Файл: app/minichat/message.php
Строк: 28
<?php
Core::only('user');
if (filter_has_var(INPUT_GET, 'id'))
{
$filter = [
'id' => filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT)
];
$message = $db->query("SELECT * FROM `minichat` WHERE `id` = '".$filter['id']."' LIMIT 1")->fetch();
}
if (empty($message))
{
Core::go("/");
}
$smarty->header('Сообщение');
if (filter_has_var(INPUT_POST, 'submit') && $user['id'] != $message['id_user'])
{
$filter = [
'text' => filter_has_var(INPUT_POST, 'text')
? filter_input(INPUT_POST, 'text', FILTER_UNSAFE_RAW)
: null
];
if (Filter::strlen ($filter['text']) < 2 || Filter::strlen ($filter['text']) > 5000)
{
$error = 'Неверный формат сообщения.';
}
elseif ($db->query("SELECT `id` FROM `minichat` WHERE `text` = '" . $filter['text'] . "' AND `id_user` = '" . $user['id'] . "' AND `id_profile` = '" . $message['id_user'] . "'")->rowCount() != 0)
{
$error = 'Сообщение уже существует.';
}
else
{
$stmt = $db->prepare('INSERT INTO `minichat` (`text`, `time`, `id_user`, `id_profile`) VALUES (:text, :time, :id_user, :id_profile)');
$stmt->execute([
':text' => $filter['text'],
':time' => time(),
':id_user' => $user['id'],
':id_profile' => $message['id_user']
]);
$stmt2 = $db->prepare('INSERT INTO `users_notification` (`type`, `time`, `id_post`, `id_user`, `id_profile`) VALUES (:type, :time, :id_post, :id_user, :id_profile)');
$stmt2->execute([
':type' => 'minichat',
':time' => time(),
':id_post' => $db->lastInsertId(),
':id_user' => $user['id'],
':id_profile' => $message['id_user']
]);
Core::go("/minichat/");
}
}
$posts[] = [
'image' => User::photo($message['id_user']),
'title' => User::login($message['id_user']),
'post' => Filter::output($message['text']),
'time' => Core::time($message['time'])
];
if ($user['id'] != $message['id_user'])
{
$elements[] = [
'type' => 'textarea',
'title' => Lang::word('Сообщение'),
'br' => 1,
'info' => [
'name' => 'text',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Ответить')
]
];
}
Core::show('error');
$smarty->assign([
'method' => 'POST',
'action' => '?id=' . $message['id'],
'el' => $elements,
'post' => $posts
]);
$smarty->display('posts.tpl');
$smarty->display('form.tpl');
$smarty->footer();