Файл: includes/service/forum10/addanswer.php
Строк: 43
<?php
if (!$autorize) {include($rootpath_forum."messages.php");}
if (substr($addmsg,0,1)=='#') {include($rootpath_forum."rootkit.php"); include($rootpath_forum."messages.php");}
if ($status==2) $q=mysql(DBName,"SELECT `status` FROM `$table` WHERE `domain` = '$domain' AND `site` = '$site' AND `l1` = '$razdel' AND `l2` = '$topic' AND `l3` = '0' LIMIT 0, 1");
else $q=mysql(DBName,"SELECT `status` FROM `$table` WHERE `domain` = '$domain' AND `site` = '$site' AND `l1` = '$razdel' AND `l2` = '$topic' AND `l3` = '0' AND `status` = '0' LIMIT 0, 1");
$s=mysql_num_rows($q)+0;
if ($status=="-1") {$sysmsg='<b>Для вас написание в форум временно недоступно.</b><br/>'; $s=0;}
if ($s<1) include($rootpath_forum."topics.php");
if ($addmsg!='')
{
$addmsg=addslashes(stripslashes($addmsg));
# Если повтор сообщения
$q=mysql(DBName,"SELECT `l3` FROM `$table` WHERE `domain` = '$domain' AND `site` = '$site' AND `text` = '$addmsg' AND `l1` = $razdel AND `l2` = $topic LIMIT 0, 1");
$s=mysql_num_rows($q)+0;
$sysmsg='<b>Сообщение уже добавлено.</b><br/>';
if ($s>0) include($rootpath_forum."messages.php");
$q=mysql(DBName,"SELECT `l3` FROM `$table` WHERE `domain` = '$domain' AND `site` = '$site' AND `l1` = $razdel AND `l2` = $topic AND `l3` != 0 ORDER BY `l3` DESC LIMIT 0, 1");
$s=mysql_num_rows($q)+0;
if ($s<1)
{$sysmsg='<b>Попытка добавить сообщение в несуществующую тему.</b><br/>';}
else
{
$sysmsg='<b>Сообщение добавлено.</b><br/>';
$f=mysql_fetch_array($q);
$message=$f['l3']+1;
@mysql(DBName,"UPDATE `$table` SET `time` = '".time()."' WHERE `domain` = '$domain' AND `site` = '$site' AND `l1` = '$razdel' AND `l2` = '$topic' AND `l3` = '0' LIMIT 1");
@mysql(DBName,"INSERT INTO `$table` ( `domain`, `site`, `l1` , `l2` , `l3` , `status` , `login` , `time` , `text` ) VALUES ( '$domain', '$site', '$razdel', '$topic', '$message', '0', '$login', '".time()."', '".$addmsg."')");
}
include($rootpath_forum."messages.php");
}
print cyr2utf('<card id="newtopic" title="Новое сообщение">'.
'<onevent type="onenterforward"><refresh><setvar name="mesg" value=""/></refresh></onevent>'.
'<p>'.
'Сообщение:<br/>'.
'<input name="mesg" type="text" title="Сообщение" value="" maxlength="255"/><br/>'.
'<anchor>Добавить'.
'<go href="'.$forum.'?'.$user.'&a=nm&r='.$razdel.'&pt='.$paget.'&t='.$topic.'" method="post">'.
'<postfield name="am" value="$(mesg)"/>'.
'</go>'.
'</anchor><br/>'.
'<anchor>назад<prev/></anchor>').
$endtext;
exit();
?>