Файл: vkolhoze.com/inc/gallery/photo.php
Строк: 54
<?php
if(isset($_GET['id']) && is_numeric($_GET['id'])){
$ph=mysql_fetch_assoc(mysql_query("SELECT * FROM `gallery_photo` WHERE `id`= '".$_GET['id']."' "));
$us=mysql_fetch_assoc(mysql_query("SELECT * FROM `kolhoz_user` WHERE `id`= '".$ph['id_user']."' "));
$rat0=mysql_result(mysql_query("SELECT COUNT(*) FROM `rating_photo` WHERE `id_photo` = '".$_GET['id']."' AND `rating`='0'"),0);
$rat1=mysql_result(mysql_query("SELECT COUNT(*) FROM `rating_photo` WHERE `id_photo` = '".$_GET['id']."' AND `rating`='1'"),0);
$rat=mysql_result(mysql_query("SELECT COUNT(*) FROM `rating_photo` WHERE `id_photo` = '".$_GET['id']."' AND `id_user`='".$ku['id']."'"),0);
if(isset($_GET['rating']) && is_numeric($_GET['rating'])){
if($rat>0){
err_game("error");
}else{
mysql_query("INSERT INTO `rating_photo` SET `id_user`='".$ku['id']."',`id_photo`='".$_GET['id']."', `rating`= '".$_GET['rating']."'");
header("Location: /?photo&id=".$_GET['id']);
}
}
if(isset($_GET['del_com']) && is_numeric($_GET['del_com']) && ($ku['status']>0 || $ku['id']==$us['id'])){
mysql_query("DELETE FROM `com_photo` WHERE `id` = '".$_GET['del_com']."'");
header("Location: ?photo&id=".$_GET['id']);
}
if(isset($_POST['msg'])){
$msg=my_esc($_POST['msg']);
if($msg==NULL || $msg==''){
echo 'Вы не ввели сообщение';
}else{
mysql_query("INSERT INTO `com_photo` SET `id_user`='".$ku['id']."', `msg`='$msg', `id_photo`='".$_GET['id']."', `time`='$time'");
header("Location: /?photo&id=".$_GET['id']);
}
}
echo "<div class='content'>";
echo "<div class='block'>";
echo '<div class="event"><h1>Фотографии '.$us['nick'].'</h1></div><br>';
if($rat==0 && $ku['id']!==$us['id']){
echo '<H1> Оцени фото: <a class="knopka_one" href="?photo&id='.$_GET['id'].'&rating=1"><img width="32" height="32" src="images/icons/like.png"></a> или <a class="knopka_one" href="?photo&id='.$_GET['id'].'&rating=0"><img width="32" height="32" src="images/icons/dislike.png"></a></H1> ';
}
echo "<div class='block'>";
echo '<span>  <b>Уже: <img width="20" height="20" src="images/icons/like.png">'.$rat1.' и <img width="20" height="20" src="images/icons/dislike.png">'.$rat0.'</b></span> ';
echo '</div>';
echo '<img src="/images/gallery/'.$ph['img'].'"><br>';
echo '<br>';
//echo hsc($ph['name']).'';
echo'
<form method="post"><textarea name="msg"></textarea><br>
<input type="submit" value="Комментировать"/></form>';
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `com_photo` WHERE `id_photo` = '$_GET[id]'"),0);
if ($k_post==0)
{
echo"Никто ещё не оставил комментарий<br><br/>";
}
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$num=($page-1)*$set['p_str'];
$q=mysql_query("SELECT * FROM `com_photo` WHERE `id_photo` = '".$_GET[id]."' LIMIT $start, $set[p_str]");
while($post=mysql_fetch_array($q))
{
echo '<hr>';
echo "".on_k($post['id_user'])."";
echo " <a class='' href='?user=$post[id_user]'><span>".nc($post['id_user'])."</span></a>";
if($ku['status']>0 || $ku['id']==$us['id']){
}
echo '<br><p>'.my_esc($post['msg']);
echo '<br><br></p>';
echo '<a class="knopka1" href="?photo&id='.$_GET['id'].'&del_com='.$post['id'].'"><img width="24" height="24" src="images/icons/cross.png"> Удалить комментарий</a>';
echo'<br>';
}
if ($k_page>1)str("?photo&id=".$_GET['id']."&",$k_page,$page); // Вывод страниц
include_once"inc/foot.php";
}
?>