Файл: support_coms.php
Строк: 64
<?php
require 'sid.php';
require 'config.php';
$link = connect_db();
list($user, $id, $ps) = check_login($link);
include 'head.php';
include 'navigator.php';
whorm(0, 'support');
$uid = my_int($_GET['uid']);
$empty = mysql_query("SELECT `id` FROM `support` WHERE `id` = '$uid' LIMIT 1");
if (mysql_num_rows($empty) == FALSE) {
err('Ошибка!');
include_once 'foot.php';
exit();
}
echo $div_title . 'Комментарии' . $div_end . $div_left;
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$uid = my_int($_GET['uid']);
$t = mysql_query("SELECT `id` FROM `support_coms` WHERE `id` = '$x' LIMIT 1");
if ($user['level'] < 4) {
header('Location: support_coms.php?uid=' . $uid);
} elseif (mysql_num_rows($t) == FALSE) {
header('Location: support_coms.php?uid=' . $uid);
} else {
mysql_query("DELETE FROM `support_coms` WHERE `id` = '$x' LIMIT 1");
header('Location: support_coms.php?uid=' . $uid);
}
}
$num = mysql_result(mysql_query("SELECT COUNT(*) FROM `support_coms` WHERE `uid` = '$uid'"), 0);
if ($num != FALSE) {
$n = new navigator($num, 10, '?uid=' . $uid);
$view = mysql_query("SELECT * FROM `support_coms` WHERE `uid` = '$uid' ORDER BY `id` DESC {$n->limit}");
$i = 0;
while($a = mysql_fetch_assoc($view)) {
if ($user['level'] == 4 || $user['level'] == 5) {
$d = '<a href="support_coms.php?uid='.$uid.'&x='.$a['id'].'"><img src="ico/delete.gif" alt=""/></a> ';
}
$otv = ' <a href="support_coms.php?uid='.$uid.'&k='.$a['user'].'&#down">[*]</a>';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $d . us($a['user']) . $otv . '<br/>(' . date('d.m.y H:i', $a['date']) . ')<br/>' . smiles(bb_code($a['mes'])) . $div_end;
}
echo $n->navi();
} else {
echo 'Комментариев нет.' . $block;
}
if (isset($_POST['ok'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
$uid = my_int($_GET['uid']);
$pr = mysql_query("SELECT `id` FROM `support` WHERE `id` = '$uid' LIMIT 1");
if (empty($mes)) {
err('Пустой комментарий!');
} elseif (mysql_num_rows($pr) == FALSE) {
header('Location: support_coms.php?uid=' . $uid);
} else {
// транслит
if ($user['translit'] == 1) {
$mes = trun_to_rus($mes);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$mes = ($ant[0] == 1) ? mat($mes) : $mes;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $mes)) {
$mes = preg_replace("/(.*)(s|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $mes);
}
}
}
// Оповещание последнему постеру
$lst = mysql_fetch_assoc(mysql_query("SELECT `user` FROM `support_coms` WHERE
`uid` = '$uid'
ORDER BY `id` DESC LIMIT 1"));
if ($user['id'] != $lst['user']) {
$message = 'Оставлено сообщение в <a href="support_coms.php?uid='.$uid.'">саппорте</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '$lst[user]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`read` = '1'");
}
mysql_query("INSERT INTO `support_coms` SET `user` = '$user[id]', `date` = '" . time() . "', `uid` = '$uid', `mes` = '$mes'");
header('Location: support_coms.php?uid=' . $uid);
}
}
$Komu = (isset($_GET['k'])) ? user_inf(my_int($_GET['k']), 'user') . ', ' : '';
echo '<a name="down"></a>
<fieldset>
<FORM method="POST" action="support_coms.php?uid='.$uid.'">
<b>Комментарий:</b>
<br/>
<textarea name="mes" cols="50" rows="5"style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="submit" name="ok" value="Оставить"/>
</FORM>
</fieldset>';
echo $div_end;
include 'foot.php';
?>