Файл: wall/handler/comm.php
Строк: 40
<?php
if (!empty($_POST['comm']))
{
// Антифлуд
if (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `wall_comm` WHERE `user_id` = '".$user_id."' AND `time` > '".(time()-5)."'"),0) == true) $flood = true;
$comm = check($_POST['comm']);
$comm = substr($comm, 0, 1000);
if (empty($comm)) $err = true;
if ($flood == false && $err == false && mysql_query("INSERT INTO `wall_comm` SET
`pid` = '".$arr_post['id']."',
`user_id` = '".$user_id."',
`text` = '".$comm."',
`time` = '".time()."'
") == true)
{
mysql_query("UPDATE `wall` SET comm=comm+1 WHERE `id` = '".$arr_post['id']."'");
if ($user_id != $arr_post['user_id'])
{
mysql_query("INSERT INTO `notifications` SET
`from_id` = '".$user_id."',
`sex` = '".$user['sex']."',
`for_id` = '".$arr_post['user_id']."',
`mod` = 'wall',
`type` = 'comm',
`refid` = '".$arr_post['id']."',
`time` = '".time()."',
`count` = 1,
`new` = 1
");
mysql_query("UPDATE `users` SET `notifications` = 1, notifications_journal=notifications_journal+1 WHERE `id` = '".$arr_post['user_id']."'");
}
}
}
else if (!empty($_POST['re_comm']) && !empty($_POST['re_id']) && is_numeric($_POST['re_id']))
{
// Антифлуд
if (mysql_result(mysql_query("SELECT COUNT(`id`) FROM `wall_comm` WHERE `user_id` = '".$user_id."' AND `time` > '".(time()-5)."'"),0) == true) $flood = true;
$re_id = abs(intval($_POST['re_id']));
$comm = check($_POST['re_comm']);
$comm = substr($comm, 0, 1000);
if (empty($comm)) $err = true;
$res_arr_comm = mysql_query("SELECT * FROM `wall_comm` WHERE `id` = '".$re_id."' AND `pid` = '".$arr_post['id']."' AND `user_id` != '".$user_id."' LIMIT 1");
if (mysql_num_rows($res_arr_comm) == true) $arr_comm = mysql_fetch_array(mysql_query("SELECT * FROM `wall_comm` WHERE `id` = '".$re_id."' LIMIT 1"));
else $err = true;
$quote = cut($arr_comm['text'],500);
if ($flood == false && $err == false && mysql_query("INSERT INTO `wall_comm` SET
`pid` = '".$arr_post['id']."',
`user_id` = '".$user_id."',
`text` = '".$comm."',
`quote` = '".$arr_comm['text']."',
`quote_id` = '".$arr_comm['user_id']."',
`time` = '".time()."'
") == true)
{
mysql_query("UPDATE `wall` SET comm=comm+1 WHERE `id` = '".$arr_post['id']."'");
if ($user_id != $arr_post['user_id'] && $arr_post['user_id'] != $arr_comm['user_id'])
{
mysql_query("INSERT INTO `notifications` SET
`from_id` = '".$user_id."',
`sex` = '".$user['sex']."',
`for_id` = '".$arr_post['user_id']."',
`mod` = 'wall',
`type` = 'comm',
`refid` = '".$arr_post['id']."',
`time` = '".time()."',
`count` = 1,
`new` = 1
");
mysql_query("UPDATE `users` SET `notifications` = 1, notifications_journal=notifications_journal+1 WHERE `id` = '".$arr_post['user_id']."'");
}
if (mysql_query("INSERT INTO `notifications` SET
`from_id` = '".$user_id."',
`sex` = '".$user['sex']."',
`for_id` = '".$arr_comm['user_id']."',
`mod` = 'wall',
`type` = 're_comm',
`refid` = '".$arr_post['id']."',
`time` = '".time()."',
`count` = 1,
`new` = 1
") == true)
{
mysql_query("UPDATE `users` SET `notifications` = 1, notifications_journal=notifications_journal+1 WHERE `id` = '".$arr_comm['user_id']."'");
}
}
}
?>