Файл: app/news/article.php
Строк: 93
<?php
if (filter_has_var(INPUT_GET, 'id'))
{
$filter = [
'id' => filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT)
];
$news = $db->query("SELECT * FROM `news` WHERE `id` = '".$filter['id']."' LIMIT 1")->fetch();
}
if (empty($news))
{
Core::go("/");
}
$smarty->header($news['title']);
if (filter_has_var(INPUT_GET, 'delete') && isset($user))
{
$filter = [
'delete' => filter_input(INPUT_GET, 'delete', FILTER_SANITIZE_NUMBER_INT)
];
$object = $db->query("SELECT `id`, `id_user` FROM `news_comments` WHERE `id` = '" . $filter['delete'] . "'")->fetch();
if (empty($object))
{
$error = 'Сообщение не найдено.';
}
elseif ($user['id'] != $object['id_user'] && $user['level'] < 1)
{
$error = 'Недостаточно прав.';
}
else
{
$db->query("DELETE FROM `news_comments` WHERE `id` = '" . $object['id'] . "'");
Core::go('?id=' . $news['id']);
}
}
if (filter_has_var(INPUT_POST, 'submit') && isset($user))
{
$filter = [
'text' => filter_has_var(INPUT_POST, 'text')
? filter_input(INPUT_POST, 'text', FILTER_UNSAFE_RAW)
: null
];
if (Filter::strlen ($filter['text']) < 2 || Filter::strlen ($filter['text']) > 32)
{
$error = 'Неверный формат сообщения.';
}
elseif ($db->query("SELECT `id` FROM `news_comments` WHERE `text` = '" . $filter['text'] . "' AND `id_user` = '" . $user['id'] . "' AND `id_news` = '" . $news['id'] . "'")->rowCount() != 0)
{
$error = 'Сообщение уже существует.';
}
else
{
$stmt = $db->prepare('INSERT INTO `news_comments` (`text`, `time`, `id_user`, `id_news`) VALUES (:text, :time, :id_user, :id_news)');
$stmt->execute([
':text' => $filter['text'],
':time' => time(),
':id_user' => $user['id'],
':id_news' => $news['id']
]);
}
}
$listing[] = [
'title' => $news['title'],
'icon' => 'newspaper',
'div' => 'razdel',
'count' => $db->query("SELECT `id` FROM `news_comments` WHERE `id_news` = '" . $news['id'] . "'")->rowCount()
];
$listing[] = [
'title' => Filter::output($news['text']),
'div' => 'menu'
];
$listing[] = [
'title' => Lang::word('Добавил').': ' . User::login($news['id_user']),
'div' => 'menu'
];
$listing[] = [
'title' => Lang::word('Дата').': ' . Core::time($news['time']),
'div' => 'menu'
];
$elements = null;
if (isset($user))
{
$elements[] = [
'type' => 'textarea',
'title' => Lang::word('Сообщение'),
'br' => 1,
'info' => [
'name' => 'text',
]
];
$elements[] = [
'type' => 'submit',
'info' => [
'name' => 'submit',
'value' => Lang::word('Отправить')
]
];
}
$all = $db->query("SELECT `id` FROM `news_comments` WHERE `id_news` = '" . $news['id'] . "'")->rowCount();
$pages = new Pages($all, $config['pages']);
$query = $db->query("SELECT * FROM `news_comments` WHERE `id_news` = '" . $news['id'] . "' ORDER BY `id` DESC LIMIT " . $start . ", " . $config['pages']);
while ($list = $query->fetch())
{
$options = null;
if (isset($user) && $user['id'] != $list['id_user'])
{
$options[] = [
'url' => '/news/message?id=' . $list['id'],
'title' => Lang::word('Ответить')
];
}
if (isset($user) && $user['level'] >= 1)
{
$options[] = [
'url' => '?id=' . $news['id'] . '&delete=' . $list['id'],
'title' => Lang::word('Удалить')
];
}
$posts[] = [
'image' => User::photo($list['id_user']),
'title' => User::login($list['id_user']).($list['id_profile'] != 0 ? ' для ' . User::login($list['id_profile']) : null),
'post' => Filter::output($list['text']),
'time' => Core::time($list['time']),
'options' => $options
];
}
if ($all == 0)
$posts[] = [
'title' => Lang::word('Нет комментариев.')
];
Core::show('error');
$smarty->assign([
'method' => 'POST',
'action' => '?id=' . $news['id'],
'el' => $elements,
'listing' => $listing,
'post' => $posts
]);
$smarty->display('listing.tpl');
$smarty->display('form.tpl');
$smarty->display('posts.tpl');
$pages->view('?id=' . $news['id'] . '&');
$smarty->footer();