Файл: 4mast/profmas.ru/codes/show_code.php
Строк: 85
<?php
function _highlight_code($code)
{
$code = stripslashes($code);
$code = trim($code);
return highlight_string($code,true);
}
include_once('csrf.php');
$csrf = new csrf ();
require_once('../includes/Headers.php');
require_once('../includes/PDO_func.php');
H ('Полезные куски кодов', 'Полезные куски кодов');
echo '<div class="menu2">Коды</div>';
$db=DB::$dbs;
$id = isset($_GET['id']) ? intval($_GET['id']) : 1;
$phq = 'SELECT * FROM `codes` WHERE `id` = '.$id;
$query = $db -> query($phq);
if ($query -> rowCount() == 0)
{
echo '<div class="error">Кода нет</div>';
include ('../system/footer.php');
exit();
}
else
{
$row = $query -> fetch(PDO::FETCH_LAZY);
if (isset($_POST['submit']))
{
$error=array();
if (empty($_POST['msg'])) $error[]='Вы не ввели сообщение';
if (empty($error))
{
if (!isset($_GET['send']))
{
$phq = 'INSERT INTO `code_com` SET `id` = "NULL", `user` = "'.$us['id'].'", `msg` = ?, `ref` = '.$id.', `time` = "'.time().'", `send` = ""';
}
else
{
$phq = 'INSERT INTO `code_com` SET `id` = "NULL", `user` = "'.$us['id'].'", `msg` = ?, `ref` = '.$id.', `time` = "'.time().'", `send` = "'.intval($_GET['send']).'"';
}
$db -> query($phq, array($_POST['msg']));
if ($row->user != $us['id'])
{
$msg='us{'.$us['id'].'} оставил комментарий к [url=/codes/show_code.php?id='.intval($_GET['id']).']коду[/url]!';
$phq = '
INSERT INTO `action`(`id`, `value`, `t`, `us`, `see`,`razd`)
VALUES ("NULL","'.$msg.'","'.time().'","'.$row->user.'","1","comm")';
$db->query($phq);
}
if (isset($_GET['send']) AND $db->query('SELECT * FROM `us` WHERE `id` = "'.intval($_GET['send']).'"')->rowCount() > 0)
{
$msg='us{'.$us['id'].'} ответил вам в комментариях к [url=/codes/show_code.php? id='.intval($_GET['id']).']коду[/url]!';
$phq = '
INSERT INTO `action`(`id`, `value`, `t`, `us`, `see`,`razd`)
VALUES ("NULL","'.$msg.'","'.time().'","'.intval($_GET['send']).'","1","comm")';
$db->query($phq);
}
echo '<div class="access">Коммент написан!</div>';
}
else
{
foreach ($error as $err)
{
echo '<div class="error">'.$err.'</div>';
}
}
}
if (isset($_GET['del']) AND $us['level'] >= 3)
{
$csrf -> _check();
$id = (int) $_GET['id'];
$db->query('DELETE FROM `codes` WHERE `id` = '.$db->quote($id));
echo '<div class="access">Удалил</div>';
}
if (isset($_GET['vote']))
{
$val = $_GET['vote'] == 'n' ? 0 : 1;
if ($db->query('SELECT `id` FROM `codes_vote` WHERE `ref` = '.$db->quote($_GET['id']).' AND `user` = "'.$us['id'].'"')->rowCount() == 0)
{
$db->query('INSERT INTO `codes_vote` SET `id` ="NULL", `user` = "'.$us['id'].'", `ref` = '.$db->quote($_GET['id']).', `type` = "'.$val.'"');
}
}
if ($row->check == 0) {echo '<div class="error">Код на модерации</div>'; F(); exit;}
?>
<div class="list1"><b>Название: </b><?=htmlspecialchars($row->name);?></div>
<div class="lst"><b>Описание:</b><br><span style="word-wrap:break-word;"><?=htmlspecialchars($row->sub);?></span></div>
<div class="lst"><b>Код</b><br><span style="word-wrap:break-word;"><?=_highlight_code($row->code);?></span></div>
<div class="block">Добавил: <?=Nick($row->user);?> (<?=datef($row->time);?>)</div>
<div class="block">
<?php
$count_y = $db->query('SELECT `id` FROM `codes_vote` WHERE `type` = "1" AND `ref` = '.$db->quote($_GET['id']))->rowCount();
$count_n = $db->query('SELECT `id` FROM `codes_vote` WHERE `type` = "0" AND `ref` = '.$db->quote($_GET['id']))->rowCount();
echo 'Рейтинг: '; echo '(<font color="green">'.$count_y.'</font>'; echo '/<font color="red">'.$count_n.'</font>) ';
if ($db->query('SELECT `id` FROM `codes_vote` WHERE `user` = "'.$us['id'].'" AND `ref` = '.$db->quote($_GET['id']))->rowCount() == 0)
{
?>
<a href="?id=<?=(int) $_GET['id'];?>&vote=y">+1</a> | <a href="?id=<?=(int) $_GET['id'];?>&vote=n">-1</a>
<?php
}
?>
</div>
<?php if ($us['level'] >= 3) { ?>
<div class="block"><a href="?del&id=<?=intval($_GET['id'])?>&csrf_test=<?=$csrf->getHash();?>" style="color: red;">[Удалить]</a></div>
<?php } ?>
<div class="menu2">Комментарии</div>
<?php if ($db->query('SELECT `id` FROM `code_com` WHERE `ref` = '.$id)->rowCount() == 0) { ?>
<div class="error">Комментариев нет</div>
<?php } else { include('pagination.php'); $pg = new pagination();
$pg -> init(array('num'=>8, 'page' => isset($_GET['page']) ? $_GET['page'] : 1,
'posts' => $db->query('SELECT `id` FROM `code_com` WHERE `ref` = '.$id)->rowCount()));
$query=$db->query('SELECT * FROM `code_com` WHERE `ref` = '.$id.' ORDER BY `id` DESC LIMIT '.$pg->start.', '.$pg->num.'');
while ($row = $query -> fetch(PDO::FETCH_LAZY)) {
?>
<div class="block">
<?=Nick($row->user);?> (<?=datef($row->time);?>)
<?=($row->send != 0 ? ' ответил '.Nick($row->send) : '')?>
<?=($row->user != $us['id'] ? '<a href="?id='.intval($_GET['id']).'&send='.$row->user.'">[отв]</a>' : '');?><br>
<?=htmlspecialchars($row->msg);?></div>
<?php $pg->display('?id='.intval($_GET['id']).'&page='); }} ?>
<div class="lst">
<?=(isset($_GET['send']) ? 'Ответ: '.Nick($_GET['send']) : '');?> <?
if($us == true) { echo 'Написать <form method="POST">
<textarea name="msg"></textarea><br>
<input type="submit" name="submit" value="Написать">
</form>';
} else { echo '<div class="news">Чтобы оставить сообщение вам необходимо пройти <a href="/login/auth">Авторизацию</a> илли <a href="/login/reg">Регистрацию</a>!</div>';
} ?>
</div>
<?php
}
require_once('../includes/Footers.php');
?>