Файл: vkollektive2014/soo/news.php
Строк: 77
<?
include_once '../connect.php';
include_once '../core/panel.php';
include_once '../core/bb_code.php';
if(isset($_GET['s']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo` WHERE `id` = '".intval($_GET['s'])."' LIMIT 1"),0)==1)
{
$s=intval($_GET['s']);
$soo=mysql_fetch_assoc(mysql_query("SELECT * FROM `soo` WHERE `id` = '$s' LIMIT 1"));
include_once 'inc/ban.php';
$title=$title.'/'.$soo['name'].' - Новости'; // заголовок страницы
include_once '../head.php';
$u_s = mysql_fetch_assoc(mysql_query("SELECT * FROM `soo_users` WHERE `id_soo`='$soo[id]' AND `id_user`='$u[id]' LIMIT 1"));
if($soo['konf_soo']==0 || isset($u) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_users` WHERE `id_soo` = '$soo[id]' AND `id_user`='$u[id]' AND `invit`='0' AND `activate`='0' LIMIT 1"),0)==1 || isset($u) && $u['id']==$soo['admid'] || isset($u) && $u['admin']>0)
{
if(isset($u) && $u_s['level']>'2')
{
if(isset($_GET['del']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_news` WHERE `id` = '".intval($_GET['del'])."' AND `id_soo`='$soo[id]' LIMIT 1"),0)==1)
{
mysql_query("DELETE FROM `soo_news` WHERE `id`='".intval($_GET['del'])."' LIMIT 1");
ok('Новость успешно удалена');
}
if(isset($_POST['name']) && isset($_POST['mess']))
{
$name=check(htmlspecialchars($_POST['name'], ENT_QUOTES));
$mess = check(htmlspecialchars($_POST['mess'], ENT_QUOTES));
if($_POST['name'] && $_POST['mess']){
$time=time()-7200;
mysql_query("INSERT INTO `soo_news` (`id_soo`, `name`, `mess`, `time`) values ('$soo[id]', '$name', '$mess', '$time')");
if($soo['konf_news']==1)
{
$news_us=mysql_query("SELECT * FROM `soo_users` WHERE `id_soo`='$soo[id]' AND `activate`='0' AND `invit`='0'");
while ($new = mysql_fetch_array($news_us))
{
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values ('0', '$new[id_user]', '$name
$mess
---
Новость сообщества [url=/soo/$soo[id]]$soo[name][/url]', '$time')");
}
}
ok('Новость успешно добавлена');
}
}
if(isset($_GET['add']))
{
echo'<form method="post" action="?s='.$soo['id'].'">';
echo'Заголовок<br/>';
echo'<input type="text" name="name"><br/>';
echo'Сообщение<br/>';
echo'<textarea name="mess"></textarea><br/>';
echo'<input type="submit" value="Добавить"></form><br/>';
}
else
{
echo'<div class="cred"><a href="?s='.$soo['id'].'&add"><b>+</b>Добавить новость</a><br/></div>';
}
}
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `soo_news` WHERE `id_soo`='$soo[id]'"),0);
$total = intval(($k_post - 1) / 10) + 1;
$page = intval(@$_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
echo '<class="zona">';
if ($k_post==0)
{
echo 'Новостей пока нет';
}
$q=mysql_query("SELECT * FROM `soo_news` WHERE `id_soo`='$soo[id]'");
while ($news = mysql_fetch_assoc($q))
{
if(@$num==1){
echo "<div class='div'>";
$num=0;
}else{
echo "<div class='div'>";
$num=1;}
echo '<tr>';
echo '<td class="icon14">';
echo '<img src="/style/img/news.png" alt="" />';
echo '</td>';
echo ''.$news['name'].' ('.vremya($news['time']).')</br>';
if(isset($u) && $u['id']==$soo['admid'])echo' [<a href="?s='.$soo['id'].'&del='.$news['id'].'">x</a>]<br/>';
echo '</td>';
echo '</tr>';
echo '<tr>';
echo ''.smile(links(bb_code($news['mess']))).'</div>';
echo '</td>';
echo '</tr>';
echo "</div>";
}
if($page>1)navigation($page, $total,'?s='.$soo['id'].'&'); // Вывод страниц
echo'<div class="zona"><img src="/style/img/l.gif" alt="" class="icon"/><a href="index.php?s='.$soo['id'].'">В сообщество</a><br/></div>';
}
else
{
echo'Вам недоступен просмотр новостей данного сообщества';
}
}
else
{
header("Location:index.php");
}
include_once '../foot.php';
?>