Файл: news/komm.php
Строк: 51
<?php
define('_ENGINE', true);
include $_SERVER['DOCUMENT_ROOT'] . '/system/sys.php';
include $_SERVER['DOCUMENT_ROOT'] . '/system/funcs.php';
if (!isset ($us)) {
header ('location: /');
exit;
}
if (!isset ($_GET['id'])) {
header ('location: /news');
exit;
}
$query = DB :: $dbs -> query ("SELECT * FROM `news` WHERE (`id`=?)", array ((int) $_GET['id']));
if ($query -> rowCount () == 0) {
header ('location: /news');
exit;
}
$news = $query -> fetch ();
$items = DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `news_komm` WHERE (`id_news`='" . $news['id'] . "')");
H ('Комментарии к новости', 'Комментарии к новости (' . $items . ')');
$items_per_page = 10;
$pages = ceil ( $items / $items_per_page );
$page = (int) $_GET['page'];
if ($page < 1)
$page = 1;
if ($page > $pages)
$page = $pages;
$start = $page * $items_per_page - $items_per_page;
echo '
<div class="list1">
Текст новости: ' . bb ($news['text']) . '<br/>
' . uNick($news['us']) . ' (' . datef ($news['t']) . ')<br/>
</div>
';
echo '
<div class="list1">
<form action="/news/komm.php?id=' . $news['id'] . '&add" method="post">
Комментарий:<br/>
<textarea name="text"></textarea><br/>
<input type="submit" value="Добавить"/>
</form>
</div>
';
if (isset ($_GET['add'])) {
$_POST['text'] = htmlspecialchars (addslashes (trim ($_POST['text'])));
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `news_komm` WHERE (`us`='" . $us['id'] . "') AND (`t`>'" . (time () - 30) . "')")!=0) {
echo '<div class="list1"><b>Вы пишите слишком часто..</b></div>';
}
elseif (empty ($_POST['text'])) {
echo '
<div class="list1">
<b style="color:red;">Вы не заполнили текст комментария..</b>
</div>
';
}
else {
if (DB :: $dbs -> querySingle ("SELECT COUNT(*) FROM `news_komm` WHERE (`id_news`='" . $news['id'] . "') AND (`us`='" . $us['id'] . "') AND (`text`=?)", array ($_POST['text'])) !=0) {
echo '
<div class="list1">
<b style="color:red;">Вы уже писали подобное..</b>
</div>
';
}
else {
DB :: $dbs -> query ("INSERT INTO `news_komm` (`id_news`,`us`,`text`,`t`) VALUES ('" . $news['id'] . "','" . $us['id'] . "',?,'" . time () . "')", array ($_POST['text']));
header ('location: /komm' . $news['id']);
exit;
}
}
}
if ($items != 0) {
$query = DB :: $dbs -> query ("SELECT * FROM `news_komm` WHERE (`id_news`='" . $news['id'] . "') ORDER BY `id` DESC LIMIT $start,$items_per_page");
while ($komm = $query -> fetch ()) {
$u = DB :: $dbs -> queryFetch ("SELECT * FROM `us` WHERE (`id`='" . $komm['us'] . "')");
echo '
<div class="list1">
' . uNick ($komm['us']) . ' (' . datef ($komm['t']) . ')
';
if ($komm['us']==$us['id'] && $us['level']>1 || $u['level']<$us['level']) {
echo '
[<a href="/news/komm.php?id=' . $news['id'] . '&del=' . $komm['id'] . '">x</a>]
';
}
echo '
<br/>
' . bb ($komm['text']) . '
</div>
';
}
echo '<div class="lst">' . pages ('/komm' . $news['id']). '</div>';
if ($us['level']>1) {
if (isset ($_GET['del'])) {
$query = DB :: $dbs -> query ("SELECT * FROM `news_komm` WHERE (`id`=?)", array ((int) $_GET['del']));
if ($query -> rowCount () != 0) {
$komm = $query -> fetch ();
if ($komm['us']==$us['id'] && $us['level']>1 || $u['level']<$us['level']) {
DB :: $dbs -> query ("DELETE FROM `news_komm` WHERE (`id`='" . $komm['id'] . "')");
}
}
header ('location: /news/komm.php?id=' . $news['id']);
}
}
}
else {
echo '<div class="list1">Комментариев нет..</div>';
}
F ();
?>