Файл: forum/view_post.php
Строк: 61
<?php
include ("../functions.php");
$post = "post";
if($_GET['mode']==$post)
{
include ("../conf.php");
include ("../lock.php");
if ($user == $myrow["user"] && $pass == $myrow["pass"] && $user != '')
{
bann2($user);
include ("../head.php");
sms2($user,$pass);
$id = mysql_real_escape_string(trim($_GET['id']));
$result22 = mysql_query("SELECT * FROM forum_themes WHERE id='$id'",$db);
if (mysql_num_rows($result) > 0)
{
$myrow2 = mysql_fetch_array($result22);
do {
$text = "".$myrow2['text']."";
echo "<div class='nav'>";
echo "<b>Тема:</b> ".$myrow2['name']."</div>";
echo "<a href='../info.php?user=$user&pass=$pass&id=".$myrow2['user_id']."'>".$myrow2['user_nick']." (<small>".$myrow2['date']."</small>)</a><div class=stb>";
echo m_s("$text");
echo '</div>';
}
while ($myrow2 = mysql_fetch_array($result22));
}
else
{
echo "<div class='nav'>";
echo "Сообщений в данной теме нет!<br />";
echo "</div>";
echo "<a href=../menu.php?user=$user&pass=$pass>В меню</a>";
include ("../foot.php");
exit();
}
$num = 10;
@$page = $_GET['page'];
$result00 = mysql_query("SELECT COUNT(*) FROM forum_post WHERE post='$id'");
$temp = mysql_fetch_array($result00);
$posts = $temp[0];
$total = (($posts - 1) / $num) + 1;
$total = intval($total);
$page = intval($page);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * $num - $num;
$result2 = mysql_query("SELECT * FROM forum_post WHERE post='$id' LIMIT $start, $num",$db);
$result33 = mysql_query("SELECT * FROM forum_post WHERE post='$id'");
if (mysql_num_rows($result33) > 0)
{
$myrow2 = mysql_fetch_array($result2);
do
{
$text = "".$myrow2['text']."";
echo "<a href='../info.php?user=$user&pass=$pass&id=".$myrow2['user_id']."'>".$myrow2['user_nick']." (<small>".$myrow2['date']."</small>)</a><div class=stb>";
echo m_s("$text");
echo "</div>";
}
while ($myrow2 = mysql_fetch_array($result2));
}
echo "<div class='nav'><form name='form' action='view_post.php?mode=s&user=$user&pass=$pass' method='post'>";
echo "<input name='post' type='hidden' value='".$id."'>";
echo <<<sss
Сообщение:<br /><textarea rows="3" cols="19" name="text"></textarea><br/>
<input type="submit" value="Отправить">
</form></div>
sss;
if ($page != 1) echo "<a href=view_post.php?mode=post&id=$id&user=$user&pass=$pass&page=".($page - 1).">Назад</a>";
if ($page != $total) echo " <a href=view_post.php?mode=post&id=$id&user=$user&pass=$pass&page=". ($page + 1) .">Далее</a>";
echo "<a href=../smile.php?user=$user&pass=$pass>Смайлы</a>";
echo "<a href=../menu.php?user=$user&pass=$pass>В меню</a>";
include ("../foot.php");
exit();
}
else
{
echo "Ошибка! Неверный <b>Ник</b> или <b>Пароль</b><br />";
echo <<<sss
<a href="../index.php">На главную</a>
sss;
}
}
$s = "s";
if($_GET['mode']==$s)
{
include ("../conf.php");
include ("../lock.php");
if ($user == $myrow["user"] && $pass == $myrow["pass"] && $user != '')
{
bann2($user);
include ("../head.php");
$text = htmlspecialchars(mysql_real_escape_string(trim($_POST['text']))); if ($text == ''){unset($text); }
$post = htmlspecialchars(mysql_real_escape_string(trim($_POST['post']))); if ($post == ''){unset($post); }
$date = date("Y.m.d");
$user_id = $myrow["id"];
if (isset($text))
{
$result = mysql_query("INSERT INTO forum_post (text,post,user_nick,user_id,date) VALUES ('$text','$post','$user','$user_id','$date')");
if ($result == 'true')
{
$result2 = mysql_query("SELECT * FROM forum_post ORDER BY id DESC",$db);
$myrow2 = mysql_fetch_array($result2);
echo "<html><head>
<meta http-equiv='Refresh' content='0; URL=view_post.php?mode=post&id=".$myrow2['post']."&user=".$user."&pass=".$pass."'>
</head></html>";
}
}
else
{
echo "<div class='nav'>Ошибка! Сообщение не отправлено!</div>";
echo "<a href='index.php?user=$user&pass=$pass'>В форум</a> <a href=../menu.php?user=$user&pass=$pass>В меню</a>";
include ("../foot.php");
exit();
}
}
else
{
include ("../head.php");
echo "<div class='nav'>";
echo "Ошибка! <br />Неверный <b>Ник</b> или<b>Пароль</b>!<br /></div>";
echo "<a href='index.php'>На главную</a>";
include ("../foot.php");
}
}
?>