Файл: moduls/guest/web.php
Строк: 67
<?php
/**
* @package Prime Social
* @link http://primesocial.ru
* @copyright Copyright (C) 2016 Prime Social
* @author BoB | http://primesocial.ru/about
*/
function check($id) {
global $user;
$post = DB::$dbs->queryFetch("SELECT * FROM ".GUEST." WHERE `id` = ? ",array($id));
if (privilegy('guest_moder')) {
return TRUE;
}
if ($post['user_id'] == $user['user_id']) {
return TRUE;
}
if ($post['autor_id'] == $user['user_id']) {
return TRUE;
}
return FALSE;
}
if (isset($_GET['del']) && check($_GET['del'])) {
DB::$dbs->query("DELETE FROM ".GUEST." WHERE `id` = ?", array(num($_GET['del'])));
header("Location: ".HOME."/guest/".$guest['user_id']."/");
}
if (!empty($_POST['post_delete']) && (privilegy('guest_moder') || $guest['user_id'] == $user['user_id'])) {
foreach ($_POST as $name => $value) {
DB::$dbs->query("DELETE FROM ".GUEST." WHERE `id` = ?", array($name));
}
header("Location: ".HOME."/guest/" . $guest['user_id'] . "/");
}
if ( (privilegy('guest_moder') || $guest['user_id'] == $user['user_id']) && !empty($_POST['clean'])) {
DB::$dbs->query("DELETE FROM ".GUEST." WHERE `user_id` = ? ", array($guest['user_id']));
header("Location: ".HOME."/guest/" . $guest['user_id'] . "/");
}
if ($_POST['add']) {
$msg = html($_POST['msg']);
if (empty($msg)) {
$err = 'Bo`sh habar<br />';
}
if (!empty($_GET['otv']) && $_GET['otv'] != $user['user_id']) {
$ank = DB::$dbs->queryFetch("SELECT `user_id`, `nick` FROM ".USERS." WHERE `user_id` = ? ",array(abs(num($_GET['otv']))));
if (!empty($ank)) {
$msg = '[b]' . $ank['nick'] . '[/b], ' . $msg;
}
$lenta = '<a href="'.HOME.'/id'.$user['user_id'].'"><b>' . $user['nick'] . '</b></a> sizning habaringizga <a href="'.HOME.'/guest/'.$guest['user_id'].'/"><b>'.$guest['nick'].' mehmonxonasi</b>da javob berdi</a>';
lenta($lenta, $ank['user_id']);
$var = TRUE;
}
if (empty($var)) {
$lenta = '<a href="'.HOME.'/id'.$user['user_id'].'"><b>' . $user['nick'] . '</b></a> sizning shahsiy <a href="'.HOME.'/guest/'.$guest['user_id'].'/"><b>mehmonxonangizga</b> yozdi</a>';
lenta($lenta, $guest['user_id']);
}
if (!empty($err)) {
echo DIV_ERROR . $err . CLOSE_DIV;
} else {
DB::$dbs->query("INSERT INTO ".GUEST." (`user_id`, `autor_id`, `time`, `msg`) VALUES (?, ?, ?, ?)", array($guest['user_id'], $user['user_id'], time(), $msg));
header("Location: ".HOME."/guest/".$guest['user_id']."/");
}
}
echo DIV_AUT;
if (!empty($_GET['otv'])) {
$ank = DB::$dbs->queryFetch("SELECT `user_id`, `nick` FROM ".USERS." WHERE `user_id` = ? ",array(abs(num($_GET['otv']))));
if (!empty($ank) && $ank['user_id'] != $user['id']) {
echo 'Foydalanuvchi <b>' . $ank['nick'] . '</b> ga habar<br />';
} else {
echo '<b>Habar:</b><br />';
}
}
echo '<form action="/guest/'.$page[user_id].'/'.(isset($_GET['otv']) ? '?otv='.(int)$_GET['otv'] : NULL).'" method="POST">';
echo '<textarea name="msg" style="width:95%;"></textarea><br />';
echo '<input type="submit" name="add" value="Yozish"/>';
echo '</form>';
echo CLOSE_DIV;
bbsmile();
$all = DB::$dbs->querySingle("SELECT COUNT(`id`) FROM ".GUEST." WHERE `user_id` = ? ", array($page['user_id']));
if (empty($all)) {
echo DIV_BLOCK . 'Habarlar yo`q' . CLOSE_DIV;
} else {
$sql = DB::$dbs->query("SELECT * FROM ".GUEST." WHERE `user_id` = ? ORDER BY `id` DESC LIMIT 10", array($page['user_id']));
while($post = $sql -> fetch()) {
$ank = DB::$dbs->queryFetch("SELECT `nick` FROM ".USERS." WHERE `user_id` = ?",array($post['autor_id']));
echo DIV_LI;
echo (privilegy('guestbook_moder') ? '<input type="checkbox" name="'.$post['id'].'" /> ' : NULL);
echo '[' . vrem($post['time']) . '] ' . ($post['autor_id'] != $user['user_id'] ? '<a href="?otv='.$post['autor_id'].'"><b>'.$ank['nick'].'</b></a>' : '<b>'.$ank['nick'].'</b>') . ' ' . userLink($post['autor_id'], '[ank.]') . (check($post['id']) ? ' <a href="/guest/'.$page[user_id].'/?del='.$post['id'].'">[o`chr.]</a>' : null) . ': ' . CLOSE_DIV . DIV_BLOCK . text($post['msg']) . '<br />';
echo CLOSE_DIV;
}
}
?>