Файл: user/wall/index.php
Строк: 311
<?php
if (isset($_GET['id']) && $_GET['id'] != NULL) {
$ank = get_user(intval($_GET['id']));
} elseif (isset($user)) {
$ank = get_user($user['id']);
}
if (!$ank) {
echo "<div class='err'>Пользователь не найден!</div>";
}
if (isset($_GET['set']) && $ank['id'] == $user['id'] && isset($user)) {
if (isset($_POST['save']) && $_POST['mdp'] == md5($user['pass'])) {
if (in_array($_POST['access'], array('all', 'only_me', 'friends', 'pass', 'auth'))) {
$access = $_POST['access'];
} else {
$access = 'all';
}
$pass = NULL;
if ($access == 'pass') {
if (utf8_strlen($_POST['password']) < 1) {
$err[] = 'Введите пароль!';
}
if (utf8_strlen($_POST['password']) > 20) {
$err[] = 'Пароль слишком длинный! (max. 20)';
}
$pass = $_POST['password'];
}
if (!isset($err)) {
mysql_query("UPDATE `user` SET `wall_access` = '$access', `wall_password` = '".mysql_real_escape_string($pass)."' WHERE `id` = '$ank[id]'");
}
if (in_array($_POST['komm'], array('all', 'only_me', 'friends'))) {
$komm = $_POST['komm'];
} else {
$komm = 'all';
}
mysql_query("UPDATE `user` SET `wall_komm` = '$komm' WHERE `id` = '$ank[id]'");
if (!isset($err)) {
$ank['wall_password'] = $pass;
$ank['wall_access'] = $access;
$ank['wall_komm'] = $komm;
msg("Настройки успешно сохранены");
}
}
err();
echo "<form method = 'post' class = 'foot' action = ''>";
echo "<b>Кто видет записи стены?</b><br />";
echo "<input type = 'radio' name = 'access' value = 'all' " . ($ank['wall_access'] == 'all' ? " checked = 'checked'" : NULL) . "/>";
echo "<label><img src = '/style/icons/globe-small.png'/>Все</label><br/>";
echo "<input type = 'radio' name = 'access' value = 'only_me' " . ($ank['wall_access'] == 'only_me' ? " checked='checked'" : NULL) . "/>";
echo "<label><img src = '/style/icons/lock-small.png' />Только я</label><br/>";
echo "<input type='radio' name='access' value='friends' " . ($ank['wall_access'] == 'friends' ? " checked='checked'" : NULL) . "/>";
echo "<label><img src='/style/icons/user-small.png' />Мои друзья</label><br/>";
echo "<input type='radio' name='access' value='auth' " . ($ank['wall_access'] == 'auth' ? " checked='checked'" : NULL) . "/>";
echo "<label><img src='/style/icons/user-small.png' />Только авторизированные</label><br/>";
echo "<input type='radio' name='access' value='pass' " . ($ank['wall_access'] == 'pass' ? " checked='checked'" : NULL) . " />";
echo "<label><img src='/style/icons/bullet_key.png' />Через пароль:</label><br/>";
echo "Пароль:<br /><input name='password' size='16' maxlength='16' type='text' value='" . ($ank['wall_access'] == 'pass' ? $ank['wall_password'] : null) . "' /><br/>";
echo "<b>Кто может комментировать записи?</b><br />";
echo "<input type = 'radio' name = 'komm' value = 'all' " . ($ank['wall_komm'] == 'all' ? " checked = 'checked'" : NULL) . "/>";
echo "<label><img src = '/style/icons/globe-small.png'/>Все</label><br/>";
echo "<input type = 'radio' name = 'komm' value = 'only_me' " . ($ank['wall_komm'] == 'only_me' ? " checked = 'checked'" : NULL) . "/>";
echo "<label><img src = '/style/icons/lock-small.png'/>Только я</label><br/>";
echo "<input type = 'radio' name = 'komm' value = 'friends' " . ($ank['wall_komm'] == 'friends' ? " checked = 'checked'" : NULL) . "/>";
echo "<label><img src = '/style/icons/user-small.png'/>Мои друзья</label><br/>";
echo "<div class = 'button_blue'>";
echo "<button name='save'>Сохранить</button>";
echo "</div>";
echo "<input type='hidden' name='mdp' value='" . md5($user['pass']) . "'/></form>";
echo "<a href='?id=$ank[id]'><div class='razd'><img src='/style/icons/left.png' /> Назад</div></a>";
exit;
}
if (isset($_POST['password'])) {
setcookie("passgb[$ank[id]]", $_POST['password']);
if (isset($_POST['password']) && $_POST['password'] == $ank['wall_password']) {
header("Location:?id=$ank[id]&enter=ok");
}
}
if ($ank['wall_access'] == 'only_me') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] >= 7) {
} else {
echo "<div class='err'>";
echo "Доступ к записям на стене закрыт!";
echo "</div></div>";
require_once 'sys/inc/tfoot.php';
exit;
}
} elseif ($ank['wall_access'] == 'friends') {
if ($ank['id'] == $user['id'] && isset($user) || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `friends` WHERE (`user` = '$user[id]' AND `friends` = '$ank[id]') OR (`user` = '$ank[id]' AND `friends` = '$user[id]')"), 0) != 0) {
} else {
echo "<div class='err'>";
echo "Доступ к записям на стене открыт только друзьям автора!";
echo "</div></div>";
require_once 'sys/inc/tfoot.php';
exit;
}
} elseif ($ank['wall_access'] == 'pass') {
if (isset($_COOKIE['passgb'][$ank['id']]) && $_COOKIE['passgb'][$ank['id']] == $ank['wall_password'] || $ank['id'] == $user['id'] && isset($user) || $user['group_access'] >= 7) {
} else {
echo "<div class='err'>";
if (isset($_POST['password']) && $_POST['password'] != $ank['wall_password']) {
echo "<b>Попробуйте еще раз!</b><br/>";
}
echo "Доступ открыт только по паролю!<br /> Чтобы просматривать записи стены, введите пароль:";
echo "</div>";
echo "<form action='' class = 'blok' method="post">";
echo "Пароль<br />";
echo "<input type="text" name="password" /><br />";
echo "<div class = 'button_blue'>";
echo "<button name='go'>Войти</button>";
echo "</div></form></div>";
require_once 'sys/inc/tfoot.php';
exit;
}
} elseif ($ank['wall_access'] == 'auth') {
if (isset($user)) {
} else {
echo "<div class='err'>";
echo "Доступ в гостевую открыт только авторизированным пользователям!</div>";
require_once '../../sys/inc/tfoot.php';
exit;
}
}
if (isset($_GET['clean']) && isset($user) && ($user['group_access'] >= 7 || $user['id'] == $ank['id'])) {
if (isset($_GET['all'])) {
if (isset($_GET['ok'])) {
mysql_query("DELETE FROM `wall` WHERE `id_wall` = '$ank[id]'");
msg("Гостевая успешно очищена");
} else {
echo "<div class='err'>Очистить стену от записей?<br/><a href='?id=$ank[id]&clean&all&ok'>Да</a> | <a href='?id=$ank[id]'>Нет</a></div>";
require_once '../../sys/inc/tfoot.php';
exit;
}
} else {
if (isset($_GET['ok'])) {
$ch = intval($_POST['ch']);
$mn = intval($_POST['mn']);
$nt = $ch * $mn * 3600;
$nt = $time - $nt;
mysql_query("DELETE FROM `wall` WHERE `time` < '$nt'");
msg("Записи успешно очищены");
} else {
echo "<a href='?id=$ank[id]&clean&all'><div class = 'foot'><img src='/style/icons/bin_black.png' /> Очистить гостевую полностью</div></a>";
echo "<form method='post' class = 'foot' action='?id=$ank[id]&clean&ok'>";
echo "Будут удалены посты, написанные ... тому назад:<br />";
echo '<input type="text" name="ch" size="3" value="1" />';
echo '<select name="mn">';
echo '<option value="1" selected="selected">Часов</option>';
echo '<option value="24">Дней</option>';
echo '<option value="168">Недель</option>';
echo '<option value="744">Месяцев</option>';
echo '</select><br />';
echo "<div class = 'button_blue'>";
echo "<button>Очистить</button>";
echo "</div></form>";
echo "<a href='?id=$ank[id]'><div class='foot'><img src='/style/icons/left.png' /> Назад</div></a>";
exit;
}
}
}
if (isset($_POST['msg']) && isset($user) && ($ank['wall_komm'] == 'all' || $ank['wall_komm'] == 'only_me' && ($user['id'] == $ank['id'] || $user['group_access'] >= 7) || $ank['wall_komm'] == 'friends' && ($ank['id'] == $user['id'] || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '$user[id]' AND `frend` = '$ank[id]') OR (`user` = '$ank[id]' AND `frend` = '$user[id]')"), 0) != 0))) {
$msg = $_POST['msg'];
if (utf8_strlen($msg) > 10024) {
$err = 'Сообщение слишком длинное';
}
if (utf8_strlen($msg) < 1) {
$err = 'Короткое сообщение';
}
if (!isset($err)) {
if ($user['sex'] == 1) {
$sex = 'оставил';
} else {
$sex = 'оставила';
}
$tape = "[url=/info.php?id=" . $user['id'] . "]" . $user['nick'] . "[/url] " . $sex . " комментарий в вашей [url=/user/wall/?id=" . $ank['id'] . "]гостевой книге[/url]";
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`) values('" . $user['id'] . "', '$ank[id]', '$tape', '$time')");
$msg = mysql_escape_string($msg);
mysql_query("INSERT INTO `wall` (id_user,id_wall, time, msg) values('$user[id]', '$ank[id]', '$time', '$msg')");
mysql_query("UPDATE `user` SET `money` = '" . ($user['money'] + 3) . "' WHERE `id` = '$user[id]' LIMIT 1");
mysql_query("UPDATE `user` SET `activity` = '" . ($user['activity'] + 0.03) . "' WHERE `id` = '$user[id]' LIMIT 1");
$q3 = NULL;
$qq = mysql_query("SELECT * FROM `wall` WHERE `id_wall` = '$ank[id]'");
while ($ppost = mysql_fetch_array($qq)) {
$a = get_user($ppost['id_user']);
if ($a) {
$array = explode(";", $q3);
foreach ($array as $key => $value) {
if ($value == $a['id']) {
$g = 1;
}
}if (!isset($g)) {
$q3 = "" . ($q3 != NULL ? "$q3;" : null) . "$a[id]";
}if (isset($g)) {
unset($g);
}
}
}
$array = explode(";", $q3);
foreach ($array as $key => $value) {
$a = get_user($value);
if ($value != NULL && $a) {
if ($a['id'] != $ank['id'] && $a['id'] != $user['id']) {
if ($user['sex'] == 1) {
$sex = 'оставил';
} else {
$sex = 'оставила';
}
$tape = "[url=/info.php?id=" . $user['id'] . "]" . $user['nick'] . "[/url] " . $sex . " комментарий в [url=/user/wall/?id=" . $ank['id'] . "]этой гостевой книге[/url]";
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`) values('" . $user['id'] . "', '$a[id]', '$tape', '$time')");
}
}
}
}
header("Location:?id=$ank[id]");
} elseif (isset($_GET['hide']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `wall` WHERE `id` = '" . intval($_GET['hide']) . "' AND `hide` = '0' AND `id_wall` = '$ank[id]' LIMIT 1"), 0) != 0 && isset($user)) {
$komm = mysql_fetch_array(mysql_query("SELECT * FROM `wall` WHERE `id` = '" . intval($_GET['hide']) . "' AND `id_wall` = '$ank[id]' LIMIT 1"));
$ank2 = get_user($komm['id_user']);
if ($user['group_access'] >= 7) {
mysql_query("UPDATE `wall` SET `hide` = '1', `hide_user` = '$user[id]' WHERE `id` = '" . intval($_GET['hide']) . "' AND `id_wall` = '$ank[id]' LIMIT 1");
}
} elseif (isset($_GET['show']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `wall` WHERE `id` = '" . intval($_GET['show']) . "' AND `hide` = '1' AND `id_wall` = '$ank[id]' LIMIT 1"), 0) != 0 && isset($user)) {
$komm = mysql_fetch_array(mysql_query("SELECT * FROM `wall` WHERE `id` = '" . intval($_GET['show']) . "' AND `id_wall` = '$ank[id]' LIMIT 1"));
$ank2 = get_user($komm['id_user']);
if ($user['group_access'] >= 7) {
mysql_query("UPDATE `wall` SET `hide` = '0' WHERE `id` = '" . intval($_GET['show']) . "' AND `id_wall` = '$ank[id]' LIMIT 1");
}
}
err();
if ($ank['wall_komm'] == 'all' || $ank['wall_komm'] == 'only_me' && ($user['id'] == $ank['id'] || $user['group_access'] >= 7) || $ank['wall_komm'] == 'friends' && ($ank['id'] == $user['id'] || $user['group_access'] >= 7 || mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '$user[id]' AND `frend` = '$ank[id]') OR (`user` = '$ank[id]' AND `frend` = '$user[id]')"), 0) != 0)) {
echo "<form method='post' class = 'blok' action='?id=$ank[id]' name='message'>";
echo "Сообщение (10024 знаков)<br />";
echo "<textarea aria-required = 'true' aria-invalid = 'false' required = 'required' name="msg" rows='1' style='width:70%'></textarea><br />n";
echo "<div class = 'button_blue'>";
echo "<button>Опубликовать</button>";
echo "</div></form>";
} else {
echo "<div class = 'err'>Пользователь запретил оставлять записи на стене!</div>n";
}
if ($ank['id'] == $user['id'] && isset($user)) {
mysql_query("UPDATE `notification` SET `read` = '1' WHERE `id_kont` = '" . $user['id'] . "' AND `read` = '0'");
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `wall` WHERE `id_wall` = '$ank[id]'" . ($user['group_access'] < 7 ? " AND `hide` = '0'" : null) . ""), 0);
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
if ($k_post == 0) {
echo "<table class = 'blok'><tr><td class = 'null'>";
echo "<img src = '/style/icons/bullet_error.png' /> Нет записей";
echo "</td></tr></table>";
}
$q = mysql_query("SELECT * FROM `wall` WHERE `id_wall` = '$ank[id]'" . ($user['group_access'] < 7 ? " AND `hide` = '0'" : null) . " ORDER BY id DESC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q)) {
$ank2 = get_user($post['id_user']);
echo "<table class = '" . ($post['hide'] == 0 ? 'wall' : 'walls') . "'><tr><td class = 'icon14'>";
avatar("$ank2[id]", '30');
echo "</td><td class = 'null'>";
echo "<div class = 'right'><small><font color='grey'>" . vremja($post['time']) . "</font></small>";
if ($user['group_access'] >= 7) {
if ($post['hide'] == 0) {
echo " <a href='?id=$ank[id]&hide=$post[id]&page=$page' title = 'Скрыть'><img src='/style/icons/eye2.png' /></a>n";
} elseif ($post['hide'] == 1) {
echo " <a href='?id=$ank[id]&show=$post[id]&page=$page' title = 'Показать'><img src='/style/icons/eye1.png' /></a>n";
}
}
echo "</div><b>";
user($ank2['id']);
echo "</b><br />";
if ($post['hide'] == 1 && mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '" . intval($post['hide_user']) . "'"), 0) != 0) {
$hu = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '" . intval($post['hide_user']) . "'"));
echo "<font color='red'>Скрыл" . ($hu['sex'] == 0 ? 'a' : null) . " $hu[nick]</font><br/>";
}
echo output_text($post['msg']) . "<br/>n";
include H . '/user/wall/file.php';
echo "<div class = 'right'>";
$wall_like = mysql_result(mysql_query("SELECT COUNT(*) FROM `wall_like` WHERE `id_komm` = '$post[id]'"), 0);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `wall_like` WHERE `id_komm` = '$post[id]' AND `id_user` = '$user[id]' LIMIT 1"), 0) == 0) {
if ($wall_like == 0) {
} else {
echo "<a href = '/user/wall/like_all.php?id=$post[id]'><img src = '/style/icons/like1.png' /><small><font color = 'grey'>$wall_like</font></small></a>";
}
} else {
if ($wall_like == 0) {
} else {
echo "<a href = '/user/wall/like_all.php?id=$post[id]'><img src = '/style/icons/like1.png' /><small><font color = 'grey'>$wall_like</font></small></a>";
}
}
$cmn = mysql_result(mysql_query("SELECT COUNT(*) FROM `wall_comments` WHERE `id_wall` = '$post[id]'"), 0);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `wall_comments` WHERE `id_wall` = '$post[id]'"), 0) == 0) {
} else {
echo " <a href='/user/wall/comments.php?id=$post[id]'><img src='/style/icons/comment_white.png' /><small><font color = 'grey'>$cmn</font></small></a>n";
}
echo "</div>";
echo "<br /><small>";
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `wall_like` WHERE `id_komm` = '$post[id]' AND `id_user` = '$user[id]' LIMIT 1"), 0) == 0) {
if ($wall_like == 0) {
echo "<a href = '/user/wall/like.php?id=$post[id]&like'>Мне нравится</a> | ";
} else {
echo "<a href = '/user/wall/like.php?id=$post[id]&like'>Мне нравится</a> | ";
}
} else {
if ($wall_like == 0) {
echo "<a href = '/user/wall/like.php?id=$post[id]&unlike'><font color = 'grey'>Мне нравится</font></a> | ";
} else {
echo "<a href = '/user/wall/like.php?id=$post[id]&unlike'><font color = 'grey'>Мне нравится</font></a> | ";
}
}
echo "<a href='/user/wall/comments.php?id=$post[id]'>Комментировать</a></small><br />";
include '/user/wall/mini_form.php';
echo "</td></tr></table>";
}
if ($k_page > 1) {
str("?id=$ank[id]&", $k_page, $page);
}
if ($user['group_access'] >= 7 || $ank['id'] == $user['id'] && isset($user)) {
echo "<a href = '?id=$ank[id]&clean'><div class = 'razd'><img src = '/style/icons/bin_black.png' /> Очистить стену</div></a>";
echo "<a href = '?id=$ank[id]&set'><div class = 'razd'><img src = '/style/icons/sets.png' /> Настройки</div></a>";
}