Файл: spuff.ru/forum/posting.php
Строк: 107
<?php
$title = 'Форум';
require_once '../includes/sys.php';
require_once '../includes/header.php';
$msg = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'"));
$topic = mysql_fetch_assoc(mysql_query("SELECT `title`, `closed` FROM `forum_topics` WHERE `id` = '$msg[id_topic]'"));
$filename = NULL;
$whitelist = array('.zip', '.rar', '.txt', '.sql', '.tar', '.jpg', '.gif', '.png');
$dir = 'files';
if (!empty($_FILES['file']['name'])) {
$name = $_FILES['file']['name'];
$ext = strtolower(strrchr($name, '.'));
if (in_array($ext, $whitelist)) {
$filename = substr(md5(time()), 0, 6);
$filename .= $ext;
copy($_FILES['file']['tmp_name'], $dir . '/' . $filename);
}
}
switch ($act) {
default:
if ($u['id']) {
if (empty($topic['closed'])) {
if (TIME > $_SESSION['antispam']) {
$text = check($_POST['text']);
if ($text) {
mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$id'");
mysql_query("INSERT INTO `forum_msg` SET `file` = '$filename', `id_cat` = '$topic[id_cat]', `id_subcat` = '$topic[id_subcat]', `id_topic` = '$id', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('topic.php?act=end&id='.$id);
} else {
redirect('topic.php?act=end&id='.$id);
}
} else {
error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
nav('topic.php?id='.$id);
}
} else {
redirect('?');
}
} else {
redirect(HTTPHOME.'/login.php');
}
break;
case 'reply':
if ($u['id']) {
if ($msg['id']) {
if (empty($topic['closed'])) {
if ($ok) {
if (TIME > $_SESSION['antispam']) {
$text = check($_POST['text']);
if ($text) {
mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$msg[id_topic]'");
mysql_query("INSERT INTO `forum_msg` SET `file` = '$filename', `id_cat` = '$msg[id_cat]', `id_subcat` = '$msg[id_subcat]', `id_topic` = '$msg[id_topic]', `id_user` = '$u[id]', `text` = '$text', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['spam'];
redirect('topic.php?act=end&id='.$msg['id_topic']);
} else {
redirect('?act=reply&id='.$id);
}
} else {
error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
nav('topic.php?id='.$msg['id_topic']);
}
} else {
tp('<a href="topic.php?id='.$msg['id_topic'].'">'.$topic['title'].'</a>» ответ');
echo '<div class="body">';
echo note();
echo '<form name="form" enctype="multipart/form-data" action="?act=reply&id='.$id.'&ok=1" method="post">
<b>Сообщение:</b><br/>'.bbpanel('form', 'text').'<br/><textarea name="text" cols="" rows="4">[b]'.username($msg['id_user'], 0).'[/b], </textarea>
<br/><b>Файл:</b><br/><input type="file" name="file" style="width: 99%"><br/>
<input name="submit" type="submit" value="Ответить" />
</form>
</div>';
}
} else {
redirect('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('index.php');
}
} else {
redirect(HTTPHOME.'/login.php');
}
break;
case 'quote':
if ($u['id']) {
$msg = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'"));
if ($msg['id']) {
$topic = mysql_fetch_assoc(mysql_query("SELECT `closed` FROM `forum_topics` WHERE `id` = '$msg[id_topic]'"));
if (empty($topic['closed'])) {
if ($ok) {
if (TIME > $_SESSION['antispam']) {
$text = check($_POST['text']);
$cit=check($_POST['cit']);
if ($text) {
mysql_query("UPDATE `forum_topics` SET `last_time` = '".TIME."' WHERE `id` = '$msg[id_topic]'");
mysql_query("INSERT INTO `forum_msg` SET `file` = '$filename', `id_cat` = '$msg[id_cat]', `id_subcat` = '$msg[id_subcat]', `id_topic` = '$msg[id_topic]', `id_user` = '$u[id]', `text` = '".$cit."".$text."', `time` = '".TIME."'");
$_SESSION['antispam'] = TIME + $config['antispam'];
redirect('topic.php?act=end&id='.$msg['id_topic']);
} else {
error('Вы не заполнили поле.');
nav('?act=quote&id='.$msg['id_topic']);
}
} else {
error('Антиспам. Разрешено пиcать раз в '.$config['antispam'].' сек.');
nav('topic.php?id='.$msg['id_topic']);
}
} else {
tp('Цитирование сообщения');
echo '<div class="body"><form name="form" enctype="multipart/form-data" action="?act=quote&id='.$id.'&ok=1" method="post">
<b>Цитата:</b><br/><div class="quote"><font color="red"><b>'.username($msg['id_user'], 0).'</b></font>: '.$msg['text'].'</div><b>Сообщение:</b><br/><input type="hidden" name="cit" value="[q][red][b]'.username($msg['id_user'], 0).'[/b][/red]: '.$msg['text'].'[/q]"><input type="text" name="text" style="height: 20px;">
<br/><b>Файл:</b><br/><input type="file" name="file" style="width: 99%"><br/>
<input name="submit" type="submit" value="Цитировать">
</form></div>';
}
} else {
redirect('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('index.php?');
}
} else {
redirect('../other/login.php');
}
break;
case 'edit':
if ($u['id']) {
$msg_r = mysql_query("SELECT * FROM `forum_msg` WHERE `id` = '$id'");
$msg = mysql_fetch_assoc($msg_r);
if ($msg['id']) {
if (access(1) or $u['id'] == $msg['id_user'] and TIME - $msg['time'] < $config['edit_time']) {
if (empty($ok)) {
tp('Редактирование сообщения');
echo '<div class="body"><form name="form" enctype="multipart/form-data" action="?act=edit&id='.$id.'&ok=1" method="post">
<b>Сообщение:</b><br/>'.bbpanel('form', 'text').'<br/><textarea name="text" cols="" rows="3">'.$msg['text'].'</textarea>';
if(!empty($msg['file'])) echo '<br /><b>Прикрепленный файл:</b> <a href="/forum/files/'.$msg['file'].'"> '.$msg['file'].'</a>
<input type="checkbox" name="delfile" value="1"> Удалить файл<br />';
else { echo '<br /><b>Файл:<b><br/> <input type="file" name="file" style="width: 99%"><br />'; }
echo '<input name="submit" type="submit" value="Изменить" />
</form></div>';
} else {
$text = check($_POST['text']);
if ($text) {
if($_POST['delfile']) $filename = NULL;
mysql_query("UPDATE `forum_msg` SET `file` = '$filename', `text` = '$text', `edit_by` = '$u[id]', `edit_time` = '".TIME."' WHERE `id` = '$id'");
redirect('topic.php?id='.$msg['id_topic']);
} else {
error('Вы не заполнили поле.');
nav('?act=edit&id='.$id);
}
}
} else {
error('Нельзя отредактировать это сообщение.');
nav('topic.php?id='.$msg['id_topic']);
}
} else {
redirect('index.php');
}
} else {
redirect('../other/login.php');
}
break;
case 'del':
$msg = mysql_fetch_assoc(mysql_query("SELECT `id`, `id_topic` FROM `forum_msg` WHERE `id` = '$id'"));
if ($msg['id']) {
mysql_query("DELETE FROM `forum_msg` WHERE `id` = '$id'");
mysql_query("DELETE FROM `voting` WHERE `type` = 'forum' and `id_for` = '$id'");
redirect('topic.php?id='.$msg['id_topic']);
} else {
redirect('topic.php?id='.$msg['id_topic']);
}
break;
case 'vote':
if ($u['id']) {
$p = abs(intval($_GET['p']));
$msg_r = mysql_query("SELECT `id`, `id_topic`, `id_user` FROM `forum_msg` WHERE `id` = '$id'");
$msg = mysql_fetch_assoc($msg_r);
if ($msg['id']) {
if ($msg['id_user'] != $u['id']) {
$query = mysql_query("SELECT `id` FROM `voting` WHERE `type` = 'forum' and `id_who` = '$u[id]' and `id_for` = '$id'");
if (!mysql_num_rows($query)) {
mysql_query("UPDATE `forum_msg` SET `votes` = (`votes`+1) WHERE `id` = '$id'");
mysql_query("INSERT INTO `voting` SET `type` = 'forum', `id_who` = '$u[id]', `id_for` = '$id'");
mysql_query("UPDATE `users` SET `karma` = (`karma`+1) WHERE `id` = '$msg[id_user]'");
}
}
redirect('topic.php?id='.$msg[id_topic].'&p='.$p);
} else {
redirect('index.php');
}
} else {
redirect('../other/login.php');
}
break;
}
require_once '../includes/tail.php';
?>