Файл: test.masteram.us/comm/inc/guest_act.php
Строк: 34
<?php
if(isset($_GET['del'])){
if($admin['priv']==2 || $admin['priv']==1 || $user['level']>2){
$del = intval($_GET['del']);
$id_del = mysql_fetch_array(mysql_query("SELECT * FROM `community_board` WHERE `id` = '$del'"));
if($id==$id_del['id_comm']){
mysql_query("DELETE FROM `community_board` WHERE `id` = '".$del."' AND `id_comm` = '$id' LIMIT 1");
header("Location: guest.php?id=$id&err=del");
}else{
header("Location: guest.php?id=$id&err=no_mess");
}
}else{
header("Location: index.php");
exit;
}
}
if(isset($_POST['msg']) && $_GET['act']=='add'){
$msg=esc($_POST['msg']);
$msg = esc(stripcslashes(htmlspecialchars($_POST['msg'])));
$msg = eregi_replace("((https?|ftp)://[[:alnum:]_=/-]+(\.[[:alnum:]_=/-]+)*(/[[:alnum:]+&._=/~%#]*(\?[[:alnum:]?+&_=/%#]*)?)?)", ' [реклама] ', $msg);
if(isset($_POST['translit']) && $_POST['translit']==1){
$msg=translit($msg);
}
if(strlen2($msg)<3){
header("Location: guest.php?id=$id&err=min_mess");
exit;
}
if(strlen2($msg)>512){
header("Location: guest.php?id=$id&err=max_mess");
exit;
}
if(isset($_SESSION['antiflood']) && $_SESSION['antiflood']>$time-300){
header("Location: guest.php?id=$id&err=msg_time");
exit;
}
mysql_query("INSERT INTO `community_board` (`id_comm`, `user`, `time`, `msg`) VALUES ('$id', '$user[id]', '$time', '$msg')");
mysql_query("UPDATE `community_user_incomm` SET `postov` = '+1' WHERE `uid` = '$user[id]' AND `cid` = '$id' LIMIT 1");
mysql_query("OPTIMIZE TABLE `community_user_incomm`");
mysql_query("OPTIMIZE TABLE `community_board`");
header("Location: guest.php?id=$id&err=no");
}
?>