Файл: test.masteram.us/comm/forum/inc/them.php
Строк: 190
<?php
if(isset($_GET['f_del']) && is_numeric($_GET['f_del']) && isset($_SESSION['file'][$_GET['f_del']])){
unlink($_SESSION['file'][$_GET['f_del']]['tmp_name']);
}
if(isset($user) && $admin['uid']==$user['id'] && isset($_GET['zakl']) && $_GET['zakl']==1){
mysql_query("INSERT INTO `comm_forum_zakl` (`id_user`, `time`, `id_them`, `time_obn`, `id_comm`) values('$user[id]', '$time', '$them[id]', '$time', '$id_comm')");
msg('Тема добавлена в закладки');
}else if(isset($user) && $admin['uid']==$user['id'] && isset($_GET['zakl']) && $_GET['zakl']==0){
mysql_query("DELETE FROM `comm_forum_zakl` WHERE `id_user` = '$user[id]' AND `id_them` = '$them[id]' AND `id_comm` = '$id_comm'");
msg('Тема удалена из закладок');
}
if(isset($user) && isset($_GET['act']) && $_GET['act']=='new' && isset($_FILES['file_f']) && ereg('.', $_FILES['file_f']['name']) && isset($_POST['file_s'])){
copy($_FILES['file_f']['tmp_name'], H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp');
chmod(H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp', 0777);
if(isset($_SESSION['file'])){
$next_f=count($_SESSION['file']);
}else{
$next_f=0;
}
$file=esc(stripcslashes(htmlspecialchars($_FILES['file_f']['name'])));
$_SESSION['file'][$next_f]['name']=eregi_replace('.[^.]*$', NULL, $file);
$_SESSION['file'][$next_f]['ras']=strtolower(eregi_replace('^.*.', NULL, $file));
$_SESSION['file'][$next_f]['tmp_name']=H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp';
$_SESSION['file'][$next_f]['size']=filesize(H.'sys/tmp/'.$user['id'].'_'.md5_file($_FILES['file_f']['tmp_name']).'.forum.tmp');
$_SESSION['file'][$next_f]['type']=$_FILES['file_f']['type'];
}
if(isset($user) && $admin['uid']==$user['id'] && ($them['close']==0 || $them['close']==1) && isset($_GET['act']) && $_GET['act']=='new' && isset($_POST['msg']) && isset($_POST['post'])){
$msg=esc(stripcslashes(htmlspecialchars($_POST['msg'])));
if(isset($_POST['translit']) && $_POST['translit']==1){
$msg=translit($msg);
}
if(strlen2($msg)<2){
$err='Короткое сообщение';
}
if(strlen2($msg)>10240){
$err='Длина сообщения превышает предел в 10240 символа';
}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id_them` = '$them[id]' AND `id_forum` = '$forum[id]' AND `id_razdel` = '$razdel[id]' AND `id_user` = '$user[id]' AND `msg` = '".mysql_real_escape_string($msg)."' AND `id_comm` = '$id_comm' LIMIT 1"),0)!=0){
$err='Ваше сообщение повторяет предыдущее';
}
if(!isset($err)){
if(isset($_POST['cit']) && is_numeric($_POST['cit']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id` = '".intval($_POST['cit'])."' AND `id_them` = '".intval($_GET['id_them'])."' AND `id_razdel` = '".intval($_GET['id_razdel'])."' AND `id_forum` = '".intval($_GET['id_forum'])."' AND `id_comm` = '$id_comm'"),0)==1){
$cit=intval($_POST['cit']);
}else{
$cit='null';
}
$msg = mysql_real_escape_string($msg);
mysql_query("UPDATE `community_user_incomm` SET `postov` = '+1' WHERE `uid` = '$user[id]' AND `cid` = '$id_comm' LIMIT 1");
mysql_query("INSERT INTO `comm_forum_p` (`id_forum`, `id_razdel`, `id_them`, `id_user`, `time`, `msg`, `cit`, `id_comm`) values('$forum[id]', '$razdel[id]', '$them[id]', '$user[id]', '$time', '$msg', $cit, '$id_comm')");
$post_id=mysql_insert_id();
mysql_query("UPDATE `comm_forum_zakl` SET `time_obn` = '$time' WHERE `id_them` = '$them[id]' AND `id_comm` = '$id_comm'");
if(isset($_SESSION['file'])){
for($i=0; $i<count($_SESSION['file']);$i++){
if(isset($_SESSION['file'][$i]) && is_file($_SESSION['file'][$i]['tmp_name'])){
mysql_query("INSERT INTO `comm_forum_files` (`id_post`, `name`, `ras`, `size`, `type`, `id_comm`) values('$post_id', '".$_SESSION['file'][$i]['name']."', '".$_SESSION['file'][$i]['ras']."', '".$_SESSION['file'][$i]['size']."', '".$_SESSION['file'][$i]['type']."', '$id_comm')");
$file_id=mysql_insert_id();
copy($_SESSION['file'][$i]['tmp_name'], H.'sys/comm/forum/'.$file_id.'.frf');
unlink($_SESSION['file'][$i]['tmp_name']);
}
}
unset($_SESSION['file']);
}
unset($_SESSION['msg']);
mysql_query("UPDATE `comm_forum_r` SET `time` = '$time' WHERE `id` = '$razdel[id]' AND `id_comm` = '$id_comm' LIMIT 1");
mysql_query("UPDATE `comm_forum_t` SET `time` = '$time' WHERE `id` = '$them[id]' AND `id_comm` = '$id_comm' LIMIT 1");
mysql_query("UPDATE `community_user_incomm` SET `files` = '+1' WHERE `uid` = '$user[id]' AND `cid` = '$id_comm' LIMIT 1");
msg('Сообщение успешно добавлено');
}
}
if($them['close']==1){
msg('Тема закрыта для обсуждения');
}
if(isset($user) && $admin['uid']==$user['id'] && $user['balls']>=50 && $user['rating']>=0 && isset($_GET['id_file']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_files` WHERE `id` = '".intval($_GET['id_file'])."' AND `id_comm` = '$id_comm'"), 0)==1 && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_files_rating` WHERE `id_user` = '$user[id]' AND `id_file` = '".intval($_GET['id_file'])."' AND `id_comm` = '$id_comm'"), 0)==0){
if(isset($_GET['rating']) && $_GET['rating']=='down'){
mysql_query("INSERT INTO `comm_forum_files_rating` (`id_user`, `id_file`, `rating`, `id_comm`) values('$user[id]', '".intval($_GET['id_file'])."', '-1', '$id_comm')");
msg ('Ваш отрицательный отзыв принят');
}else if(isset($_GET['rating']) && $_GET['rating']=='up'){
mysql_query("INSERT INTO `comm_forum_files_rating` (`id_user`, `id_file`, `rating`, `id_comm`) values('$user[id]', '".intval($_GET['id_file'])."', '1', '$id_comm')");
msg ('Ваш положительный отзыв принят');
}
}
err();
echo '<table class="post">';
$user_zakl=mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_zakl` WHERE `id_them` = '$them[id]' AND `id_comm` = '$id_comm'"),0);
echo '<tr><td class="p_t">В закладках у: '.$user_zakl['id_user'].' обитателей</td></tr>';
echo '</table>';
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id_them` = '$them[id]' AND `id_forum` = '$forum[id]' AND `id_razdel` = '$razdel[id]' AND `id_comm` = '$id_comm'"),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
echo '<table class="post">';
if(isset($user) && $admin['uid']==$user['id'] && ($admin['priv']==2 || $ank2['id']==$user['id']) && isset($_GET['act']) && $_GET['act']=='post_delete'){
$lim=NULL;
}else{
$lim=" LIMIT $start, $set[p_str]";
}
$q=mysql_query("SELECT * FROM `comm_forum_p` WHERE `id_them` = '$them[id]' AND `id_forum` = '$forum[id]' AND `id_razdel` = '$razdel[id]' AND `id_comm` = '$id_comm' ORDER BY `time` ASC$lim");
if(mysql_num_rows($q)==0){
echo '<tr><td class="p_t">Нет сообщений в теме "'.$them['name'].'"</td></tr>';
}
$post_k=$start;
while($post = mysql_fetch_array($q)){
echo " <tr>n";
if($num==1){
echo " <td class='rer'>n";
$num=0;
}else{
echo " <td class='aut'>n";
$num=1;}
if(isset($user) && $admin['uid']==$user['id'] && ($admin['priv']==2 || $ank2['id']==$user['id']) && isset($_GET['act']) && $_GET['act']=='post_delete'){
echo '<label>';
}
$ank=get_user($post['id_user']);
$post_k++;
if(isset($user) && $admin['uid']==$user['id'] && ($admin['priv']==2 || $ank2['id']==$user['id']) && isset($_GET['act']) && $_GET['act']=='post_delete'){
echo '<input type="checkbox" name="post_'.$post['id'].'" value="1"/>';
}else{
}
if($set['show_num_post']==1){
$num_post=$post_k.'. ';
}else{
$num_post=NULL;
}
if(isset($user) && $admin['uid']==$user['id'] && $them['close']==0 || $them['close']==1 && $admin['priv']>0){
echo $num_post.''.online($ank['id']).' <a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=msg"><span style="color:'.$ank['ncolor'].'"><b>'.$ank['nick'].'</b></span></a> ('.vremja($post['time']).')';
if(isset($user) && $admin['uid']==$user['id'] && $them['close']==0 || $them['close']==1 && $admin['priv']>0){
echo ' <small>[<a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=cit">цит</a>]</small>';
}
if(isset($user) && $admin['priv']==2 || $them['close']==1 && $admin['priv']>0){
echo ' <small>[<a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=edit">ред</a>]</small>';
}else if(isset($user) && $admin['uid']==$user['id'] && $user['id']==$post['id_user'] && $post['time']>time()-600 && $post_k==$k_post){
echo ' <small>[<a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=edit">ред</a>]</small>';
}
if(isset($user) && $admin['uid']==$user['id'] && $admin['priv']==2 || $them['close']==1 && $admin['priv']>0){
echo ' <small>[<a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=delete">del</a>]</small>';
}else if(isset($user) && $admin['uid']==$user['id'] && $user['id']==$post['id_user'] && $post['time']>time()-600 && $post_k==$k_post){
echo ' <small>[<a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_post='.$post['id'].'&id_comm='.$id_comm.'&act=delete">del</a>]</small>';
}
}else{
echo $num_post.' <a href="/info.php?id='.$ank['id'].'" title="Анкета '.$ank['nick'].'"><span style="color:'.$ank['ncolor'].'">'.$ank['nick'].'</span></a> '.online($ank['id']).' ('.vremja($post['time']).')';
}
echo '<br/>';
if($post['cit']!=NULL && mysql_result(mysql_query("SELECT COUNT(*) FROM `comm_forum_p` WHERE `id` = '$post[cit]' AND `id_comm` = '$id_comm'"),0)==1){
$cit=mysql_fetch_array(mysql_query("SELECT * FROM `comm_forum_p` WHERE `id` = '$post[cit]' AND `id_comm` = '$id_comm' LIMIT 1"));
$ank_c=get_user($cit['id_user']);
echo '<div class="cit"><b>'.$ank_c['nick'].' ('.vremja($cit['time']).'):</b><br/>'.output_text($cit['msg']).'</div>';
}
echo output_text($post['msg']).'<br/>';
include 'inc/file.php';
if(isset($user) && $admin['uid']==$user['id'] && ($admin['priv']==2 || $ank2['id']==$user['id']) && isset($_GET['act']) && $_GET['act']=='post_delete'){
echo '</label>';
}
}
echo '</table>';
if(isset($user) && $admin['uid']==$user['id'] && ($admin['priv']==2 || $ank2['id']==$user['id']) && isset($_GET['act']) && $_GET['act']=='post_delete'){
}else if($k_page>1){
str("index.php?id_forum=$forum[id]&id_razdel=$razdel[id]&id_them=$them[id]&id_comm=$id_comm&",$k_page,$page);
}
if(isset($user) && $admin['uid']==$user['id'] && ($admin['priv']==2 || $ank2['id']==$user['id']) && isset($_GET['act']) && $_GET['act']=='post_delete'){
}else if(isset($user) && $admin['uid']==$user['id'] && $them['close']==0 || $them['close']==1 && $admin['priv']>0){
if($user['set_files']==1){
echo "<img src='/chat/them_00.png' alt='' class='icon'/>n";
echo '<a href="/smiles/index.php">Смайлы</a><br/>';
echo '<form method="post" name="message" enctype="multipart/form-data" action="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&act=new">';
}else{
echo "<img src='/chat/them_00.png' alt='' class='icon'/>n";
echo '<a href="/smiles/index.php">Смайлы</a><br/>';
echo '<form method="post" name="message" action="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&id_comm='.$id_comm.'&act=new">';
}
if(isset($_POST['msg']) && isset($_POST['file_s'])){
$msg2=output_text($_POST['msg'],false,true,false,false,false);
}else{
$msg2=NULL;
}
echo 'Сообщение:<br/><textarea name="msg">'.$msg2.'</textarea><br/>';
if($user['set_translit']==1){
echo '<label><input type="checkbox" name="translit" value="1"/> Транслит</label><br/>';
}
if($user['set_files']==1){
if(isset($_SESSION['file'])){
echo 'Прикрепленные файлы:<br/>';
for($i=0; $i<count($_SESSION['file']);$i++){
if(isset($_SESSION['file'][$i]) && is_file($_SESSION['file'][$i]['tmp_name'])){
echo '<img src="/style/themes/'.$set['set_them'].'/forum/file.png" alt=""/>';
echo $_SESSION['file'][$i]['name'].'.'.$_SESSION['file'][$i]['ras'].' ('.size_file($_SESSION['file'][$i]['size']).')';
echo '<a href="index.php?id_forum='.$forum['id'].'&id_razdel='.$razdel['id'].'&id_them='.$them['id'].'&f_del='.$i.'&id_comm='.$id_comm.'"><img src="/style/themes/'.$set['set_them'].'/forum/del_file.png" alt=""/></a><br/>';
}
}
}
echo '<input name="file_f" type="file"/><br/>';
echo '<input name="file_s" value="Прикрепить файл" type="submit"/><br/>';
}
echo '<input name="post" value="Отправить сообщение" type="submit"/></form>';
}
?>