Файл: profiwm.pp.ua/zametki.php
Строк: 407
<?php
require 'system/sid.php';
require 'system/config.php';
include 'system/user.php';
include 'system/head.php';
include 'system/navigator.php';
whorm(0, 'zametki');
$do = isset($_GET['do']) ? $_GET['do'] : NULL;
switch($do)
{
default:
echo $div_title . 'Заметки' . $div_end . $div_menu . '
<a href="zametki.php?do=read">Мои заметки</a> |
<b>Заметки</b>' . $div_end;
if (isset($_GET['x'])) {
if ($user['level'] < 4)
{
header('location: zametki.php');
die();
}
$x = my_int($_GET['x']);
$empty = mysql_query("SELECT `id` FROM `zametki` WHERE `id` = '$x' LIMIT 1");
if (mysql_num_rows($empty) != FALSE) {
mysql_query("DELETE FROM `zametki` WHERE `id` = '$x' LIMIT 1");
header('Location: zametki.php');
} else {
header('Location: zametki.php');
}
}
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM `zametki` WHERE `look` = '1'"), 0);
$n = new navigator($count, $user['onp_favs'], '?');
$view = mysql_query("SELECT * FROM `zametki` WHERE `look` = '1' ORDER BY `id` DESC {$n->limit}");
if ($count != FALSE) {
$i = 0;
while($a = mysql_fetch_assoc($view)) {
if ($user['level'] == 4 || $user['level'] == 5) {
$dl = '<a href="x-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a> ';
}
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo $dl . '<a href="nzu-uslook-'.$a['user'].'-'.$a['id'].'">' . $a['title'] . '</a> → ' . cvetnik($a['user']) . $div_end;
}
echo $n->navi();
} else {
echo 'Заметок нет!<br/>';
}
break;
/*
* Мои заметки
*/
case read:
echo $div_title . 'Заметки /
' . $user['user'] . $div_end . $div_menu . '
<a href="zametki.php?do=new_z">Создать заметку</a> |
<b>Мои заметки</b> |
<a href="zametki.php?">Заметки</a>' . $div_end;
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$empty = mysql_query("SELECT `id` FROM `zametki` WHERE `id` = '$x' AND `user` = '$user[id]' LIMIT 1");
if (mysql_num_rows($empty) == FALSE) {
err('Заметка не найдена!');
} else {
mysql_query("DELETE FROM `zametki` WHERE `id` = '$x' AND `user` = '$user[id]' LIMIT 1");
header('Location: zametki.php?');
}
}
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM `zametki` WHERE `user` = '$user[id]'"), 0);
$n = new navigator($count, $user['onp_favs'], '?');
$view = mysql_query("SELECT * FROM `zametki` WHERE `user` = '$user[id]' ORDER BY `id` DESC {$n->limit}");
if ($count != FALSE) {
$i = 0;
while($a = mysql_fetch_assoc($view)) {
$e = ' <a href="ez-edit-'.$a['id'].'"><img src="ico/edit.png" alt=""/></a>';
$d = ' <a href="x-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a>';
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<a href="ez-look-'.$a['id'].'">' . $a['title'] . '</a>' . $e . $d . $div_end;
}
echo $n->navi();
} else {
echo 'Заметок нет!<br/>';
}
break;
/*
* Новая заметка
*/
case new_z:
echo $div_title . 'Заметки' . $div_end . $div_menu . '
<b>Создать заметку</b> |
<a href="zametki.php?do=read">Мои заметки</a> |
<a href="zametki.php?">Заметки</a>' . $div_end;
if (isset($_POST['add'])) {
$title = trim(mysql_real_escape_string(check($_POST['title'])));
$content = trim(mysql_real_escape_string(check($_POST['content'])));
$comm = my_int($_POST['comm']);
$look = my_int($_POST['look']);
$code = my_int($_POST['code']);
if (empty($title)) {
err('Пустое название заметки!');
} elseif (empty($content)) {
err('Пустое содержание заметки!');
} elseif (empty($code)) {
err('Не введен проверочный код!');
} elseif ($code != $_SESSION['ZCaptcha']) {
err('Неверный проверочный код!');
unset($_SESSION['ZCaptcha']);
} else {
unset($_SESSION['ZCaptcha']);
// транслит
if ($user['translit'] == 1) {
$content = trun_to_rus($content);
}
// антимат
$ant = mysql_fetch_array(mysql_query("SELECT `antimat` FROM `setting` WHERE `ids` = '1'"));
$title = ($ant[0] == 1) ? mat($title) : $title;
$content = ($ant[0] == 1) ? mat($content) : $content;
// Антиреклама
$_ant = mysql_fetch_assoc(mysql_query("SELECT `on_rekl`, `text_rekl` FROM `setting` WHERE `ids` = '1'"));
if ($_ant['on_rekl'] == 1 && filesize($_SERVER['DOCUMENT_ROOT'] . '/domains.dat') > 0) {
$ex = explode(',', file_get_contents('domains.dat'));
foreach($ex as $value) {
if ($user['level'] != 4 && $user['level'] != 5 && !preg_match('/[url=http://(.*)[/url]/si', $content)) {
$title = preg_replace("/(ws|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $title);
$content = preg_replace("/(ws|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $content);
} elseif ($user['level'] != 4 && $user['level'] != 5) {
$title = preg_replace("/(ws|,|.|*|_|-|+)+$value/si", $_ant['text_rekl'], $title);
}
}
}
mysql_query("INSERT INTO `zametki` SET
`title` = '$title',
`content` = '$content',
`user` = '$user[id]',
`comm` = '$comm',
`look` = '$look',
`date` = '" . time() . "'");
$last = mysql_fetch_array(mysql_query("SELECT `id`, `content` FROM `zametki` ORDER BY `id` DESC LIMIT 1"));
/*--------------------рассылка в ленту---------------------*/
$frnd = mysql_query("SELECT * FROM `friends` WHERE `user` = '$user[id]' AND `zajavka` = '1'");
while($send = mysql_fetch_assoc($frnd)) {
if (user_inf($send['who'], 'my_lenta_favs') == 1 && $user['fr_lenta_favs'] == 1) {
$last[1] = (mb_strlen($last[1], 'UTF8') > 30) ? mb_substr($last[1], 0, 30) : $last[1];
$message = cvetnik($user['id']) . ' создал новую заметку <a href="nzu-uslook-'.$user['id'].'-'.$last[0].'">' . bb_code($last[1]) . '</a>!';
mysql_query("INSERT INTO `lenta` SET
`user` = '$send[who]',
`text` = '$message',
`type` = 'friends',
`date` = '" . time() . "',
`uid` = 'fav$last[0]',
`read` = '1'");
}
}
/*--------------------рассылка в ленту---------------------*/
header('Location: nzu-uslook-'.$user['id'].'-'.$last[0]);
}
}
$_SESSION['ZCaptcha'] = mt_rand(1000, 9999);
echo '<form method="post" action="zametki.php?do=new_z">
<label>Название:</label>
<br/>
<input type="text" name="title"/>
<br/>
<label>Текст:</label>
<br/>
<textarea name="content" cols="50" rows="5" style="width: 99%;"></textarea>
<br/>
<label>Могут смотреть:</label>
<br/>
<input type="radio" name="look" checked="checked" value="1"/> Все
<br/>
<input type="radio" name="look" value="0"/> Только друзья
' . $block . '
<label>Могут комментировать:</label>
<br/>
<input type="radio" name="comm" checked="checked" value="1"/> Все
<br/>
<input type="radio" name="comm" value="0"/> Только друзья
' . $block . '
<label>Введите цифры:</label>
<br/>
<b>' . $_SESSION['ZCaptcha'] . '</b>
<br/>
<input type="text" name="code" size="4" maxlength="4"/>
' . $block . '
<input type="submit" name="add" value="Создать"/>
</form>';
break;
/*
* Изменение заметки
*/
case edit:
echo $div_title . 'Заметки' . $div_end . $div_menu . '
<b>Изменить заметку</b> |
<a href="zametki.php?do=read">Мои заметки</a> |
<a href="zametki.php?">Заметки</a>' . $div_end;
$z = my_int($_REQUEST['z']);
$empty = mysql_query("SELECT * FROM `zametki` WHERE `id` = '$z' AND `user` = '$user[id]' LIMIT 1");
if (isset($_POST['save'])) {
$title = trim(mysql_real_escape_string(check($_POST['title'])));
$content = trim(mysql_real_escape_string(check($_POST['content'])));
$comm = my_int($_POST['comm']);
$look = my_int($_POST['look']);
if (empty($title)) {
err('Пустое название заметки!');
} elseif (empty($content)) {
err('Пустое содержание заметки!');
} else {
mysql_query("UPDATE `zametki` SET
`title` = '$title',
`content` = '$content',
`comm` = '$comm',
`look` = '$look'
WHERE
`id` = '$z' AND `user` = '$user[id]' LIMIT 1");
header('Location: ez-look-' . $z);
}
}
if (mysql_num_rows($empty) == FALSE) {
err('Заметка не найдена!');
} else {
$inf = mysql_fetch_assoc($empty);
echo '<form method="post" action="zametki.php?do=edit">
<label>Название:</label>
<br/>
<input type="text" name="title" value="' . $inf['title'] . '"/>
<br/>
<label>Текст:</label>
<br/>
<textarea name="content" cols="50" rows="5" style="width: 99%;">' . back_bb($inf['content']) . '</textarea>
<br/>
<label>Могут смотреть:</label>
<br/>
<input type="radio" name="look" ' . ($inf['look'] == 1 ? 'checked' : '') . ' value="1"/> Все
<br/>
<input type="radio" name="look" ' . ($inf['look'] == 0 ? 'checked' : '') . ' value="0"/> Только друзья
' . $block . '
<label>Могут комментировать:</label>
<br/>
<input type="radio" name="comm" ' . ($inf['comm'] == 1 ? 'checked' : '') . ' value="1"/> Все
<br/>
<input type="radio" name="comm" ' . ($inf['comm'] == 0 ? 'checked' : '') . ' value="0"/> Только друзья
' . $block . '
<input type="hidden" name="z" value="' . $z . '"/>
<input type="submit" name="save" value="Изменить"/>
</form>';
}
break;
/*
* Просмотр самой заметки
*/
case look:
$z = my_int($_REQUEST['z']);
$empty = mysql_query("SELECT * FROM `zametki` WHERE `id` = '$z' AND `user` = '$user[id]' LIMIT 1");
if (mysql_num_rows($empty) == FALSE) {
err('Заметка не найдена!');
} else {
$inf = mysql_fetch_assoc($empty);
echo $div_title . us($inf['user']) . ' / ' . $inf['title']
. $div_end . itime($inf['date'], 0)
. $block . $div_tworazdel . smiles(bb_code($inf['content'])) . $div_end;
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT `id` FROM `koms_note` WHERE `id` = '$x' AND `komu` = '$user[id]' LIMIT 1");
if (mysql_num_rows($em) != FALSE) {
mysql_query("DELETE FROM `koms_note` WHERE `id` = '$x' AND `komu` = '$user[id]' LIMIT 1");
header('Location: ez-look-' . $z);
} else {
header('Location: ez-look-' . $z);
}
}
if (isset($_GET['order']) && $_GET['order'] == 2) {
$sort = '<b>вверху</b> | <a href="sortz-look-'.$z.'-1">внизу</a>';
$ord = 'DESC';
} elseif (isset($_GET['order']) && $_GET['order'] == 1) {
$sort = '<a href="sortz-look-'.$z.'-2">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
} else {
$sort = '<a href="sortz-look-'.$z.'-2">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
}
echo $div_menu . 'Новые: ' . $sort . $div_end;
$num = mysql_result(mysql_query("SELECT COUNT(id) FROM `koms_note` WHERE `uid` = '$z'"), 0);
if ($num != FALSE) {
echo 'Комментарии:<br/>';
$n = new navigator($num, $user['onp_comments'], 'ez-look-'.$z.'&');
$view = mysql_query("SELECT * FROM `koms_note` WHERE `uid` = '$z' ORDER BY `id` $ord {$n->limit}");
while($a = mysql_fetch_assoc($view)) {
$otv = ' <a href="answ-z-look-'.$z.'-'.$a['user'].'#down">[отв]</a>';
$d = '<a href="dz-look-'.$z.'-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a> ';
echo $div_razdel . $d . us($a['user']) . $otv . ' (' . $a['date'] . ')' . $div_end . $div_tworazdel . smiles(bb_code($a['msg'])) . $div_end;
}
} else {
echo 'Комментарии отсутствуют.<br/>';
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Пустой комментарий!');
} else {
// Оповещание последнему постеру
$lst = mysql_fetch_assoc(mysql_query("SELECT `user` FROM `koms_note` WHERE
`uid` = '$z'
ORDER BY `id` DESC LIMIT 1"));
if ($user['id'] != $inf['user'])
{
$message = 'К вашей заметке <a href="zm-uslook-'.$user['id'].'-'.$z.'">' . $inf['title'] . '</a> оставили комментарий.';
mysql_query("INSERT INTO `lenta` SET
`user` = '$lst[user]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'fav$z',
`read` = '1'");
}
elseif ($user['id'] != $lst['user'])
{
$message = 'Оставлено сообщение к заметке <a href="zm-uslook-'.$user['id'].'-'.$z.'">' . $inf['title'] . '</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '$lst[user]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'fav$z',
`read` = '1'");
}
mysql_query("INSERT INTO `koms_note` SET
`uid` = '$z',
`user` = '$user[id]',
`msg` = '$mes',
`date` = '" . date('d.m.y H:i') . "',
`komu` = '$user[id]'");
header('Location: ez-look-' . $z);
}
}
$Komu = (isset($_GET['k'])) ? '[b]Ответ: ' . user_inf(my_int($_GET['k']), 'user') . '[/b], ' : '';
echo '<a name="down"></a>
<form method="post" action="ez-look-'.$z.'">
<label><b>Комментарий:</b></label>
<br/>
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="hidden" name="z" value="' . $z . '"/>
<input type="submit" name="addkom" value="Добавить"/>
</form>';
}
break;
/*
* Просмотр чужих заметок
*/
case view:
$nk = my_int($_GET['nk']);
if ($user['id'] == $nk) {
header('Location: zametki.php?do=read');
die();
}
echo $div_title . 'Заметки /
' . us($nk) . $div_end . $div_menu . '
<a href="zametki.php?do=read">Мои заметки</a> |
<a href="zametki.php?">Заметки</a>' . $div_end;
if (!user_inf($nk)) {
err('Пользователь не наден!');
} else {
$count = mysql_result(mysql_query("SELECT COUNT(id) FROM `zametki` WHERE `user` = '$nk'"), 0);
$n = new navigator($count, $user['onp_favs'], '?');
$view = mysql_query("SELECT * FROM `zametki` WHERE `user` = '$nk' ORDER BY `id` DESC {$n->limit}");
if ($count != FALSE) {
$i = 0;
while($a = mysql_fetch_assoc($view)) {
echo ($i ++ % 2) ? $div_tworazdel : $div_razdel;
echo '<a href="nzu-uslook-'.$nk.'-'.$a['id'].'">' . $a['title'] . '</a>' . $div_end;
}
echo $n->navi();
} else {
echo 'Заметок нет!<br/>';
}
}
break;
/*
* Просмотр подробно чужой заметки
*/
case uslook:
$nk = my_int($_REQUEST['nk']);
$i = my_int($_REQUEST['i']);
$empty = mysql_query("SELECT * FROM `zametki` WHERE `id` = '$i' AND `user` = '$nk' LIMIT 1");
if (!user_inf($nk)) {
err('Пользователь не наден!');
} else {
if (mysql_num_rows($empty) == FALSE) {
err('Заметка не найдена!');
} else {
$inf = mysql_fetch_assoc($empty);
//-------------------------------------------//
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE user = '$user[id]' AND `read` = '1' AND type = 'friends' AND uid = 'fav$i' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE user = '$user[id]' AND `read` = '1' AND type = 'friends' AND uid = 'fav$i' LIMIT 1");
}
//-------------------------------------------//
$sqlLenta = mysql_query("SELECT id FROM lenta WHERE user = '$user[id]' AND `read` = '1' AND type = 'comments' AND uid = 'fav$i' LIMIT 1");
if (mysql_num_rows($sqlLenta) != false)
{
mysql_query("UPDATE lenta SET `read` = '0' WHERE user = '$user[id]' AND `read` = '1' AND type = 'comments' AND uid = 'fav$i' LIMIT 1");
}
//-------------------------------------------//
//-------------------------------------------//
$fr = mysql_query("SELECT COUNT(id) FROM `friends` WHERE
`user` = '$user[id]'
AND
`who` = '$nk'
AND
`zajavka` = '1'
OR
`user` = '$nk'
AND
`who` = '$user[id]'
AND
`zajavka` = '1'");
if ($inf['look'] == 0 && mysql_result($fr, 0) == FALSE) {
err('Заметка доступна только для друзей автора!');
include 'foot.php';
exit();
}
if (isset($_GET['x'])) {
$x = my_int($_GET['x']);
$em = mysql_query("SELECT `id` FROM `koms_note` WHERE `id` = '$x' LIMIT 1");
if (mysql_num_rows($em) != FALSE) {
mysql_query("DELETE FROM `koms_note` WHERE `id` = '$x' LIMIT 1");
header('Location: nzu-uslook-'.$nk.'-' . $i);
} else {
header('Location: nzu-uslook-'.$nk.'-' . $i);
}
}
if (mb_strlen($inf['content'], 'UTF8') > 250 && !isset($_GET['read'])) {
$inf['content'] = mb_substr($inf['content'], 0, 250, 'UTF8') . '...<br/>
<a href="nzu-uslook-'.$nk.'-'.$i.'&read"><span class="next">Далее»</span></a>';
} elseif (mb_strlen($inf['content'], 'UTF8') > 250 && isset($_GET['read'])) {
$inf['content'] = $inf['content'] . '<br/>
<a href="nzu-uslook-'.$nk.'-'.$i.'"><span class="next">«Скрыть</span></a>';
} else {
$inf['content'] = $inf['content'];
}
echo $div_title . us($nk) . ' / ' . $inf['title']
. $div_end . itime($inf['date'], 0)
. $block . $div_tworazdel . smiles(bb_code($inf['content'])) . $div_end;
if (isset($_GET['order']) && $_GET['order'] == 2) {
$sort = '<b>вверху</b> | <a href="sortzu-uslook-'.$nk.'-'.$i.'-1">внизу</a>';
$ord = 'DESC';
} elseif (isset($_GET['order']) && $_GET['order'] == 1) {
$sort = '<a href="sortzu-uslook-'.$nk.'-'.$i.'-2">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
} else {
$sort = '<a href="sortzu-uslook-'.$nk.'-'.$i.'-2">вверху</a> | <b>внизу</b>';
$ord = 'ASC';
}
echo $div_menu . 'Новые: ' . $sort . $div_end;
$num = mysql_result(mysql_query("SELECT COUNT(id) FROM `koms_note` WHERE `uid` = '$i'"), 0);
if ($num != FALSE) {
echo 'Комментарии:<br/>';
$n = new navigator($num, $user['onp_comments'], 'nzu-uslook-'.$nk.'-'.$i.'&');
$view = mysql_query("SELECT * FROM `koms_note` WHERE `uid` = '$i' ORDER BY `id` $ord {$n->limit}");
while($a = mysql_fetch_assoc($view)) {
$otv = ' <a href="answ-uz-uslook-'.$nk.'-'.$i.'-'.$a['user'].'#down">[отв]</a>';
if ($a['user'] == $user['id'] || $user['level'] >= 2 && $user['level'] <= 5) {
$d = '<a href="dzu-uslook-'.$nk.'-'.$i.'-'.$a['id'].'"><img src="ico/delete.png" alt=""/></a> ';
}
echo $div_razdel . $d . us($a['user']) . $otv . ' (' . $a['date'] . ')' . $div_end . $div_tworazdel . smiles(bb_code($a['msg'])) . $div_end;
}
echo $n->navi();
} else {
echo $div_razdel . 'Комментарии отсутствуют.' . $div_end;
}
if (isset($_POST['addkom'])) {
$mes = trim(mysql_real_escape_string(check($_POST['mes'])));
if (empty($mes)) {
err('Пустой комментарий!');
} else {
// Оповещание последнему постеру
$lst = mysql_fetch_assoc(mysql_query("SELECT `user` FROM `koms_note` WHERE
`uid` = '$i'
ORDER BY `id` DESC LIMIT 1"));
if ($user['id'] != $lst['user']) {
$message = 'Оставлено сообщение к заметке <a href="nzu-uslook-'.$nk.'-'.$i.'">' . $inf['title'] . '</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '$lst[user]',
`text` = '$message',
`type` = 'comments',
`date` = '" . time() . "',
`uid` = 'fav$i',
`read` = '1'");
}
mysql_query("INSERT INTO `koms_note` SET
`uid` = '$i',
`user` = '$user[id]',
`msg` = '$mes',
`date` = '" . date('d.m.y H:i') . "',
`komu` = '$nk'");
header('Location: nzu-uslook-'.$nk.'-' . $i);
}
}
$Komu = (isset($_GET['k'])) ? '[b]Ответ: ' . user_inf(my_int($_GET['k']), 'user') . '[/b], ' : '';
echo '<a name="down"></a>
<form method="post" action="nzu-uslook-'.$nk.'-'.$i.'">
<label><b>Комментарий:</b></label><br/>
<textarea name="mes" cols="50" rows="5" style="width: 99%;">' . $Komu . '</textarea>
<br/>
<input type="submit" name="addkom" value="Добавить"/>
</form>';
}
}
break;
}
include 'system/foot.php';
?>