Файл: diary/add.php
Строк: 175
<?php
$id = abs(intval($_GET['id']));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$id' LIMIT 1"));
if ($user['id'] == $ank['id']) {
if (isset($_GET['ok']) && isset($_POST['text'])) {
$name = $_POST['name'];
if (utf8_strlen($name) > 60) {
echo "<div class = 'err'>Название слишком длинное</div>";
}
$name = mysql_real_escape_string($name);
$poll = $_POST['poll'];
$text = $_POST['text'];
if (utf8_strlen($text) > 100000) {
echo "<div class = 'err'>Текст слишком длинный</div>";
}
if ($text == NULL) {
echo "<div class = 'err'>Текст слишком короткий</div>";
}
$text = mysql_real_escape_string($text);
$tags = $_POST['tags'];
$tags = mysql_real_escape_string($tags);
$type = mysql_real_escape_string($_POST['type']);
$o18 = intval($_POST['+18']);
$no_komm = $_POST['no_komm'];
$tagss = explode(',', $tags);
if (count($tagss) > 10) {
echo "<div class = 'err'>Не больше десяти меток!</div>";
}
if ($poll == '1') {
$poll_text = $_POST['poll_text'];
$result1 = $_POST['result1'];
if (utf8_strlen($result1) < 1) {
echo "<div class = 'err'>1 вариант обязателен для заполнения</div>";
}
$result1 = mysql_real_escape_string($result1);
$result2 = $_POST['result2'];
if (utf8_strlen($result2) < 1) {
echo "<div class = 'err'>2 вариант обязателен для заполнения</div>";
}
$result2 = mysql_real_escape_string($result2);
$result3 = $_POST['result3'];
$result3 = mysql_real_escape_string($result3);
$result4 = $_POST['result4'];
$result4 = mysql_real_escape_string($result4);
$result5 = $_POST['result5'];
$result5 = mysql_real_escape_string($result5);
$result6 = $_POST['result6'];
$result6 = mysql_real_escape_string($result6);
$result7 = $_POST['result7'];
$result7 = mysql_real_escape_string($result7);
$result8 = $_POST['result8'];
$result8 = mysql_real_escape_string($result8);
$result9 = $_POST['result9'];
$result9 = mysql_real_escape_string($result9);
$result10 = $_POST['result10'];
$result10 = mysql_real_escape_string($result10);
if (utf8_strlen($poll_text) < 1) {
echo "<div class = 'err'>Введите текст</div>";
}
if (utf8_strlen($text) > 1024) {
echo "<div class = 'err'>Текст слишком длинный</div>";
}
$poll_text = mysql_real_escape_string($poll_text);
$poll_time = $time + $_POST['poll_time'];
}
$pass = $_POST['pass'];
if (!isset($err)) {
for ($i = 0; $i < count($tagss); $i++) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `diary_tags` WHERE `name` = '" . mysql_real_escape_string($tagss[$i]) . "' AND `id_user` = '$user[id]' LIMIT 1"), 0) == 0) {
mysql_query("INSERT INTO `diary_tags` (`id_user`, `name`) values ('$user[id]', '" . mysql_real_escape_string($tagss[$i]) . "')");
}
}
if ($poll == '1') {
mysql_query("INSERT INTO `diary` (`id_user`, `name`, `text`, `time`, `tags`, `type`, `poll`, ` 18`, `no_komm`, `poll_text`, `poll_time`, `pass`) values ('$user[id]', '$name', '$text', '$time', '$tags', '$type', '1', '$o18', '".mysql_real_escape_string($no_komm)."', '$poll_text', '$poll_time', '$pass')");
} else {
mysql_query("INSERT INTO `diary` (`id_user`, `name`, `text`, `time`, `tags`, `type`, `poll`, `+18`, `no_komm`, `pass`) values ('$user[id]', '$name', '$text', '$time', '$tags', '$type', '0', '$o18', '" . intval($no_komm) . "', '$pass')");
}
$diary = mysql_insert_id();
if ($poll == '1') {
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result1', '1')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result2', '2')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result3', '3')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result4', '4')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result5', '5')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result6', '6')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result7', '7')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result8', '8')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result9', '9')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result10', '10')");
}
$q = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `lenta_diary` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q)) {
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[friends]' LIMIT 1"));
$msg_lenta = "[url=/diary/?id=$user[id]&diary=$diary]" . $name . "[/url]";
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$a[id]', '$msg_lenta', '$time')");
}
header("Location:?id=$ank[id]&diary=$diary");
}
}
echo "<form method='post' class = 'foot' name = 'add' action='?id=$ank[id]&add_new_diary&ok'>n";
echo "Название (60 знаков)<br/>";
echo "<input type='text' name='name' value='' /><br/>n";
echo "Текст (100000 знаков)<br/>";
echo text::auto_bb('add', 'text');
echo L . "<textarea name='text'></textarea><br/>n";
echo "Метки (не больше 10-ти)<br/>";
echo "<input type='text' name='tags' value='' /><br/>n";
echo "<label><input type="checkbox" name="+18" value="1" /> Только для взрослых</label><br />";
echo "<label><input type="checkbox" name="no_komm" value="1" /> Запретить добавлять комментарии</label><br />n";
echo "<br />Давать доступ:<br />";
echo "<label><input type='radio' name='type' value='all' checked = 'checked'/><img src = '/style/icons/globe-small.png'/>Всем</label><br/>n";
echo "<label><input type='radio' name='type' value='only_me'/><img src = '/style/icons/lock-small.png' />Только мне</label> <br/>n";
echo "<label><input type='radio' name='type' value='friends'/><img src='/style/icons/user-small.png' />Только друзьям</label><br/>n";
echo "<label><input type='radio' name='type' value='pass'/><img src='/style/icons/bullet_key.png' />Только по паролю ";
echo "<input name='pass' size='16' maxlength='16' type='text' value=''/></label><br/>n";
echo "<label><input type='radio' name='type' value='list'/><img src='/style/icons/bullet_textfield.png' />Обитателям из <a href='?dl'>списка доступа</a></label><br/>n";
echo "<label><input type="checkbox" name="poll" value="1" /> Прикрепить опрос</label><br />";
echo "<textarea name='poll_text'></textarea><br />";
echo "Варианты ответов:<br />n";
echo "<input type='text' name='result1' value='' />*<br />n";
echo "<input type='text' name='result2' value='' />*<br />n";
echo "<input type='text' name='result3' value='' /><br />n";
echo "<input type='text' name='result4' value='' /><br />n";
echo "<input type='text' name='result5' value='' /><br />n";
echo "<input type='text' name='result6' value='' /><br />n";
echo "<input type='text' name='result7' value='' /><br />n";
echo "<input type='text' name='result8' value='' /><br />n";
echo "<input type='text' name='result9' value='' /><br />n";
echo "<input type='text' name='result10' value='' /><br />n";
echo "Дата окончания через: <br />";
echo "<select name='poll_time'>n";
echo "<option value='145152000' selected='selected'>Бессрочное</option><option value='86400'>1 День</option><option value='259200'>3 Дня</option><option value='604800'>1 Неделю</option><option value='2419200'>1 Месяц</option><option value='2419200'>3 Месяца</option></select>n";
echo "<br /><button class = 'btn'>";
echo "<img src = '/style/icons/add.png' /> Добавить";
echo "</button></form>";
}