Файл: diary/add.php
Строк: 152
<?php
$id = abs(intval($_GET['id']));
$ank = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$id' LIMIT 1"));
if ($user['id'] == $ank['id']) {
if (isset($_GET['ok']) && isset($_POST['text'])) {
$name = $_POST['name'];
if (utf8_strlen($name) > 60) {
echo "<div class = 'err'>Название слишком длинное</div>";
}
$name = mysql_real_escape_string($name);
$poll = $_POST['poll'];
$text = $_POST['text'];
if (utf8_strlen($text) > 100000) {
echo "<div class = 'err'>Текст слишком длинный</div>";
}
if ($text == NULL) {
echo "<div class = 'err'>Текст слишком короткий</div>";
}
$text = mysql_real_escape_string($text);
$tags = $_POST['tags'];
$tags = mysql_real_escape_string($tags);
$type = mysql_real_escape_string($_POST['type']);
$o18 = intval($_POST['+18']);
$no_komm = $_POST['no_komm'];
$tagss = explode(',', $tags);
if (count($tagss) > 10) {
echo "<div class = 'err'>Не больше десяти меток!</div>";
}
if ($poll == '1') {
$poll_text = $_POST['poll_text'];
$result1 = $_POST['result1'];
if (utf8_strlen($result1) < 1) {
echo "<div class = 'err'>1 вариант обязателен для заполнения</div>";
}
$result1 = mysql_real_escape_string($result1);
$result2 = $_POST['result2'];
if (utf8_strlen($result2) < 1) {
echo "<div class = 'err'>2 вариант обязателен для заполнения</div>";
}
$result2 = mysql_real_escape_string($result2);
$result3 = $_POST['result3'];
$result3 = mysql_real_escape_string($result3);
$result4 = $_POST['result4'];
$result4 = mysql_real_escape_string($result4);
$result5 = $_POST['result5'];
$result5 = mysql_real_escape_string($result5);
$result6 = $_POST['result6'];
$result6 = mysql_real_escape_string($result6);
$result7 = $_POST['result7'];
$result7 = mysql_real_escape_string($result7);
$result8 = $_POST['result8'];
$result8 = mysql_real_escape_string($result8);
$result9 = $_POST['result9'];
$result9 = mysql_real_escape_string($result9);
$result10 = $_POST['result10'];
$result10 = mysql_real_escape_string($result10);
if (utf8_strlen($poll_text) < 1) {
echo "<div class = 'err'>Введите текст</div>";
}
if (utf8_strlen($text) > 1024) {
echo "<div class = 'err'>Текст слишком длинный</div>";
}
$poll_text = mysql_real_escape_string($poll_text);
$poll_time = $time + $_POST['poll_time'];
}
$pass = $_POST['pass'];
if (!isset($err)) {
for ($i = 0; $i < count($tagss); $i++) {
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `diary_tags` WHERE `name` = '" . mysql_real_escape_string($tagss[$i]) . "' AND `id_user` = '$user[id]' LIMIT 1"), 0) == 0) {
mysql_query("INSERT INTO `diary_tags` (`id_user`, `name`) values ('$user[id]', '" . mysql_real_escape_string($tagss[$i]) . "')");
}
}
if ($poll == '1') {
mysql_query("INSERT INTO `diary` (`id_user`, `name`, `text`, `time`, `tags`, `type`, `poll`, ` 18`, `no_komm`, `poll_text`, `poll_time`, `pass`) values ('$user[id]', '$name', '$text', '$time', '$tags', '$type', '1', '$o18', '".mysql_real_escape_string($no_komm)."', '$poll_text', '$poll_time', '$pass')");
} else {
mysql_query("INSERT INTO `diary` (`id_user`, `name`, `text`, `time`, `tags`, `type`, `poll`, `+18`, `no_komm`, `pass`) values ('$user[id]', '$name', '$text', '$time', '$tags', '$type', '0', '$o18', '" . intval($no_komm) . "', '$pass')");
}
$diary = mysql_insert_id();
if ($poll == '1') {
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result1', '1')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result2', '2')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result3', '3')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result4', '4')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result5', '5')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result6', '6')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result7', '7')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result8', '8')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result9', '9')");
mysql_query("INSERT INTO `diary_poll` (`id_diary`, `var`, `num`) VALUES ('$diary', '$result10', '10')");
}
$q = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `lenta_diary` = '1' AND `i` = '1'");
while ($f = mysql_fetch_array($q)) {
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$f[friends]' LIMIT 1"));
$msg_lenta = "[url=/diary/?id=$user[id]&diary=$diary]" . $name . "[/url]";
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$a[id]', '$msg_lenta', '$time')");
}
header("Location:?id=$ank[id]&diary=$diary");
}
}
echo "<form method = 'post' class = 'razd' name = 'add' action = '?id=$ank[id]&add_new_diary&ok'>";
echo "Название (60 знаков)<br />";
echo "<input type = 'text' name = 'name' value = '' /><br />";
echo "Текст (100000 знаков)<br/>";
echo text::auto_bb('add', 'text');
echo L . "<textarea name = 'text' aria-required = 'true' aria-invalid = 'false' required = 'required'></textarea><br/>n";
echo "Метки (не больше 10-ти)<br />";
echo "<input type = 'text' name = 'tags' value = '' /><br />";
echo "<label><input type = 'checkbox' name = '+18' value = '1' /> Только для взрослых</label><br />";
echo "<label><input type = 'checkbox' name = 'no_komm' value = '1' /> Запретить добавлять комментарии</label><br />";
echo "<br />Давать доступ:<br />";
echo "<label><input type = 'radio' name = 'type' value = 'all' checked = 'checked'/><img src = '/style/img/globe-small.png'/>Всем</label><br />";
echo "<label><input type = 'radio' name = 'type' value = 'only_me' /><img src = '/style/img/lock-small.png' />Только мне</label> <br />";
echo "<label><input type = 'radio' name = 'type' value = 'friends' /><img src = '/style/img/user-small.png' />Только друзьям</label><br />";
echo "<label><input type = 'radio' name = 'type' value = 'pass' /><img src = '/style/img/bullet_key.png' />Только по паролю ";
echo "<input name = 'pass' size = '16' maxlength = '16' type = 'text' value = '' /></label><br />";
echo "<label><input type = 'radio' name = 'type' value = 'list' /><img src = '/style/img/bullet_textfield.png' />Обитателям из <a href = '?dl'>списка доступа</a></label><br />";
echo "<label><input type = 'checkbox' name = 'poll' value = '1' /> Прикрепить опрос</label><br />";
echo "<textarea name = 'poll_text'></textarea><br />";
echo "Варианты ответов: <br />";
echo "<input type = 'text' name = 'result1' value = '' />*<br />";
echo "<input type = 'text' name = 'result2' value = '' />*<br />";
echo "<input type = 'text' name = 'result3' value = '' /><br />";
echo "<input type = 'text' name = 'result4' value = '' /><br />";
echo "<input type = 'text' name = 'result5' value = '' /><br />";
echo "<input type = 'text' name = 'result6' value = '' /><br />";
echo "<input type = 'text' name = 'result7' value = '' /><br />";
echo "<input type = 'text' name = 'result8' value = '' /><br />";
echo "<input type = 'text' name = 'result9' value = '' /><br />";
echo "<input type = 'text' name = 'result10' value = '' /><br />";
echo "Дата окончания через: <br />";
echo "<select name = 'poll_time'>";
echo ""
. "<option value = '145152000' selected = 'selected'>Бессрочное</option>"
. "<option value = '86400'>1 День</option>"
. "<option value = '259200'>3 Дня</option>"
. "<option value = '604800'>1 Неделю</option>"
. "<option value = '2419200'>1 Месяц</option>"
. "<option value = '2419200'>3 Месяца</option></select><br />";
echo "<button class = 'action'>";
echo "<span class = 'label'><span class = 'icon icon44' /> Добавить</span>";
echo "</button></form>";
}