Файл: news/includes/comments.php
Строк: 241
<?php
/*
////////////////////////////////////////////////////////////////////////////////
// JohnCMS //
// Официальный сайт сайт проекта: http://johncms.com //
// Дополнительный сайт поддержки: http://gazenwagen.com //
////////////////////////////////////////////////////////////////////////////////
// JohnCMS core team: //
// Евгений Рябинин aka john77 john77@johncms.com //
// Олег Касьянов aka AlkatraZ alkatraz@johncms.com //
// //
// Информацию о версиях смотрите в прилагаемом файле version.txt //
////////////////////////////////////////////////////////////////////////////////
*/
defined('_IN_JOHNCMS') or die('Error: restricted access');
if($id) {
$query = mysql_query("SELECT * FROM `cms_news` WHERE `id`='$id' LIMIT 1;");
if (mysql_num_rows($query)) {
$res1 = mysql_fetch_assoc($query);
if(empty($_SESSION['error']))
$_SESSION['error'] = '';
$textl = $lng['news'] . ' | ' . $lng_news['comments_on_news'] . ' "' . htmlentities($res1['name'], ENT_QUOTES, 'UTF-8') . '"';
require_once('../incfiles/head.php');
echo '<div class="phdr"><h3>' . $lng_news['comments_on_news'] . ' "<a href="index.php?act=view&id=' . $id . '">' . htmlentities($res1['name'], ENT_QUOTES, 'UTF-8') . '</a>"</h3></div>';
$com = isset($_REQUEST) ? abs(intval($_REQUEST['com'])) : '';
switch($mod) {
case 'replay':
if($rights >= 7) {
$q = mysql_query("SELECT * FROM `cms_news_comments` WHERE `id`='$com' LIMIT 1;");
if (mysql_num_rows($q)) {
$r = mysql_fetch_assoc($q);
if(isset($_POST['submit'])) {
$text = isset($_POST['text']) ? trim($_POST['text']) : '';
$error = array();
if(!$text)
$error[] = $lng_news['message_not_empty'] . '!';
elseif (mb_strlen($text) < 4 || mb_strlen($text) > 5000)
$error[] = $lng_news['message_long_error'] . '!';
$flood = functions::antiflood();
if($flood)
$error[] = $lng['error_flood'] . ' ' . $flood . $lng['sec'];
if(empty($error)) {
mysql_query("UPDATE `cms_news_comments` SET
`reply` = '[b]" . $login . "[/b]:" . mysql_real_escape_string($text) . "' WHERE `id`='$com'");
mysql_query("UPDATE `users` SET
`lastpost` = '" . time() . "'
WHERE `id` = '$user_id'
");
$_SESSION['error'] = '<div class="gmenu">' . $lng_news['added_message'] . '</div>';
} else {
$_SESSION['error'] = '<div class="rmenu">' . implode('<br />', $error) . '</div>';
}
Header('Location: index.php?act=comments&id=' . $id);
exit;
}
echo $_SESSION['error'] . '<div class="gmenu">
<form action="index.php?act=comments&mod=replay&id=' . $id . '&com=' . $com . '" method="post" enctype="multipart/form-data"><div>
<b>' . $lng['message'] . ':</b><br/>
<textarea rows="3" name="text">' . htmlentities($r['reply'], ENT_QUOTES, 'UTF-8') . '</textarea>
<br /><span style="font-size: x-small;">' . $lng_news['recommended_message'] . '</span><br />
<input type="submit" name="submit" value="' . $lng['reply'] . '"/>
</div></form>
</div>';
} else {
echo functions::display_error($lng_news['message_does_not_exist'] . '!');
}
} else {
Header('Location: ../?err');
exit;
}
break;
case 'delete':
if($rights >= 7) {
$q = mysql_query("SELECT * FROM `cms_news_comments` WHERE `id`='$com' LIMIT 1;");
if (mysql_num_rows($q)) {
if(isset($_POST['submit'])) {
mysql_query("DELETE FROM `cms_news_comments` WHERE `id`='$com'");
$_SESSION['error'] = '<div class="gmenu">' . $lng_news['message_deleted'] . '</div>';
Header('Location: index.php?act=comments&id=' . $id);
exit;
}
echo $_SESSION['error'] . '<div class="rmenu">
<form action="index.php?act=comments&mod=delete&id=' . $id . '&com=' . $com . '" method="post" enctype="multipart/form-data"><div>
' . $lng_news['confirm_the_deletion'] . '<br />
<input type="submit" name="submit" value="' . $lng['delete'] . '"/>
</div></form>
</div>';
} else {
echo functions::display_error($lng_news['message_does_not_exist'] . '!');
}
} else {
Header('Location: ../?err');
exit;
}
break;
default:
if($user_id && empty($ban[1]) ) {
if(isset($_POST['submit'])) {
$text = isset($_POST['text']) ? trim($_POST['text']) : '';
$error = array();
if(!$text)
$error[] = $lng_news['message_not_empty'] . '!';
elseif (mb_strlen($text) < 4 || mb_strlen($text) > 5000)
$error[] = $lng_news['message_long_error'] . '!';
$flood = functions::antiflood();
if($flood)
$error[] = $lng['error_flood'] . ' ' . $flood . $lng['sec'];
if(empty($error)) {
mysql_query("INSERT INTO `cms_news_comments` SET
`refid` = '$id',
`time` = '" . time() . "',
`user_id` = '" . $user_id . "',
`text` = '" . mysql_real_escape_string($text) . "';");
mysql_query("UPDATE `users` SET
`lastpost` = '" . time() . "'
WHERE `id` = '$user_id'
");
$_SESSION['error'] = '<div class="gmenu">' . $lng_news['added_message'] . '</div>';
} else {
$_SESSION['error'] = '<div class="rmenu">' . implode('<br />', $error) . '</div>';
}
Header('Location: index.php?act=comments&id=' . $id);
exit;
}
echo $_SESSION['error'] . '<div class="gmenu">
<form action="index.php?act=comments&id=' . $id . '" method="post" enctype="multipart/form-data"><div>
<b>' . $lng['message'] . ':</b><br/>
<textarea rows="3" name="text">' . (!empty($_POST['text']) ? htmlentities($_POST['text'], ENT_QUOTES, 'UTF-8') : '') . '</textarea>
<br /><span style="font-size: x-small;">' . $lng_news['recommended_message'] . '</span><br />
<input type="submit" name="submit" value="' . $lng['sent'] . '"/>
</div></form>
</div>';
}
echo '<div class="phdr"><h3>' . $lng['comments'] . '</h3></div>';
$total = mysql_result(mysql_query("SELECT COUNT(*) FROM `cms_news_comments` WHERE `refid`='$id';"), 0);
if($total) {
if ($total > $kmess)
echo '<div class="topmenu">' . functions::display_pagination('index.php?act=comments&id=' . $id . '&', $start, $total, $kmess) . '</div>';
$i = 1;
$req = mysql_query("SELECT `cms_news_comments`.*, `cms_news_comments`.`time` as `mtime`, `cms_news_comments`.`id` as `mid`, `users`.* FROM `cms_news_comments` LEFT JOIN `users` ON `cms_news_comments`.`user_id`=`users`.`id` WHERE `cms_news_comments`.`refid`='$id' ORDER BY `cms_news_comments`.`time` DESC LIMIT "
. $start . "," . $kmess);
while (($row = mysql_fetch_assoc($req)) !== false) {
echo $i % 2 ? '<div class="list1">' : '<div class="list2">';
$post = $row['text'];
$post = functions::checkout($post, 1, 1);
if ($set_user['smileys'])
$post = functions::smileys($post, $row['rights'] >= 1 ? 1 : 0);
if($row['reply'])
$post .= '<div class="reply">' . functions::checkout($row['reply'], 1, 1) . '</div>';
if($rights >= 7) $subtext = '<a href="index.php?act=comments&mod=replay&id=' . $id . '&com=' . $row['mid'] . '">' . $lng['reply']. '</a> | <a href="index.php?act=comments&mod=delete&id=' . $id . '&com=' . $row['mid'] . '">' . $lng['delete']. '</a>';
else $subtext = '';
$text = ' <span class="gray">(' . functions::display_date($row['mtime']) . ')</span>';
$arg = array(
'header' => $text,
'body' => $post,
'sub' => $subtext
);
echo functions::display_user($row, $arg);
echo '</div>';
++$i;
}
echo '<div class="phdr">' . $lng['total'] . ': ' . $total . '</div>';
if ($total > $kmess) {
echo '<div class="topmenu">' . functions::display_pagination('index.php?act=comments&id=' . $id . '&', $start, $total, $kmess) . '</div>';
echo '<p><form action="index.php" method="get">
<input type="hidden" name="act" value="comments"/>
<input type="hidden" name="id" value="' . $id . '"/>
<input type="text" name="page" size="2"/>
<input type="submit" value="' . $lng['to_page'] . ' >>"/></form></p>';
}
} else {
echo '<div class="rmenu">' . $lng_news['message_news_empty'] . '!</div>';
}
}
echo '<div class="bmenu"><a href="index.php?act=view&id=' . $id . '">' . $lng_news['back'] . '</a></div>';
} else {
$textl = $lng['news'];
require_once('../incfiles/head.php');
echo functions::display_error($lng_news['news_does_not_exist']);
}
} else {
$textl = $lng['news'];
require_once('../incfiles/head.php');
}