Файл: new_fanland/forum.php
Строк: 407
<?php
###########################
# Данная версия скрипта принадлежит #
# LiraS aka Артур Лукин Иванович #
# Вносить свои изменения крайне #
# запрещенно! #
###########################
include("db.php");
include "cfg.php";
//Вывод разделов в форум!
function razdel()
{
$razd = mysql_query("SELECT COUNT(*) FROM `forum_r`");
$r = mysql_result($razd, 0);
if ($r == 0)
{
echo "<div class="main"><div class="in">";
echo "---Разделов нет---";
$a = mysql_query("SELECT `adm` FROM `users` WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."'");
$result = mysql_fetch_array($a);
if ($result[adm] >= 2)
{
echo "<br/>n <a href="cpan/forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Создать раздел!</a>";
}
echo "<br/>n<a href="main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">На главную</a>";
}
else
{
echo "<div class="main"><div class="in">";
echo "<b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=new_messages">[Новые сообщения]</a></b><br/><br/>";
$razd = mysql_query("SELECT * FROM `forum_r` ORDER BY id ASC");
$result = mysql_fetch_array($razd);
do{
$tcount = mysql_query("SELECT COUNT(*) FROM `forum_t` WHERE `id_r`='$result[id]'");
$t_count = mysql_result($tcount,0);
$result['title'] = iconv("windows-1251","utf-8",$result['title']);
echo "<b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=look_r&razd=$result[id]">$result[title]</a></b>[$t_count]<br/>--------<br/>";
} while ($result = mysql_fetch_array($razd));
$a = mysql_query("SELECT `adm` FROM `users` WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."'");
$result = mysql_fetch_array($a);
if ($result['adm'] >= 2)
{
echo "<br/>n <a href="cpan/forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Создать раздел!</a>";
}
echo "<br/>n<a href="main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">На главную</a>";
}
}
//Новые сообщения
function new_mess()
{
$rand = rand(1000,9999);
echo"<div class="head">Новые сообщения</div>";
echo"<div class="main"><div class="in">";
$all = mysql_num_rows(mysql_query("SELECT * FROM forum_t"));
if(isset($_GET['s'])){$s=intval($_GET['s']);}else{$s=0;}
if($s<0) $s=0;
if($s>$all) $s=0;
$c=$s+1;
$asd = mysql_query("SELECT * FROM forum_t ORDER BY last DESC LIMIT ".$s.",10");
while ($themes = mysql_fetch_array($asd))
{
/*
Имя игрока
Название темы[время]
*/
$r = mysql_fetch_array(mysql_query("SELECT * FROM forum_r WHERE id = '$themes[id_r]'"));
$title = iconv("windows-1251","utf-8",$r['title']);
$tema = iconv("windows-1251","utf-8",$themes['title']);
$user = iconv("windows-1251","utf-8",$themes['user']);
$rnd = rand(1000,99999);
$u = mysql_fetch_array(mysql_query("SELECT `id` FROM `users` WHERE usr = '$user'"));
$id = strip_tags($u['id']);
echo "$user<a href="info_m.php?usr=$_GET[usr]&pwd=$_GET[pwd]&man=".$id."">
<img src="/img/info.png" alt="[i]" /></a><br/><b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=look_r&razd=$r[id]">
$title</a></b>-><b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$themes[id_r]&tema=$themes[id]&id=look_t&r=$rnd">
$tema</a></b>[$themes[f_time]]";
$t = mysql_fetch_array(mysql_query("SELECT adm FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($t['adm'] >= 1)
{
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=change_t&tema_id=$themes[id]">Изменить</a>|<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=delete_t&tema_id=$themes[id]">Удалить</a>";
}
echo "<br/>--------<br/>";
}
if($all>0)
{
$ba=ceil($all/10);
$ba2=$ba*10-10;
echo "Страницы:";
$asd=$s-(10*3);
$asd2=$s+(10*4);
if($asd<$all && $asd>0){echo ' <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=new_messages&start=0&r='.$rand.'">1</a> .. ';}
for($i=$asd; $i<$asd2;)
{
if($i<$all && $i>=0)
{
$ii=floor(1+$i/10);
if($s==$i)
{
echo ' '.$ii;
}
else
{
echo ' <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=new_messages&s='.$i.'&r='.$rand.'">'.$ii.'</a>';
}
}
$i=$i+10;
}
if($asd2<$all){echo ' .. <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=new_messages&s='.$ba2.'&r='.$rand.'">'.$ba.'</a>';}
}
echo "<br/><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">На форум</a><br/><a href="main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">На главную</a>";
}
// Изменение темы
function change_tema()
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '$_GET[usr]'"));
if ($a['adm'] >= 1)
{
echo "<div class="main"><div class="in">";
$tema = htmlspecialchars(stripslashes($_GET['tema_id']));
$c = mysql_fetch_array(mysql_query("SELECT title,text FROM forum_t WHERE id = '$tema'"));
$c['title'] = iconv("windows-1251","utf-8",$c['title']);
$c['text'] = iconv("windows-1251","utf-8",$c['text']);
echo "<form action="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=csave_t&tema_id=$tema" method="post">";
echo "Изменение темы:<br/>n";
echo "Название темы:<br/>n<input name="t_title" value="$c[title]"><br/>n";
echo "Начальный текст темы:<br/>n<input name="ttext" value="$c[text]"><br/>n";
echo "<input type="submit" value="Изменить"></form>";
echo "<a href="main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В игру</a>";
}else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
// Сохранение измененой темы
function schange_tema()
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '$_GET[usr]'"));
echo "<div class="main"><div class="in">";
if ($a['adm'] >= 1)
{
if (empty($_POST['t_title']) OR empty($_POST['ttext']))
{
echo "$_POST[t_title] <br/>n $_POST[t_text]<br/>nПоле названия или текста темы не заполнено!";
}elseif(!empty($_POST['t_text']) OR !empty($_POST['ttext']))
{
$title = iconv("utf-8","windows-1251",$_POST['t_title']);
$text = iconv("utf-8","windows-1251",$_POST['ttext']);
mysql_query("UPDATE forum_t SET title = '".mysql_real_escape_string($title)."', text = '".mysql_real_escape_string($text)."' WHERE id = '".mysql_real_escape_string($_GET['tema_id'])."'");
echo "Тема под id: ".$_GET['tema_id']." успешно изменена!";
}
}
else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
//Удаление темы
function delete_tema()
{
echo "<div class="main"><div class="in">";
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
$_GET['tema_id'] = htmlspecialchars(stripslashes($_GET['tema_id']));
if ($_GET['tema_id'] == '' OR empty($_GET['tema_id']))
{
echo "Чет хреново!";
} elseif (!empty($_GET['tema_id']))
{
$s = mysql_fetch_array(mysql_query("SELECT title,user FROM forum_t WHERE id = '".mysql_real_escape_string($_GET['tema_id'])."'"));
$s['title'] = iconv("windows-1251","utf-8",$s['title']);
$s['user'] = iconv("windows-1251","utf-8",$s['user']);
echo "Вы действительно хотите удалить тему:<br/>n $s[title] [$s[user]]<br/>n";
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=n_delete_step&tema_id=$_GET[tema_id]">да</a>|";
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">нет</a>";
}
}else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
// Завершение удаления темы
function next_tema_step()
{
echo "<div class="main"><div class="in">";
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
if (!empty($_GET['tema_id']))
{
mysql_query("DELETE FROM `forum_t` WHERE `id` = '$_GET[tema_id]';");
mysql_query("DELETE FROM `forum_p` WHERE `id_t` = '$_GET[tema_id]';");
echo "Тема успешно удалена!";
}else
{
echo "Ну ты даешь:)";
}
}else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
// Вывод тем
function look_r()
{
$_GET['razd'] = htmlspecialchars(stripslashes(trim(intval($_GET['razd']))));
$rand = rand(1000,9999);
$tem = mysql_query("SELECT * FROM forum_r WHERE id = '$_GET[razd]' LIMIT 1");
$set['title']='Форум - Создание темы';
title();
if (!is_numeric($_GET['razd']))
{
echo"<div class="main"><div class="in">";
echo 'Что то не так!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
elseif (mysql_num_rows($tem) == 0)
{
echo"<div class="main"><div class="in">";
echo 'Такого раздела нет!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} else
{
$a = mysql_query("SELECT COUNT(*) FROM `forum_t` WHERE `id_r` = '".mysql_real_escape_string($_GET['razd'])."'");
$r = mysql_result($a,0);
if ($r == 0)
{
echo"<div class="main"><div class="in">";
echo"<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&id=create_t">Создать тему</a><br/>n";
echo"---Тем нет---<br/>n";
echo"<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} else
{
echo"<div class="main"><div class="in">";
echo"<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&id=create_t">Создать тему</a><br/>n";
$times = date("H:i");
echo "<center>-=$times=-</center>";
$all = mysql_num_rows(mysql_query("SELECT * FROM forum_t WHERE id_r = '".mysql_real_escape_string($_GET['razd'])."'"));
if(isset($_GET['s'])){$s=intval($_GET['s']);}else{$s=0;}
if($s<0) $s=0;
if($s>$all) $s=0;
$c=$s+1;
$tem = mysql_query("SELECT * FROM forum_t WHERE id_r = '$_GET[razd]' ORDER BY last DESC LIMIT ".$s.",10");
while ($t = mysql_fetch_array($tem))
{
$pcount = mysql_query("SELECT COUNT(*) FROM `forum_p` WHERE `id_t`='$t[id]'");
$p_count = mysql_result($pcount,0);
$p_count = $p_count + 1;
$t['title'] = iconv("windows-1251","utf-8",$t['title']);
$t['user'] = iconv("windows-1251","utf-8",$t['user']);
echo"$t[user][$t[f_time]]<br/>n<b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&tema=$t[id]&id=look_t">$t[title]</a></b>[$p_count]";
$a = mysql_fetch_array(mysql_query("SELECT adm FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=change_t&tema_id=$t[id]">Изменить</a>|<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=delete_t&tema_id=$t[id]">Удалить</a>";
}
echo"<br/>-------<br/>n";
}
if($all>0)
{
$ba=ceil($all/10);
$ba2=$ba*10-10;
echo "Страницы:";
$asd=$s-(10*3);
$asd2=$s+(10*4);
if($asd<$all && $asd>0){echo ' <a href="forum.php?usr='.$_GET[usr].'&pwd='.$_GET[pwd].'&id=look_r&razd='.$_GET['razd'].'&start=0&r='.$rand.'">1</a> .. ';}
for($i=$asd; $i<$asd2;)
{
if($i<$all && $i>=0)
{
$ii=floor(1+$i/10);
if($s==$i)
{
echo ' '.$ii;
}
else
{
echo ' <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=look_r&razd='.$_GET['razd'].'&s='.$i.'&r='.$rand.'">'.$ii.'</a>';
}
}
$i=$i+10;
}
if($asd2<$all){echo ' .. <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=look_r&razd='.$_GET['razd'].'&s='.$ba2.'&r='.$rand.'">'.$ba.'</a>';}
}
echo"<br/><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
}
}
//Создать тему
function create_t()
{
echo"<div class="main"><div class="in">";
echo"<form action="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&id=save_t" method="post">Название темы:<br/>n";
echo"<input type="text" name="tema"><br/>n";
echo"Текст:<br/><input type="text" name="text"><br/>n";
echo"<input type="submit" value="Создать" class="ibutton"></form>";
echo"<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=look_r&razd=$_GET[razd]">Темы</a><br/>n";
}
//Сохранить тему
function save_t()
{
$_GET[razd] = htmlspecialchars(stripslashes($_GET['razd']));
$tema = htmlspecialchars(stripslashes($_POST['tema']));
$text = htmlspecialchars(stripslashes($_POST['text']));
$r = mysql_query("SELECT * FROM `forum_r` WHERE `id` = '".mysql_real_escape_string($_GET['razd'])."'");
echo"<div class="main"><div class="in">";
if (empty($_POST['tema']))
{
echo "Не написано название темы!";
}
elseif(empty($_POST['text']))
{
echo "Не написан текст сообщения!";
}
elseif (strlen($_POST['tema'])> 50)
{
echo "Длиное название темы(максимум 50 символов)!";
}
elseif (strlen($_POST['text'])>560)
{
echo "Длинное сообщение(максимум 560 символов)";
}
elseif (mysql_num_rows($r) != 0)
{
$tema=str_replace("rn","<br />",$tema);
$tema=str_replace("r","<br />",$tema);
$tema=str_replace("n","<br />",$tema);
$tema = addslashes($tema);
$tema=preg_replace ("|[rn]+|si","",$tema);
$text=str_replace("rn","<br />",$text);
$text=str_replace("r","<br />",$text);
$text=str_replace("n","<br />",$text);
$text = addslashes($text);
$text=preg_replace ("|[rn]+|si","",$text);
$tema = iconv("utf-8","windows-1251",$tema);
$text = iconv("utf-8","windows-1251",$text);
$times = date("m.d H:i");
$time=time();
mysql_query("INSERT INTO `forum_t`(id_r,title,text,time,f_time,last,user) VALUES ('$_GET[razd]','$tema','$text','$times','$times','$time','$_GET[usr]')");
mysql_query("OPTIMIZE TABLE `forum_t`");
echo "Вы успешно создали тему!<br/>n";
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&id=look_r">Темы</a>";
}
else {
echo "Иди нах!";
}
}
//Показ постов в теме
function tema()
{
$times = date("H:i");
echo "<div class="main"><div class="in"><center>-=$times=-</center>";
#########################################################################
# Раздел
$r = mysql_num_rows(mysql_query("SELECT `id` FROM `forum_r` WHERE `id` = '".mysql_real_escape_string($_GET['razd'])."'"));
# Тема
$t = mysql_num_rows(mysql_query("SELECT `id` FROM `forum_t` WHERE `id` = '".mysql_real_escape_string($_GET['tema'])."'"));
#########################################################################
if (!is_numeric($_GET['razd']) or !is_numeric($_GET['tema']))
{
echo 'Что то не так!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} elseif ($r == 0 or $t == 0)
{
echo 'Такой темы либо раздела нет!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} else
{
$post = mysql_query("SELECT * FROM `forum_t` WHERE `id`='$_GET[tema]' or `id_r`='$_GET[razd]'");
$p = mysql_result($post,0);
if ($p == 0)
{
echo "Че то ты тут паришь:)";
} else
{
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&tema=$_GET[tema]&id=create_p">Ответить</a><br/>--------<br/>";
$post = mysql_query("SELECT * FROM `forum_t` WHERE `id`='$_GET[tema]'");
$i = mysql_fetch_array($post);
$i['user'] = iconv("windows-1251","utf-8",$i['user']);
$i['text'] = iconv("windows-1251","utf-8",$i['text']);
$s = mysql_fetch_array(mysql_query("SELECT `id` FROM `users` WHERE `usr` = '".mysql_real_escape_string($i['user'])."'"));
$id = strip_tags($s['id']);
echo "<b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&user=$i[user]&tema=$_GET[tema]&id=create_p">$i[user]</a></b><a href="info_m.php?usr=$_GET[usr]&pwd=$_GET[pwd]&man=$id"><img src="/img/info.png" alt="[i]" /></a>[$i[time]]<br/>n$i[text]<br/>--------<br/>n";
$all = mysql_num_rows(mysql_query("SELECT * FROM forum_p WHERE id_t = '".mysql_real_escape_string($_GET['tema'])."'"));
if(isset($_GET['s'])){$s=intval($_GET['s']);}else{$s=0;}
if($s<0) $s=0;
if($s>$all) $s=0;
$c=$s+1;
$tekst = mysql_query("SELECT * FROM `forum_p` WHERE id_t='$_GET[tema]' ORDER by id ASC LIMIT ".$s.",9");
while ($tk = mysql_fetch_array($tekst))
{
$tk['user'] = strip_tags($tk['user']);
$tk['text'] = strip_tags($tk['text']);
$tk['time'] = strip_tags($tk['time']);
$tk['user'] = iconv("windows-1251","utf-8",$tk['user']);
$tk['text'] = iconv("windows-1251","utf-8",$tk['text']);
$u = mysql_fetch_array(mysql_query("SELECT `id` FROM `users` WHERE `usr` = '".mysql_real_escape_string($tk['user'])."'"));
$id = strip_tags($u['id']);
echo "<b><a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&user=$i[user]&tema=$_GET[tema]&id=create_p">$tk[user]</a></b><a href="info_m.php?usr=$_GET[usr]&pwd=$_GET[pwd]&man=".$id.""><img src="/img/info.png" alt="[i]" /></a>[$tk[time]]<br/>n$tk[text]";
$t = mysql_fetch_array(mysql_query("SELECT adm FROM users WHERE usr = '$_GET[usr]'"));
if ($t['adm'] >= 1)
{
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=change_post&post_id=$tk[id]">Изменить</a>|<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=delete_post&post_id=$tk[id]">Удалить</a>";
}
echo "<br/>--------<br/>n";
}
}
$rand = rand(1000,9999);
if($all>0)
{
$ba=ceil($all/10);
$ba2=$ba*10-10;
echo "Страницы:";
$asd=$s-(10*3);
$asd2=$s+(10*4);
if($asd<$all && $asd>0){echo ' <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=look_t&tema='.$_GET['tema'].'&razd='.$_GET['razd'].'&start=0&r='.$rand.'">1</a> .. ';}
for($i=$asd; $i<$asd2;)
{
if($i<$all && $i>=0)
{
$ii=floor(1+$i/10);
if($s==$i)
{
echo ' '.$ii;
}
else
{
echo ' <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=look_t&tema='.$_GET['tema'].'&razd='.$_GET['razd'].'&s='.$i.'&r='.$rand.'">'.$ii.'</a>';
}
}
$i=$i+10;
}
if($asd2<$all){echo ' .. <a href="forum.php?usr='.$_GET['usr'].'&pwd='.$_GET['pwd'].'&id=look_t&tema='.$_GET['tema'].'&razd='.$_GET['razd'].'&s='.$ba2.'&r='.$rand.'">'.$ba.'</a>';}
}
echo "<br/>n<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&id=look_r">Темы</a><br/>n";
echo"<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
}
//Change post
function change_post()
{
echo "<div class="main"><div class="in">";
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
$post_id = intval($_GET['post_id']);
$p = mysql_fetch_array(mysql_query("SELECT * FROM forum_p WHERE id = '".mysql_real_escape_string($post_id)."'"));
$nick = iconv("windows-1251","utf-8",$p['user']);
$text = iconv("windows-1251","utf-8",$p['text']);
echo "<form action="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=s_change_post&post_id=$post_id" method="post">";
echo "Император: $nick<br/>n";
echo "Текст: <input type="text" name="post" value="$text">";
echo "<input type="submit" value="Изменить">";
}else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
// End changing post
function s_change_post()
{
echo "<div class="main"><div class="in">";
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
$post_id = intval($_GET['post_id']);
if (empty($_POST['post']))
{
echo "Пустое поле!";
} else
{
$text = iconv("utf-8","windows-1251",$_POST['post']);
mysql_query("UPDATE forum_p SET text = '$text' WHERE id = '$post_id';");
echo "Текст успешно изменен";
}
}else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
// Delete post
function delete_post()
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a[adm] >= 1)
{
$post_id = intval($_GET['post_id']);
echo "<div class="main"><div class="in">";
$p = mysql_fetch_array(mysql_query("SELECT * FROM forum_p WHERE id = '".mysql_real_escape_string($post_id)."'"));
$nick = iconv("windows-1251","utf-8",$p['user']);
$text = iconv("windows-1251","utf-8",$p['text']);
echo "Вы действительно хотите удалить пост: [".$p['time']."]$text [$nick]";
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=s_delete_post&post_id=$post_id">Да</a>|<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Нет</a>";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
// Ending deleting post
function s_delete_post()
{
echo "<div class="main"><div class="in">";
$a = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
if ($a['adm'] >= 1)
{
$post_id = intval($_GET['post_id']);
mysql_query("DELETE FROM forum_p WHERE id = '".mysql_real_escape_string($post_id)."'");
echo "Вы успешно удалили пост!";
} else
{
echo "Не парь фигню";
}
echo "<br/>n <a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
}
//Создание поста
function create_p()
{
$_GET['razd'] = htmlspecialchars(stripslashes(trim(intval($_GET['razd']))));
$_GET['tema'] = htmlspecialchars(stripslashes(trim(intval($_GET['tema']))));
echo "<div class="main"><div class="in">";
#################################################################################################
$r = mysql_num_rows(mysql_query("SELECT `id` FROM `forum_r` WHERE `id` = '".mysql_real_escape_string($_GET['razd'])."'"));
$t = mysql_num_rows(mysql_query("SELECT `id` FROM `forum_t` WHERE `id` = '".mysql_real_escape_string($_GET['tema'])."'"));
#################################################################################################
if (!is_numeric($_GET['razd']) or !is_numeric($_GET['tema']))
{
echo 'Что то не так!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} elseif ($r == 0 or $t == 0)
{
echo 'Такой темы или раздела нет!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} else
{
echo "<form action="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&tema=$_GET[tema]&id=save_p" method="post">Текст сообщения:<br/>n";
if (isset($_GET[user]))
{
$_GET[user] = htmlspecialchars($_GET[user]);
echo "<input type="text" name="postas" value="$_GET[user], ">";
} else
{
echo "<input type="text" name="postas">";
}
echo "<br/>n<input type="submit" value="Написать" class="ibutton"></form>";
echo "---------<br/>n<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&tema=$_GET[tema]&id=look_t">В тему</a>";
}
}
//Сохранение поста!
function save_p()
{
$_GET[razd] = htmlspecialchars(stripslashes($_GET[razd]));
$_GET[tema] = htmlspecialchars(stripslashes($_GET[tema]));
$p = mysql_query("SELECT * FROM forum_t WHERE id = $_GET[tema]");
echo "<div class="main"><div class="in">";
#################################################################################################
$r = mysql_num_rows(mysql_query("SELECT `id` FROM `forum_r` WHERE `id` = '".mysql_real_escape_string($_GET['razd'])."'"));
$t = mysql_num_rows(mysql_query("SELECT `id` FROM `forum_t` WHERE `id` = '".mysql_real_escape_string($_GET['tema'])."'"));
#################################################################################################
echo "<div class="main"><div class="in">";
if (!is_numeric($_GET['razd']) or !is_numeric($_GET['tema']))
{
echo 'Что то не так!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} elseif ($r == 0 or $t == 0)
{
echo 'Такой темы или раздела нет!<br/>';
echo "<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Разделы</a>";
} else
{
if (empty($_POST[postas]))
{
echo "Пустое поле ввода!";
echo "<br/>n<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&tema=$_GET[tema]&id=look_t">В тему</a>";
}
elseif (mysql_num_rows($p) != 0)
{
$_POST['postas'] = htmlspecialchars(stripslashes($_POST['postas']));
$_POST['postas']=str_replace("rn","<br />",$_POST['postas']);
$_POST['postas']=str_replace("r","<br />",$_POST['postas']);
$_POST['postas']=str_replace("n","<br />",$_POST['postas']);
$_POST['postas'] = addslashes($_POST['postas']);
$_POST['postas']=preg_replace ("|[rn]+|si","",$_POST['postas']);
$_GET['tema'] = htmlspecialchars(stripslashes($_GET['tema']));
$_GET['tema']=str_replace("rn","<br />",$_GET['tema']);
$_GET['tema']=str_replace("r","<br />",$_GET['tema']);
$_GET['tema']=str_replace("n","<br />",$_GET['tema']);
$_GET['tema'] = addslashes($_GET['tema']);
$_GET['tema']=preg_replace ("|[rn]+|si","",$_GET['tema']);
$_GET['usr'] = htmlspecialchars(stripslashes($_GET['usr']));
$times = date("m.d H:i");
$_POST['postas'] = iconv("utf-8","windows-1251",$_POST['postas']);
$_GET['usr'] = iconv("utf-8","windows-1251",$_GET['usr']);
mysql_query("INSERT INTO `forum_p`(id_t,user,text,time) VALUES ('$_GET[tema]','$_GET[usr]','$_POST[postas]','$times')");
$time=time();
mysql_query("UPDATE `forum_t` SET `f_time` = '$times',`last` = '$time' WHERE `id` = '".mysql_real_escape_string($_GET['tema'])."'");
mysql_query("OPTIMIZE TABLE `forum_p`");
mysql_query("OPTIMIZE TABLE `forum_t`");
$_GET['usr'] = iconv("windows-1251","utf-8",$_GET['usr']);
echo "Текст успешно написан!<br/>n<a href="forum.php?usr=$_GET[usr]&pwd=$_GET[pwd]&razd=$_GET[razd]&tema=$_GET[tema]&id=look_t">В тему</a>";
} else
{
echo "Иди нах!";
}
}
}
$db_connection = mysql_connect($db_host, $db_user, $db_pass);
mysql_select_db($db_table, $db_connection);
mysql_query('SET NAMES cp1251');
$exist = mysql_num_rows(mysql_query("SELECT usr, pwd FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."' AND pwd = '".mysql_real_escape_string($_GET['pwd'])."'"));
$online = mysql_num_rows(mysql_query("SELECT * FROM online WHERE laikas > '$timeout'"));
$year = date("Y.m.d");
$times = date("H:i");
$vremechko = "$year $times";
$subt = file_get_contents("max_on.dat");
$max = explode("|", $subt);
$max_onl = $max[0];
$max_on_time = $max[1];
if ($online >= $max_onl)
{
$fp55 = fopen("max_on.dat", 'w');
fwrite($fp55, "$online|$vremechko|");
fclose($fp55);
}
if($exist == 1)
{
include("on.php");
$u = mysql_fetch_array(mysql_query("SELECT id FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."'"));
$ban = mysql_num_rows(mysql_query("SELECT * FROM ban WHERE user_id = '".mysql_real_escape_string($u['id'])."'"));
if ($ban > 0)
{
$set['title']='Бан';
head();
title ();
ban();
}
if($_GET['id'] == "")
{
require "d_res.php";
require "stroim.php";
require "food.php";
$set['title']='Форум - Разделы';
head();
title ();
razdel();}
elseif($_GET['id'] == "look_r")
{
$tem = mysql_query("SELECT * FROM forum_r WHERE id = '".mysql_real_escape_string($_GET['razd'])."'");
$t = mysql_fetch_array($tem);
$t[title] = iconv("windows-1251","utf-8",$t['title']);
$set['title']='Форум - '.$t['title'].'';
head();
title ();
look_r();}
elseif($_GET['id'] == "create_t")
{
$set['title']='Форум - Создание темы';
head();
title ();
create_t();}
elseif($_GET['id'] == "save_t")
{
head();
save_t();}
elseif ($_GET['id'] == "look_t")
{
############################################################################
$_GET['razd'] = htmlspecialchars(stripslashes(trim(intval($_GET['razd']))));
$_GET['tema'] = htmlspecialchars(stripslashes(trim(intval($_GET['tema']))));
############################################################################
$i = mysql_fetch_array(mysql_query("SELECT * FROM `forum_t` WHERE `id`='".mysql_real_escape_string($_GET['tema'])."'"));
$i['title'] = iconv("windows-1251","utf-8",$i['title']);
$set['title']='Форум - '.$i['title'].'';
head();
title ();
tema();
}
elseif($_GET['id'] == "create_p")
{
$set['title']='Форум - Пишем ответ';
head();
title ();
create_p();
}
elseif($_GET['id'] == "new_messages")
{
$set['title']='Форум - Новые сообщения';
head();
title ();
new_mess();
}
elseif($_GET['id'] == "save_p")
{
$set['title']='Форум - Пишем ответ';
head();
title ();
save_p();
}
elseif ($_GET['id'] == "change_t")
{
$set['title']='Форум - Изменение темы';
head();
title ();
change_tema();
}
elseif ($_GET['id'] == "csave_t")
{
$set['title']='Форум - Изменение темы';
head();
title ();
schange_tema();
}
elseif ($_GET['id'] == "delete_t")
{
$set['title']='Форум - Удаление темы';
head();
title ();
delete_tema();
}
elseif ($_GET['id'] == "n_delete_step")
{
$set['title']='Форум - Удаление темы';
head();
title ();
next_tema_step();
}
elseif ($_GET['id'] == "change_post")
{
$set['title']='Форум - Изменение поста';
head();
title ();
change_post();
}
elseif ($_GET['id'] == "delete_post")
{
$set['title']='Форум - Удаление поста';
head();
title ();
delete_post();
}
elseif ($_GET['id'] == "s_change_post")
{
$set['title']='Форум - Изменение поста';
head();
title ();
s_change_post();
}
elseif ($_GET['id'] == "s_delete_post")
{
$set['title']='Форум - Удаление поста';
head();
title ();
s_delete_post();
}
}else
{
echo "<div class="main"><div class="in">";
echo "Вы не зарегистрированны!!!<br/>";
echo "<br/>";
}foot();
mysql_close($db_connection);
?>