Файл: phpfile/forum1.php
Строк: 247
<?php
/**
* @author wistis
* @copyright 2011
*/
// показываем защищенные от гостей данные.
$query = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql) ;
if($row['administracia']==2){
if(isset($_GET['del'])){
mysql_query("DELETE FROM `a36667_element`.`fsms` WHERE `fsms`.`id` = ".$_GET['del']." ");}}
if ((isset($_GET['r'])) && (!is_numeric($_GET['r'])))
{
print "неверно" ;
exi($row,$opredelenie) ;
}
if ((isset($_GET['tema'])) && (!is_numeric($_GET['tema'])))
{
print "неверно" ;
exi($row,$opredelenie) ;
}
if (isset($_GET['otvet']))
{
print "Сила Стихий!<br>Форум<hr>" ;
print "<form action=88.php?go=forum&add=ok&r=" . $_GET['r'] . "&tema=" .
$_GET['tema'] . " method=post>
Текст<input class=x_textsmall type=text name=log value=RE:" . $_GET['otvet'] . ", ><br>
<input type=submit class=x_sumbit value=Отправить>
<br><a href=88.php?go=pessonag&row=" . $_GET['otvet'] .
">Инфо персонажа</a> <a href=88.php?go=post&pers=" . $_GET['otvet'] .
">Написать письмо</a>
<br><a href=88.php?go=forum&r=" . $_GET['r'] . "&tema=" . $_GET['tema'] .
">Назад</a>
<br><a href=88.php?go=forum&r=" . $_GET['r'] .
">К темам</a>
" ;
exi($row,$opredelenie) ;
}
if ((isset($_GET['add'])) && $_GET['add'] == 'ok')
{
@$_GET['otvet'] = htmlspecialchars(@$_GET['otvet']) ;
@$_GET['r'] = htmlspecialchars(@$_GET['r']) ;
@$_POST['log'] = htmlspecialchars(@$_POST['log']) ;
@$_GET['name'] = htmlspecialchars(@$_GET['name']) ;
@$_POST['name'] = htmlspecialchars(@$_POST['name']) ;
@$_GET['r'] = mysql_real_escape_string(@$_GET['r']) ;
@$_POST['log'] = mysql_real_escape_string(@$_POST['log']) ;
@$_GET['name'] = mysql_real_escape_string(@$_GET['name']) ;
@$_POST['name'] = mysql_real_escape_string(@$_POST['name']) ;
@$_GET['tema'] = mysql_real_escape_string(@$_GET['tema']) ;
$query9 = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql9 = mysql_query($query9) or die(mysql_error()) ;
$row9 = mysql_fetch_assoc($sql9) ;
if ($row9['lvl'] > 10)
{
mysql_query("INSERT INTO `fsms` ( `id` , `text` , `name` , `time` , `tema` , `razdel` )
VALUES (
'', '" . $_POST['log'] . "', '$opredelenie', '" . time() . "', '" . $_GET['tema'] .
"', '" . $_GET['r'] . "'
);") ;
header("location:88.php?go=forum&r=" . $_GET['r'] . "&tema=" . $_GET['tema'] .
"") ;
$query7 = "SELECT *FROM `fraz` WHERE `id`=" . $_GET['tema'] . " AND `idfrk`='" .
$_GET['r'] . "'" ;
$sql7 = mysql_query($query7) or die(mysql_error()) ;
$row7 = mysql_fetch_assoc($sql7) ;
$row7['kolsms']++ ;
mysql_query("UPDATE `fraz` SET `kolsms` = '" . $row7['kolsms'] . "',
`new` = '" . time() . "' WHERE `id` =" . $_GET['tema'] . " AND `idfrk`='" . $_GET['r'] .
"' LIMIT 1 ;") ;
}
else
{
print "Вы не можете пока добавлять сообщения" ;
}
exi($row,$opredelenie) ;
;
}
if ((isset($_GET['addtem'])) && @$_GET['dob'] == 'ok')
{
$post = htmlspecialchars($_POST['log']) ;
$post = mysql_real_escape_string($post) ;
$query9 = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql9 = mysql_query($query9) or die(mysql_error()) ;
$row9 = mysql_fetch_assoc($sql9) ;
if ($row9['lvl'] > 20)
{
mysql_query("INSERT INTO `fraz` ( `id` , `idfrk` , `name` , `kolsms` , `new` )
VALUES ('', '" . $_GET['addtem'] . "', '$post', '0', '" . time() . "');") ;
$queryfrk = "SELECT * FROM `frk` WHERE `id` ='" . $_GET['addtem'] . "'" ;
$sqlfrk = mysql_query($queryfrk) or die(mysql_error()) ;
$rowfrk = mysql_fetch_assoc($sqlfrk) ;
$rowfrk['koltem']++ ;
$rowfrk['kolsms']++ ;
mysql_query("UPDATE `frk` SET `koltem` = '" . $rowfrk['koltem'] . "',
`kolsms` = '" . $rowfrk['kolsms'] . "' WHERE `id` ='" . $_GET['addtem'] .
"' LIMIT 1 ;") ;
print "<br>Тема $log успешно создана" ;
}
else
{
print "Вы не можете пока добавлять сообщения" ;
}
header("location:88.php?go=forum&r=" . $_GET['addtem'] . "") ;
exi($row,$opredelenie) ;
}
print "Сила Стихий!<br>Форум<hr>" ;
if ((isset($_GET['r'])) && (isset($_GET['tema'])))
{
mysql_query("UPDATE `table1` SET `forumtime` = '" . time() . "'
WHERE `name`='$opredelenie' ") or die() ;
$query2 = "SELECT * FROM `frk` WHERE `id`=" . $_GET['r'] . " " ;
$sql2 = mysql_query($query2) or die(mysql_error()) ;
$row2 = mysql_fetch_assoc($sql2) ;
print ("") ;
print $row2['name'] ;
print ": " ;
$query2 = "SELECT * FROM `fraz` WHERE `id`=" . $_GET['tema'] . " " ;
$sql2 = mysql_query($query2) or die(mysql_error()) ;
$row2 = mysql_fetch_assoc($sql2) ;
print $row2['name'] ;
print ("<br>") ;
$nums = 20 ;
if (isset($_GET['page']))
{
$page = intval($_GET['page']) ;
}
else
{
$page = 1 ;
}
$query = "SELECT COUNT(*) AS `counter` FROM `fsms` WHERE `tema`='" .
$_GET['tema'] . "' AND `razdel`='" . $_GET['r'] . "' " ;
$sql = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql) ;
$elements = $row['counter'] ;
$pages = ceil($elements / $nums) ;
if ($page < 1)
{
$page = 1 ;
} elseif ($page > $pages)
{
$page = $pages ;
}
$start = ($page - 1) * $nums ;
// когда у нас в таблице нет записей
if ($start < 0) $start = 0 ;
$query = "SELECT * FROM `fsms` WHERE `tema`='" . $_GET['tema'] .
"' AND `razdel`='" . $_GET['r'] . "' ORDER BY `time` DESC LIMIT {$start}, {$nums}" ;
$sql = mysql_query($query) or die(mysql_error()) ;
print '<table width="100%" cellspacing=1 border=1>' ;
$num_rows1w = mysql_num_rows($sql) ;
while ($row = mysql_fetch_assoc($sql))
{
$query23 = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql23 = mysql_query($query23) or die(mysql_error()) ;
$row23 = mysql_fetch_assoc($sql23) ;
if ($row23['klan'] !== 'Administration')
{
if (($row23['klan'] !== $row2['klan']) && ($row2['idfrk'] == 12))
{
print "Ошибка входа в тему" ;
exi($row,$opredelenie) ;
}
;
}
$query5 = "SELECT * FROM `forum_time` WHERE `razdel`='" . $_GET['r'] .
"' and `tema`='" . $row['tema'] . "' and `name`='$opredelenie' " ;
$sql5 = mysql_query($query5) or die(mysql_error()) ;
$num_rows1 = mysql_num_rows($sql5) ;
$row5 = mysql_fetch_assoc($sql5) ;
if ($num_rows1 == 0)
{
mysql_query(" INSERT INTO `forum_time` (
`razdel` ,`name` ,`tema` ,`kolsms`)
VALUES (
'" . $_GET['r'] . "', '$opredelenie', '" . $row['tema'] . "', '$num_rows1w'
);") or die(mysql_error()) ;
}
else
{
mysql_query("UPDATE `forum_time` SET `kolsms`='$num_rows1w' WHERE `razdel` ='" .
$_GET['r'] . "' AND `name` = '$opredelenie' AND `tema` ='" . $_GET['tema'] .
"' LIMIT 1") or die(mysql_error()) ;
}
print "<tr><td>" ;
$past = date("j.m.y G :i :s", $row['time']) ;
echo "<algib=left><a href=88.php?go=forum&otvet=" . $row['name'] . "&r=" . $_GET['r'] .
"&tema=" . $_GET['tema'] . "><font color=green><b>" . $row['name'] .
"</b></font></a> $past <br><font color=blue>" ;
print $row['text'] ;
$query4 = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql4 = mysql_query($query4) or die(mysql_error()) ;
$row4 = mysql_fetch_assoc($sql4) ;
if($row4['administracia']==2){print "<a href=88.php?go=forum&del=" . $row['id'] . "&r=" . $_GET['r'] .
"&tema=" . $_GET['tema'] . ">[x]</a>";}
print "</font></left><br>" ;
$query23 = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql23 = mysql_query($query23) or die(mysql_error()) ;
$row23 = mysql_fetch_assoc($sql23) ;
print "</tr></td>" ;
}
print "</table>" ;
$neighbours = 6 ;
$left_neighbour = $page - $neighbours ;
if ($left_neighbour < 1) $left_neighbour = 1 ;
$right_neighbour = $page + $neighbours ;
if ($right_neighbour > $pages) $right_neighbour = $pages ;
if ($page > 1)
{
print ' <a href="88.php?go=forum&r=' . $_GET['r'] . '&tema=' . $_GET['tema'] .
'&page=1">начало</a> ... <a href="88.php?go=forum&r=' . $_GET['r'] . '&tema=' .
$_GET['tema'] . '&page=' . ($page - 1) . '">←сюда</a> ' ;
}
for ($i = $left_neighbour; $i <= $right_neighbour; $i++)
{
if ($i != $page)
{
print ' <a href="88.php?go=forum&r=' . $_GET['r'] . '&tema=' . $_GET['tema'] .
'&page=' . $i . '">' . $i . '</a> ' ;
}
else
{ // выбранная страница
print ' <b>' . $i . '</b> ' ;
}
}
if ($page < $pages)
{
print ' <a href="88.php?go=forum&r=' . $_GET['r'] . '&tema=' . $_GET['tema'] .
'&page=' . ($page + 1) . '">туда→</a> ... <a href="88.php?go=forum&r=' . $_GET['r'] .
'&tema=' . $_GET['tema'] . '&page=' . $pages . '">конец</a> ' ;
;
}
;
print "</table><br><form action=88.php?go=forum&add=ok&r=" . $_GET['r'] .
"&tema=" . $_GET['tema'] . " method=post>
Текст<input type=text class=x_textsmall name=log><br>
<input type=submit class=x_sumbit value=Отправить>
<br><a href=88.php?go=forum&r=" . $_GET['r'] .
">К темам</a>
" ;
exi($row,$opredelenie) ;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if (isset($_GET['r']))
{
$query2 = "SELECT * FROM `frk` WHERE `id`=" . $_GET['r'] . " " ;
$sql2 = mysql_query($query2) or die(mysql_error()) ;
$row2 = mysql_fetch_assoc($sql2) ;
print ("") ;
print $row2['name'] ;
print ("<br>") ;
$nums = 20 ;
if (isset($_GET['page']))
{
$page = intval($_GET['page']) ;
}
else
{
$page = 1 ;
}
$query = "SELECT COUNT(*) AS `counter` FROM `fraz` WHERE `idfrk`=" .
$_GET['r'] . "" ;
$sql = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql) ;
$elements = $row['counter'] ;
$pages = ceil($elements / $nums) ;
if ($page < 1)
{
$page = 1 ;
} elseif ($page > $pages)
{
$page = $pages ;
}
$start = ($page - 1) * $nums ;
// когда у нас в таблице нет записей
$po = 0 ;
if ($start < 0) $start = 0 ;
$query = "SELECT * FROM `fraz` WHERE `idfrk`=" . $_GET['r'] .
" ORDER BY `new` DESC LIMIT {$start}, {$nums}" ;
$sql = mysql_query($query) or die(mysql_error()) ;
print '<table width="100%" cellspacing=1 border=1>' ;
while ($row = mysql_fetch_assoc($sql))
{
$query9 = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql9 = mysql_query($query9) or die(mysql_error()) ;
$row9 = mysql_fetch_assoc($sql9) ;
$query00 = "SELECT * FROM `fsms` WHERE `tema`='" . $row['id'] .
"' AND `razdel`='" . $_GET['r'] . "' " ;
$sql00 = mysql_query($query00) or die(mysql_error()) ;
$num_rows = mysql_num_rows($sql00) ;
$query5 = "SELECT * FROM `forum_time` WHERE `razdel`='" . $_GET['r'] .
"' and `tema`='" . $row['id'] . "' and `name`='$opredelenie' " ;
$sql5 = mysql_query($query5) or die(mysql_error()) ;
$num_rows1 = mysql_num_rows($sql5) ;
$row5 = mysql_fetch_assoc($sql5) ;
if ($num_rows1 == 1)
{
$num_rows1 = $num_rows - $row5['kolsms'] ;
}
else
{
$num_rows1 = 0 ;
}
echo'<div style="margin: 0 auto; border:solid 1px #BEBEBE; width:474px; color:#BEBEBE;">
<div class="block">
<ul class="conf">
<li><a href=""><img src="" title="В этот те вставишь картинку 15х15"/>ссылка</a></li>';
print '<tr><td>' ;
echo "<left><a href=88.php?go=forum&r=" . $row['idfrk'] . "&tema=" . $row['id'] .
" ><font color=green> <b>" . $row['name'] . " </font></b><a/> ($num_rows1 /" .
$row['kolsms'] . ")<br>" ;
print '</tr></td>' ;echo'</ul>
</div>
</div>';
}
print '</table>' ;
$neighbours = 6 ;
$left_neighbour = $page - $neighbours ;
if ($left_neighbour < 1) $left_neighbour = 1 ;
$right_neighbour = $page + $neighbours ;
if ($right_neighbour > $pages) $right_neighbour = $pages ;
if ($page > 1)
{
print ' <a href="88.php?go=forum&r=' . $_GET['r'] .
'&page=1">начало</a> ... <a href="88.php?go=forum&r=' . $_GET['r'] . '&page=' . ($page -
1) . '">←сюда</a> ' ;
}
for ($i = $left_neighbour; $i <= $right_neighbour; $i++)
{
if ($i != $page)
{
print ' <a href="88.php?go=forum&page=' . $i . '">' . $i . '</a> ' ;
}
else
{ // выбранная страница
print ' <b>' . $i . '</b> ' ;
}
}
if ($page < $pages)
{
print ' <a href="88.php?go=forum&r=' . $_GET['r'] . '&page=' . ($page + 1) .
'">туда→</a> ... <a href="88.php?go=forum&r=' . $_GET['r'] . '&page=' . $pages .
'">конец</a> ' ;
;
}
;
$query = "SELECT * FROM `table1` WHERE `name`='" . mysql_real_escape_string($opredelenie) .
"'" ;
$sql = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql) ;
if ($row['administracia'] == 2)
{
print "<a href=88.php?go=forum&addtem=" . $_GET['r'] . ">Добавить тему</a>" ;
}
if (($_GET['r'] == 12) || ($_GET['r'] == 8))
{
;
}
else
{
print "<a href=88.php?go=forum&addtem=" . $_GET['r'] . ">Добавить тему</a>" ;
}
print "<br><a href=88.php?go=forum>в форум</a>" ;
exi($row,$opredelenie) ;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////разделы
print "" ;
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
if (isset($_GET['addtem']))
{
$razdel = $_GET['addtem'] ;
print "<body bgcolor=white text=black link=blue vlink=blue alink=blue>
Добавить тему
<form action=88.php?go=forum&addtem=$razdel&dob=ok method=post>
Название темы:<br><input class=x_text small type=text name=log>
<br><input type=submit class=x_sumbit value=Отправить>
" ;
exi($row,$opredelenie) ;
}
$nums = 20 ;
if (isset($_GET['page']))
{
$page = intval($_GET['page']) ;
}
else
{
$page = 1 ;
}
$query = "SELECT COUNT(*) AS `counter`
FROM `frk`" ;
$sql = mysql_query($query) or die(mysql_error()) ;
$row = mysql_fetch_assoc($sql) ;
$elements = $row['counter'] ;
$pages = ceil($elements / $nums) ;
if ($page < 1)
{
$page = 1 ;
} elseif ($page > $pages)
{
$page = $pages ;
}
$start = ($page - 1) * $nums ;
// когда у нас в таблице нет записей
if ($start < 0) $start = 0 ;
$query = "SELECT *
FROM `frk`
LIMIT {$start}, {$nums}" ;
$sql = mysql_query($query) or die(mysql_error()) ;
print '<table width="100%" cellspacing=1 border=1>' ;
while ($row = mysql_fetch_assoc($sql))
{
print '<tr><td>' ;
echo "<left><a href=88.php?go=forum&r=" . $row['id'] .
" ><font color=green> <b>" . $row['name'] . " </font></b><a/><br>" ;
print '</tr></td>' ;
}
print '</table>' ;
// далее нам надо прицепить листалку
$neighbours = 6 ;
$left_neighbour = $page - $neighbours ;
if ($left_neighbour < 1) $left_neighbour = 1 ;
$right_neighbour = $page + $neighbours ;
if ($right_neighbour > $pages) $right_neighbour = $pages ;
if ($page > 1)
{
print ' <a href="?page=1">начало</a> ... <a href="88.php?go=forum&page=' . ($page -
1) . '">←сюда</a> ' ;
}
for ($i = $left_neighbour; $i <= $right_neighbour; $i++)
{
if ($i != $page)
{
print ' <a href="88.php?go=forum&page=' . $i . '">' . $i . '</a> ' ;
}
else
{
// выбранная страница
print ' <b>' . $i . '</b> ' ;
}
}
if ($page < $pages)
{
print ' <a href="88.php?go=forum&page=' . ($page + 1) .
'">туда→</a> ... <a href="88.php?go=forum&page=' . $pages . '">конец</a> ' ;
}
print "<b><a href=88.php?go=do>в игру</a>" ;
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
?>