Файл: system/arbour.php
Строк: 142
<?
require('connect.php');
$location = 'arbour';
switch($_GET['act'])
{
//~~~~~~~~~~~~~~~~~~~~~Редактирование~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'edit':
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;
}
if($u['admin'] >= 1) {
if ($_GET['id']) {
$id = intval($_GET['id']);
if (isset($_POST['submit'])) {
$message = check(substr($_POST['message'], 0, 5000));
if (empty($message)){
require('head.php');;
error(' Ошибка , так делать нельзя !'); $error = '1';
require('foot.php');
exit;
}
if (empty($error)){
mysql_query("UPDATE `arbour` SET
`message` = '$message'
WHERE `id` = '$id'
");
header ("Location: arbour.php");
}
} else {
$req = mysql_query("SELECT * FROM `arbour` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)){$user = mysql_fetch_assoc($req); }else {
require('head.php');
error('Такого сообщения нет !');
require('foot.php');
exit;
}
require('head.php');
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> <a href = "arbour.php">Беседка</a> <b>Изменить сообщение</b>';
echo '</div>';
echo '<div class="div">';
$message = mysql_fetch_assoc(mysql_query("SELECT * FROM `arbour` WHERE `id` = '$id'"));
$text = $message['message'];
echo '<form action="arbour.php?act=edit&id=' . $id . '" method="post">';
echo 'Сообщение от <a href = "/'.$message['user'].'">'.login($message['user']).'</a><br/>';
echo '<textarea cols="20" rows="3" name="message" style="width: 97%">'.$text.'</textarea><br/>';
echo '<input type="submit" name="submit" value="Сохранить" class="submit white"/>';
echo '</form>';
echo '</div>';
require('foot.php');
}
}
} else {
error(' Отказано в доступе !');
require('foot.php');
exit;
}
break;
//~~~~~~~~~~~~~~~~~~~Очистка~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'clear':
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;
}
if($u['admin'] >= 1) {
if (isset($_POST['submit'])) {
mysql_query("DELETE FROM `arbour`");
header ("Location: arbour.php");
exit;
} else {
require('head.php');
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> <a href = "arbour.php">Беседка</a> <b>Очистка</b>';
echo '</div>';
echo '<div class="div">';
echo 'Действительно очистить беседку?';
echo '<form action="arbour.php?act=clear" method="post">';
echo '<input type="submit" name="submit" value="Да, очистить" class="submit white"/>';
echo '</form></div>';
echo '</div>';
require('foot.php');
}
} else {
error(' Отказано в доступе !');
require('foot.php');
exit;
}
break;
//~~~~~~~~~~~~~~~Ответ~~~~~~~~~~~~~~~~~//
case 'answer':
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;
}
if ($_GET['id']) {
$id = num($_GET['id']);
if (isset($_POST['submit'])) {
$message = check(substr($_POST['message'], 0, 1000));
if (empty($message)){
require('head.php');
error(' Ошибка , так делать нельзя !'); $error = '1';
require('foot.php');
exit;
}
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `arbour` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$comm = mysql_fetch_assoc($req);
}
}
if (empty($error)){
mysql_query("INSERT INTO `arbour` SET
`user` = '".$u['id']."',
`message` = '$message',
`time` = '".time()."'
");
$usero = mysql_fetch_assoc(mysql_query("SELECT * FROM `arbour` WHERE `id` = '$id'"));
if($usero['id'] != $u['id']){
if($u['sex'] == 'm'){
$action[0] = 'Ответил';
} else {
$action[0] = 'Ответила';
}
$text = $action[0].' вам в <a href = "arbour.php">беседке</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$usero['user']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '".$u['id']."'");
if($u['sex'] == 'm'){
$action[0] = 'Оставил';
} else {
$action[0] = 'Оставила';
}
$text = $action[0].' сообщение в <a href = "arbour.php?">беседкке</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`forum` = '0',
`blog` = '0',
`foto` = '0',
`diary` = '0',
`comm` = '1'
");
mysql_query("UPDATE `users` SET `stat_arbour` = `stat_arbour`+1 WHERE `id` = '".$u['id']."'");
header ("Location: arbour.php");
}
} else {
$req = mysql_query("SELECT * FROM `arbour` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)){$user = mysql_fetch_assoc($req); }else {
require('head.php');
error('Такого сообщения нет !');
require('foot.php');
exit;
}
require('head.php');
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> <a href = "arbour.php">Беседка</a> <b>Ответ</b>';
echo '</div>';
echo '<div class="div">';
$message = mysql_fetch_assoc(mysql_query("SELECT * FROM `arbour` WHERE `id` = '$id'"));
echo '<form action="arbour.php?act=answer&id=' . $id . '" method="post">';
echo 'Ответ <a href = "/'.$message['user'].'">'.login($message['user']).'</a><br/>';
echo '<textarea cols="20" rows="3" name="message" style="width: 97%">[u]'.login($message['user']).'[/u] , </textarea><br/>';
echo '<input type="submit" name="submit" value="Сохранить" class="submit white"/>';
echo '</form>';
echo '</div>';
require('foot.php');
}
}
break;
//~~~~~~~~~~~~~~~~~~~Вывод сообщений~~~~~~~~~~~~~~~~~//
default:
if($u['id'] and $_POST['message']){
$message = check(substr($_POST['message'], 0, 1000));
$flood = mysql_query("SELECT `time` FROM `arbour` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - $system['arbour_antiflud']) . "'");
if (mysql_num_rows($flood)) {
header ("Location: arbour.php?flud=1");
exit;
}
$req = mysql_query("SELECT * FROM `arbour` WHERE `user` = '".$u['id']."' ORDER BY `time` DESC");
$res = mysql_fetch_array($req);
if ($res['message'] == $message) {
header("location: arbour.php");
exit;
}
if (empty($message)){
require('head.php');
error(' Ошибка , так делать нельзя !'); $error = '1';
require('foot.php');
exit;
}
if (empty($error)){
mysql_query("INSERT INTO `arbour` SET
`user` = '".$u['id']."',
`message` = '$message',
`time` = '".time()."'
");
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '".$u['id']."'");
if($u['sex'] == 'm'){
$action[0] = 'Оставил';
} else {
$action[0] = 'Оставила';
}
$text = $action[0].' сообщение в <a href = "arbour.php?">беседкке</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`forum` = '0',
`blog` = '0',
`foto` = '0',
`diary` = '0',
`comm` = '1'
");
mysql_query("UPDATE `users` SET `stat_arbour` = `stat_arbour`+1 WHERE `id` = '".$u['id']."'");
header ("Location: arbour.php?");
}
}
$title = $title.' | Беседка';
require('head.php');
require('core/bb_code.php');
require('core/panel.php');
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> <a href = "arbour.php">Беседка</a> <b>Просмотр</b>';
echo '</div>';
echo '<div class="nav"><a href = "arbour.php?refresh='.rand(1,9999).'"> Обновить</a> | <a href = "smiles.php">Смайлы</a> | <a href = "code.php">BB-коды</a> ';
if($u['admin'] >= 1) {
echo '| <a href = "arbour.php?act=clear">Очистить</a> ';
}
echo '</div>';
if ($u['id']) {
echo '<div class="app">';
echo '' .panel();
echo'<form action="arbour.php" method="post" name="form">';
echo '<textarea cols="20" rows="3" name="message" style="width: 97%"placeholder="Ваше сообщение...">';
echo '</textarea><br/>';
echo "<input type='submit' title='Нажмите для отправки' name='submit' value='Отправить' class='submit white'/>";
echo "</form></div>";
} else {
echo '</div><div class="zona">Извините, добавление комментариев доступно только зарегистрированным пользователям.
Регистрация быстрая и бесплатная.</div>';
}
if($u['admin'] >= 1) {
if($_GET['del']){
$id = num($_GET['del']);
$message = mysql_num_rows(mysql_query("SELECT `id` FROM `arbour` WHERE `id` = '$id' LIMIT 1"));
if($message){
mysql_query("DELETE FROM `arbour` WHERE `id` = '$id' LIMIT 1");
header ("Location: arbour.php");
}
}
}
if($_GET['flud']) error('Ошибка! Можно отправлять сообщения только раз в '.$system['arbour_antiflud'].' сек.');
$all = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `arbour`"), 0);
if($all > 0){
$total = num(($all - 1) / 10) + 1;
$page = num($_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
echo '<div class="nav">Сообщений ('.$all.') </div>';
if ($all >= 11)echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
$sort = check($_GET['sort']);
if($sort == 'message') {
$sortq = 'ASC';
if ($all >= 11)echo '<a href = "arbour.php?&sort=time&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'time' || empty($sortq)) {
$sort = 'time';
$sortq = 'DESC';
if ($all >= 11)echo '<b>Новые</b> | <a href = "arbour.php?&sort=message&page='.$page.'">Поcледние</a>';
}
if ($all >= 11)echo '</div>';
$result = mysql_query("SELECT * FROM `arbour` ORDER BY `time` $sortq LIMIT $start, 10");
while($arbour = mysql_fetch_assoc($result)){
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$arbour["user"]."'"));
$message = checkout($arbour['message']);
echo $i % 2 ? '<div class="div">' : '<div class="div">';
if(ban($user['id']) || ($user['delete'] == 1)){
echo ''.ico($user['sex'],$user['admin']).' <a href = "/'.$user['id'].'"><del>'.$user['login'].'</del></a> '.online($user['online']).'';
} else {
echo ''.ico($user['sex'],$user['admin']).' <a href = "/'.$user['id'].'">'.$user['login'].'</a> '.online($user['online']).'';
}
if($user['rating']>=1000 && $user['rating']<=1999)echo " <img src='ico/b.png' alt='' class='icon'</a>n";
if($user['rating']>=2000 && $user['rating']<=2999)echo " <img src='ico/s.png' alt='' class='icon'</a>n";
if($user['rating']>=3000)echo " <img src='ico/z.png' alt='' class='icon'</a>n";
if($user['vip'] == 1)echo "<img src='ico/vip.gif' alt='' class='icon'</a>n";
echo ' <small>'.vremya($arbour['time']).'</small><br/>';
echo ''.smile(links(bb_code(censored($message)))).'<br/>';
echo '<small>';
if ($u['id']) {
if($user['id'] != $u['id']) echo '[<a href = "arbour.php?act=answer&id='.$arbour['id'].'">Отв</a>]';
}
if($u['admin'] >= 1) {echo ' [<a href = "arbour.php?act=edit&id='.$arbour['id'].'">Изм</a>]
[<a href = "?del='.$arbour['id'].'"><font color="red">x</font> Удал</a>]';
if(ban($user['id'])){
if($arbour['user'] != $u['id'])echo ' [<a href = "adminka.php?act=delban_users&id='.$user['id'].'"><font color="red">Разбанить</font></a>]';
} else {
if($arbour['user'] != $u['id'])echo ' [<a href = "adminka.php?act=ban_users&id='.$user['id'].'"><font color="red">Бан</font></a>]';
}
}
echo '</small>';
echo '</div>';
$i++;
}
if ($all >= 11)echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-down" style="float: right; text-decoration: none;" href="#page-up"><img src = "ico/page_up.png"></a>';
}
if($sort == 'message') {
$sortq = 'ASC';
if ($all >= 11)echo '<a href = "arbour.php?&sort=time&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'time' || empty($sortq)) {
$sort = 'time';
$sortq = 'DESC';
if ($all >= 11)echo '<b>Новые</b> | <a href = "arbour.php?&sort=message&page='.$page.'">Поcледние</a>';
}
if ($all >= 11)echo '</div>';
echo '</div>';
navigation($page, $total,'arbour.php?&sort='.$sort.'&');
}else{
error('Сообщений еще нет. Будь первым!');
}
echo '</div>';
require('foot.php');
}
?>