Файл: wap-ads.ru/news_read.php
Строк: 120
<?
$newsid=mysql_fetch_array(mysql_query("SELECT * FROM `news` WHERE `id` = '".intval($_GET['newid'])."'"));
if(isset($_GET['otvet']) && isset($user))
{
$otvett=mysql_fetch_array(mysql_query("SELECT * FROM `news_komm` WHERE `id` = '".intval($_GET['otvet'])."'"));
$title=$newsid['name'].' | Ответ';
include_once 'h.php';
echo "<div class='list_item busis'>Ответ на сообщение ".nc($otvett['id_user']).":<div class='friends_access_list attach_block grey' style='position:relative;'>".output_text($otvett['text'])."</div>";
if(isset($_GET['okk']))
{
if(strlen2($_POST['opis'])<1){$err=1;err_game('Слишком короткий текст.');}
if(strlen2($_POST['opis'])>20000){$err=1;err_game('Текст привышает 50000 символов.');}
}
echo '<form action="?newid='.intval($_GET['newid']).'&otvet='.$otvett['id'].'&okk" method="post">';
echo '<textarea name="opis"></textarea><br/>';
echo '<br>';
echo '<input type="submit" value="Отправить"/>';
echo '</form>';
echo "</div>";
if(isset($_GET['okk']) && !isset($err)){
$opis=htmlspecialchars(mysql_real_escape_string(trim($_POST['opis'])));
mysql_query("INSERT INTO `news_komm` (`text`,`id_user`,`id_blog`,`time`,`see`,`otvet`)VALUES('$opis','$user[id]','$newsid[id]','$time','0','$otvett[id]')");
header("Location:?newid=$newsid[id]");
}
include_once 'foot.php';
}
if(isset($_GET['del']) && isset($user) && $user['status']>=4 && mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `id` = '".intval($_GET['del'])."'"),0)!=0){
mysql_query("DELETE FROM `news_komm` WHERE `id` = '".intval($_GET['del'])."'");
header("Location:?newid=".intval($_GET['newid'])."");
}
if(isset($_GET['see']) && isset($user) && $user['status']>=2 && mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `id` = '".intval($_GET['see'])."'"),0)!=0){
$see=mysql_fetch_array(mysql_query("SELECT * FROM `news_komm` WHERE `id` = '".intval($_GET['see'])."'"));
mysql_query("UPDATE `news_komm` SET `see` = '".($see['see']==1?"0":"$user[id]")."' WHERE `id` = '".intval($_GET['see'])."'");
header("Location:?newid=".intval($_GET['newid'])."");
}
$title=$newsid['name'];
include_once 'h.php';
echo "<div class='list_item busis'>".output_text($newsid['text'])."</div><div class='bottom_link_block'>Автор: ".iconka($newsid['id_user'])." <a href='?user=$post[id_user]'>".nc($newsid['id_user'])."</a><br>Просмотров: <img src='/images/see.gif'> ".($newsid['see']==NULL?"0":"$newsid[see]")."</div><div class='list_item forms'><b>Комментарии</b> (".mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `id_blog` = '$newsid[id]'".($user['status']==0?" AND `see` = '0'":null).""), 0).")</div>";
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `news_komm` WHERE `id_blog` = '$newsid[id]'".($user['status']==0?" AND `see` = '0'":null).""),0);
$k_page=k_page($k_post,$set['p_str']);
$page=page($k_page);
$start=$set['p_str']*$page-$set['p_str'];
$q=mysql_query("SELECT * FROM `news_komm` WHERE `id_blog` = '$newsid[id]'".($user['status']==0?" AND `see` = '0'":null)." ORDER BY id desc LIMIT $start, $set[p_str]");
while($post=mysql_fetch_array($q))
{
$otvet=mysql_fetch_array(mysql_query("SELECT * FROM `news_komm` WHERE `id` = '$post[otvet]'"));
$usotv=mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '$otvet[id_user]'"));
echo "".($post['see']!=0?"<div class='over_users overfl_hid' style='background:#E8E3E3;'>":"<div class='over_users overfl_hid'>")."".iconka($post['id_user'])." <a href='?user=$post[id_user]'>".nc($post['id_user'])."</a>".($otvet!=0 && $otvet['see']==0?" <span class='grey'>ответил".($usotv['pol']==0?"а":null)."</span> <a href='' class='spoiler_links'> ".$usotv['nick']."</a>":null)."<span class='comment_date middle'>".vremja($post['time'])."</span><div style='display: none;' class='spoiler_body attach_block grey friends_access_list'>".output_text($otvet['text'])."</div>".($post['see']!=0?"<div class='red_item pad_t_a'>Комментарий скрыт ".nc($post['see'])."</div>":null)."<div class='pad_t_a'>".output_text($post['text'])."</div>".(isset($user)?"<div class='pad_t_a'><a href='?newid=$newsid[id]&otvet=$post[id]'>Ответить</a>":null)."".($user['status']>=2?"<span style='float:right;'><a class='grey' href='?newid=$newsid[id]&see=$post[id]'>".($post['see']!=0?"Показать":"Скрыть")."</a>".($user['status']>=4?" | <a class='grey' href='?newid=$newsid[id]&del=$post[id]'>Удалить</a>":null)."</span>":null)."</div></div>";
}
if ($k_page>1)str("?newid=$newsid[id]&",$k_page,$page); // Вывод страниц
if(isset($_GET['save']) && isset($user))
{
if(strlen2($_POST['opis'])<1){$err=1;err_game('Слишком короткий текст.');}
if(strlen2($_POST['opis'])>20000){$err=1;err_game('Текст привышает 50000 символов.');}
}
if(isset($user))
{
echo "<div class='list_item busis'>";
echo '<form action="?newid='.intval($_GET['newid']).'&save" method="post">';
echo '<textarea name="opis"></textarea><br/>';
echo '<br>';
echo '<input type="submit" value="Отправить"/>';
echo '</form>';
echo "</div>";
}
if(isset($_GET['save']) && !isset($err) && isset($user)){
$opis=htmlspecialchars(mysql_real_escape_string(trim($_POST['opis'])));
mysql_query("INSERT INTO `news_komm` (`text`,`id_user`,`id_blog`,`time`,`see`)VALUES('$opis','$user[id]','".intval($_GET['newid'])."','$time','0')");
header("Location:?newid=$newsid[id]");
}
echo "</div>";
mysql_query("UPDATE news SET see = '".($newsid['see']+1)."' WHERE id = '$newsid[id]'");
include_once 'foot.php';
?>