Файл: vxas.ru/anketa/ava/reply.php
Строк: 74
<?
include_once '../../sys/inc/start.php';
include_once '../../sys/inc/compress.php';
include_once '../../sys/inc/sess.php';
include_once '../../sys/inc/home.php';
include_once '../../sys/inc/settings.php';
include_once '../../sys/inc/db_connect.php';
include_once '../../sys/inc/ipua.php';
include_once '../../sys/inc/fnc.php';
include_once '../../sys/inc/user.php';
$set['title']='Ответ на сообщение';
include_once '../../sys/inc/thead.php';
title();
if (isset($_GET['ok']))
{
$id_razd=(int)abs((int)$_GET['ok']);
$post=mysql_fetch_array(mysql_query("SELECT * FROM `avkom` WHERE `id`='".mysql_real_escape_string($id_razd)."' LIMIT 1"));
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`='".mysql_real_escape_string($post[id_user])."' LIMIT 1"));
$g_adm=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`='".mysql_real_escape_string($post[id_user_adm])."' LIMIT 1"));
$reply=htmlspecialchars($_POST['reply']);
$reply=mysql_escape_string($reply);
if (isset($user) && $user['id']!=$ank['id']){
$msg2="[url=/?id$user[id]]$user[nick][/url] ответил на ваше сообщение [url=/anketa/ava/?id=$g_adm[id]]к аватару[/url]";
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '".mysql_real_escape_string($ank[id])."', '".mysql_real_escape_string($msg2)."', '".mysql_real_escape_string($time)."')");
}
mysql_query("UPDATE `avkom` SET `reply` = '".mysql_real_escape_string($reply)."' WHERE `id` = '".mysql_real_escape_string($post[id])."' LIMIT 1");
header("Location: index.php?id=$post[id_user_adm]");
exit;
}
$id_razd=(int)abs((int)$_GET['id']);
$post = mysql_fetch_array(mysql_query("SELECT * FROM `avkom` WHERE `id`='".mysql_real_escape_string($id_razd)."' LIMIT 1"));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id`='".mysql_real_escape_string($post[id_user])."' LIMIT 1"));
echo "<div class='textmes'>";
echo '<form method="post" action="reply.php?ok='.htmlspecialchars($id_razd).'">';
echo 'Сообщение: <a href="/smiles/index.php">Смайлы</a><br/><textarea name="reply">'.htmlspecialchars($ank['nick']).', </textarea><br/>';
echo '<input type="submit" value="Ответить"/>';
echo '</form>';
echo "</div>n";
echo "<div class='niz1'>";
echo "<img src='/images/Back.gif'> <a href='index.php?id=$post[id_user_adm]'>Моя гостевая книга</a><br />n";
echo "</div>n";
include_once '../../sys/inc/tfoot.php';
?>