Файл: form2/pos.php
Строк: 32
<?
include_once '../system/sys.php';
include '../system/funcs.php';
if (!isset ($us['id'])) {
header ('location: /');
exit;
}
if (!isset ($_GET['id'])) {
header ('location: /forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_t` WHERE (`id`=?)", array (intval ($_GET['id'])));
if ($query -> rowCount ()==0) {
header ('location: /forum.php');
exit;
}
$t = $query -> fetch ();
if (!isset ($_GET['poslike'])) {
header ('location: /forum.php');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `forum_p` WHERE (`id`=?)", array (intval ($_GET['poslike'])));
if ($query -> rowCount () == 0) {
header ('location: /forum.php');
exit;
}
$p = $query -> fetch ();
if ($p['del']!=0) {
header ('location: /forum.php');
exit;
}
$a = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $t['us'] . "')");
$query = DB :: $dbs -> query ("SELECT * FROM `forum_pr` WHERE (`id`='" . $t['id_pr'] . "')");
if ($query -> rowCount ()==0) {
header ('location: /forum.php');
exit;
}
$pr = $query -> fetch ();
$query = DB :: $dbs -> query ("SELECT * FROM `forum_r` WHERE (`id`='" . $t['id_r'] . "')");
if ($query -> rowCount ()==0) {
header ('location: /forum.php');
exit;
}
$r = $query -> fetch ();
H ($t['name'], '<a href="/forum" style="color:white;">Форум</a> | <a href="/forum/razd' . $r['id'] . '" style="color:white;">' . $r['name'].'</a> | <a href="/forum/' . $r['id'] . '/' . $pr['id'] . '" style="color:white;">' . $pr['name'] . '</a> | ' . $t['name']);
if ($t['type'] == 2) {
echo '<div class="lst">Данная тема была удалена!</div>';
}
else {
echo '<div class="list1">';
echo '<form action="/form2/pos.php?id=' . $t['id'] . '&poslike=' . $p['id'] . '&ok" method="post">';
echo '<img src="/images/re.png" alt=""/> ' . uNick ($p['us']) . '<br/>';
echo bb ($p['text']) . '<hr/>';
echo 'Комментарий (не обязательно):<br/>';
echo '<textarea name="komm"></textarea><br/>';
echo '<input type="submit" value="Поделиться"/>';
echo '</form>';
echo '</div>';
if (isset ($_GET['ok'])) {
$_POST['komm'] = htmlspecialchars (addslashes (trim ($_POST['komm'])));
if (empty ($_POST['komm'])) {
$_POST['komm'] = NULL;
}
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `new` WHERE (`us`='" . $us['id'] . "') AND (`t`>'" . (time () - 60) . "')") != 0) {
echo '<div class="list">Вы слишком часто добавляете новости!</div>';
}
else {
DB :: $dbs -> query ("INSERT INTO `new` (`us`,`kem`,`id_p`,`komm`,`t`) VALUES ('" . $us['id'] . "', '" . $us['id'] . "','" . $p['id'] . "', ?, '" . time () . "')", array ($_POST['komm']));
header ('location: /usnews.php?id=' . $us['id']);
}
}
}
F ();
?>