Файл: world-faces.ru/world-faces.ru/foto/inc/komm.php
Строк: 89
<?
if (!isset($user) && !isset($_GET['id_user'])){header("Location: /foto/?".SID);exit;}
if (isset($user))$ank['id']=$user['id'];
if (isset($_GET['id_user']))$ank['id']=intval($_GET['id_user']);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '$ank[id]' LIMIT 1"),0)==0){header("Location: /foto/?".SID);exit;}
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = $ank[id] LIMIT 1"));
$gallery['id']=intval($_GET['id_gallery']);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery` WHERE `id` = '$gallery[id]' AND `id_user` = '$ank[id]' LIMIT 1"),0)==0){header("Location: /foto/$ank[id]/?".SID);exit;}
$gallery=mysql_fetch_array(mysql_query("SELECT * FROM `gallery` WHERE `id` = '$gallery[id]' AND `id_user` = '$ank[id]' LIMIT 1"));
$foto['id']=intval($_GET['id_foto']);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery_foto` WHERE `id` = '$foto[id]' LIMIT 1"),0)==0){header("Location: /foto/$ank[id]/$gallery[id]/?".SID);exit;}
$foto=mysql_fetch_array(mysql_query("SELECT * FROM `gallery_foto` WHERE `id` = '$foto[id]' LIMIT 1"));
$set['title']=$ank['nick'].' - '.$gallery['name'].' - '.$foto['name'].' - Комментарии'; // заголовок страницы
include_once '../sys/inc/thead.php';
title();
if (isset($user) && ($user['level']>$ank['level'] || $user['id']==$ank['id'] || $user['level']==4))@include 'inc/komm_act.php';
if (isset($_POST['msg']) && isset($user))
{
$msg=$_POST['msg'];
$msg = strtr($msg, array('B'=>'', 'b'=>'', 'C'=>'', 'c'=>'', 'D'=>'', 'd'=>'', 'F'=>'', 'f'=>'', 'G'=>'', 'g'=>'', 'H'=>'', 'h'=>'', 'I'=>'', 'i'=>'', 'J'=>'', 'j'=>'', 'K'=>'', 'k'=>'', 'L'=>'', 'l'=>'', 'M'=>'', 'm'=>'', 'N'=>'', 'n'=>'', 'O'=>'', 'o'=>'', 'P'=>'', 'p'=>'', 'Q'=>'', 'q'=>'', 'R'=>'', 'r'=>'', 'S'=>'', 's'=>'', 'T'=>'', 't'=>'', 'U'=>'', 'u'=>'', 'V'=>'', 'v'=>'', 'W'=>'', 'w'=>'', 'X'=>'', 'x'=>'', 'Y'=>'', 'y'=>'', 'Z'=>'', 'z'=>''));
if (isset($_POST['translit']) && $_POST['translit']==1)$msg=translit($msg);
if (strlen2($msg)>1024){$err='Сообщение слишком длинное';}
elseif (strlen2($msg)<2){$err='Короткое сообщение';}
elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery_komm` WHERE `id_foto` = '$foto[id]' AND `id_user` = '$user[id]' AND `msg` = '".mysql_escape_string($msg)."' LIMIT 1"),0)!=0){$err='Ваше сообщение повторяет предыдущее';}
else{
$msg=mysql_escape_string($msg);
$msgfotokom="Обитатель $user[nick] оставил комментарий на одной из ваших фотографий [b]$foto[name][/b] в вашем альбоме [b]$gallery[name][/b]: ".mysql_real_escape_string($msg)."";
if (isset($user) && $user['id']!=$ank[id])
{
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '$ank[id]', '$msgfotokom', '$time')");
}
mysql_query("INSERT INTO `gallery_komm` (`id_foto`, `id_user`, `time`, `msg`) values('$foto[id]', '$user[id]', '$time', '$msg')");
mysql_query("UPDATE `user` SET `balls` = '".($user['balls']+1)."' WHERE `id` = '$user[id]' LIMIT 1");
msg('Сообщение успешно добавлено');
}
}
err();
aut();
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery_komm` WHERE `id_foto` = '$foto[id]'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
if ($k_post==0)
{
echo "Нет комментариевn";
}
$q=mysql_query("SELECT * FROM `gallery_komm` WHERE `id_foto` = '$foto[id]' ORDER BY `id` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_array($q))
{
$ank2=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[id_user]' LIMIT 1"));
if($num==1){
echo "<div class='str'>";
$num=0;
}else{
echo "<div class='rowup'>";
$num=1;}
echo "".online($ank2['id'])." ";
echo "<a href='/info.php?id=$ank2[id]'>$ank2[nick]</a> (".vremja($post['time']).")<br />n";
echo output_text($post['msg'])."n";
echo "</div>n";
}
if ($k_page>1)str('?',$k_page,$page); // Вывод страниц
if (isset($user))
{
echo "<br/><form method="post" name='message' action="?">n";
if ($set['web'] && is_file(H.'style/themes/'.$set['set_them'].'/altername_post_form.php'))
include_once H.'style/themes/'.$set['set_them'].'/altername_post_form.php';
else
echo '<div class="p_t">';
echo "Сообщение:<br />n<textarea name="msg"></textarea><br />n";
echo "<input value="Отправить" type="submit" />n";
echo "</form>n";
echo "</div>n";
}
if (isset($user) && ($user['level']>$ank['level'] || $user['id']==$ank['id'] || $user['level']==4))@include 'inc/komm_form.php';
echo "<div class="menu">n";
echo "<a href='/foto/$ank[id]/$gallery[id]/$foto[id]/'>К фотографии</a><br />n";
echo "<a href='/foto/$ank[id]/$gallery[id]/'>К фотографиям</a><br />n";
echo "<a href='/foto/$ank[id]/'>К фотоальбомам</a><br />n";
echo "</div>n";
include_once '../sys/inc/tfoot.php';
exit;
?>