Файл: form2/msg.php
Строк: 89
<?
include_once '../system/sys.php';
include '../system/funcs.php';
if (!isset ($us['id'])) {
header ('location: /');
exit;
}
if (!isset ($_GET['id'])) {
header ('location: /forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_t` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount ()==0) {
header ('location: /forum.php');
exit;
}
$t = $query -> fetch ();
$a = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $t['us'] . "')");
$query = DB :: $dbs -> query ("SELECT * FROM `forum_pr` WHERE (`id`='" . $t['id_pr'] . "')");
if ($query -> rowCount ()==0) {
header ('location: /forum.php');
exit;
}
$pr = $query -> fetch ();
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` WHERE (`id`='" . $t['id_r'] . "')");
if ($query -> rowCount ()==0) {
header ('location: /forum.php');
exit;
}
$r = $query -> fetch ();
H ($t['name'], '<a href="/forum" style="color:white;">Форум</a> | <a href="/forum/razd' . $r['id'] . '" style="color:white;">' . $r['name'].'</a> | <a href="/forum/' . $r['id'] . '/' . $pr['id'] . '" style="color:white;">' . $pr['name'] . '</a> | ' . $t['name']);
if ($t['type'] == 2) {
echo '<div class="lst">Данная тема была удалена!</div>';
}
else {
// current page from forum
$page = isset ($_GET['page']) ? (int) $_GET['page'] : 1;
if ($t['type'] == 0) {
echo '<div class="lst">Данная тема закрыта!</div>';
}
else {
echo '<div class="list1">';
echo '<form action="/form2/msg.php?id=' . $t['id'] . '&otv" method="POST" enctype="multipart/form-data">';
echo 'Сообщение:<br/>';
echo '<textarea name="msg"></textarea><br/>';
if ($us['file']==1) {
echo 'Файл:<br/>';
echo '<input type="file" name="filename"/><br/>';
}
echo '<input type="submit" value="Написать"/>';
echo '</form>';
echo '</div>';
if (isset ($_GET['otv'])) {
$_POST['msg'] = htmlspecialchars (addslashes (trim ($_POST['msg'])));
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `forum_p` WHERE (`us`='" . $us['id'] . "') AND (`time`>'" . (time () - 30) . "')")!=0) {
echo '<div class="list1"><b>Вы пишите слишком часто..</b></div>';
}
elseif (empty ($_POST['msg'])) {
echo '<div class="list1"><b>Вы не ввели текст сообщения..</b></div>';
}
elseif (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `forum_p` WHERE (`id_t`='" . $t['id'] . "') AND (`us`='" . $us['id'] . "') AND (`text`=?)", array ($_POST['msg'])) != 0) {
echo '<div class="list1"><b>Вы уже писали подобное..</b></div>';
}
else {
$filename = null; // not attachment file
// get file extension
$ext = substr ($_FILES['filename']['name'], strrpos ($_FILES['filename']['name'], '.') + 1);
if (in_array ($ext, array ('jpg','gif','png','jpeg','bmp','zip','rar','7z','txt','mp3','avi','mp4','3gp'))) {
$filename = $us['id'] . '_' . passgen () . '.' . $ext;
copy ($_FILES['filename']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . '/files/forum/' . $filename);
}
//
if (isset ($_GET['otv_i'])) {
$query = DB :: $dbs -> query ("SELECT * FROM `us` WHERE (`id`=?)", array ((int) $_GET['otv_i']));
if ($query -> rowCount () == 0) {
header ('location: /forum/thema' . $t['id']);
exit;
}
$u = $query -> fetch ();
if ($u['id']==$us['id']) {
header ('location: /forum/thema' . $t['id']);
exit;
}
DB :: $dbs -> query ("INSERT INTO `forum_p` (`id_r`, `id_pr`, `id_t`,`us`, `text`, `time`, `otv`) VALUES ('" . $r['id'] . "', '" . $pr['id'] . "', '" . $t['id'] . "', '" . $us['id'] . "', ?, '" . time () . "', '" . $u['id'] . "')", array ($_POST['msg']));
if (!is_null ($filename)) {
$id = DB :: $dbs -> lastInsertId ();
DB :: $dbs -> query ("INSERT INTO `forum_f` (`id_t`,`id_p`, `name`, `size`) VALUES ('" . $t['id'] . "', '" . $id . "', '" . $filename . "', '" . filesize ($_SERVER['DOCUMENT_ROOT'] . '/files/forum/' . $filename) . "')");
}
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`,`see`) VALUES ('us{" . $us['id'] . "} ответил на ваш пост в теме [url=/forum/thema" . $t['id'] . "/page" . $page . "]" . $t['name'] . "[/url]!', '" . time () . "', '" . $u['id'] . "', '1')");
}
else if (isset ($_GET['cit'])) {
$query = DB :: $dbs -> query ("SELECT * FROM `forum_p` WHERE (`id`=?)", array ((int) $_GET['cit']));
if ($query -> rowCount () == 0) {
header ('location: /forum/thema' . $t['id']);
exit;
}
$p = $query -> fetch ();
if ($p['del']!=0) {
header ('location: /forum/thema' . $t['id']);
exit;
}
if ($p['us']==$us['id']) {
header ('location: /forum/thema' . $t['id']);
exit;
}
if ($p['us']==$us['id']) {
header ('location: /forum/thema' . $t['id']);
exit;
}
$u = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $p['us'] . "')");
DB :: $dbs -> query ("INSERT INTO `forum_p` (`id_r`, `id_pr`, `id_t`,`us`, `text`, `time`, `cit`) VALUES ('" . $r['id'] . "', '" . $pr['id'] . "', '" . $t['id'] . "', '" . $us['id'] . "', ?, '" . time () . "', '" . $p['id'] . "')", array ($_POST['msg']));
if (!is_null ($filename)) {
$id = DB :: $dbs -> lastInsertId ();
DB :: $dbs -> query ("INSERT INTO `forum_f` (`id_t`,`id_p`, `name`, `size`) VALUES ('" . $t['id'] . "', '" . $id . "', '" . $filename . "', '" . filesize ($_SERVER['DOCUMENT_ROOT'] . '/files/forum/' . $filename) . "')");
}
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`,`see`) VALUES ('us{" . $us['id'] . "} процитировал ваш пост:[br]" . $p['text'] . " в теме [url=/forum/thema" . $t['id'] . "/page" . $page . "]" . $t['name'] . "[/url]!', '" . time () . "', '" . $u['id'] . "', '1')");
}
else {
$query = DB :: $dbs -> query ("SELECT * FROM `forum_p` WHERE (`id_t`='" . $t['id'] . "') AND (`del`='0') ORDER BY `id` DESC LIMIT 1");
if ($query -> rowCount () != 0) {
$p = $query -> fetch ();
if ($p['us'] == $us['id'] && $p['otv'] == 0 && $p['cit'] == 0) {
DB :: $dbs -> query ("UPDATE `forum_p` SET `text`=? WHERE (`id`='" . $p['id'] . "')", array ($p['text'] . '[br]' . $_POST['msg']));
if (!is_null ($filename)) {
$id = $p['id'];
DB :: $dbs -> query ("INSERT INTO `forum_f` (`id_t`,`id_p`, `name`, `size`) VALUES ('" . $t['id'] . "', '" . $id . "', '" . $filename . "', '" . filesize ($_SERVER['DOCUMENT_ROOT'] . '/files/forum/' . $filename) . "')");
}
header ('location: /forum/thema' . $t['id'] . '/page' . $page);
exit;
}
}
DB :: $dbs -> query ("INSERT INTO `forum_p` (`id_r`, `id_pr`, `id_t`,`us`, `text`, `time`) VALUES ('" . $r['id'] . "', '" . $pr['id'] . "', '" . $t['id'] . "', '" . $us['id'] . "', ?, '" . time () . "')", array ($_POST['msg']));
if (!is_null ($filename)) {
$id = DB :: $dbs -> lastInsertId ();
DB :: $dbs -> query ("INSERT INTO `forum_f` (`id_t`,`id_p`, `name`, `size`) VALUES ('" . $t['id'] . "', '" . $id . "', '" . $filename . "', '" . filesize ($_SERVER['DOCUMEN_ROOT'] . '/files/forum/' . $filename) . "')");
}
}
DB :: $dbs -> query ("UPDATE `forum_t` SET `time`='" . time () . "', `last`='" . $us['id'] . "' WHERE (`id`='" . $t['id'] . "')");
$query = DB :: $dbs -> query ("SELECT * FROM `forum_podp` WHERE (`id_t`='" . $t['id'] . "') AND (`us`!='" . $us['id'] . "')");
if ($query -> rowCount ()!=0) {
while ($podp = $query -> fetch ()) {
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`,`see`) VALUES ('us{" . $us['id'] . "} ответил в теме [url=/forum/thema" . $t['id'] . "/page" . $page . "]" . $t['name'] . "[/url]!', '" . time () . "', '" . $podp['us'] . "', '1')");
}
}
header ('location: /forum/thema' . $t['id'] . '/page' . $page);
}
}
}
}
F ();
?>