Файл: modules/foto/inc/komm.php
Строк: 84
<?php
/* DCMS Special
* Дата последнего редактирования 11.12.2015
* Модифицировал densnet
*/
if (!isset($user) && !isset($_GET['id_user'])) {
header("Location: /modules/foto/?" . SID);
exit;
}
if (isset($user)) {
$ank['id'] = $user['id'];
}
if (isset($_GET['id_user'])) {
$ank['id'] = intval($_GET['id_user']);
}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `user` WHERE `id` = '$ank[id]' LIMIT 1"), 0) == 0) {
header("Location: /modules/foto/?" . SID);
exit;
}
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = $ank[id] LIMIT 1"));
$gallery['id'] = intval($_GET['id_gallery']);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery` WHERE `id` = '$gallery[id]' AND `id_user` = '$ank[id]' LIMIT 1"), 0) == 0) {
header("Location: /modules/foto/$ank[id]/?" . SID);
exit;
}
$gallery = mysql_fetch_assoc(mysql_query("SELECT * FROM `gallery` WHERE `id` = '$gallery[id]' AND `id_user` = '$ank[id]' LIMIT 1"));
$foto['id'] = intval($_GET['id_foto']);
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery_foto` WHERE `id` = '$foto[id]' LIMIT 1"), 0) == 0) {
header("Location: /modules/foto/$ank[id]/$gallery[id]/?" . SID);
exit;
}
$foto = mysql_fetch_assoc(mysql_query("SELECT * FROM `gallery_foto` WHERE `id` = '$foto[id]' LIMIT 1"));
$set['title'] = $ank['nick'] . ' - ' . $gallery['name'] . ' - ' . $foto['name'] . ' - Комментари'; // заголовок страницы
require_once H . 'sys/inc/thead.php';
aut();
err();
if (isset($_POST['msg']) && isset($user)) {
$msg = $_POST['msg'];
$mat = antimat($msg);
if ($mat) {
$err[] = 'В тексте сообщения обнаружен мат: ' . $mat;
}
if (utf8_strlen($msg) > 10024) {
$err = 'Сообщение слишком длинное';
} elseif (utf8_strlen($msg) < 2) {
$err = 'Короткое сообщение';
} elseif (mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery_komm` WHERE `id_foto` = '$foto[id]' AND `id_user` = '$user[id]' AND `msg` = '" . mysql_escape_string($msg) . "' LIMIT 1"), 0) != 0) {
$err = 'Ваше сообщение повторяет предыдущее';
} elseif (!isset($err)) {
if ($ank['id'] != $user['id']) {
mysql_query("INSERT INTO `notification` (`id_user`, `id_kont`, `msg`, `time`) values('$user[id]', '$ank[id]', '$SexOst [url=/modules/foto/$ank[id]/$gallery[id]/komm/$foto[id]/]комментарий к Вашему фото[/url]', '$time')");
}
mysql_query("INSERT INTO `gallery_komm` (`id_foto`, `id_user`, `time`, `msg`) values('$foto[id]', '$user[id]', '$time', '" . mysql_real_escape_string($msg) . "')");
mysql_query("UPDATE `user` SET `money` = '" . ($user['money'] + 3) . "', `activity` = '" . ($user['activity'] + 2) . "' WHERE `id` = '$user[id]' LIMIT 1");
msg('Сообщение успешно добавлено');
}
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `gallery_komm` WHERE `id_foto` = '$foto[id]'"), 0);
$k_page = k_page($k_post, $set['p_str']);
$page = page($k_page);
$start = $set['p_str'] * $page - $set['p_str'];
if (isset($user)) {
if ($foto['komm'] == 'all' || $foto['komm'] == 'only_me' && ($user['id'] == $ank['id'] || $user['level'] >= 3) || $foto['komm'] == 'friends' && ($ank['id'] == $user['id'] || $user['level'] >= 3 || mysql_result(mysql_query("SELECT COUNT(*) FROM `frends` WHERE (`user` = '$user[id]' AND `frend` = '$ank[id]') OR (`user` = '$ank[id]' AND `frend` = '$user[id]')"), 0) != 0)) {
echo "<form method='post' class='list-group-item' name='message' action='?$passgen'>n";
echo "Сообщение:<br />";
echo "<textarea class='form-control' rows='3' name="msg"></textarea><br />n";
echo "<button class='btn btn-success'><span class='fa fa-share-square-o fa-fw'></span> Опубликовать</button>";
echo "</form>n";
} else {
echo "<div class='alert alert-info'>";
echo "Автор ограничил круг лиц, которые могут оставлять комментарии.";
echo "</div>";
}
}
if ($k_post == 0) {
echo "<div class='alert alert-info'>";
echo "<span class='fa fa-info-circle fa-fw'></span> Нет результатов";
echo "</div>";
}
$q = mysql_query("SELECT * FROM `gallery_komm` WHERE `id_foto` = '$foto[id]' ORDER BY `id` ASC LIMIT $start, $set[p_str]");
while ($post = mysql_fetch_assoc($q)) {
$ank2 = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[id_user]' LIMIT 1"));
echo "<div class='list-group-item'>";
echo "<table><tr><td class = 'icon14'>";
avatar($ank2['id'], '40');
echo " </td><td class = 'null'>n";
echo "<div style = 'float:right;' id = 'hides' title='" . date::time($post['time']) . "'>" . date::timek($post['time']) . "</div>";
user($ank2['id']);
echo "<br/>";
echo toOutput($post['msg']);
echo "</td></tr></table></div>n";
}
if ($k_page > 1) {
str('?', $k_page, $page);
}
echo "<div class='list-group-item'>";
echo "<a href='" . DIR_FOTO . "$ank[id]/$gallery[id]/$foto[id]/'><span class='fa fa-arrow-left fa-fw'></span> К фотографии</a><br />";
echo "<a href='" . DIR_FOTO . "$ank[id]/$gallery[id]/'><span class='fa fa-arrow-left fa-fw'></span> К фотографиям</a><br />";
echo "<a href='" . DIR_FOTO . "$ank[id]/'><span class='fa fa-arrow-left fa-fw'></span> К фотоальбомам</a>";
echo "</div>";
require_once H . 'sys/inc/tfoot.php';
exit;