$soo['admid'] || mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 && $post['id']==$post2['id'] && $post['id_user']==$u['id'] && $post['time']>time()-600)){
$set['title']=$soo['name'].' - Форум - редактирование поста'; // заголовок страницы
include_once '../head.php';
echo "<div class='nav'><form method='post' name='message' action='?s=$soo[id]&id_forum=$forum[id]&id_them=$them[id]&id_post=$post[id]&act=edit'>n";
echo "Сообщение:<br />n<textarea name="msg">";
echo ''.smile(links(bb_code($post['mess']))).'';
echo "</textarea><br />n";
if ($u['set_translit']==1)echo "<label><input type="checkbox" name="translit" value="1" /> Транслит</label><br />n";
echo "<input name='post' value='Изменить' type='submit' /><br />n";
echo "</form></div>n";
echo "<div class="zona">n";
echo "«<a href="?s=$soo[id]&id_forum=$forum[id]&id_them=$them[id]&page=end" title='Вернуться в тему'>В тему</a><br />n";
echo "</div>n";
include_once '../foot.php';
}
elseif (isset($_GET['act']) && $_GET['act']=='delete' && isset($u) && $u_s['level']>'0'){
mysql_query("DELETE FROM `soo_forum_mess` WHERE `id` = '".intval($_GET['id_post'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1");
include_once '../head.php';
ok('Пост упешно удалён!');
echo "«<a href="?s=$soo[id]&id_forum=$forum[id]&id_them=$them[id]&page=end" title='Вернуться в тему'>В тему</a><br />n";}
elseif (isset($_GET['act']) && $_GET['act']=='msg' && $them['close']==0 && isset($u) && (mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 || $u['id']==$soo['admid'])){
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '$post[id_user]' LIMIT 1"));
$set['title']=$soo['name'].' - Форум - '.$them['name']; // заголовок страницы
include_once '../head.php';
echo "<form method='post' name='message' action='?s=$soo[id]&id_forum=$forum[id]&id_them=$them[id]&act=new&ud=$ank[id]&otv=$u[id]'>n";
echo "<div class='nav'><a href='info.php?s=$soo[id]&id=$ank[id]'>$ank[login]</a>".online($ank['id'])."</div>n";
echo "<div class='nav'>Ответ на сообщение:</div>n";
echo "<div class='nav'>";
echo ''.smile(links(bb_code($post['mess']))).'';
echo "</div>n";
echo "<div class='nav'>Сообщение:<br />n<textarea name="msg">$ank[login], </textarea><br />n";
echo "<input name='post' value='Отправить сообщение' type='submit' /><br />n";
echo "</form>n";
echo "</div><div class="zona">n";
echo "»<a href="/smiles/">Смайлы</a><br />n";
echo "»<a href="/rules">Правила</a><br />n";
echo "</div>n";
echo "<div class="zona">n";
echo "«<a href="?s=$soo[id]&id_forum=$forum[id]&id_them=$them[id]&page=end" title='Вернуться в тему'>В тему</a><br />n";
echo "</div>n";
include_once '../foot.php';
}
}
}
elseif (isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."'"),0)==1
&& isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forums` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."'"),0)==1
&& isset($_GET['id_them']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forum_thems` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."'"),0)==1 )
{
$soo=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '".intval($_GET['s'])."' LIMIT 1"));
$forum=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forums` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1"));
$them=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forum_thems` WHERE `id` = '".intval($_GET['id_them'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1"));
$set['title']=$soo['name'].' - Форум - '.$them['name']; // заголовок страницы
include_once '../head.php';
$ank2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '$them[id_user]' LIMIT 1"));
include 'inc/set_them_act.php';
if($soo['konf_soo']==0 || isset($u) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0'"),0)==1 || isset($u) && $u['admin']>0)
{
include 'inc/them.php';
}
else
{
echo'Вы не можете просматривать темы форума данного сообщества<br/>';
}
echo "<div class="div">n";
echo "«<a href="forum.php?s=$soo[id]">К списку форумов</a><br />n";
echo "«<a href="index.php?s=$soo[id]" title='В сообщество'>В сообщество</a><br />n";
echo "</div>n";
include_once '../foot.php';
}
elseif (isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."'"),0)==1
&& isset($_GET['id_forum']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forums` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."'"),0)==1)
{
$soo=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '".intval($_GET['s'])."' LIMIT 1"));
$forum=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_forums` WHERE `id` = '".intval($_GET['id_forum'])."' AND `id_soo` = '".intval($_GET['s'])."' LIMIT 1"));
if (isset($u) && isset($_GET['act']) && check($_GET['act'])=='new' && (mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 && (!isset($_SESSION['time_c_t_forum']) || $_SESSION['time_c_t_forum']<$time-600)))
include 'inc/new_t.php'; // создание новой темы
else
{
$set['title']=$soo['name'].' - Форум - '.$forum['name']; // заголовок страницы
include_once '../head.php';
$u_s = mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_users` WHERE `id_soo`='$soo[id]' AND `id_user`='$u[id]' LIMIT 1"));
if (isset($u) && $u_s['level']>'1')include 'inc/set_razdel_act.php';
if($soo['konf_soo']==0 || isset($u) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 || $u['admin']>0)
{
if (isset($u) && (mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 && (!isset($_SESSION['time_c_t_forum']) || $_SESSION['time_c_t_forum']<time()-600)))
echo "<div class='cred'><a href="?s=$soo[id]&id_forum=$forum[id]&act=new" title='Создать новую тему'><img src='img/add.png' alt='' class='icon'/>Новая тема</a><br /></div>n";
include 'inc/razdel.php';
}
else
{
echo'Вы не можете просматривать форумы данного сообщества<br/>';
}
if (isset($u) && $u_s['level']>'1')include 'inc/set_razdel_form.php';
echo "<div class="nav">n";
echo "<img src='/style/img/l.gif' alt='' class='icon'/><a href="forum.php?s=$soo[id]">Форум</a><br />n";
echo "<img src='/style/img/l.gif' alt='' class='icon'/><a href="index.php?s=$soo[id]">В сообщество</a><br />n";
echo "</div>n";
}
include_once '../foot.php';
}
else
{
if (isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."'"),0)==1)
{
$soo=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '".intval($_GET['s'])."'"));
$set['title']=$soo['name'].' - Форум'; // заголовок страницы
include_once '../head.php';
$u_s = mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_users` WHERE `id_soo`='$soo[id]' AND `id_user`='$u[id]' LIMIT 1"));
if (isset($u) && $u_s['level']>'1' && isset($_GET['act']) && isset($_GET['ok']) && check($_GET['act'])=='new' && isset($_POST['name']) && isset($_POST['opis']))
{
$name=check(htmlspecialchars($_POST['name'], ENT_QUOTES));
$opis=check(htmlspecialchars($_POST['opis'], ENT_QUOTES));
mysql_query("INSERT INTO `soo_forums` (`desc`, `name`, `id_soo`) values('$opis', '$name', '$soo[id]')");
ok('Форум успешно создан');
}
if($soo['konf_soo']==0 || isset($u) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 || isset($u) && $u['id']==$soo['admid'] || isset($u) && $u['level']>0)
{
echo "<div class='cred'>";
echo "<a href='new_t.php?s=$soo[id]'>Новые темы</a>/";
echo "<a href='new_p.php?s=$soo[id]'>Новые сообщения</a>";
echo "</div>";
$q=mysql_query("SELECT * FROM `soo_forums` WHERE `id_soo`='$soo[id]'");
if (mysql_num_rows($q)==0) {
echo "Форумов нет<br />n";
}
while ($forum = mysql_fetch_assoc($q))
{
if(@$num==1){
echo "<div class='nav'>";
$num=0;
}else{
echo "<div class='div'>";
$num=1;}
echo "<img src='img/forum/razdel.png' alt='' class='icon'/> <a href='?s=$soo[id]&id_forum=$forum[id]'>$forum[name] (".mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forum_thems` WHERE `id_forum` = '$forum[id]' AND `id_soo`='$soo[id]'"),0).")</a><br />n";
if ($forum['desc']!=NULL)echo ''.smile(links(bb_code($forum['desc']))).'</br>';
echo "</div>n";
}
}
else
{
echo'Вы не можете просматривать форум данного сообщества<br/>';
}
$u_s = mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_users` WHERE `id_soo`='$soo[id]' AND `id_user`='$u[id]' LIMIT 1"));
if (isset($u) && $u_s['level']>'1' && (isset($_GET['act']) && check($_GET['act'])=='new' || mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forums` WHERE `id_soo`='$soo[id]'"),0)==0))
{
echo "<form method="post" action="?s=$soo[id]&act=new&ok">n";
echo "Название подфорума:<br />n";
echo "<input name="name" type="text" maxlength='32' value='' /><br />n";
echo "Описание:<br />n";
echo "<textarea name="opis"></textarea><br />n";
echo "<input value="Создать" type="submit" /><br />n";
echo "«<a href="forum.php?s=$soo[id]">Отмена</a><br />n";
echo "</form>n";
}
if (isset($u) && $u_s['level']>'1' && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_forums` WHERE `id_soo`='$soo[id]'"),0)>0){
echo "<div class="div">n";
echo "<img src='/style/img/p.gif' alt='' class='icon'/><a href="forum.php?s=$soo[id]&act=new">Новый подфорум</a><br />n";
echo "</div>n";
}
echo "<div class="div">n";
echo "<img src='/style/img/l.gif' alt='' class='icon'/><a href='index.php?s=$soo[id]'>В сообщество</a><br />n";
echo "</div>n";
}
elseif(!isset($_GET['s']) || isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."'"),0)==0)
{
header('Location:index.php');
}
}
include_once '../foot.php';
?>