Файл: tickets.php
Строк: 108
<?php
include_once("files/zag.php");
include_once("files/ini.php");
$polz=mysql_query("SELECT * FROM `users` WHERE `udata0`='$log' AND `udata1`='$pas' LIMIT 1");
if(mysql_num_rows($polz)==0){
header ("Location: index.php?error");
echo'<div class="p">Вы не авторизрваны! <a href="index.php">РќР° главную</a><br>';exit;
}else{
switch($action){
default:
echo '<b>Ваши тикеты:</b><br/>';
if ($udata67 == "200" or $udata67 == "100"){
$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `prior`!='off' order by `id` desc ");}else{
$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `user`='$log' order by `id` desc ");}
if (mysql_affected_rows()==0)
{
echo "Тикетов нет";
}
while($pr_ar=mysql_fetch_array($pr_q))
{
if($pr_ar['prior']=="off"){echo"#";}
echo "</b><a href="tickets.php?action=view_tickets&id=".$pr_ar['id']."">".$pr_ar['name']."</a> (".$pr_ar['time'].")";
if($pr_ar['prior']!=="off"){
if($udata67=="100" or $udata67=="200"){echo"<a href="tickets.php?action=close_tickets&id=".$pr_ar['id']."">закрыть</a><br>";}}else echo"<br>";
}
echo"<br><a href="tickets.php?action=new_tickets">Создать тикет</a><br>";
break;
case 'view_tickets':
if ($udata67 == "200" or $udata67 == "100"){
$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `id`='$id' LIMIT 1");}else{
$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `user`='$log' and `id`='$id' LIMIT 1");}
$pr_ar=mysql_fetch_array($pr_q);
if($pr_ar['prior']=="off"){echo"Тикет закрыт<br>";}else{
echo "<a href="tickets.php?action=write_msg&id=".$pr_ar['id']."">Написать</a><br/><br>";}
if ($udata67 == "200" or $udata67 == "100"){
$pr_q=mysql_query("SELECT * FROM `tickets_msg` WHERE `tk_name`='".$pr_ar['name']."'order by `id` desc ");}else{$pr_q=mysql_query("SELECT * FROM `tickets_msg` WHERE `user_from`='$log' and `tk_name`='".$pr_ar['name']."'order by `id` desc ");}
while($pr_ar=mysql_fetch_array($pr_q))
{
echo '<a href="search.php?&nick='.$pr_ar['user_to'].'&go=go">'.$pr_ar['user_to'].'</a> ('.$pr_ar['time'].')<br>'.$pr_ar['msg'].' <br>';
}
break;
case 'write_msg':
if ($udata67 == "200" or $udata67 == "100"){$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `id`='$id' LIMIT 1");}else{
$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `user`='$log' and `id`='$id' LIMIT 1");}
$pr_ar=mysql_fetch_array($pr_q);
if($pr_ar['prior']=="off"){echo"Данный тикет закрыт."; include_once"files/down.php";exit;}
echo "<form method="post" action="tickets.php?action=save_msg&id=".$pr_ar['id']."">";
echo "Введите текст:<br><br/>";
echo "<textarea name="text" rows=3 cols=15 wrap="off"></textarea><br/><br/>";
echo "<input type="submit" value="Отправить" class="ibutton"></form>";
break;
case 'save_msg':
if ($udata67 == "200" or $udata67 == "100"){$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `id`='$id' LIMIT 1");}else{
$pr_q=mysql_query("SELECT * FROM `tickets` WHERE `user`='$log' and `id`='$id' LIMIT 1");}
$pr_ar=mysql_fetch_array($pr_q);
// Проверка вводимых символов!
if ($_POST[text] != "")
{
// Если все норм сохраняем в базе!
// Чтобы злоумышленик херней не страдал!
if (isset($_POST[text]))
{
$text = htmlspecialchars(stripslashes($_POST[text]));
}
require_once "files/antimat.php";
$text=antimat($text);
$time = date("H:i/d.m.y");
mysql_query("INSERT INTO
`tickets_msg` SET
`user_from` = '".$pr_ar['user']."',
`user_to` = '$log',
`tk_name`='".$pr_ar['name']."',
`time` = '$time',
`msg` = '$text'");
if($pr_ar['user']!=="$log"){
mysql_query("INSERT INTO `msg_r` SET `user_from` = 'Система', `user_to` = '".$pr_ar['user']."', `time` = '$time', `read` = 1, `mail_msg` = '$log ответил на ваш тикет.'");}
echo "Добавлено";
echo "<br><a href="tickets.php?action=view_tickets&id=".$pr_ar['id']."">К тикету</a><br>";
}
// Ну а если нет то бежим сюда!
elseif ($_POST[text] == "" || $_POST[text] == null )
{
echo "Вы не ввели текст сообщения";
echo "<br><a href="tickets.php?action=view_tickets&id=".$pr_ar['id']."">К тикету</a><br>";
}
else
{
echo "Ошибка!!!";
echo "<br><a href="tickets.php?action=view_tickets&id=".$pr_ar['id']."">К тикету</a><br>";
}
break;
case'new_tickets':
echo'<form action="tickets.php?action=save_new_tickets" method="POST"/>
Название тикета:<br/>
<input type="text" name="name" maxlength="15"/><br/>
Сообщение:<br/>
<textarea cols="17" rows="5" name="text" maxlength="5000"></textarea><br/>
<input type="Submit" value="Создать"/>';
break;
case'save_new_tickets':
$time = date("H:i/d.m.y");
$name = htmlspecialchars($_POST['name']);
$text = htmlspecialchars($_POST['text']);
$t=time();
$req = mysql_query("SELECT * FROM `banchat` WHERE `usr` = '$log' LIMIT 1");
// //////////////////////////
$avto = mysql_num_rows($req);
if ($avto == 1) {
$ban = mysql_fetch_array($req);
if($ban[ban_time]<$t){
mysql_query("DELETE FROM `banchat` WHERE `usr` = '$log'");
}else{
echo"Вы находитесь в бане!<br> Причина бана: $ban[text]<br> Осталось: ";
$ban[ban_time]=$ban[ban_time]-time();
if($ban[ban_time]<60){
echo "$ban[ban_time] сек.";
}elseif($ban[ban_time]>60 and $ban[ban_time]<3600){
$ban[ban_time]=round($ban[ban_time]/60);
echo "$ban[ban_time] мин.";
}else{
$ban[ban_time]=round($ban[ban_time]/3600);
echo "$ban[ban_time] часов";
}
include('files/down.php');exit;
}
}
require_once "files/antimat.php";
$text=antimat($text);
$name=antimat($name);
if($name){
if($text){
mysql_query("INSERT INTO
`tickets` SET
`name` = '$_POST[name]',
`user` = '$log',
`time` = '$time',
`msg` = 'vesh',
`prior` = 'on'");
mysql_query("INSERT INTO
`tickets_msg` SET
`user_from` = '$log',
`user_to` = '$log',
`tk_name`='$_POST[name]',
`time` = '$time',
`msg` = '$text'");
echo'<br/>Тикет успешно создан<br>';
}else echo'Сообщение введено не верно!';
}else echo'Название тикета введено не верно!';
break;
case 'close_tickets':
$id=$_GET['id'];
if ($udata67 == "200" or $udata67 == "100")
{
mysql_query("UPDATE `tickets` SET `prior`='off' WHERE `id`='".$id."'");
echo 'Тикет закрыт!';
}else echo'Ошибка!!! Вы не администратор!';
break;
}
}
include_once"files/down.php";
?>