Файл: host/public_html/news/post/index.php
Строк: 123
<?
include_once '../../core/system.php';
echo only_reg();
echo ban();
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."'"),0) == true){
$news = mysql_fetch_assoc(mysql_query("SELECT * FROM `news` WHERE `id` = '".intval($_GET['id'])."'"));
}else{
$_SESSION['err'] = "<h2>Нет такой новости!";
header('Location: /news/');
exit();
}
if($user['prava'] == 5){
if(isset($_GET['kommd'])){
mysql_query("DELETE FROM `news_kom` where `id` = '".abs(intval($_GET['kommd']))."' limit 1");
}
}
$header = $news[title];
include_once '../../core/head.php';
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$news[id_user]'"));
echo "<div class='block'>".BBcode($news[msg])."</div>";
echo "<div class=''></div>";
echo "<div class='block'><span class='dgreen'>[".vremja($news[time])."]</span> Оформил(а) ";
if ($ank['storona'] == '0') {?><img src="/images/icon/0.gif" height="11" alt="a"/> <?php }
if ($ank['storona'] == '1') {?><img src="/images/icon/1.gif" height="11" alt="d"/> <?php }
echo online($ank[id]);
echo " <a href='/user/$news[id_user]/'>$ank[nick]</a></div>";
echo "<div class=''></div>";
//Комментарии
if(isset($_POST['msg'])){
$msg = check($_POST['msg']);
if(strlen($msg) < 3 or strlen($msg) > 400) $err = '<h2>Длина сообщения должна быть в пределах 3 - 400 символов';
if(!isset($err)) {
mysql_query("INSERT INTO `news_kom` SET `id_user` = '$user[id]', `id_news` = '$news[id]', `msg` = '".mysql_real_escape_string($msg)."', `time` = '".time()."'");
header("Location: news.php?id=$news[id]");
$_SESSION['message'] = '<h2>Сообщение добавлено!';
exit();
}else{
header("Location: news.php?id=$news[id]");
$_SESSION['err'] = $err;
// Вывод ошибки
exit();
}
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `news_kom` WHERE `id_news` = '".intval($_GET['id'])."'"),0);
$k_page = k_page($k_post,$set['p_str']);
$page = page($k_page);
$start = $set['p_str']*$page-$set['p_str'];
if(isset($_GET['comm'])) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = num($_GET[comm]) LIMIT 1"));
echo '<h2><form class="block" method="post" action="/news/post/'.$news[id].'/">
<input class="text large" value="'.htmlspecialchars($ank[nick]).', " type="text" name="msg" /><br />
<span class="btn"><span class="end"><input class="label" type="submit" value="Отправить"></span></span>
</form>';
}else{
echo '<form class="block" method="post" action="/news/post/'.$news[id].'/">
<input class="text large" type="text" name="msg" /><br />
<span class="btn"><span class="end"><input class="label" type="submit" value="Отправить"></span></span>
</form>';
}
$q = mysql_query("SELECT * FROM `news_kom` WHERE `id_news` = '$news[id]' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
echo "<div class='dot-line'></div>";
echo "<div class='block'>";
if($k_post == 0)echo "<span class='grey'><h2>Нет комментарий</div>";
while($post = mysql_fetch_assoc($q)) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[id_user]' LIMIT 1"));
if($ank[prava] == 5 )$color = 'yellow';
if($ank[prava] == 7 )$color = 'green';
if($ank[prava] == 4 )$color = 'Moder';
if($ank[prava] == 0 )$color = 'quality-0';
if ($ank['storona'] == '0') {?><img src="/images/icon/0.gif" height="11" alt="a"/> <?php }
if ($ank['storona'] == '1') {?><img src="/images/icon/1.gif" height="11" alt="d"/> <?php }
echo online($ank[id]);
echo " <a href='/user/$ank[id]/'>$ank[nick]</a>";
if ($user['prava'] >= 4){
echo " / /";
echo "<a href='?del=msg&id_msg=".$post['id']."'> Удалить </a>";}
if(htmlspecialchars($_GET['del']) == 'msg') {
$id_chmsg = intval($_GET['id_msg']);
$del_chat_msg = mysql_query("DELETE FROM `news_kom` WHERE `id` = '".$id_chmsg."'");
header("Location: ?");
}
echo " // ";
echo "<a href='/news/post/$news[id]/?comm=$ank[id]'>(»)</a> ".($user['prava']==5?'(<a href="?kommd='.$post['id'].'">x</a>)':null).", ";
echo "<span class='dgreen'> </span>";
echo '<span class="'.$color.'">'.check(smiles($post['msg'])).'</span><br>';
}
echo "</div>";
if ($k_page>1)str('news.php?id=' . intval($_GET['id']) . '&',$k_page,$page); // Вывод страниц
echo "<div class='mini-line'></div>";
echo "<div class='block'>";
echo "<li><a href='/news/'><img src='/images/icon/arrow.png'>Новости</a></li>";
echo "</div>";
include_once '../../core/foot.php';
?>