Файл: public_html/news.php
Строк: 118
<?php
include ('./system/system.php');
$title = 'Новости';
include ('./system/head.php');
if(!$user) {
header('location: /index.php');
exit();
}
if($user['access'] == 2) {
if(isset($_GET['del'])) {
$id = _string(_num($_GET['id']));
if($id) {
$i = mysql_query('SELECT * FROM `news` WHERE `id` = "'.$id.'"');
$i = mysql_fetch_array($i);
}
if(!$i) {
header('location: /news.php');
exit();
}
mysql_query("DELETE FROM `news` WHERE `id` = '".$i['id']."'");
mysql_query("DELETE FROM `news_likes` WHERE `id_news` = '".$i['id']."'");
header('location: /news.php');
exit();
}
if(isset($_GET['edit'])) {
$id = _string(_num($_GET['id']));
if($id) {
$i = mysql_query('SELECT * FROM `news` WHERE `id` = "'.$id.'"');
$i = mysql_fetch_array($i);
}
if(!$i) {
header('location: /news.php');
exit();
}
if(isset($_GET['save'])) {
$text = _string($_POST['text']);
if(strlen($text) < 1 or strlen($text) > 5000) {
echo '<div class="block small red center">Длина новости 1-5000 символов!</div>
<a href="?edit&id='.$i['id'].'" class="link"><img src="/images/icons/forward.png"> Вернуться</a>';
include ('./system/foot.php');
exit();
}
mysql_query("update `news` set `text` = '".$text."', `id_user` = '".$user['id']."' where `id` = '".$i['id']."'");
header('location: /news.php');
exit();
}
echo "<div class='block'>
<form method='post' action='/news.php?edit&id=$i[id]&save'>
Новость: <br>
<textarea name='text' class='text' style='width: 97%'>$i[text]</textarea>
<input type='submit' class='submit' value='Сохранить'></form> </div>";
echo '<a href="?del&id='.$i['id'].'" class="link"><img src="/images/icons/forward.png"> Удалить</a>';
echo '<a href="?" class="link"><img src="/images/icons/forward.png"> Новости</a>';
include ('./system/foot.php');
exit();
}
}
if($_GET['news'] == add) {
if($user['access'] != 2) {
header('location: /news.php');
exit;
}
if($_POST['text']) {
$text = _string($_POST['text']);
if(strlen($text) < 1 or strlen($text) > 5000) {
echo '<div class="block small red center">Длина новости 1-5000 символов!</div>
<a href="?news=add" class="link"><img src="/images/icons/forward.png"> Вернуться</a>';
include ('./system/foot.php');
exit();
}
mysql_query('INSERT INTO `news` (`text`,
`time`, `id_user`) VALUEs ("'.$text.'",
"'.time().'", "'.$user['id'].'")');
header('location: /news.php');
exit();
}
echo "<div class='block'>
<form action='' method='post'>
Новость: <br>
<textarea name='text' class='text' style='width: 97%'></textarea><br/>
<input type='submit' class='submit' value='Создать'>
</form></div>";
echo '<a href="?" class="link"><img src="/images/icons/forward.png"> Новости</a>';
include ('./system/foot.php');
exit();
}
if(isset($_GET['likes'])) {
if($user['level'] < 20 && $user['access'] == 0) {
echo '<div class="block small red center">Доступно с 20 уровня!</div>';
include ('./system/foot.php');
exit();
}
$id_news = _string(_num($_GET['likes']));
$status = mysql_result(mysql_query('SELECT COUNT(*) FROM `news_likes` WHERE `id_news` = "'.$id_news.'" && `id_user` = "'.$user['id'].'"'),0);
if($status == 0) {
mysql_query("INSERT INTO `news_likes` SET `id_user` = '$user[id]', `id_news` = '".$id_news."'");
header('location: ?');
exit();
}
if($status != 0) {
mysql_query("DELETE FROM `news_likes` WHERE `id_news` = '$id_news' && `id_user` = '$user[id]'");
header('location: ?');
exit();
}
}
$max = 10;
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `news`"),0);
$k_page = k_page($k_post,$max);
$page = page($k_page);
$start = $max*$page-$max;
$news = mysql_query("SELECT * FROM `news` ORDER BY `time` DESC LIMIT $start, $max");
while($new = mysql_fetch_assoc($news))
{
$likes = mysql_result(mysql_query('SELECT COUNT(*) FROM `news_likes` WHERE `id_news` = "'.$new['id'].'"'),0);
$user_news = mysql_query('SELECT * FROM `users` WHERE `id` = "'.$new['id_user'].'"');
$user_news = mysql_fetch_array($user_news);
echo '<div class="block"> <img src="/images/race/'.$user_news['race'].'.png"> <a href="/profile.php?id='.$user_news['id'].'">'.$user_news['login'].'</a>: '.smiles($new['text']).' ';
if($user['access'] == 2) {
echo '<a href="?edit&id='.$new['id'].'" class="none"><img src="/images/icons/edit.png"></a>';
}
echo '<br> <small><img src="/images/icons/time.png"> Опубликована: '.vremja(time() - $new['time']).' назад</small> <span style="float: right"><small>'.$likes.'</small> <a href="?likes='.$new['id'].'"><img src="/images/icons/like.png"></a></span></div>';
}
if($k_post<1) {
echo '<div class="block small red center">Новостей нет!</div>';
}
if($k_page>1) echo str('?',$k_page,$page);
if($user['access'] == 2) {
echo '<a href="?news=add" class="link"><img src="/images/icons/forward.png"> Создать новость</a>';
}
include ('./system/foot.php');
?>