Файл: 4mast/profmas.ru/data/forum/forum.thema.p.php
Строк: 87
<?php
require_once('../../includes/Headers.php');
require_once('../../includes/PDO_func.php');
if($us == false) {
header('location: /login/auth');
exit;
}
$thema = DB::$dbs->queryFetch("SELECT `id`,`name`,`type`,`id_pr`,`id_r` FROM `forum_t` where `id` = ? limit 1",array($id));
if($thema['name'] == null){header('location:/forum/index');}
if($thema['type']==2)
{
header('location: /forum/index');
exit;
}
$podrazd = DB::$dbs->queryFetch("SELECT `id`,`name` FROM `forum_pr` where `id` = ? limit 1",array(abs(intval($thema['id_pr']))));
$razd = DB::$dbs->queryFetch("SELECT id FROM `forum_r` where `id` = ? limit 1",array(abs(intval($thema['id_r']))));
if(DB::$dbs->querySingle("SELECT count(id) from `forum_visit` where `id_t` = ? and `us` = ?",array($thema['id'],$us['id'])) == 0)
{
DB::$dbs->query("INSERT INTO `forum_visit` (`id_t`,`us`,`time`) VALUES (?,?,?)",array($thema['id'],$us['id'],time()));
}
else
{
DB::$dbs->query("UPDATE `forum_visit` set `time` = ? where `id_t` = ? and `us` = ? limit 1",array(time(),$thema['id'],$us['id']));
}
$post = DB::$dbs->queryFetch("SELECT * FROM `forum_p` where `id_t` = ? and `id` = ? limit 1",array($thema['id'],(int)$_GET['post']));
if($post['id'] == null or $post['status'] == 1)
{
header('location:/forums/thema'.$thema['id']);
}
$cp = DB::$dbs->querySingle("SELECT count(id) from `forum_p` where `id_t` = ?",array($thema['id']));
H ($thema['name'], ' <a href="/forums/' . $razd['id'] . '/' . $podrazd['id'] . '" style="color:white;">' . $podrazd['name'] . '</a> | ' .$thema['name']);
$pauthor = DB::$dbs->query("SELECT `id`,`level` FROM `us` where `id` = ? order by `id` limit 1",array($post['us']))->fetch();
if($thema['type'] != 1)
{
header('location: /data/forum/thema'.$thema['id']);
exit;
}
$p = $page;
if($do == 'status') {
if ($pauthor['id'] == $us['id'] && $us['level']>3 || $pauthor['level']<$us['level']) {
DB::$dbs->query( "UPDATE `forum_p` SET `status` = '" .($post['status']==0?1:0). "' WHERE `id` = ?",array($post['id']));
header('location:/forums/thema'.$post['id_t'].'/page'.$page);
}
else
{
header('location:/forums/thema'.$post['id_t'].'/page'.$page);
}
}
if($do == 'edit'){
if($post['us']==$us['id'] or $us['level']>$pauthor['level']){
if(isset($_GET['del_file'])){
$idf = (isset($_GET['del_file']) AND is_numeric($_GET['del_file'])) ? (int)abs($_GET['del_file']) : TRUE;
$fi = DB::$dbs->queryFetch("SELECT id,name FROM `forum_f` where `id` = ? limit 1",array($idf));
DB::$dbs->query("delete from `forum_f` where `id` = ?",array($fi['id']));
if (file_exists ($_SERVER['DOCUMENT_ROOT'] . '/files/forum/' . $fi['name'])) {
unlink('/files/forum/'.$fi['name']);
}
}
if(Isset($_POST['edit_post'])) {
$m = (isset($_POST['message']) AND !empty($_POST['message'])) ? addslashes(htmlspecialchars($_POST['message'])) : false;
if(empty($m)) {
echo '<div class="error">Вы не ввели текст сообщения</div>';
$error = true;
}
if(@file_exists($_FILES['filename']['tmp_name']))
{
if(!$_FILES['filename']['size'] != 0 and $_FILES['filename']['size'] > 1024000) {
echo '<div class="error">Слишком большой файл!</div>';
$error = true;
}
$filetype = array ( 'jpg', 'gif', 'png', 'jpeg', 'bmp', 'zip', 'rar', '7z', 'txt', 'mp3', 'avi', 'mp4', '3gp' );
$upfiletype = substr($_FILES['filename']['name'], strrpos( $_FILES['filename']['name'], "." )+1);
if(!in_array($upfiletype,$filetype)){
echo '<div class="error">Вы пытаетесь загрузить недопустимый формат файла...</div>';
$error = true;
}
}
if($error == false) {
if($_POST['message'] != $post['text']) {
DB :: $dbs -> query ("UPDATE `forum_p` SET `text` = ? WHERE `id` = ?",array ($m,$post['id']));
DB::$dbs->query("INSERT INTO `forum_reds` (`id_p`,`us`,`time`) VALUES (?,?,?)",array($post['id'],$us['id'],time()));
}
if(@file_exists($_FILES['filename']['tmp_name'])){
$fgn = '4MAST'.$uid.'_'.rand(1234,5678).'.'.$upfiletype;
copy ($_FILES['filename']['tmp_name'], FILES . '/forum/' . $fgn);
DB::$dbs->query("INSERT INTO `forum_f` (`id_t`,`id_p`,`name`) VALUES (?,?,?)",array($thema['id'],$post['id'],$fgn));
}
header('location:/forums/thema'.$post['id_t'].'/page'.$page);
}
}
echo '<div class="lst"><form action="" method="post" enctype="multipart/form-data">
Сообщение:<br><textarea rows="3" name="message">'.$post['text'].'</textarea></br>';
$pfiles = DB::$dbs->query("SELECT * FROM `forum_f` where `id_p` = ? order by `id`",array($post['id']));
while($pfs = $pfiles -> fetch()){
echo '<b><a href="/files/forum/'.$pfs['name'].'">'.$pfs['name'].'</a> (' . sizef(filesize(FILES.'/forum/'.$pfs['name'].'')) . ') </b> [<a href="?do=edit&del_file='.$pfs['id'].'"/>Удалить</a>]<br>';
}
echo '<b>Файл:</b><br><input type="file" name="filename"/><br/>
<input type="submit" name="edit_post" value="Сохранить"/> [<a href="/smiles">Смайлы</a> | <a href="/bbcode">BB</a>]</div>';
}
else {
header('location:/forum/thema'.$post['id_t'].'/page'.$p);
}
}
if($do == 'vote'){
if($post['us'] == $us['id']){
echo '<div class="error">Вы не можете изменять рейтинг своего же сообщения!</div>';
$error = true;
}
if(DB::$dbs->querySingle("SELECT count(id) from `forum_p` where `us` = ? and `status` = ?",array($us['id'],0))<100){
echo '<div class="error">Наберите для начала 100 постов в форуме!</div>';
$error = true;
}
if(DB::$dbs->querySingle("SELECT count(id) from `forum_vote` where `id_t` = ? and `id_p` = ? and `us` = ? and `kem` = ?",array($thema['id'],$post['id'],$post['us'],$us['id']))>=1)
{
echo '<div class="error">Вы уже голосовали этот пост!</div>';
$error = true;
}
if($_GET['like'] == 'good')
{
$type = 'za';
$x = 'положительно';
}
if($_GET['like'] == 'bad'){
$type = 'protiv';
$x = 'отрицательно';
}
if(empty($type))
{
echo '<div class="error">Пальцы то выравняй! =)</div>';
$error = true;
}
if($error == false) {
DB :: $dbs -> query ("INSERT INTO `forum_vote` (`id_t`,`id_p`,`us`,`vot`, `kem`,`t`) VALUES (?,?,?,?,?,?)",array($thema['id'],$post['id'],$post['us'],$type,$us['id'],time()));
if($type == 'za') {
DB::$dbs->query("UPDATE `us` set `reit` = `reit` + ? where `id` = ? limit 1",array(0.01,$post['us']));
}
if($type == 'protiv') {
DB::$dbs->query("UPDATE `us` set `reit` = `reit` - ? where `id` = ? limit 1",array(0.01,$post['us']));
}
$value = 'us{'.$us['id'].'}, оценил'.($us['sex']=='Муж'?'':'а').' [b]'.$x.'[/b] ваш пост: [br]'.substr($post['text'],0,100).' в теме [url=/forums/thema' . $post['id_t'] . '/page'. $page . ']'.$thema['name'].'[/url] !';
$t = 'rate';
DB :: $dbs -> query ("INSERT INTO `action` (`value`,`t`,`us`,`see`,`razd`) VALUES (?,?,?,?,?)",array($value,time(),$post['us'],1,$t));
header('location:/forums/thema'.$post['id_t'].'/page'.$p);
}
}
require_once('../../includes/Footers.php');
?>