Файл: profi_wm/modules/np/index.php
Строк: 279
<?php
include '../../system/core.php';
$_title = 'Газета';
include '../../system/header.php';
include '../../system/nvg.php';
if(!$user['id'])
{
header('Location: /index.php'); exit;
}
switch($_GET['m']){
default:
echo '</div>';
echo '<div class="start">';
echo '<div class="s"><div class="ss"><span><a href="/cab">В кабинет</a></span>';
echo '</div></div>';
$np = mysql_query("SELECT * FROM `newspaper` order by `id` desc limit 5");
while($np2 = mysql_fetch_assoc($np))
{
echo '<div class="post2"><img src="/modules/profile/images/newspaper.png" alt="*"/> <a href="/np?m=view&id='.$np2['id'].'">'.$np2['name'].'</a> <font color="grey">('.times($np2['time']).')</font></div>';
}
echo '<div class="tegi"><font color="white">Категории:</font></div>';
if($user['status'] == 4) echo '<div class="s"><a href="/np?m=nc"><b>Добавить категорию</b></a></div>';
$np_r = mysql_query("SELECT * FROM `newspaper_r` order by `id`");
while($np_r2 = mysql_fetch_assoc($np_r))
{
echo '<div class="post1"><img src="/modules/np/images/news_subscribe.png" alt="*"/> <a href="/np?m=r&id='.$np_r2['id'].'">'.$np_r2['name'].'</a> <font color="grey">('.mysql_result(mysql_query('select count(`id`) from `newspaper` where `r` = "'.$np_r2['id'].'"'),0).')</font>';
if($user['status'] == 4) echo ' [<a href="/np?del&id='.$np_r2['id'].'">уд</a>] [<a href="/np?m=c_edit&id='.$np_r2['id'].'">ред</a>]';
echo '</div>';
}
break;
case 'r':
$id = TextGuard($_GET['id']);
$np_r = mysql_fetch_array(mysql_query('select * from `newspaper_r` where `id` = '.$id.' limit 1'));
if(empty($id) or !is_numeric($id) or $np_r == 0)
{
header('Location: /np'); exit;
}
echo '<div class="verh"><a href="/np" style="color:#ffffff;"><b>Газета</a> | '.$np_r['name'].'</b></div>';
if($user['jur'] == 1){ echo '<div class="pet"><img src="/images/addcod.png"> <a href="/np?m=new&id='.$id.'">Добавить статью</a></div>';}
$cop = 10;
$ca = mysql_result(mysql_query("SELECT COUNT(*) FROM `newspaper` where `r` = '".$id."'"),0);
$cp = ceil($ca/$cop);
if(isset($_GET['p']) && is_numeric($_GET['p'])){
$p = $_GET['p'];
if($_GET['p']>$cp) $p = $cp;
if($_GET['p']<1)$p = 1;
}
else
{
$p = 1;
}
$start = $p*$cop-$cop;
if($ca != 0)
{
$np = mysql_query("SELECT * FROM `newspaper` where `r` = '".$id."' ORDER BY `id` DESC LIMIT $start,$cop");
while($_np = mysql_fetch_assoc($np))
{
echo '<div class="lst"><img src="/modules/profile/images/newspaper.png" alt="*"/> <a href="/np?m=view&id='.$_np['id'].'">'.$_np['name'].'</a> ('.times($_np['time']).') <a href="/np?m=com&id='.$_np['id'].'">('.mysql_result(mysql_query("SELECT COUNT(*) FROM `newspaper_com` where `s` = '".$_np['id']."'"),0).')</a></div>';
}
echo '<div class="levo">Стр. ';
if($p-2>0) echo '<a href="/news/p1"><<</a> ';
if($p-1>0) echo '<a href="/news/p'.($p-1).'"><</a> ';
if($p-3>0) echo '<a href="/news/p'.($p-3).'">'.($p-3).'</a> | ';
if($p-2>0) echo '<a href="/news/p'.($p-2).'">'.($p-2).'</a> | ';
if($p-1>0) echo '<a href="/news/p'.($p-1).'">'.($p-1).'</a> | ';
echo '<b>'.$p.'</b>';
if($p+1<=$cp) echo ' | <a href="/news/p'.($p+1).'">'.($p+1).'</a>';
if($p+2<=$cp) echo ' | <a href="/news/p'.($p+2).'">'.($p+2).'</a>';
if($p+3<=$cp) echo ' | <a href="/news/p'.($p+3).'">'.($p+3).'</a>';
if($p+1<=$cp) echo ' <a href="/news/p'.($p+1).'">></a>';
if($p+2<=$cp) echo ' <a href="/news/p'.ceil($ca/$cop).'">>></a>';
echo '</div>';
}
else
{
echo '<div class="pod"><b>В этой категории статей пока нет....</b></div>';
}
break;
case 'view':
$id = TextGuard($_GET['id']);
$np = mysql_fetch_array(mysql_query('select * from `newspaper` where `id` = '.$id.' limit 1'));
$np_r = mysql_fetch_array(mysql_query('select * from `newspaper_r` where `id` = '.$np['r'].' limit 1'));
if(empty($id) or !is_numeric($id) or $np == 0 or $np == 0)
{
header('Location: /np'); exit;
}
if(isset($_GET['del']))
{
if($user['status'] < 2)
{
header('Location: /np'); exit;
}
$np_com = mysql_query('select * from `newspaper_com` where `news` = "'.$id.'"');
while($np_com2 = mysql_fetch_array($np_com)){
mysql_query("DELETE FROM `newspaper_com` WHERE `id` = '".$np_com2['id']."'");
}
mysql_query("DELETE FROM `newspaper` WHERE `id` = '$id'");
header('Location: /np'); exit;
}
echo '<div class="s"><a href="/np" style="color:#ffffff;"><b>Газета</a> | <a href="/np?m=r&id='.$np_r['id'].'" style="color:#ffffff;">'.$np_r['name'].'</a> | '.$np['name'].'</b></div>';
if($user['access'] == 4 or $np['author'] == $user['id']) echo '<div class="lst"><b><small><a href="/np?m=view&id='.$id.'&del">Удалить</a> | <a href="/np?m=edit&id='.$id.'">Изменить</a></small></b></div>';
echo '<div class="list1">
<img src="/modules/profile/images/newspaper.png" alt="*"/> <b>Названия:</b> '.$np['name'].'</div><div class="list1"><b>Текст статьи:</b>
'.smiles(bbcode($np['about'])).'
</div><div class="lst">
Добавил: '.ustatus($np['author']).' <a href="us'.$np['author'].'">'.uname($np['author']).'</a> '.uaccess($np['author']).'
</div><div class="lst">
<a href="/np/ccom'.$id.'">Комменатрии</a> ('.mysql_result(mysql_query("SELECT COUNT(*) FROM `newspaper_com` where `s` = '".$id."'"),0).')
</div>';
break;
case 'edit':
if($user['status'] < 2)
{
header('Location: /np'); exit;
}
$id = TextGuard($_GET['id']);
$np = mysql_fetch_array(mysql_query('select * from `newspaper` where `id` = "'.$id.'" limit 1'));
if(empty($id) or !is_numeric($id) or $np == 0)
{
header('Location: /np'); exit;
}
echo '<div class="verh"><a href="/news"><b>Газета</b></a></div>';
if(isset($_POST['submit']))
{
$name = TextGuard($_POST['name']);
if(empty($name)) $err[] = 'Заголовок остался пустым...';
$about = TextGuard($_POST['about']);
if(empty($about)) $err[] = 'Сообщение осталось пустым...';
if(!$err)
{
mysql_query("UPDATE `newspaper` SET `name`='".$name."',`about`='".$about."' WHERE `id` = '".$id."' limit 1");
header('Location: /np?m=view&id='.$id); exit;
}
else
{
echo '<div class="pet">';
foreach($err as $err_info)
{
echo $err_info.'<br>';
}
echo '</div>';
}
}
echo '<div class="news">
<form action="" method="post">
Заголовок статьи:<br><input name="name" value="'.$np['name'].'"/><br>
Текст:<br><textarea style="width:98%" name="about" rows="3">'.$np['about'].'</textarea><br>
<input type="submit" value="Сохранить" name="submit"/>
</form></div>';
break;
case 'nc':
echo '<div class="verh"><a href="/np" style="color:#ffffff;"><b>Газета</a> | Новая категория<b></div>';
if(isset($_POST['submit']))
{
$name = TextGuard($_POST['name']);
if(empty($name)) $err[] = 'Название осталось пустым.';
if(!$err)
{
mysql_query("INSERT INTO `newspaper_r`(
`name`
)VALUES(
'".$name."'
)");
header('Location: /np'); exit;
}else{
echo '<div class="pet">';
foreach($err as $err_info){
echo $err_info.'<br>';
}
echo '</div>';
}
}
echo '<div class="mist">
<form action="" method="post" enctype="multipart/form-data">
Название категории:<br><input name="name"/>
<input type="submit" value="Добавить" name="submit"/>
</form></div>';
break;
case 'new':
$id = TextGuard($_GET['id']);
$np_r = mysql_fetch_array(mysql_query('select * from `newspaper_r` where `id` = '.$id.' limit 1'));
if(empty($id) or !is_numeric($id) or $np_r == 0)
{
header('Location: /np'); exit;
}
echo '<div class="s"><a href="/np" style="color:#ffffff;"><b>Газета</a> | '.$np_r['name'].' | Новая статья</b></div>';
if(isset($_POST['submit']))
{
$name = TextGuard($_POST['name']);
if(empty($name)) $err[] = 'Название осталось пустым.';
$about = TextGuard($_POST['about']);
if(empty($about)) $err[] = 'Описание статьи осталось пустым.';
if(!$err)
{
mysql_query("INSERT INTO `newspaper`(
`r`,
`name`,
`about`,
`author`,
`time`
)VALUES(
'".$id."',
'".$name."',
'".$about."',
'".$user['id']."',
'".time()."'
)");
$s_id = mysql_insert_id();
header('Location: /np?m=view&id='.$s_id.''); exit;
}else{
echo '<div class="pet">';
foreach($err as $err_info){
echo $err_info.'<br>';
}
echo '</div>';
}
}
echo '<div class="mist">
<form action="" method="post" enctype="multipart/form-data">
Название статьи:<br><input name="name"/><br>
Описание:<br><textarea name="about" style="width:100%" rows="3"></textarea><br>
<input type="submit" value="Добавить" name="submit"/>
</form></div>';
break;
///комментарии
case 'ccom':
$id = intval($_GET['id']);
$np_s = mysql_fetch_array(mysql_query('select * from `newspaper` where `id` = '.$id.' and `status` = "0"'));
$np_r = mysql_fetch_array(mysql_query('select * from `newspaper_r` where `id` = '.$np_s['r'].''));
if(empty($id) or !is_numeric($id) or $np_r == 0 or $np_s == 0){
header('Location: /np'); exit;
}
echo '<div class="s">Комментарии к статьи</div>';
echo '<div class="lst">
Статья: <a href="/np?m=view&id='.$id.'">'.$np_s['name'].'</a>
</div><div class="post1">
Комментарии:
</div>';
echo '<div class="mist"><form action="" method="post">
Сообщение:<br><textarea name="text" style="width:98%;" rows="3"></textarea><br>
<input type="submit" name="submit" value="Написать"/>
</form></div>';
if(isset($_POST['submit'])){
$text = TextGuard($_POST['text']);
if(empty($text)) $err[] = 'Сообщение осталось пустым...';
$ncm = mysql_query("SELECT * FROM `newspaper_com` WHERE `who`='".$user['id']."' ORDER BY `time` desc");
while($ncm2 = mysql_fetch_assoc($ncm)){
$ncm_timeout = $ncm2['time'];
if((time()-$ncm_timeout) < 5) $err[] = 'Писать можно только раз в 5 секунд...';
}
$ncm_rep = mysql_fetch_array(mysql_query('select * from `newspaper_com` where `who` = "'.$user['id'].'" and `text` = "'.$text.'"'));
if($ncm_rep != 0) $err[] = 'Вы уже писали подобное сообщение...';
if(!$err){
mysql_query("INSERT INTO `newspaper_com`(
`s`,
`who`,
`text`,
`time`
)VALUES(
'".$id."',
'".$user['id']."',
'".$text."',
'".time()."'
)");
mysql_query("INSERT INTO `op`(
`who`,
`ho`,
`text`,
`time`,
`read`
)VALUES(
'".$np_s['author']."',
'".$user['id']."',
'написал [url=/np/ccom".$id."]комментарий[/url] к вашей [url=/np?m=view&id=".$id."]газете[/url]!',
'".time()."',
'0'
)");
header('Location: /np/ccom'.$id.''); exit;
}else{
echo '<div class="pet"><b>';
foreach($err as $err_info){
echo $err_info.'<br>';
}
echo '</b></div>';
}
}
$cop = 10;
$ca = mysql_result(mysql_query("SELECT COUNT(*) FROM `newspaper_com` where `s` = '".$id."'"),0);
$cp = ceil($ca/$cop);
if(isset($_GET['p']) && is_numeric($_GET['p']) && $ca != 0){
$p = $_GET['p'];
if($_GET['p']>$cp) $p = $cp;
if($_GET['p']<1)$p = 1;
}else{
$p = 1;
}
$start = $p*$cop-$cop;
if($ca != 0){
$np_ccom = mysql_query("SELECT * FROM `newspaper_com` where `s` = '".$id."' ORDER BY `id` DESC LIMIT $start,$cop");
while($np_ccom2 = mysql_fetch_assoc($np_ccom)){
echo '<div class="lst">'.ustatus($np_ccom2['who']).' <a href="/us'.$np_ccom2['who'].'">'.uname($np_ccom2['who']).'</a> '.uaccess($np_ccom2['who']).' ('.times($np_ccom2['time']).')';
if($user['status'] >= 1) echo ' [<a href="/np/ccom'.$id.'?p='.$p.'&dp&pid='.$np_ccom2['id'].'">уд</a>]';
echo '<br>'.smiles(bbcode($np_ccom2['text'])).'</div>';
}}
if(isset($_GET['dp']) && $user['status'] >= 1){
$pid = TextGuard($_GET['pid']);
$posts = mysql_fetch_array(mysql_query('select * from `newspaper_com` where `id` = "'.$pid.'" limit 1'));
if($posts == 0 or empty($pid) or !is_numeric($pid)){
header('Location: /np/ccom'.$id.'?p='.$p.''); exit;
}
mysql_query("DELETE FROM `newspaper_com` WHERE `id`='".$pid."'");
header('Location: /np/ccom'.$id.'?p='.$p.''); exit;
}
echo '</div><div class="levo">Стр. ';
if($p-2>0) echo '<a href="/np/ccom'.$id.'?p=1"><<</a> ';
if($p-1>0) echo '<a href="/np/ccom'.$id.'?p='.($p-1).'"><</a> ';
if($p-3>0) echo '<a href="/np/ccom'.$id.'?p'.($p-3).'">'.($p-3).'</a> | ';
if($p-2>0) echo '<a href="/np/ccom'.$id.'?p='.($p-2).'">'.($p-2).'</a> | ';
if($p-1>0) echo '<a href="/np/ccom'.$id.'?p='.($p-1).'">'.($p-1).'</a> | ';
echo '<b>'.$p.'</b>';
if($p+1<=$cp) echo ' | <a href="/np/ccom'.$id.'?p='.($p+1).'">'.($p+1).'</a>';
if($p+2<=$cp) echo ' | <a href="/np/ccom'.$id.'?p='.($p+2).'">'.($p+2).'</a>';
if($p+3<=$cp) echo ' | <a href="/np/ccom'.$id.'?p='.($p+3).'">'.($p+3).'</a>';
if($p+1<=$cp) echo ' <a href="/np/ccom'.$id.'?p='.($p+1).'">></a>';
if($p+2<=$cp) echo ' <a href="/np/ccom'.$id.'?p='.ceil($ca/$cop).'">>></a>';
echo '</div>';
///end
break;
}
include '../../system/footer.php';
?>