Файл: samolet/forum/posting.php
Строк: 76
<?php
// by mustdie
$title = 'Форум';
require_once '../includes/sys.php';
require_once '../includes/header.php';
$msg = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'"));
$topic = mysql_fetch_assoc(mysql_query("SELECT `title`, `closed` FROM `forum_topics` WHERE `id` = '$msg[id_topic]'"));
switch ($act) {
default:
if ($u['id']) {
if (empty($topic['closed'])) {
if (TIME > $_SESSION['antispam']) {
$text = check($_POST['text']);
if ($text) {
mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$id'");
mysql_query("INSERT INTO `forum_msg` SET `id_cat` = '$topic[id_cat]', `id_subcat` = '$topic[id_subcat]', `id_topic` = '$id', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('topic.php?act=end&id='.$id);
} else {
redirect('topic.php?act=end&id='.$id);
}
} else {
error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
nav('topic.php?id='.$id);
}
} else {
redirect('?');
}
} else {
redirect(HTTPHOME.'/login.php');
}
break;
case 'reply':
if ($u['id']) {
if ($msg['id']) {
if (empty($topic['closed'])) {
if ($ok) {
if (TIME > $_SESSION['antispam']) {
$text = check($_POST['text']);
if ($text) {
mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$msg[id_topic]'");
mysql_query("INSERT INTO `forum_msg` SET `id_cat` = '$msg[id_cat]', `id_subcat` = '$msg[id_subcat]', `id_topic` = '$msg[id_topic]', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['spam'];
redirect('topic.php?act=end&id='.$msg['id_topic']);
} else {
redirect('?act=reply&id='.$id);
}
} else {
error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
nav('topic.php?id='.$msg['id_topic']);
}
} else {
tp('<a href="topic.php?id='.$msg['id_topic'].'">'.$topic['title'].'</a>» ответ');
echo '<div class="body">';
echo note();
echo '<form name="form" action="?act=reply&id='.$id.'&ok=1" method="post">
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="4">[b]'.username($msg['id_user'], 0).'[/b], </textarea><br />
<input name="submit" type="submit" value="Ok" />
</form>
<a href="topic.php?id='.$msg['id_topic'].'">'.$topic['title'].'</a>» ответ
</div>';
}
} else {
redirect('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('index.php');
}
} else {
redirect(HTTPHOME.'/login.php');
}
break;
case 'quote':
if ($u['id']) {
$msg = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'"));
if ($msg['id']) {
$topic = mysql_fetch_assoc(mysql_query("SELECT `closed` FROM `forum_topics` WHERE `id` = '$msg[id_topic]'"));
if (empty($topic['closed'])) {
if ($ok) {
if (TIME > $_SESSION['antispam']) {
$text = check($_POST['text']);
if ($text) {
mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$msg[id_topic]'");
mysql_query("INSERT INTO `forum_msg` SET `id_cat` = '$msg[id_cat]', `id_subcat` = '$msg[id_subcat]', `id_topic` = '$msg[id_topic]', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('topic.php?act=end&id='.$msg['id_topic']);
} else {
error('Вы не заполнили поле.');
nav('?act=quote&id='.$msg['id_topic']);
}
} else {
error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
nav('topic.php?id='.$msg['id_topic']);
}
} else {
tp('Цитирование сообщения');
echo '<div class="body"><form name="form" action="?act=quote&id='.$id.'&ok=1" method="post">
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="4">[i]'.username($msg['id_user'], 0).'[/i] пишет:[q]'.$msg['text'].'[/q]</textarea><br />
<input name="submit" type="submit" value="Ok" />
</form>';
nav('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('index.php?');
}
} else {
redirect('../other/login.php');
}
break;
case 'edit':
if ($u['id']) {
$msg_r = mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'");
$msg = mysql_fetch_assoc($msg_r);
if ($msg['id']) {
if (access(1) or $u['id'] == $msg['id_user'] and TIME - $msg['time'] < $config['edit_time']) {
if (empty($ok)) {
tp('Редактирование сообщения');
echo '<div class="body"><form name="form" action="?act=edit&id='.$id.'&ok=1" method="post">
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="3">'.$msg['text'].'</textarea>
<input name="submit" type="submit" value="Ok" />
</form>';
nav('topic.php?id='.$msg['id_topic']);
} else {
$text = check($_POST['text']);
if ($text) {
mysql_query("UPDATE `forum_msg` SET `text` = '$text', `edit_by` = '$u[id]', `edit_time` = '".TIME."' WHERE `id` = '$id'");
redirect('topic.php?id='.$msg['id_topic']);
} else {
error('Вы не заполнили поле.');
nav('?act=edit&id='.$id);
}
}
} else {
error('Нельзя отредактировать это сообщение.');
nav('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('index.php');
}
} else {
redirect('../other/login.php');
}
break;
case 'del':
$msg = mysql_fetch_assoc(mysql_query("SELECT `id`, `id_topic` FROM `forum_msg` WHERE `id` = '$id'"));
if ($msg['id']) {
mysql_query("DELETE FROM `forum_msg` WHERE `id` = '$id'");
mysql_query("DELETE FROM `voting` WHERE `type` = 'forum' and `id_for` = '$id'");
redirect('topic.php?id='.$msg['id_topic']);
} else {
redirect('topic.php?id='.$msg['id_topic']);
}
break;
case 'vote':
if ($u['id']) {
$p = abs(intval($_GET['p']));
$msg_r = mysql_query("SELECT `id`, `id_topic`, `id_user` FROM `forum_msg` WHERE `id` = '$id'");
$msg = mysql_fetch_assoc($msg_r);
if ($msg['id']) {
if ($msg['id_user'] != $u['id']) {
$query = mysql_query("SELECT `id` FROM `voting` WHERE `type` = 'forum' and `id_who` = '$u[id]' and `id_for` = '$id'");
if (!mysql_num_rows($query)) {
mysql_query("UPDATE `forum_msg` SET `votes` = (`votes`+1) WHERE `id` = '$id'");
mysql_query("INSERT INTO `voting` SET `type` = 'forum', `id_who` = '$u[id]', `id_for` = '$id'");
mysql_query("UPDATE `users` SET `karma` = (`karma`+1) WHERE `id` = '$msg[id_user]'");
}
}
redirect('topic.php?id='.$msg[id_topic].'&p='.$p);
} else {
redirect('index.php');
}
} else {
redirect('../other/login.php');
}
break;
}
require_once '../includes/tail.php';
?>