Файл: gazeta.php
Строк: 304
<?php
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
whorm(0, 'gazeta');
include 'head.php';
include 'navigator.php';
echo $div_title . 'Газета' . $div_end . $div_left;
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
if ($user['journalist'] == 1) echo $div_menu . '<a href="gazeta.php?do=create">Добавить статью</a>' . $div_end;
if ($user['journalist'] == 1 && $user['level'] < 4) {
echo $div_menu . '<a href="gazeta.php?do=gazeta_r">Управление разделами</a>' . $div_end;
}
$look = mysql_result(mysql_query("SELECT COUNT(*) FROM `gazeta_razdel`"), 0);
if ($look != false) {
$n = new navigator($look, 10, '?');
$result = mysql_query("SELECT `gazeta_razdel`.*,
(SELECT COUNT(*) FROM `gazeta_article` WHERE `gazeta_razdel`.`id` = `gazeta_article`.`uid`) AS c,
(SELECT COUNT(*) FROM `gazeta_article` WHERE `gazeta_razdel`.`id` = `gazeta_article`.`uid`
AND `gazeta_article`.`date` > '" . (time() - 86400) . "') AS a FROM `gazeta_razdel` ORDER BY `gazeta_razdel`.`id` DESC {$n->limit}");
$i = 0;
while($sql = mysql_fetch_assoc($result)) {
$new_file = (!empty($sql['a'])) ? '<span style="color: #FF0000;">+' . $sql['a'] . '</span>' : '';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<a href="gazeta.php?do=razdel&uid='.$sql['id'].'">'.$sql['name'].'</a> (' . $sql['c'] . ')' . $new_file . $div_end;
}
echo $n->navi();
} else {
echo 'Разделы еще не созданы.<br/>';
}
break;
// Управление (журналистам)
case gazeta_r:
echo '<FORM method="POST" action="gazeta.php?do=gazeta_r">
<label for="q">Новый раздел</label>:
<br/>
<input type="text" id="q" name="new"/>
<br/>
<input type="submit" name="create" value="Создать"/>
</FORM>' . $block;
// создание раздела
if (isset($_POST['create'])) {
$new = trim(mysql_real_escape_string(check($_POST['new'])));
$em = mysql_query("SELECT `id` FROM `gazeta_razdel` WHERE `name` = '$new' LIMIT 1");
if (empty($new)) {
err('Пустое название раздела!');
} elseif (mysql_num_rows($em) != FALSE) {
err('Раздел с таким названием уже создан!');
} else {
mysql_query("INSERT INTO `gazeta_razdel` SET `name` = '$new'");
header('Location: gazeta.php?do=gazeta_r');
}
}
// удаление раздела
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$sql = mysql_query("SELECT `id` FROM `gazeta_razdel` WHERE `id` = '$x' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Раздел не найден!');
} else {
$in = mysql_fetch_assoc(mysql_query("SELECT `path` FROM `gazeta_article` WHERE `uid` = '$x' LIMIT 1"));
// удаление вложеных файлов
if (file_exists($in['path'])) unlink($in['path']);
// удаление статей
mysql_query("DELETE FROM `gazeta_article` WHERE `uid` = '$x'");
// удаление раздела
mysql_query("DELETE FROM `gazeta_razdel` WHERE `id` = '$x' LIMIT 1");
header('Location: gazeta.php?do=gazeta_r');
}
}
// вывод разделов
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM `gazeta_razdel`"), 0);
if ($count != FALSE) {
$n = new navigator($count, 10, '?do=gazeta_r');
$view = mysql_query("SELECT `gazeta_razdel`.*,(SELECT COUNT(*) FROM `gazeta_article` WHERE `gazeta_razdel`.`id` = `gazeta_article`.`uid`) AS c FROM `gazeta_razdel` ORDER BY `gazeta_razdel`.`id` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
$d = '<a href="gazeta.php?do=gazeta_r&x='.$a['id'].'"><img src="ico/delete.gif" alt=""/></a> ';
$e = '<a href="gazeta.php?do=gazeta_edit&x='.$a['id'].'"><img src="ico/edit.gif" alt=""/></a> ';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $e . $d . $a['name'] . ' (' . $a['c'] . ')' . $div_end;
}
echo $n->navi();
} else {
echo 'Разделы не созданы.<br/>';
}
break;
// Редактирование раздела газеты
case gazeta_edit:
$x = my_int($_GET['x']);
$sql = mysql_query("SELECT * FROM `gazeta_razdel` WHERE `id` = '$x' LIMIT 1");
if (isset($_POST['go'])) {
$edit = trim(mysql_real_escape_string(check($_POST['edit'])));
$em = mysql_query("SELECT `id` FROM `gazeta_razdel` WHERE `name` = '$new' LIMIT 1");
if (empty($edit)) {
err('Пустое название раздела!');
} elseif (mysql_num_rows($edit) != FALSE) {
err('Раздел с таким названием уже создан!');
} else {
mysql_query("UPDATE `gazeta_razdel` SET `name` = '$edit' WHERE `id` = '$x' LIMIT 1");
header('Location: gazeta.php?do=gazeta_r');
}
}
if (mysql_num_rows($sql) == FALSE) {
err('Раздел не найден!');
} else {
$in = mysql_fetch_assoc($sql);
echo '<FORM method="POST" action="gazeta.php?do=gazeta_edit&x='.$x.'">
<label for="q">Редактировать</label>:
<br/>
<input type="text" id="q" name="edit" value="' . $in['name'] . '"/>
<br/>
<input type="submit" name="go" value="Изменить"/>
</FORM>';
}
break;
// Разделы
case razdel:
$uid = my_int($_GET['uid']);
$sql = mysql_query("SELECT `id` FROM `gazeta_razdel` WHERE `id` = '$uid' LIMIT 1");
if (mysql_num_rows($sql) == FALSE) {
err('Раздела не существует!');
} else {
$select = mysql_result(mysql_query("SELECT COUNT(*) FROM `gazeta_article` WHERE `uid` = '$uid'"), 0);
if ($select != FALSE) {
$n = new navigator($select, 10, '?do=razdel&uid='.$uid.'&');
$sel = mysql_query("SELECT `gazeta_article`.*,(SELECT COUNT(*) FROM `gazeta_comm` WHERE `gazeta_comm`.`id_new` = `gazeta_article`.`id`) AS c FROM `gazeta_article` WHERE `gazeta_article`.`uid` = '$uid' ORDER BY `gazeta_article`.`id` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($sel)) {
$logo = '<img src="resize.php?img='.$a['path'].'&width=60&height=0" alt=""/> ';
// новые
$New = ($a['date'] > (time() - 86400)) ? ' <span style="color: #FF0000;">(new!)</span>' : '';
// обрезаем большой текст
$cont = (mb_strlen($a['content'], 'UTF8') > 250)
? mb_substr($a['content'], 0, 250, 'UTF8') . '...'
: $a['content'];
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $logo . '<a href="gazeta.php?do=info&uid='.$a['id'].'">' . bb_code($cont) . '</a>' . $New . $block . '
<a href="gazeta.php?do=info&uid='.$a['id'].'">Комментарии (' . $a['c'] . ')</a>' . $div_end;
}
echo $n->navi();
} else {
echo 'В этом разделе еще нет статей.<br/>';
}
}
break;
// Информация о статье
case info:
$uid = my_int($_GET['uid']);
$sql = mysql_query("SELECT * FROM `gazeta_article` WHERE `id` = '$uid' LIMIT 1");
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT * FROM `gazeta_article` WHERE `id` = '$x' LIMIT 1");
if (mysql_num_rows($em) == FALSE) {
err('Статья не найдена!');
} else {
$is = mysql_fetch_assoc($em);
if (file_exists($is['path'])) unlink($is['path']);
mysql_query("DELETE FROM `gazeta_article` WHERE `id` = '$x' LIMIT 1");
header('Location: gazeta.php?do=razdel&uid=' . $is['uid']);
}
}
if (mysql_num_rows($sql) == FALSE) {
err('Статьи не существует!');
} else {
// положительный голос
if (isset($_GET['like']))
{
$prv = mysql_query("SELECT `id` FROM `rating_gazeta` WHERE `uid` = '$uid' AND `who` = '$user[id]' LIMIT 1");
if (mysql_num_rows($prv) != FALSE) {
err('Вы уже голосовали!');
} else {
mysql_query("INSERT INTO `rating_gazeta` SET `uid` = '$uid', `who` = '$user[id]', `like` = '1'");
msg('Ваш голос принят!');
}
}
// отрицательный голос
if (isset($_GET['dlike']))
{
$prv = mysql_query("SELECT `id` FROM `rating_gazeta` WHERE `uid` = '$uid' AND `who` = '$user[id]' LIMIT 1");
if (mysql_num_rows($prv) != FALSE) {
err('Вы уже голосовали!');
} else {
mysql_query("INSERT INTO `rating_gazeta` SET `uid` = '$uid', `who` = '$user[id]', `dlike` = '1'");
msg('Ваш голос принят!');
}
}
$in = mysql_fetch_assoc($sql);
if ($user['journalist'] == 1 && $in['author'] == $user['id'] || $user['level'] == 4 || $user['level'] == 5) {
$d = '<a href="gazeta.php?do=info&x='.$uid.'"><img src="ico/delete.gif" alt=""/></a> ';
$e = '<a href="gazeta.php?do=edit&x='.$uid.'"><img src="ico/edit.gif" alt=""/></a> ';
}
if (mb_strlen($in['content'], 'UTF8') > 400 && !isset($_GET['read'])) {
$in['content'] = mb_substr($in['content'], 0, 400, 'UTF8') . '...<br/>
<a href="gazeta.php?do=info&uid='.$uid.'&read"><span class="next">Далее»</span></a>';
} elseif (mb_strlen($in['content'], 'UTF8') > 400 && isset($_GET['read'])) {
$in['content'] = $in['content'] . '<br/>
<a href="gazeta.php?do=info&uid='.$uid.'"><span class="next">«Скрыть</span></a>';
} else {
$in['content'] = $in['content'];
}
echo '<img src="'.$in['path'].'" alt=""/><br/>
' . $e . $d . smiles(bb_code($in['content'])) . $block . '
Добавил статью: ' . us($in['author']) . '<br/>
Дата добавления: ' . date('d.m.Y H:i', $in['date']) . $block;
// Голосование //
$i_vote = mysql_query("SELECT `id` FROM `rating_gazeta` WHERE `uid` = '$uid' AND `who` = '$user[id]' LIMIT 1");
if (mysql_num_rows($i_vote) == FALSE) {
echo '<a href="gazeta.php?do=info&uid='.$uid.'&like">
<img src="ico/like.gif" alt="+"/></a>
Мне нравится
<a href="gazeta.php?do=info&uid='.$uid.'&dlike">
<img src="ico/dlike.gif" alt="-"/></a>' . $block;
} else {
$like = mysql_result(mysql_query("SELECT SUM(`like`) FROM `rating_gazeta` WHERE `uid` = '$uid'"), 0);
$dlike = mysql_result(mysql_query("SELECT SUM(`dlike`) FROM `rating_gazeta` WHERE `uid` = '$uid'"), 0);
echo '<img src="ico/like.gif" alt="+"/>' . $like . ' |
<img src="ico/dlike.gif" alt="-"/> ' . $dlike . $block;
}
// Голосование //
if (isset($_GET['order']) && $_GET['order'] == 2) {
$sort = '<b>вверху</b> | <a href="gazeta.php?do=info&uid='.$uid.'&order=1">внизу</a>';
$ord = 'DESC';
} elseif (isset($_GET['order']) && $_GET['order'] == 1) {
$sort = '<a href="gazeta.php?do=info&uid='.$uid.'&order=2">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
} else {
$sort = '<a href="gazeta.php?do=info&uid='.$uid.'&order=2">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
}
echo $div_menu . 'Новые: ' . $sort . $div_end;
if (isset($_GET['d'])) {
$d = my_int($_GET['d']);
if ($user['level'] != 4 && $user['level'] != 5) {
header('Location: gazeta.php?do=info&uid=' . $uid);
die();
}
$ecom = mysql_query("SELECT `id` FROM `gazeta_comm` WHERE `id` = '$d' LIMIT 1");
if (mysql_num_rows($ecom) != FALSE) {
mysql_query("DELETE FROM `gazeta_comm` WHERE `id` = '$d' LIMIT 1");
header('Location: ' . $_SERVER['HTTP_REFERER']);
} else {
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
}
if (isset($_POST['add_com'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
header('Location: gazeta.php?do=info&uid=' . $uid);
} else {
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $mes)) {
$mes = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $mes);
}
}
}
// Оповещание последнему постеру
$lst = mysql_fetch_assoc(mysql_query("SELECT `user` FROM `gazeta_comm` WHERE
`id_new` = '$uid'
ORDER BY `id` DESC LIMIT 1"));
if ($user['id'] != $lst['user']) {
$cont = (mb_strlen($in['content'], 'UTF8') > 20)
? mb_substr($in['content'], 0, 20, 'UTF8') . '...'
: $in['content'];
$message = 'Оставлено сообщение в газете к статье <a href="gazeta.php?do=info&uid='.$uid.'">'.$cont.'</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '$lst[user]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
mysql_query("INSERT INTO `gazeta_comm` SET
`date` = '" . time() . "',
`msg` = '$mes',
`id_new` = '$uid',
`user` = '$user[id]'");
header('Location: gazeta.php?do=info&uid=' . $uid);
}
}
$coms = mysql_result(mysql_query("SELECT COUNT(*) FROM `gazeta_comm` WHERE `id_new` = '$uid'"), 0);
if ($coms != false) {
$n = new navigator($coms, $user['onp_comments'], '?do=info&uid='.$uid.'&');
$res = mysql_query("SELECT * FROM `gazeta_comm` WHERE `id_new` = '$uid' ORDER BY `id` $ord {$n->limit}");
$dv = 0;
while($s = mysql_fetch_assoc($res)) {
$del = ($user['level'] == 4 || $user['level'] == 5) ? '<a href="gazeta.php?do=info&uid='.$uid.'&d='.$s['id'].'"><img src="ico/delete.gif" alt=""/></a> ' : '';
$otv = ' <a href="gazeta.php?do=info&uid='.$uid.'&k='.$s['user'].'&#down">[*]</a>';
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo $del . us($s['user']) . $otv . '<br/>' . date('d.m.Y H:i', $s['date']) . '<br/>' . smiles(bb_code($s['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментариев нет!<br/>';
}
$Komu = (isset($_GET['k'])) ? user_inf(my_int($_GET['k']), 'user') . ', ' : '';
echo '<a name="down"></a>
<b>Комментарий:</b><br/>
Вставить <a href="faq.php?do=smile">[смайлы]</a>
<a href="faq.php?do=bb">[бб-коды]</a><br/>
<FORM method="POST" action="gazeta.php?do=info&uid='.$uid.'">
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="submit" name="add_com" value="Добавить"/>
</FORM>';
}
break;
// Редактирование статьи
case edit:
$x = my_int($_GET['x']);
$em = mysql_query("SELECT * FROM `gazeta_article` WHERE `id` = '$x' LIMIT 1");
$in = mysql_fetch_assoc($em);
if ($user['journalist'] == 0 && $user['level'] < 4 || $user['level'] < 4 && $user['journalist'] == 1 && $in['author'] != $user['id']) {
header('Location: gazeta.php?' . $ref);
die();
}
if (isset($_POST['ok'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Пустое содержание статьи!');
} else {
mysql_query("UPDATE `gazeta_article` SET `content` = '$mes' WHERE `id` = '$x' LIMIT 1");
header('Location: gazeta.php?do=info&uid=' . $x);
}
}
if (mysql_num_rows($em) == FALSE) {
err('Статья не найдена!');
} else {
echo '<FORM method="POST" action="gazeta.php?do=edit&x='.$x.'">
<label for="q">Редактировать</label>:
<br/>
<textarea name="mes" id="q" cols="50" rows="5" style="width: 99%;">' . back_bb($in['content']) . '</textarea>
<br/>
<input type="submit" name="ok" value="Изменить"/>
</FORM>';
}
break;
// Добавление статьи
case create:
if ($user['journalist'] == 0) {
header('Location: gazeta.php?' . $ref);
die();
}
if (isset($_POST['upl'])) {
$content = trim(mysql_real_escape_string(check($_POST['content'])));
$rzd = my_int($_POST['rzd']);
$pictures = array('.gif', '.jpg', '.jpeg', '.png');
$ext = strtolower(strrchr($_FILES['file']['name'], '.'));
$par = @getimagesize($_FILES['file']['tmp_name']);
$fnames = $_FILES['file']['name'];
if (empty($fnames)) {
err('Не выбран файл!');
} elseif ($par[0] > 240 || $par[1] > 240) {
err('Большое расширение файла!');
} elseif (preg_match('/(.php|.pl|.htaccess)/i', $fnames) || !in_array($ext, $pictures))
{
err('Запрещенный формат файла!');
} elseif ($_FILES['file']['size'] > 1024 * 200) {
err('Большой размер файла!');
} elseif (empty($content)) {
err('Пустое содержание статьи!');
} elseif (empty($rzd)) {
err('Не выбран раздел!');
} else {
$foto = 'gazeta/img_' . time() . $ext;
if ($ext != '.gif') {
$imgc = @imagecreatefromstring(file_get_contents($_FILES['file']['tmp_name']));
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, $foto, 90);
} else {
copy($_FILES['file']['tmp_name'], $foto);
}
chmod(basename($foto), 0777);
mysql_query("INSERT INTO `gazeta_article` SET
`author` = '$user[id]',
`path` = '$foto',
`content` = '$content',
`date` = '" . time() . "',
`uid` = '$rzd'");
$last = mysql_fetch_array(mysql_query("SELECT `id` FROM `gazeta_article` ORDER BY `id` DESC LIMIT 1"));
header('Location: gazeta.php?do=info&uid=' . $last[0]);
}
}
echo '<FORM ENCTYPE="multipart/form-data" method="POST" action="gazeta.php?do=create">
Содержание статьи:<br/>
<textarea name="content" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
Выбрать раздел:<br/>
<select name="rzd">';
$from = mysql_query("SELECT * FROM `gazeta_razdel`");
while($a = mysql_fetch_assoc($from)) {
echo '<option value="' . $a['id'] . '">' . $a['name'] . '</option>';
}
echo '</select>
<br/>
Фото к статье: (*max. 240x240px. 200kb.)<br/>
<input name="file" type="file" accept="image/jpeg, image/png, image/gif"/>
<br/>
<input type="submit" name="upl" value="Добавить"/>
</FORM>';
break;
}
echo $div_end;
include 'foot.php';
?>