Файл: forum/inc/set_them_act.php
Строк: 103
<?php
#Перемещение темы
if (isset($_GET['act']) && isset($_GET['ok']) && $_GET['act'] == 'mesto' && isset($_POST['razdel']) && is_numeric($_POST['razdel']) && (mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_r` WHERE `id` = '" . intval($_POST['razdel']) . "'"), 0) == 1 && user_access('forum_them_edit') || mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_r` WHERE `id` = '" . intval($_POST['razdel']) . "' WHERE `id_forum` = '$forum[id]'"), 0) == 1 && $ank2['id'] == $user['id'])) {
$razdel_new = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_r` WHERE `id` = '" . intval($_POST['razdel']) . "' LIMIT 1"));
mysql_query("UPDATE `forum_p` SET `id_forum` = '$razdel_new[id_forum]', `id_razdel` = '$razdel_new[id]' WHERE `id_forum` = '$forum[id]' AND `id_razdel` = '$razdel[id]' AND `id_them` = '$them[id]'");
mysql_query("UPDATE `forum_t` SET `id_forum` = '$razdel_new[id_forum]', `id_razdel` = '$razdel_new[id]' WHERE `id_forum` = '$forum[id]' AND `id_razdel` = '$razdel[id]' AND `id` = '$them[id]'");
$old_razdel = $razdel;
$forum = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_f` WHERE `id` = '$razdel_new[id_forum]' LIMIT 1"));
$razdel = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_r` WHERE `id` = '$razdel_new[id]' LIMIT 1"));
$them = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_t` WHERE `id_razdel` = '$razdel[id]' AND `id` = '$them[id]' LIMIT 1"));
$msgg = '[red]Тему перемести' . ($user['sex'] ? 'л' : 'ла') . ' ' . $user['group_name'] . ' ' . $user['nick'] . ' из раздела ' . $old_razdel['name'] . ' в раздел ' . $razdel['name'] . '[/red]';
mysql_query("INSERT INTO `forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `msg`, `time`) values('$forum[id]', '$razdel[id]', '$them[id]', '0', '" . mysql_real_escape_string($msgg) . "', '$time')");
if ($ank2['id'] != $user['id']) {
admin_log('Форум', 'Перемещение темы', "Перемещение темы '[url=/forum/$forum[id]/$razdel[id]/$them[id]/]$them[name][/url]' из раздела '[url=/forum/$forum[id]/$old_razdel[id]/]$old_razdel[name][/url]' в раздел '[url=/forum/$forum[id]/$old_razdel[id]/]$razdel[name][/url]'");
}
header("Location: /forum/$forum[id]/$razdel[id]/$them[id]/");
exit;
}
if ((user_access('forum_them_del') || $ank2['id'] == $user['id']) && isset($_GET['act']) && isset($_GET['ok']) && $_GET['act'] == 'delete') {
#Удаление файлов
$qf = mysql_query("SELECT * FROM `forum_p` WHERE `id_them` = '$them[id]'");
while ($postf = mysql_fetch_assoc($qf)) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_files` WHERE `id_post` = '$postf[id]'"), 0) > 0) {
$qS = mysql_query("SELECT * FROM `forum_files` WHERE `id_post` = '$postf[id]'");
while ($postS = mysql_fetch_assoc($qS)) {
mysql_query("DELETE FROM `forum_files` WHERE `id` = '$postS[id]'");
@unlink(H . 'sys/forum/files/' . $postS['id'] . '.frf');
}
}
}
#Удаление темы
mysql_query("DELETE FROM `forum_t` WHERE `id` = '$them[id]'");
mysql_query("DELETE FROM `forum_p` WHERE `id_them` = '$them[id]'");
if ($ank2['id'] != $user['id']) {
admin_log('Форум', 'Удаление темы', "Удаление темы '$them[name]' (автор '[url=/info.php?id=$ank2[id]]$ank2[nick][/url]')");
}
header("Location: /forum/$forum[id]/$razdel[id]/$them[id]/");
exit;
}
if (isset($_GET['act']) && isset($_GET['ok']) && $_GET['act'] == 'set' && isset($_POST['name']) && (user_access('forum_them_edit') || $ank2['id'] == $user['id'])) {
$name = $_POST['name'];
$msg = $_POST['msg'];
if (utf8_strlen($name) < 3) {
$err = 'Слишком короткое название';
}
if (utf8_strlen($name) > 32) {
$err = 'Слишком длинное название';
}
$name = mysql_real_escape_string($_POST['name']);
$msg = mysql_real_escape_string($_POST['msg']);
if ($user['level'] > 0) {
if (isset($_POST['up']) && $_POST['up'] == 1) {
if ($ank2['id'] != $user['id']) {
admin_log('Форум', 'Параметры темы', "Закрепление темы '[url=/forum/$forum[id]/$razdel[id]/$them[id]/]$them[name][/url]' (автор '[url=/info.php?id=$ank2[id]]$ank2[nick][/url]', раздел '$razdel[name]')");
}
$up = 1;
$msgg = '[red]Тему закрепи' . ($user['sex'] ? 'л' : 'ла') . ' ' . $user['group_name'] . ' ' . $user['nick'] . '[/red]';
mysql_query("INSERT INTO `forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `msg`, `time`) values('$forum[id]', '$razdel[id]', '$them[id]', '0', '" . mysql_real_escape_string($msgg) . "', '$time')");
} else {
$up = 0;
}
$add_q = " `up` = '$up',";
} else {
$add_q = NULL;
}
if (isset($_POST['close']) && $_POST['close'] == 1 && $them['close'] == 0) {
$close = 1;
if ($ank2['id'] != $user['id']) {
admin_log('Форум', 'Параметры темы', "Закрытие темы '[url=/forum/$forum[id]/$razdel[id]/$them[id]]$them[name][/url]' (автор '[url=/info.php?id=$ank2[id]]$ank2[nick][/url]')");
}
$msgg = '[red]Тему закры' . ($user['sex'] ? 'л' : 'ла') . ' ' . $user['group_name'] . ' ' . $user['nick'] . '[/red]';
mysql_query("INSERT INTO `forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `msg`, `time`) values('$forum[id]', '$razdel[id]', '$them[id]', '0', '" . mysql_real_escape_string($msgg) . "', '$time')");
} elseif ($them['close'] == 1 && (!isset($_POST['close']) || $_POST['close'] == 0)) {
$close = 0;
if ($ank2['id'] != $user['id']) {
admin_log('Форум', 'Параметры темы', "Открытие темы '[url=/forum/$forum[id]/$razdel[id]/$them[id]]$them[name][/url]' (автор '[url=/info.php?id=$ank2[id]]$ank2[nick][/url]')");
}
$msgg = '[red]Тему откры' . ($user['sex'] ? 'л' : 'ла') . ' ' . $user['group_name'] . ' ' . $user['nick'] . '[/red]';
mysql_query("INSERT INTO `forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `msg`, `time`) values('$forum[id]', '$razdel[id]', '$them[id]', '0', '" . mysql_real_escape_string($msgg) . "', '$time')");
} else {
$close = $them['close'];
}
if (isset($_POST['autor']) && $_POST['autor'] == 1) {
$autor = $user['id'];
} else {
$autor = $ank2['id'];
}
if (!isset($err)) {
mysql_query("UPDATE `forum_t` SET `name` = '$name', `id_user` = '$autor',$add_q `close` = '$close' WHERE `id` = '$them[id]' LIMIT 1");
$them = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_t` WHERE `id` = '$them[id]' LIMIT 1"));
$ank2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$them[id_user]' LIMIT 1"));
header("Location: /forum/$forum[id]/$razdel[id]/$them[id]/");
exit;
}
}
if ((user_access('forum_post_ed') || isset($user) && $ank2['id'] == $user['id']) && isset($_GET['act']) && $_GET['act'] == 'post_delete' && isset($_GET['ok'])) {
foreach ($_POST as $key => $value) {
if (preg_match('#^post_([0-9]*)$#', $key, $postnum) && $value = '1') {
$delpost[] = $postnum[1];
}
}
if (isset($delpost) && is_array($delpost)) {
mysql_query("DELETE FROM `forum_p` WHERE `id_them` = '$them[id]' AND (`id` = '" . implode("'" . ' OR `id` = ' . "'", $delpost) . "') LIMIT " . count($delpost));
if ($ank2['id'] != $user['id']) {
admin_log('Форум', 'Очистка темы', "Очистка темы '[url=/forum/$forum[id]/$razdel[id]/$them[id]/]$them[name][/url]' (автор '[url=/info.php?id=$ank2[id]]$ank2[nick][/url]', удалено '" . count($delpost) . "' постов)");
}
$msgg = '[red]Тему почисти' . ($user['sex'] ? 'л' : 'ла') . ' ' . $user['group_name'] . ' ' . $user['nick'] . '[/red]';
mysql_query("INSERT INTO `forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `msg`, `time`) values('$forum[id]', '$razdel[id]', '$them[id]', '0', '" . mysql_real_escape_string($msgg) . "', '$time')");
header("Location: /forum/$forum[id]/$razdel[id]/$them[id]/");
exit;
}
}
if (isset($_GET['act']) && $_GET['act'] == 'post_delete' && (user_access('forum_post_ed') || isset($user) && $ank2['id'] == $user['id'])) {
echo "<form name = 'name' method = 'POST' action = '/forum/$forum[id]/$razdel[id]/$them[id]/?act=post_delete&ok'>";
}