Файл: guestbook.php
Строк: 143
<?
include 'connect.php';
$location = '(В гостевой)';
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;
}
if(ban($u['id']))
{
header ("Location: page.php");
}
$location = 'guestbook';
switch(@$_GET['act'])
{
//~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Ответ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'answer':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `wall` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$msg = mysql_fetch_assoc($req);
}
}
if ($msg){
$wall = mysql_fetch_assoc(mysql_query("SELECT * FROM `wall` WHERE `id` = '".$msg['wall']."' LIMIT 1"));
if (isset($_POST['submit']) and $_POST['message']) {
$message = check(substr($_POST['message'], 0, 10000));
mysql_query("INSERT INTO `wall` SET
`user` = '".$u['id']."',
`message` = '$message',
`time` = '".time()."',
`wall` = '".$wall['id']."'
");
if($wall['user'] != $u['id']){
if($u['sex'] == 'm'){
$action[0] = 'Оставил';
} else {
$action[0] = 'Оставила';
}
$text = $action[0].' сообщение в <a href = "guestbook.php?id='.$wall['id'].'">гостевой</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$diary['user']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
if($msg['id'] != $u['id']){
if($u['sex'] == 'm'){
$action[0] = 'Ответил';
} else {
$action[0] = 'Ответила';
}
$text = $action[0].' вам в <a href = "guestbook.php?id='.$wall['id'].'">гостевой</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$msg['user']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
mysql_query("UPDATE `users` SET `stat_guestbook` = `stat_guestbook`+1 WHERE `id` = '".$u['id']."'");
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '".$u['id']."'");
header ("Location: guestbook.php?id=".$wall['id']."");
} else {
if($msg['user'] == $u['id']) {
include 'head.php';
echo '<div class="div">';
echo 'Ошибка !';
echo '</div>';
include 'foot.php';
exit;
}
$title = $title.' | Гостевая';
include 'head.php';
echo '<div class="title"><img src="ico/guest.png" alt="!"/> Гостевая</a> <b>Ответ</b></div>';
echo '<div class="txt">';
echo 'Ответ <a href = "/page.php?id='.$msg['user'].'">'.login($msg['user']).'</a><br/>';
echo '<form action="guestbook.php?act=answer&id='.$id.'" method="post">';
echo '<textarea cols="20" rows="3" name="message" style="width: 97%">[u]'.login($msg['user']).'[/u] , </textarea><br/>';
echo '<input type="submit" name="submit" value="Сохранить" class="submit white"/>';
echo '<small> 10000 <a href = "smiles.php">Смайлы</a> | <a href = "code.php">BB-коды</a></small>';
echo '</form>';
echo '</div>';
include 'foot.php';
}
} else {
include 'head.php';
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> Гостевая</a> <b>Ошибка</b>';
echo '</div>';
echo '<div class="txt">';
echo ' Ошибка, такого сообщения нет !</div>';
echo '</div>';
include 'foot.php';
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~вывод~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
default:
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
}
}
if(empty($user['id'])){
if($u['id']){
$req = mysql_query("SELECT * FROM `users` WHERE `id` = '".$u['id']."' LIMIT 1");
$user = mysql_fetch_assoc($req);
} else {
header ("Location: index.php");
exit;
}
}
$req = mysql_query("SELECT * FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)){$user = mysql_fetch_assoc($req); }else {
include 'head.php';
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> Гостевая</a> <b>Ошибка</b>';
echo '</div>';
echo '<div class="txt">';
echo '<img src="ico/error.gif" alt="Ошибка" /> Такого пользователя нет!</div>';
echo '</div>';
include 'foot.php';
exit;
}
if(ban($user['id'])){
include 'head.php';
echo '<div class = "div"><table><tr><td VALIGN=center><img src = "ico/close.png"></td><td VALIGN=center>
Пользователь заблокирован!
</table>
</div>';
include 'foot.php';
exit;
}
include 'head.php';
require('core/bb_code.php');
echo '<div class="title">';
echo '<img src="ico/guest.png" alt="!"/> Гостевая</a>
<b>Просмотр</b>';
echo '</div>';
echo '</div>';
$count = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `wall` WHERE `wall` = '".$user['id']."'"), 0);
$o = abs(intval($_GET['o']));
$user_otv = mysql_fetch_assoc(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".$o."'"));
if($_GET['o']){ $otv = $user_otv['login'].',';}
if(!$_GET['o'])
{
$to = abs(intval(@$_GET['to']));
$users_otv = mysql_fetch_assoc(mysql_query("SELECT `link` FROM `users` WHERE `id` = '".$to."'"));
if($users_otv['link']) $otv = $users_otv['link'].',';
}
echo '<div class="app">';
echo '<form action="wall.php?act=add&id='.$user['id'].'" method="post">';
echo '<textarea cols="20" rows="3" name="message" style="width: 97%">';
echo @$otv;
echo '</textarea><br/>';
echo '<input type="submit" title="Нажмите для отправки" name="submit" value="Написать" class="submit"><small> 10000
<a href = "smiles.php">Смайлы</a> | <a href = "code.php">BB-коды</a></small>
</form></div>';
echo '<div class="nav">';
echo ' Комментарии: ('.$count.')';
echo '</div>';
$count = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `wall` WHERE `wall` = '".$user['id']."'"), 0);
if($count > 0){
$total = intval(($count - 1) / 10) + 1;
$page = intval(@$_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
$sort = check($_GET['sort']);
if($sort == 'wall') {
$sortq = 'ASC';
echo '<a href = "guestbook.php?id='.$user['id'].'&sort=time&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'time' || empty($sortq)) {
$sort = 'time';
$sortq = 'DESC';
echo '<b>Новые</b> | <a href = "guestbook.php?id='.$user['id'].'&sort=wall&page='.$page.'">Поcледние</a>';
}
echo '</div>';
if(isset($_GET['flud'])) echo '<div class="div"><img src="ico/error.gif" alt="Ошибка" /> <font color="red">
Ошибка! Можно отправлять сообщения только раз в '.$system['wall_antiflud'].' сек.</font></div>';
$result = mysql_query("SELECT * FROM `wall` WHERE `wall` = '".$user['id']."' ORDER BY `time` $sortq LIMIT $start, 10");
while($wall = mysql_fetch_assoc($result)){
echo @$i % 2 ? '<div class="div">' : '<div class="div">';
$userw = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$wall["user"]."'"));
$message = checkout($wall['message']);
if($u['admin'] == 1 || $u['admin'] == 2 || $wall['wall'] == $u['id'] || $wall['user'] == $u['id']) $access = true; else $access = false;
if(isset($_GET['del']) && $access == true && num($_GET['del']) == $wall['id']){
mysql_query("DELETE FROM `wall` WHERE `id` = '".$wall['id']."' LIMIT 1");
$all_page = intval(($count - 1) / 10) + 1;
header ("Location: guestbook.php?id=".$user['id']."&page=$all_page");
} else {
if(ban($userw['id'])){
echo ''.ico($userw['sex'],$userw['admin']).' <a href = "/page.php?id='.$userw['id'].'"><del>'.$userw['login'].'</del></a> '.online($userw['online']).' ';
} else {
echo ''.ico($userw['sex'],$userw['admin']).' <a href = "/page.php?id='.$userw['id'].'">'.$userw['login'].'</a> '.online($userw['online']).' ';
}
if($userw['rating']>=1000 && $userw['rating']<=1999)echo "<img src='ico/b.png' alt='' class='icon'</a>n";
if($userw['rating']>=2000 && $userw['rating']<=2999)echo "<img src='ico/s.png' alt='' class='icon'</a>n";
if($userw['rating']>=3000)echo "<img src='ico/z.png' alt='' class='icon'</a>n";
$vip = mysql_fetch_array(mysql_query("SELECT * FROM `vip_users` WHERE `id_user` = '".$user['id']."'"));
if((int)$vip['id'] > 0){ echo " <img src='/style/vip_icons/{$vip['icon']}.gif' />n"; }
echo '<small> '.vremya($wall['time']).'</small></br>';
echo ''.smile(links(bb_code($message))).'';
echo '</font><br/>';
echo '<small>';
if($access == true){
echo '[<a href = "?id='.$user['id'].'&page='.$page.'&del='.$wall['id'].'"><b><font color="red">x</font></b>Удал</a>]';
}
if($userw['id'] != $u['id']) echo ' [<a href = "guestbook.php?id='.$user['id'].'&o='.$userw['id'].'">Отв</a>]';
if($u['admin'] == 1 || $u['admin'] == 2 || $u['admin'] == 3) {
if(ban($userw['id'])){
if($userw['id'] != $u['id'])echo ' [<a href = "adminka.php?act=delban_users&id='.$userw['id'].'"><font color="red">Разбанить</font></a>]';
} else {
if($userw['id'] != $u['id'])echo ' [<a href = "adminka.php?act=ban_users&id='.$userw['id'].'"><font color="red">Бан</font></a>]';
}
}
echo '</small>';
echo '</div>';
@$i++;
}
}
navigation($page, $total,'guestbook.php?id='.$user['id'].'&sort='.$sort.'&');
}else{
echo '</div><div class = "div"> Сообщений еще нет. Будь первым!</div>';
}
echo '</div>';
include 'foot.php';
break;
}
?>