Файл: wall.php
Строк: 21
<?
require_once("core/core.php");
if (!$u['id']) {
header("Location: reg.php?err=1");
exit;
}
switch ($_GET['act']) {
case 'add':
if (isset($_GET['id'])) {
$id = num($_GET['id']);
$req = mysql_query("SELECT `id` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
}
}
if (empty($user)) {
header("Location: index.php");
exit;
}
if (isset($_POST['message'])) {
$message = check(substr($_POST['message'], 0, 10000));
}
if (empty($message) || $message == '') {
header("Location: guestbook.php?id=" . $user['id'] . "");
exit;
}
$flood = mysql_query("SELECT `time` FROM `wall` WHERE `user` = '" . $u['id'] . "' AND `time` > '" . (time() - $system['wall_antiflud']) . "'");
if (mysql_num_rows($flood)) {
header("Location: guestbook.php?id=" . $user['id'] . "&flud=1");
exit;
}
mysql_query("INSERT INTO `wall` SET
`user` = '" . $u['id'] . "',
`message` = '$message',
`time` = '" . time() . "',
`wall` = '" . $user['id'] . "'
");
mysql_query("UPDATE `users` SET `stat_guestbook` = `stat_guestbook`+1 WHERE `id` = '" . $u['id'] . "'");
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '" . $u['id'] . "'");
if ($user['id'] != $u['id']) {
if ($u['sex'] == 'm') {
$action[0] = 'Оставил';
} else {
$action[0] = 'Оставила';
}
$text = $action[0] . ' сообщение в <a href = "guestbook.php?id=' . $user['id'] . '">гостевой</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '" . $user['id'] . "',
`outuser` = '" . $u['id'] . "',
`text` = '$text',
`time` = '" . time() . "',
`new` = '1'
");
}
header("Location: guestbook.php?id=" . $user['id'] . "");
break;
default:
header("Location: index.php");
}
?>