Файл: groups/forum.php
Строк: 499
<?php
require '../sid.php';
require '../config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
whorm(0, 'groups');
include '../head.php';
include '../navigator.php';
$g = my_int($_GET['g']);
$club = my_int($_GET['club']);
$ingr = mysql_query("SELECT * FROM `groups` WHERE
`uid` = '$g'
AND
`id` = '$club'
AND
`author` = '$user[id]'
OR
`user` = '$user[id]'
AND
`open` = '1'
AND
`in_group` = '$club' LIMIT 1");
$is = mysql_fetch_assoc($ingr);
$vForum = mysql_fetch_assoc(mysql_query("SELECT `view_forum`, `name` FROM `groups` WHERE `uid` = '$g' AND `id` = '$club' LIMIT 1"));
$AvtGr = mysql_fetch_array(mysql_query("SELECT `author` FROM `groups` WHERE `id` = '$club' AND `uid` = '$g' LIMIT 1"));
$AvtGr2 = mysql_fetch_array(mysql_query("SELECT `user`, `liven` FROM `groups` WHERE `in_group` = '$club' AND `uid` = '$g' LIMIT 1"));
if (mysql_num_rows($ingr) == FALSE && $vForum['view_forum'] == 0) {
err('Форум доступен только для участников группы!');
include '../foot.php';
exit();
}
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do) {
default:
echo $div_title . 'Форум' . $div_end . $div_left . $div_menu . '
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $vForum['name'] . '</a>' . $div_end;
if ($AvtGr[0] == $user['id'] || $AvtGr2[1] == 1 && $AvtGr2[0] == $user['id']) {
echo '» <a href="forum.php?do=admin&g='.$g.'&club='.$club.'">Управление</a>' . $block;
}
$sql = mysql_result(mysql_query("SELECT COUNT(*) FROM groups_forum_r WHERE club = '$club'"), 0);
if ($sql != false) {
$n = new navigator($sql, 10, '?g='.$g.'&club='.$club.'&');
$sel = mysql_query("SELECT groups_forum_r.*,
(SELECT COUNT(*) FROM groups_forum_t WHERE groups_forum_t.uid = groups_forum_r.id) AS s,
(SELECT COUNT(*) FROM groups_forum_m WHERE groups_forum_m.rid = groups_forum_r.id) AS t
FROM groups_forum_r WHERE club = '$club' ORDER BY id DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($sel)) {
echo ($i ++ % 2) ? $div_razdel : $div_tworazdel;
echo '<img src="img/str.gif" alt=""/> <a href="forum.php?do=razdel&g='.$g.'&club='.$club.'&r='.$a['id'].'">' . $a['name'] . '</a> (' . $a['s'] . '/' . $a['t'] . ')' . $div_end;
}
echo $n->navi();
} else {
echo 'Разделы не найдены.<br/>';
}
echo $div_end;
break;
case razdel:
$r = my_int($_GET['r']);
if (mysql_num_rows($ingr) != FALSE) {
$createThem = '<a href="forum.php?do=addthem&g='.$g.'&club='.$club.'&r='.$r.'">Создать тему</a> |';
}
echo $div_title . 'Форум' . $div_end . $div_left . $div_menu . '
<img src="img/up.gif" alt=""/> <b>Форум</b> |
' . $createThem . '
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>' . $div_end;
$sql = mysql_result(mysql_query("SELECT COUNT(*) FROM groups_forum_t WHERE uid = '$r' AND club = '$club'"), 0);
if ($sql != false) {
$n = new navigator($sql, 10, '?do=razdel&g='.$g.'&club='.$club.'&');
$sel = mysql_query("SELECT groups_forum_t.*,
(SELECT COUNT(*) FROM groups_forum_m WHERE groups_forum_m.uid = groups_forum_t.id) AS t
FROM groups_forum_t WHERE uid = '$r' AND club = '$club' ORDER BY last DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($sel)) {
// закрытая тема
if ($a['close'] == 1 && $a['fix'] == 0) {
$cl = '<img src="img/x.gif" alt="*"/> ';
// открытая тема
} elseif ($a['close'] == 0 && $a['fix'] == 0) {
$cl = '<img src="img/t.gif" alt="*"/> ';
// обычная тема
} else {
$cl = '<img src="img/t.gif" alt="*"/> ';
}
echo ($i ++ % 2) ? $div_razdel : $div_tworazdel;
echo $cl . '<a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$a['uid'].'&t='.$a['id'].'">' . $a['name'] . '</a> (' . $a['t'] . ')' . $div_end;
}
echo $n->navi();
} else {
echo 'Темы еще не созданы.<br/>';
}
echo $div_end;
break;
case them:
$r = my_int($_REQUEST['r']);
$t = my_int($_REQUEST['t']);
$NoR = mysql_query("SELECT id FROM groups_forum_r WHERE id = '$r' AND club = '$club' LIMIT 1");
$NoT = mysql_query("SELECT * FROM groups_forum_t WHERE id = '$t' AND club = '$club' LIMIT 1");
$NoRT = mysql_query("SELECT groups_forum_r.* FROM groups_forum_r WHERE id = '$r' AND club = '$club' AND id IN(SELECT uid FROM groups_forum_t WHERE id = '$t' AND club = '$club') LIMIT 1");
if (mysql_num_rows($NoR) == false) {
err('Раздел не найден!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoT) == false) {
err('Тема не найдена, возможно она была удалена!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoRT) == false) {
err('Ошибка!');
include '../foot.php';
exit();
}
// информация о теме
$i_th = mysql_fetch_assoc($NoT);
$mes = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE `uid` = '$t' AND `rid` = '$r' AND club = '$club'"), 0);
// закрытие темы
if ($i_th['close'] == 1) {
$_cls_1 = 'open_them';
$_cls_2 = 'Открыть';
} else {
$_cls_1 = 'close_them';
$_cls_2 = 'Закрыть';
}
if ($AvtGr[0] == $user['id'] || $AvtGr2[1] == 1 && $AvtGr2[0] == $user['id']) {
$ed = '<a href="forum.php?do=del_them&g='.$g.'&club='.$club.'&r='.$r.'&x='.$t.'">Удалить</a> |
<a href="forum.php?do=edit_them&g='.$g.'&club='.$club.'&r='.$r.'&x='.$t.'">Изменить</a> |
<a href="forum.php?do='.$_cls_1.'&g='.$g.'&club='.$club.'&r='.$r.'&x='.$t.'">' . $_cls_2 . '</a>';
}
// последнее редактирование
$redact = (!empty($i_th['whoedit']))
? $div_razdel . 'Редактировалось: <a href="/'.$i_th['whoedit'].'">' . user_inf($i_th['whoedit'], 'user') . '</a>' . $div_end
: '';
// первый пост в теме
if (mb_strlen($i_th['firstpost'], 'UTF8') > 250 && !isset($_GET['read'])) {
$i_th['firstpost'] = mb_substr($i_th['firstpost'], 0, 250, 'UTF8') . '...<br/>
<a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&read"><span class="next">Далее»</span></a>';
} elseif (mb_strlen($i_th['firstpost'], 'UTF8') > 250 && isset($_GET['read'])) {
$i_th['firstpost'] = $i_th['firstpost'] . '<br/>
<a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'"><span class="next">«Скрыть</span></a>';
} else {
$i_th['firstpost'] = $i_th['firstpost'];
}
echo $div_title . 'Форум' . $div_end . $div_left . $div_menu . '
<img src="img/up.gif" alt=""/> <a href="forum.php?g='.$g.'&club='.$club.'">Форум</a> |
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>
' . $div_end . $div_razdel . $ed . $div_end . '
<b>' . $i_th['name'] . '</b>
' . $block . smiles(bb_code($i_th['firstpost'])) . '<br/>
' . date('d-m-Y H:i', $i_th['date']) . $block . us($i_th['author']) . $block . $redact;
if (isset($_GET['order']) && $_GET['order'] == 1) {
$sort = '<b>вверху</b> | <a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&order=2">внизу</a>';
$ord = 'DESC';
} elseif (isset($_GET['order']) && $_GET['order'] == 2) {
$sort = '<a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&order=1">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
} else {
$sort = '<a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&order=1">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
}
echo $div_menu . 'Новые: ' . $sort . $div_end;
// запись сообщения
if (isset($_POST['add'])) {
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
if (empty($msg)) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t);
} else {
if ($_POST['up'] == 1) {
echo 'Сообщение: ' . $msg . '<br/>
<FORM ENCTYPE="multipart/form-data" action="forum.php?do=them&g='.$g.'&club='.$club.'" method="POST">
<label>Файл:</label><br/>
<INPUT NAME="object" TYPE="file"/>
<br/>
<input type="hidden" name="r" value="' . $r . '"/>
<input type="hidden" name="t" value="' . $t . '"/>
<input type="hidden" name="act" value="1"/>
<input type="hidden" name="msg" value="' . $msg . '"/>
<input type="submit" name="add" value="Прикрепить"/>
</FORM>';
include '../foot.php';
exit();
}
if ($_POST['act'] == 1) {
$FileName = $_FILES['object']['name'];
// если тема закрыта
if ($i_th['close'] == 1) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t);
die();
}
$GetExt = array('bmp',
'gif',
'jpeg',
'jpg',
'png',
'wav',
'amr',
'mp3',
'mp3',
'mid',
'3gp',
'jad',
'jar',
'mp4',
'pdf',
'swf',
'sis',
'thm',
'txt',
'zip',
'rar');
$ext = end(explode('.', $_FILES['object']['name']));
if (empty($FileName)) $err .= 'Не выбран файл!';
elseif (!preg_match('#([a-z0-9-_]{1,32})#i', $FileName)) $err .= 'Не правильное имя файла!';
elseif ($_FILES['object']['size'] > 1024 * 2 * 1024) $err .= 'Размер файла не более 2 Мб.';
elseif (preg_match('/(.php|.pl|.htaccess)/i', $FileName) || !in_array(strtolower($ext), $GetExt)) $err .= 'Запрещенный формат файла!';
if (!empty($err)) {
err($err);
} else {
$name = $site . '_' . time() . '.' . $ext;
$foto = 'upload/' . $name;
if ($GetExt == 'jpg' || $GetExt == 'jpeg' || $GetExt == 'bmp' || $GetExt == 'png') {
$imgc = @imagecreatefromstring(file_get_contents($_FILES['object']['tmp_name']));
$imgc = img_copyright($imgc); // наложение копирайта
imagejpeg($imgc, $foto, 90);
} else {
copy($_FILES['object']['tmp_name'], $foto);
}
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('../domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $msg)) {
$msg = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $msg);
}
}
}
// транслит
if ($user['translit'] == 1) {
$msg = trun_to_rus($msg);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$msg = ($ant[0] == 1) ? mat($msg) : $msg;
// запись в базу
mysql_query("INSERT INTO `groups_forum_m` SET
`uid` = '$t',
`rid` = '$r',
`user` = '$user[id]',
`msg` = '$msg',
`path` = '$name',
`time` = '" . time() . "',
`club` = '$club'");
// апдейт времени последней темы
mysql_query("UPDATE `groups_forum_t` SET `last` = '" . time() . "' WHERE `id` = '$t' AND club = '$club' LIMIT 1");
$num_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE `uid` = '$t' AND club = '$club'"), 0);
if ($num_post > 10) {
$pg = ceil($num_post / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
}
} else {
$num_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE `uid` = '$t' AND club = '$club'"), 0);
if ($num_post > 10) {
$pg = ceil($num_post / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
// если тема закрыта
if ($i_th['close'] == 1) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
die();
}
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('../domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $msg)) {
$msg = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $msg);
}
}
}
// транслит
if ($user['translit'] == 1) {
$msg = trun_to_rus($msg);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$msg = ($ant[0] == 1) ? mat($msg) : $msg;
// добавление к предыдущему сообщению
if ($lst['user'] == $user['id']) {
if (time() - 86400 < $lst['time']) $GM = gmdate('через i:s сек.', (time() - $lst['time']));
else $GM = date('d-m-Y G:i', $lst['time']);
$lmsg = $lst['msg'] . '<br/>[i][small]Добавлено ' . $GM . ' [/small][/i]<br/>' . $msg;
mysql_query("UPDATE `groups_forum_m` SET `msg` = '$lmsg' WHERE `id` = '$lst[id]' AND club = '$club' LIMIT 1");
} else {
// запись в базу
mysql_query("INSERT INTO `groups_forum_m` SET
`uid` = '$t',
`rid` = '$r',
`user` = '$user[id]',
`msg` = '$msg',
`time` = '" . time() . "',
`club` = '$club'");
}
// апдейт времени последней темы
mysql_query("UPDATE `groups_forum_t` SET `last` = '" . time() . "' WHERE `id` = '$t' AND club = '$club' LIMIT 1");
$num_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE `uid` = '$t' AND `rid` = '$r' AND club = '$club'"), 0);
if ($num_post > 10) {
$pg = ceil($num_post / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
}
}
}
###############################
$num_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE `uid` = '$t' AND `rid` = '$r' AND club = '$club'"), 0);
if ($num_post > 10) {
$pg = ceil($num_post / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
###############################
// удаление поста
if (isset($_GET['d'])) {
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $sr);
die();
}
if ($i_th['close'] == 1) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
die();
}
$d = my_int($_GET['d']);
$pst = mysql_query("SELECT * FROM `groups_forum_m` WHERE `id` = '$d' AND club = '$club' LIMIT 1");
if (mysql_num_rows($pst) == FALSE) {
err('Ошибка!');
} else {
$i = mysql_fetch_assoc($pst);
// удаление файла из поста
if (file_exists('upload/' . $i['path'])) unlink('upload/' . $i['path']);
mysql_query("DELETE FROM `groups_forum_m` WHERE `id` = '$d' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
}
}
// удаление файла
if (isset($_GET['df'])) {
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
die();
}
if ($i_th['close'] == 1) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
die();
}
$df = my_int($_GET['df']);
$em = mysql_query("SELECT * FROM `groups_forum_m` WHERE `id` = '$df' AND club = '$club' LIMIT 1");
if (mysql_num_rows($em) != FALSE) {
$i = mysql_fetch_assoc($em);
if (file_exists('upload/' . $i['path'])) unlink('upload/' . $i['path']);
mysql_query("UPDATE `groups_forum_m` SET `path` = '' WHERE `id` = '$df' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
} else {
err('Ошибка!');
}
}
// список тем
if ($mes != FALSE) {
$n = new navigator($mes, 10, '?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&');
$look = mysql_query("SELECT `groups_forum_m`.*,
(SELECT COUNT(*) FROM `groups_forum_m` WHERE `groups_forum_m`.`uid` = '$t' AND `groups_forum_m`.`rid` = '$r') AS c
FROM `groups_forum_m` WHERE `groups_forum_m`.`uid` = '$t' AND `groups_forum_m`.`rid` = '$r' AND groups_forum_m.club = '$club' ORDER BY `groups_forum_m`.`id` $ord {$n->limit}");
$dv = 0;
while($a = mysql_fetch_assoc($look)) {
###############################
if ($a['c'] > 10) {
$pg = ceil($a['c'] / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
###############################
######################################
if ($a['user'] != 0 && $i_th['close'] == 0 && mysql_num_rows($ingr) != FALSE) $_ank = ' <a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.$st.'&k='.$a['user'].'&#down">[*]</a>';
######################################
//---------------------------//
if ($AvtGr[0] == $user['id'] || $AvtGr2[1] == 1 && $AvtGr2[0] == $user['id'] && $i_th['close'] == 0) {
$upr = '<br/><a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&d='.$a['id'].'">[уд]</a>
<a href="forum.php?do=izm&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&e='.$a['id'].'">[изм]</a>
<a href="forum.php?do=cit&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&c='.$a['id'].'">[цит]</a>';
//---------------------------//
} elseif ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id'] && $a['user'] != $user['id'] && $i_th['close'] == 0) {
$upr = '<br/><a href="forum.php?do=cit&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&c='.$a['id'].'">[цит]</a>';
//---------------------------//
} elseif ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id'] && $a['user'] == $user['id'] && $i_th['close'] == 0) {
$upr = '<br/><a href="forum.php?do=cit&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&c='.$a['id'].'">[цит]</a>
<a href="forum.php?do=izm&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&e='.$a['id'].'">[изм]</a>';
//---------------------------//
} elseif ($AvtGr[0] == $user['id'] || $AvtGr2[1] == 1 && $AvtGr2[0] == $user['id'] && $i_th['close'] == 1) {
$upr = '<br/>[уд][изм][цит]';
//---------------------------//
} elseif ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id'] && $i_th['close'] == 1) {
$upr = '';
}
//---------------------------//
$_path = (!empty($a['path']))
? '<br/><span style="color: #0080a0;">Файл:</span> <a href="upload/'.$a['path'].'">' . $a['path'] . '</a>'
: '';
$d_file = ($i_th['close'] == 0 && !empty($a['path']) && $AvtGr[0] == $user['id'] || $AvtGr2[1] == 1 && $AvtGr2[0] == $user['id'] && $i_th['close'] == 0 && !empty($a['path']))
? '<br/><a href="forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t='.$t.'&df='.$a['id'].'">[Удалить файл]</a>'
: '';
// подсветка кода
$_edt = (!empty($a['whoedit']))
?
'<br/><small><span style="color:#999999;">Изменено: ' . user_inf($a['whoedit'], 'user') . '</span></small>'
:
'';
echo ($dv ++ % 2) ? $div_tworazdel : $div_razdel;
echo us($a['user']) . $_ank . '</a><br/>' . date('d.m.y H:i', $a['time']) . $upr . '<br/>' . smiles(bb_code($a['msg'])) . $_path . $d_file . $_edt . $div_end;
#######
}
echo $n->navi();
}
else
{
echo 'Сообщений в этой теме нет.<br/>';
}
// ответ на пост
if ($i_th['close'] == 0) {
if (isset($_GET['k']) && user_inf($_GET['k'])) {
$k = my_int($_GET['k']);
$komu = htmlspecialchars('[b]' . user_inf($k, 'user') . '[/b], ');
}
if (mysql_num_rows($ingr) != FALSE) {
echo '<a name="down"></a>
<FORM method="POST" action="forum.php?do=them&g='.$g.'&club='.$club.'">
<label>Сообщение:</label>
<br/>
<textarea name="msg" cols="50" rows="5" style="width: 99%;">' . $komu . $cit_post . '</textarea>
<br/>
<input type="checkbox" name="up" value="1"/> Прикрепить файл<br/>
<input type="hidden" name="r" value="' . $r . '"/>
<input type="hidden" name="t" value="' . $t . '"/>
<input type="hidden" name="adr" value="' . my_int($k) . '"/>
<input type="submit" name="add" value="Написать"/>
</FORM>';
}
} else {
echo $div_aut . 'Тема закрыта! ' . us($i_th['whoclose']) . $div_end;
}
echo $div_end;
break;
case izm:
$r = my_int($_REQUEST['r']);
$t = my_int($_REQUEST['t']);
$e = my_int($_GET['e']);
$NoR = mysql_query("SELECT id FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' LIMIT 1");
if (mysql_num_rows($ingr) == FALSE)
{
err('Оставлять сообщения могут только участники группы!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == FALSE) {
err('Раздела не существует!');
include '../foot.php';
exit();
}
$em = mysql_query("SELECT msg, user FROM `groups_forum_m` WHERE `id` = '$e' AND `uid` = '$t' AND club = '$club' LIMIT 1");
$emt = mysql_query("SELECT close FROM `groups_forum_t` WHERE `id` = '$t' AND club = '$club' LIMIT 1");
$i = mysql_fetch_assoc($em);
$ii = mysql_fetch_assoc($emt);
if ($i['user'] != $user['id'] && $AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id'] && !isset($_POST['ok'])) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t);
die();
}
if ($ii['close'] == 1) {
err('Тема закрыта!');
include '../foot.php';
exit();
}
if (isset($_POST['ok']) && mysql_num_rows($ingr) != FALSE) {
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('../domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $msg)) {
$msg = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $msg);
}
}
}
// транслит
if ($user['translit'] == 1) {
$msg = trun_to_rus($msg);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$msg = ($ant[0] == 1) ? mat($msg) : $msg;
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
$_em = mysql_query("SELECT * FROM `groups_forum_m` WHERE `id` = '".my_int($_POST['e'])."' AND club = '$club' AND `uid` = '".my_int($_POST['t'])."' LIMIT 1");
$_i = mysql_fetch_assoc($_em);
###############################
$num_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE rid = '$r' AND `uid` = '$t' AND club = '$club'"), 0);
if ($num_post > 10) {
$pg = ceil($num_post / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
###############################
mysql_query("UPDATE `groups_forum_m` SET `msg` = '$msg', `whoedit` = '$user[id]' WHERE `id` = '".my_int($_POST['e'])."' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
}
if (mysql_num_rows($em) != FALSE && mysql_num_rows($emt) != FALSE) {
echo $div_left . $div_title . 'Редактирование' . $div_end . $div_menu . '
<img src="img/up.gif" alt=""/> <b>Форум</b> |
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>
' . $div_end . '
<FORM method="POST" action="forum.php?do=izm&g='.$g.'&club='.$club.'">
<textarea name="msg" cols="50" rows="5" style="width: 99%;">' . back_bb($i['msg']) . '</textarea>
<br/>
<input type="hidden" name="r" value="' . $r . '"/>
<input type="hidden" name="t" value="' . $t . '"/>
<input type="hidden" name="e" value="' . $e . '"/>
<input type="submit" name="ok" value="Изменить"/>
</FORM>';
} else {
err('Ошибка!');
}
echo $div_end;
break;
case cit:
$r = my_int($_REQUEST['r']);
$t = my_int($_REQUEST['t']);
$NoR = mysql_query("SELECT id FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' LIMIT 1");
if (mysql_num_rows($ingr) == FALSE)
{
err('Оставлять сообщения могут только участники группы!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == FALSE) {
err('Раздела не существует!');
include '../foot.php';
exit();
}
$c = my_int($_GET['c']);
$em = mysql_query("SELECT id, msg, user FROM `groups_forum_m` WHERE `id` = '$c' AND rid = '$r' AND `uid` = '$t' AND club = '$club' LIMIT 1");
$emt = mysql_query("SELECT id, close FROM `groups_forum_t` WHERE `id` = '$t' AND club = '$club' LIMIT 1");
$i = mysql_fetch_assoc($em);
$ii = mysql_fetch_assoc($emt);
if ($ii['close'] == 1) {
err('Тема закрыта!');
include '../foot.php';
exit();
}
if (!isset($_POST['ok']) && empty($i['id']) || empty($ii['id'])) {
err('Ошибка!');
include '../foot.php';
exit();
}
if (isset($_POST['ok'])) {
$date = date('d.m.y H:i');
$msg = trim(mysql_real_escape_string(check($_POST['msg'])));
$m = mysql_fetch_array(mysql_query("SELECT `user`, `msg`
FROM `groups_forum_m`
WHERE
`id` = '" . my_int($_POST['c']) . "'
AND
`uid` = '" . my_int($_POST['t']) . "'
LIMIT 1"));
// урезаем див цитаты
if (preg_match('/<div class="quote">(.*?)</div>/si', $m[1], $rep)) {
$m[1] = str_replace($rep[0], '', $m[1]);
}
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('../domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $msg)) {
$msg = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $msg);
}
}
}
// транслит
if ($user['translit'] == 1) {
$msg = trun_to_rus($msg);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$msg = ($ant[0] == 1) ? mat($msg) : $msg;
if (!empty($msg) && mysql_num_rows($ingr) != FALSE) {
$mess = '<div class="quote">' . user_inf($m[0], 'user') . ': ' . $m[1] . '</div>' . $msg;
mysql_query("INSERT INTO `groups_forum_m` SET `uid` = '$t', `rid` = '$r', `user` = '$user[id]', `msg` = '$mess', `time` = '" . time() . "', `club` = '$club'");
// апдейт времени последней темы
mysql_query("UPDATE `groups_forum_t` SET `last` = '" . time() . "' WHERE `id` = '$t' AND club = '$club' LIMIT 1");
###############################
$num_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `groups_forum_m` WHERE rid = '$r' AND `uid` = '$t' AND club = '$club'"), 0);
if ($num_post > 10) {
$pg = ceil($num_post / 10);
$st = '&page=' . $pg;
} else {
$st = '';
}
###############################
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
}
else
{
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $t . $st);
}
}
// урезаем див цитаты
if (preg_match('/<div class="quote">(.*?)</div>/si', $i['msg'], $rep)) {
$i['msg'] = str_replace($rep[0], '', $i['msg']);
}
echo $div_left . $div_title . 'Цитирование' . $div_end . $div_menu . '
<img src="img/up.gif" alt=""/> <b>Форум</b> |
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>
' . $div_end . '
<FORM method="POST" action="forum.php?do=cit&g='.$g.'&club='.$club.'">
<div class="quote">' . user_inf($i['user'], 'user') . ': ' . bb_code($i['msg']) . '</div>
<textarea name="msg" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<input type="hidden" name="r" value="' . $r . '"/>
<input type="hidden" name="t" value="' . $t . '"/>
<input type="hidden" name="c" value="' . $c . '"/>
<input type="submit" name="ok" value="Цитировать"/>
</FORM>' . $div_end;
break;
case edit_them:
$r = my_int($_REQUEST['r']);
$x = my_int($_REQUEST['x']);
$NoR = mysql_query("SELECT * FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' LIMIT 1");
$Ob = mysql_query("SELECT `groups_forum_r`.* FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' AND `id` IN(SELECT `uid` FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club')");
if (mysql_num_rows($Ob) == FALSE) {
err('Ошибка!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == FALSE) {
err('Раздела не существует!');
include '../foot.php';
exit();
}
$sql = mysql_query("SELECT `name`, `firstpost` FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club'");
$inf = mysql_fetch_assoc($sql);
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $x);
die();
}
echo $div_left . $div_title . 'Редактировать тему' . $div_end . $div_menu . '
<img src="img/up.gif" alt=""/> <b>Форум</b> |
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>
' . $div_end;
if (isset($_POST['ok'])) {
$ed = trim(mysql_real_escape_string(check($_POST['ed'])));
$fp = trim(mysql_real_escape_string(check($_POST['fp'])));
if (empty($ed)) {
err('Не заполнен заголовок темы!');
} elseif (empty($fp)) {
err('Не заполнено содержание темы!');
} else {
mysql_query("UPDATE `groups_forum_t` SET `name` = '$ed', `firstpost` = '$fp', `whoedit` = '$user[id]' WHERE `id` = '$x' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $x);
}
}
if (mysql_num_rows($sql) == FALSE) {
err('Тема не найдена, возможна она была удалена.');
} else {
echo '<FORM method="POST" action="forum.php?do=edit_them&g='.$g.'&club='.$club.'">
<label>Заголовок:</label><br/>
<input type="text" name="ed" value="' . $inf['name'] . '"/>
<br/>
<label>Содержание:</label><br/>
<textarea name="fp" cols="50" rows="5" style="width: 99%;">' . back_bb($inf['firstpost']) . '</textarea>
<br/>
<input type="hidden" name="r" value="' . $r . '"/>
<input type="hidden" name="x" value="' . $x . '"/>
<input type="submit" name="ok" value="Изменить"/>
</FORM>';
}
echo $div_end;
break;
case close_them:
$r = my_int($_GET['r']);
$x = my_int($_GET['x']);
$NoR = mysql_query("SELECT id FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' LIMIT 1");
$Ob = mysql_query("SELECT `groups_forum_r`.* FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' AND `id` IN(SELECT `uid` FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club')");
if (mysql_num_rows($Ob) == FALSE) {
err('Ошибка!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == FALSE) {
err('Раздела не существует!');
include '../foot.php';
exit();
}
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $x);
} else {
mysql_query("UPDATE `groups_forum_t` SET `close` = '1', `whoclose` = '$user[id]' WHERE `id` = '$x' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $x);
}
break;
case open_them:
$r = my_int($_GET['r']);
$x = my_int($_GET['x']);
$NoR = mysql_query("SELECT id FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' LIMIT 1");
$Ob = mysql_query("SELECT `groups_forum_r`.* FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' AND `id` IN(SELECT `uid` FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club')");
if (mysql_num_rows($Ob) == FALSE) {
err('Ошибка!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == FALSE) {
err('Раздела не существует!');
include '../foot.php';
exit();
}
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $x);
} else {
mysql_query("UPDATE `groups_forum_t` SET `close` = '0', `whoclose` = '$user[id]' WHERE `id` = '$x' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $x);
}
break;
case del_them:
$r = my_int($_GET['r']);
$x = my_int($_GET['x']);
$NoR = mysql_query("SELECT * FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' LIMIT 1");
$NoT = mysql_query("SELECT * FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club' LIMIT 1");
$Ob = mysql_query("SELECT `groups_forum_r`.* FROM `groups_forum_r` WHERE `id` = '$r' AND club = '$club' AND `id` IN(SELECT `uid` FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club')");
if (mysql_num_rows($Ob) == FALSE) {
err('Ошибка!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == FALSE) {
err('Раздела не существует!');
include '../foot.php';
exit();
}
// информация о разделе
$i_p = mysql_fetch_assoc($NoR);
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?do=razdel&r='.$r.'&g='.$g.'&club=' . $club);
die();
}
if (mysql_num_rows($NoT) == FALSE) {
err('Тема не найдена, возможна она была удалена.');
} else {
$msgs = mysql_query("SELECT * FROM `groups_forum_m` WHERE `uid` = '$x' AND club = '$club'");
while($p = mysql_fetch_assoc($msgs)) {
if (file_exists('upload/' . $p['path'])) unlink('upload/' . $p['path']);
}
mysql_query("DELETE FROM `groups_forum_m` WHERE `uid` = '$x' AND club = '$club'");
mysql_query("DELETE FROM `groups_forum_t` WHERE `id` = '$x' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=razdel&r='.$r.'&g='.$g.'&club=' . $club);
}
break;
case addthem:
$r = my_int($_REQUEST['r']);
$t = my_int($_REQUEST['t']);
$NoR = mysql_query("SELECT id FROM groups_forum_r WHERE id = '$r' AND club = '$club' LIMIT 1");
if (mysql_num_rows($ingr) == FALSE) {
err('Создавать темы могут только участники группы!');
include '../foot.php';
exit();
}
if (mysql_num_rows($NoR) == false) {
err('Раздел не найден!');
include '../foot.php';
exit();
}
echo $div_title . 'Форум' . $div_end . $div_left . $div_menu . '
<img src="img/up.gif" alt=""/> <b>Форум</b> |
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>' . $div_end;
if (isset($_POST['ok'])) {
$title = trim(mysql_real_escape_string(check($_POST['title'])));
$content = trim(mysql_real_escape_string(check($_POST['content'])));
$pr = mysql_query("SELECT COUNT(*) FROM `groups_forum_r` WHERE `name` = '$title' AND `id` = '$t' AND club = '$club' LIMIT 1");
if (empty($title)) {
err('Не заполнен заголовок!');
} elseif (empty($content)) {
err('Не заполнено содержание!');
} elseif (mysql_result($pr, 0) != 0) {
err('Такая тема уже существует в этом разделе!');
} else {
mysql_query("INSERT INTO `groups_forum_t` SET
`uid` = '$r',
`name` = '$title',
`author` = '$user[id]',
`date` = '" . time() . "',
`firstpost` = '$content',
`club` = '$club'");
$lid = mysql_insert_id();
header('Location: forum.php?do=them&g='.$g.'&club='.$club.'&r='.$r.'&t=' . $lid);
}
}
echo '<FORM method="POST" action="forum.php?do=addthem&g='.$g.'&club='.$club.'">
<label>Заголовок:</label><br/>
<input type="text" name="title"/><br/>
<label>Содержание:</label><br/>
<textarea name="content" cols="50" rows="5" style="width: 99%;"></textarea>
<input type="hidden" name="r" value="' . $r . '"/>
<input type="hidden" name="p" value="' . $p . '"/>
<br/>
<input type="submit" name="ok" value="Создать"/>
</FORM>' . $div_end;
break;
case admin:
if ($AvtGr[0] != $user['id'] && $AvtGr2[1] != 1 && $AvtGr2[0] == $user['id']) {
header('Location: forum.php?g='.$g.'&club=' . $club);
die();
}
echo $div_title . 'Форум' . $div_end . $div_left . $div_menu . '
<img src="img/up.gif" alt=""/> <a href="forum.php?g='.$g.'&club='.$club.'">Форум</a> |
<a href="index.php?do=groups">Все группы</a> |
<a href="index.php?do=club&g='.$g.'&club='.$club.'">' . $is['name'] . '</a>
' . $div_end;
// Создание раздела
if (isset($_POST['add'])) {
$rzd = check(mysql_real_escape_string(check($_POST['rzd'])));
$double = mysql_result(mysql_query("SELECT COUNT(*) FROM groups_forum_r WHERE name = '$rzd' AND club = '$club'"), 0);
if (empty($rzd)) {
err('Не заполнено название раздела!');
} elseif ($double > 0) {
err('Раздел с таким названием уже создан!');
} else {
mysql_query("INSERT INTO groups_forum_r SET name = '$rzd', club = '$club'");
header('Location: forum.php?do=admin&g='.$g.'&club=' . $club);
}
}
// Удаление раздела
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT id FROM groups_forum_r WHERE id = '$x' AND club = '$club' LIMIT 1");
if (mysql_num_rows($em) == false) {
err('Раздел не найден!');
} else {
// удаление тем
mysql_query("DELETE FROM groups_forum_t WHERE uid = '$x' AND club = '$club'");
$InMes = mysql_query("SELECT path FROM groups_forum_m WHERE rid = '$x' AND club = '$club'");
while($dl = mysql_fetch_assoc($InMes)) {
// удаление прикрепленных файлов
if (file_exists('upload/' . $dl['path'])) unlink('upload/' . $dl['path']);
}
// удаление сообщений
mysql_query("DELETE FROM groups_forum_m WHERE rid = '$x' AND club = '$club'");
// удаление раздела
mysql_query("DELETE FROM groups_forum_r WHERE id = '$x' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=admin&g='.$g.'&club=' . $club);
}
}
// Редактирование раздела
if (isset($_POST['okedit'])) {
$edit = my_int($_POST['edit']);
$rzd = check(mysql_real_escape_string(check($_POST['rzd'])));
$em = mysql_query("SELECT id FROM groups_forum_r WHERE id = '$edit' AND club = '$club' LIMIT 1");
$double = mysql_result(mysql_query("SELECT COUNT(*) FROM groups_forum_r WHERE name = '$rzd' AND club = '$club' AND id != '$edit'"), 0);
if (mysql_num_rows($em) == false) {
err('Раздел не найден!');
} elseif ($double > 0) {
err('Раздел с таким названием уже создан!');
} else {
mysql_query("UPDATE groups_forum_r SET name = '$rzd' WHERE id = '$edit' AND club = '$club' LIMIT 1");
header('Location: forum.php?do=admin&g='.$g.'&club=' . $club);
}
}
// Редактирование раздела
if (isset($_GET['edit'])) {
$edit = my_int($_GET['edit']);
$em = mysql_query("SELECT * FROM groups_forum_r WHERE id = '$edit' AND club = '$club' LIMIT 1");
if (mysql_num_rows($em) == false) {
err('Раздел не найден!');
} else {
$inf = mysql_fetch_assoc($em);
echo '<FORM method="POST" action="forum.php?do=admin&g='.$g.'&club='.$club.'">
<label>Переименовать раздел:</label>
<br/>
<input type="text" name="rzd" value="' . $inf['name'] . '"/>
<br/>
<input type="hidden" name="edit" value="' . $edit . '"/>
<input type="submit" name="okedit" value="Изменить"/>
</FORM>' . $block;
}
} else {
echo '<FORM method="POST" action="forum.php?do=admin&g='.$g.'&club='.$club.'">
<label>Новый раздел:</label>
<br/>
<input type="text" name="rzd"/>
<br/>
<input type="submit" name="add" value="Создать"/>
</FORM>' . $block;
}
$sql = mysql_result(mysql_query("SELECT COUNT(*) FROM groups_forum_r WHERE club = '$club'"), 0);
if ($sql != false) {
$n = new navigator($sql, 10, '?g='.$g.'&club='.$club.'&');
$sel = mysql_query("SELECT groups_forum_r.*,
(SELECT COUNT(*) FROM groups_forum_t WHERE groups_forum_t.uid = groups_forum_r.id) AS s,
(SELECT COUNT(*) FROM groups_forum_m WHERE groups_forum_m.rid = groups_forum_r.id) AS t
FROM groups_forum_r WHERE club = '$club' ORDER BY id DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($sel)) {
echo ($i ++ % 2) ? $div_razdel : $div_tworazdel;
$d = '<a href="forum.php?do=admin&g='.$g.'&club='.$club.'&x='.$a['id'].'"><img src="../ico/delete.gif" alt=""/></a> ';
$e = '<a href="forum.php?do=admin&g='.$g.'&club='.$club.'&edit='.$a['id'].'"><img src="../ico/edit.gif" alt=""/></a> ';
echo $e . $d . $a['name'] . ' (' . $a['s'] . '/' . $a['t'] . ')' . $div_end;
}
echo $n->navi();
} else {
echo 'Разделы не найдены.<br/>';
}
echo $div_end;
break;
}
include '../foot.php';
?>