Файл: neuder/game/com_news.php
Строк: 50
<?php
require_once ('../config/func.php');
if(isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."'"),0) == true){
$news = mysql_fetch_assoc(mysql_query("SELECT * FROM `news` WHERE `id` = '".intval($_GET['id'])."'"));
}else{
header('Location: /game/');
exit();
}
$title = '«'.$news['tema'].'»';
require_once ('../config/header.php');
switch(htmlspecialchars($_GET['case'])){
default;
mysql_query("UPDATE `user` SET `news` = 1 WHERE `id` = '".$user['id']."'");
if(isset($_POST['text'])){
$text = text($_POST['text']);
if(empty($text) or mb_strlen($text,'UTF-8') < 2) $err = 'Минимум 2 символа!';
if(!isset($err)) {
mysql_query("INSERT INTO `news_com` SET `user_id` = '".$user['id']."', `news_id` = '".$news['id']."', `coment` = '".$text."', `time` = '".time()."'");
header('location: /news/com/'.$news['id'].'/');
exit;
}else{
echo err(''.$err.'');
exit;
}
}
echo ' <div class="block"> '.$news['text'].'</div>';
$k_post = mysql_result(mysql_query("SELECT COUNT(id) FROM `news_com` WHERE `news_id` = '".$news['id']."'"),0);
if($k_post == '0'){
echo ' <div class="block center"> Комментариев нет</div>';
}else{
$q = mysql_query("SELECT * FROM `news_com` WHERE `news_id` = '".$news['id']."' ORDER BY `time`");
echo ' <div class="stone"></div>';
while($com = mysql_fetch_assoc($q)) {
$us = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '".$com['user_id']."'"));
?><div class="block"><a href="/pers/<?=$us['id'];?>/"><img src="/style/race/<?=$us['side'];?>.png"> <?=$us['login'];?></a>: <?=smile($com['coment']);?>
<?if($user['moder'] > 0){?> <a href="/game/com_news.php?case=del&id=<?=$com['id'];?>"></a><?}?></div><?
}
}
echo ' <form class="block" method="post" action=""><input class="text large" value="" type="text" name="text" /><br /><span class="button_on"><input class="button_on" type="submit" value="Добавить"></span></br></br></form>';
break;
case 'del':
$id = intval($_GET['id']);
mysql_query("DELETE FROM `news_com` WHERE `id`='$id'")or die(mysql_error());
header('Location: ?');
exit;
break;
}
require_once ('../config/footer.php');
?>