Файл: news.php
Строк: 474
<?
include 'connect.php';
if(!$u['id']){header ("Location: login.php");}
switch(@$_GET['act'])
{
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Создание новости~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'add_news':
if ($u['admin'] == 1 || $u['admin']==2){
if (isset($_POST['submit']) and isset($_POST['name']) and isset($_POST['message'])) {
$name = check(substr($_POST['name'], 0, 100));
$message = check(substr($_POST['message'], 0, 10000));
mysql_query("INSERT INTO `news` SET
`user` = '".$u['id']."',
`time` = '".time()."',
`name` = '$name',
`message` = '$message'
");
$id = mysql_insert_id();
$users_r = mysql_query("SELECT `id` FROM `users` WHERE `id` <> '".$u['id']."'");
while ($users = mysql_fetch_assoc($users_r)) {
if($u['sex'] == 'm'){
$action[0] = 'Опубликовал';
} else {
$action[0] = 'Опубликовала';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">свежие новости</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$users['id']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
if($u['sex'] == 'm'){
$action[0] = 'Создал';
} else {
$action[0] = 'Создала';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">новость</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Создал';
} else {
$action[0] = 'Создала';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">новость</a>.';
mysql_query("INSERT INTO `admin_jurnal_news` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
header ("Location: news.php");
} else {
$title = $title.' | Новости';
include 'head.php';
echo '<div class="title">';
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> <b>Добавить новость</b> ';
echo '</div>';
echo '<div class="txt">';
echo '<form action=news.php?act=add_news method=post>
Название: 100 символов<br/><textarea cols="20" rows="1" name="name"style="width: 30%;height: 20px;"></textarea><br/>
Сообщение: 10000 символов<br/><textarea cols="100%" rows="3" name="message"></textarea><br/>
<input type=submit name="submit" value=Добавить class=submit white/ ></form>';
}
echo '</div>';
include 'foot.php';
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Редактирование новости~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'edit_news':
if ($u['admin'] == 1 || $u['admin']==2){
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `news` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$news = mysql_fetch_assoc($req);
}
}
if($news){
if (isset($_POST['submit']) and isset($_POST['name']) and isset($_POST['message'])) {
$name = check(substr($_POST['name'], 0, 100));
$message = check(substr($_POST['message'], 0, 10000));
mysql_query("UPDATE `news` SET
`name` = '$name',
`message` = '$message',
`who` = '".$u['id']."',
`cedit` = `cedit`+1,
`etime` = '".time()."'
WHERE `id` = '$id'
");
if($u['sex'] == 'm'){
$action[0] = 'Отредактировал';
} else {
$action[0] = 'Отредактировала';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">новость</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Отредактировал';
} else {
$action[0] = 'Отредактировала';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">новость</a>.';
mysql_query("INSERT INTO `admin_jurnal_news` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
header ("Location: news.php?act=view&id=".$news['id']."");
} else {
$title = $title.' | Новости';
include 'head.php';
echo '<div class="title">';
$name = $news['name'];
$message = $news['message'];
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> <a href = "news.php?act=view&id='.$id.'">'.$name.'</a> <b>Редактирование</b> ';
echo '</div>';
echo '<div class="txt">';
echo '<form action="news.php?act=edit_news&id='.$id.'" method="post">';
echo 'Название: 100 символов</br><textarea cols="20" rows="1" name="name"style="width: 30%;height: 20px;">'.$name.'</textarea><br/>';
echo 'Сообщение: 10000 символов</br><textarea cols="20" rows="3" name="message">'.$message.'</textarea><br/>';
echo '<input type="submit" name="submit" value="Сохранить" class="submit white"/>';
echo '</form>';
}
echo '</div>';
include 'foot.php';
}
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Удаление новости~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'delete_news':
if ($u['admin'] == 1 || $u['admin']==2){
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `news` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$news = mysql_fetch_assoc($req);
}
}
if($news){
if (isset($_POST['submit'])) {
mysql_query("DELETE FROM `news` WHERE `id` = '".$news['id']."'");
mysql_query("DELETE FROM `news_comm` WHERE `news` = '".$news['id']."'");
mysql_query("DELETE FROM `news_like` WHERE `news` = '".$news['id']."'");
if($u['sex'] == 'm'){
$action[0] = 'Удалил';
} else {
$action[0] = 'Удалила';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">новость</a>.';
mysql_query("INSERT INTO `admin_jurnal` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
if($u['sex'] == 'm'){
$action[0] = 'Удалил';
} else {
$action[0] = 'Удалила';
}
$text = $action[0].' <a href = "news.php?act=view&id='.$id.'">новость</a>.';
mysql_query("INSERT INTO `admin_jurnal_news` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
include 'head.php';
echo '<div class="title">';
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> Новость удалена';
echo '</div>';
echo '<div class="txt">';
echo '<img src="ico/error.gif" alt="Ошибка" /> Новость успешно удалена!</div>';
echo '</div>';
} else {
$title = $title.' | Новости';
include 'head.php';
echo '<div class="title">';
$name = checkout($news['name']);
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> <a href = "news.php?act=view&id='.$id.'">'.$name.'</a> <b>Удалить новость</b> ';
echo '</div>';
echo '<div class="txt">';
echo 'Вы уверены, что хотите удалить новость <a href = "news.php?act=view&id='.$id.'">'.$name.'</a>?<br/>';
echo '<form action="news.php?act=delete_news&id='.$id.'" method="post">';
echo '<input type="submit" name="submit" value="Да, удалить" class="submit white"/>';
echo '</form>';
}
echo '</div>';
include 'foot.php';
} else {
include 'head.php';
echo '<div class="title">';
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> Ошибка';
echo '</div>';
echo '<div class="txt">';
echo '<img src="ico/error.gif" alt="Ошибка" /> Такой новости нет!</div>';
echo '</div>';
include 'foot.php';
}
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Просмотр новости~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
case 'view':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT * FROM `news` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$news = mysql_fetch_assoc($req);
}
}
if ($news){
if($u['id'] and check(@$_POST['message'])){
$message = check(substr($_POST['message'], 0, 500));
$flood = mysql_query("SELECT `time` FROM `news_comm` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - 3) . "'");
if (mysql_num_rows($flood)) {
header ("Location: news.php?act=view&id=".$news['id']."");
exit;
}
$req = mysql_query("SELECT * FROM `news_comm` WHERE `user` = '".$u['id']."' ORDER BY `time` DESC");
$res = mysql_fetch_array($req);
if ($res['message'] == $message) {
header ("Location: news.php?act=view&id=".$news['id']."");
exit;
}
if (empty($message)){
include 'head.php';
echo '<div class="div"> Ошибка , так делать нельзя!</div>'; $error = '1';
include 'foot.php';
exit;
}
if (empty($error)){
if($news['close'] == 0){
mysql_query("INSERT INTO `news_comm` SET
`user` = '".$u['id']."',
`time` = '".time()."',
`comm` = '".$u['id']."',
`message` = '$message',
`news` = '".$news['id']."'
");
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '".$u['id']."'");
if($u['sex'] == 'm'){
$action[0] = 'Оставил';
} else {
$action[0] = 'Оставила';
}
$text = $action[0].' комментарий к<a href = "news.php?act=view&id='.$news['id'].'"> новости</a>.';
mysql_query("INSERT INTO `lenta` SET
`user` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
header ("Location: news.php?act=view&id=".$news['id']."");
}}}
if($u['admin'] == 1 || $u['admin'] == 2 || $u['admin'] == 3){
$close = num(@$_GET['close']);
if($close == 1){
if($news['close'] == 0) {
mysql_query("UPDATE `news` SET
`close` = '1',
`close_id` = '".$u['id']."'
WHERE `id` = '$id'
");
$news['close_id'] = $u['id'];
header ("Location: news.php?act=view&id=".$news['id']."");
}
}
if($close == 2){
if($news['close'] == 1) {
mysql_query("UPDATE `news` SET
`close` = '0'
WHERE `id` = '$id'
");
$news['close'] = 0;
}}
}
if((isset($_GET['like']) || @$_GET['like']) && $u['id']){
$req = mysql_query("SELECT * FROM `news_like` WHERE `user` = '".$u['id']."' AND `news` = '".$news['id']."' LIMIT 1");
if (!mysql_num_rows($req)) {
$news['rating']++;
mysql_query("INSERT INTO `news_like` SET
`user` = '".$u['id']."',
`time` = '".time()."',
`news` = '".$news['id']."'
");
mysql_query("UPDATE `news` SET
`rating` = '".$news['rating']."'
WHERE `id` = '".$news['id']."'
");
}
}
$count = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `news_comm` WHERE `news` = '".$news['id']."'"), 0);
$name_news = checkout($news['name']);
$title = $title.' | Новости';
include 'head.php';
require('core/bb_code.php');
echo '<div class="title">';
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> <a href = "news.php?act=view&id='.$news['id'].'">'.$name_news.'</a> <b>Просмотр</b> ';
echo '</div>';
if ($u['admin'] == 1 || $u['admin'] == 2) {echo '<div class="nav"><a href = "news.php?act=edit_news&id='.$news['id'].'"> Редактировать</a> |
<a href = "news.php?act=delete_news&id='.$news['id'].'"> Удалить</a> |';
if($news['close'] == 0) echo ' <a href = "news.php?act=view&id='.$news['id'].'&close=1">Закрыть</a> ';
else echo ' <a href = "news.php?act=view&id='.$news['id'].'&close=2">Открыть</a> ';
echo '</div>';
}
echo '<div class="div">';
echo '<img src="ico/notes.png" alt="!"/> <font color = "#565656"><b>'.$name_news.'</b></font></br>';
$message_news = checkout($news['message']);
echo '<font color = "#000000">'.img(smile(links(bb_code($message_news)))).'</font></div><div class="div">
<img src="ico/clock.png" alt="!"/> <font color = "#777777">'.vremya($news['time']).'</font><br>
<img src = "ico/admin_men.gif"> Автор : <a href = "/'.$news['user'].'">'.login($news['user']).'</a></br>';
$req = mysql_query("SELECT * FROM `news_like` WHERE `user` = '".$u['id']."' AND `news` = '".$news['id']."' LIMIT 1");
if (!mysql_num_rows($req)) echo '<img src = "ico/like.png"> <a href = "news.php?act=view&id='.$news['id'].'&like=1">Мне нравится</a> ('.$news['rating'].')'; else echo '<img src = "ico/like.png"> Понравилось: ('.$news['rating'].')';
echo '</br>';
if($news['cedit'] == 0) {echo '<img src="ico/edit.png" alt="!"/> Нет данных';
} else { echo '<img src="ico/edit.png" alt="!"/> Последний раз редактировалось: <a href = "/'.$news['who'].'">'.login($news['who']).'</a> ('.vremya($news['etime']).') ['.$news['cedit'].' раз]'; }
echo '</div>';
if($news['close'] == 1) echo '<div class="title"> Новость закрыта администратором <a href = "/'.$news['close_id'].'"><b>'.login($news['close_id']).'</b></a></div>';
echo '<div class="nav">';
echo ' Комментарии: ('.$count.')';
echo '</div>';
if ($u['id']) {
if($news['close'] == 0){
echo '<div class="app">';
$o = abs(intval(@$_GET['o']));
$user = mysql_fetch_assoc(mysql_query("SELECT `login` FROM `users` WHERE `id` = '".@$o."'"));
if($user['login']) $otv = $user['login'].' . ';
echo '<form action="news.php?act=view&id='.$news['id'].'" method="post">';
echo '<textarea cols="20" rows="3" name="message">';
echo "".@$otv."";
echo '</textarea><br/>';
echo "<input type='submit' title='Нажмите для отправки' name='submit' value='Написать' class='submit white'/> <small>500 <a href = 'smiles.php'>Смайлы</a>
| <a href = 'code.php'>BB-коды</a></small>
</form>";
echo '</div>';
}
}
if($u['admin'] == 1 || $u['admin'] == 2 || $u['admin']==3){
if(@$_GET['del']){
$del = num(@$_GET['del']);
$commcheck = mysql_num_rows(mysql_query("SELECT * FROM `news_comm` WHERE `id` = '$del' LIMIT 1"));
if ($commcheck) {
mysql_query("DELETE FROM `news_comm` WHERE `id` = '".$del."'");
header ("Location: news.php?act=view&id=".$news['id']."");
}
}
}
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `news_comm` WHERE `news` = '".$news['id']."'"), 0);
if($all > 0){
$total = intval(($all - 1) / 10) + 1;
$page = num(@$_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
$sort = check(@$_GET['sort']);
if($sort == 'time') {
$sortq = 'ASC';
echo '<a href = "news.php?act=view&id='.$news['id'].'&sort=comm&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'comm' || empty($sortq)) {
$sort = 'comm';
$sortq = 'DESC';
echo '<b>Новые</b> | <a href = "news.php?act=view&id='.$news['id'].'&sort=time&page='.$page.'">Поcледние</a>';
}
echo '</div>';
$result = mysql_query("SELECT * FROM `news_comm` WHERE `news` = '".$news['id']."' ORDER BY `time` $sortq LIMIT $start, 10");
while($comm = mysql_fetch_assoc($result)){
echo @$i % 2 ? '<div class="div">' : '<div class="div">';
$user = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = '".$comm["user"]."'"));
$message = checkout($comm['message']);
if(ban($user['id'])){
echo ''.ico($user['sex'],$user['admin']).' <a href = "/'.$user['id'].'"><del>'.$user['login'].'</del></a> '.online($user['online']).' ';
} else {
echo ''.ico($user['sex'],$user['admin']).' <a href = "/'.$user['id'].'">'; echo GradientText("$user[login]", "$user[ncolor]", "$user[ncolor2]"); echo '</a> '.online($user['online']).' ';
}
if($user['rating']>=1000 && $user['rating']<=1999)echo "<img src='ico/b.png' alt='' class='icon'</a>n";
if($user['rating']>=2000 && $user['rating']<=2999)echo "<img src='ico/s.png' alt='' class='icon'</a>n";
if($user['rating']>=3000)echo "<img src='ico/z.png' alt='' class='icon'</a>n";
echo ' <small>'.vremya($comm['time']).'</small>';
echo '<br/><font color = "#000">';
echo ''.smile(bb_code(links($message))).'';
echo '</font><br/>';
echo '<small>';
if($u['admin'] == 1 || $u['admin'] == 2 || $u['admin']==3){ echo '[<a href = "news.php?act=view&id='.$news['id'].'&del='.$comm['id'].'"><b><font color="red">x</font></b>Удал</a>]';
if(ban($user['id'])){
if($comm['user'] != $u['id'])echo ' [<a href = "adminka.php?act=delban_users&id='.$user['id'].'"><font color="red">Разбанить</font></a>]';
} else {
if($comm['user'] != $u['id'])echo ' [<a href = "adminka.php?act=ban_users&id='.$user['id'].'"><font color="red">Бан</font></a>]';
}}
if($news['close'] == 0) {
if($comm['user'] != $u['id']) echo ' [<a href = "news.php?act=view&id='.$news['id'].'&o='.$user['id'].'">Отв</a>]';
}
echo '</small>';
echo '</div>';
@$i++;
}
echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-down" style="float: right; text-decoration: none;" href="#page-up"><img src = "ico/page_up.png"></a>';
}
if($sort == 'time') {
$sortq = 'ASC';
echo '<a href = "news.php?act=view&id='.$news['id'].'&sort=comm&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'comm' || empty($sortq)) {
$sort = 'comm';
$sortq = 'DESC';
echo '<b>Новые</b> | <a href = "news.php?act=view&id='.$news['id'].'&sort=time&page='.$page.'">Поcледние</a>';
}
echo '</div>';
echo '</div>';
navigation($page, $total,'news.php?act=view&id='.$news['id'].'&sort='.$sort.'&');
}else{
echo '<div class="div"> Комментариев еще нет ! </div>';
}
echo '</div>';
include 'foot.php';
} else {
include 'head.php';
echo '<div class="title">';
echo '<img src="ico/feed.png" alt="!"/> <a href = "news.php">Новости</a> Ошибка';
echo '</div>';
echo '<div class="txt">';
echo '<img src="ico/error.gif" alt="Ошибка" /> Такой новости нет!</div>';
echo '</div>';
include 'foot.php';
}
break;
//~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Список новостей~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~//
default:
$title = $title.' | Новости';
include 'head.php';
if($u['admin'] == 1 || $u['admin'] == 2) echo '<div class="nav"><img src="ico/dirnew.png" alt="!"/> <a href = "?act=add_news">Добавить новость</a></div>';
$all = mysql_result(mysql_query("SELECT COUNT(*) FROM `news`"), 0);
if($all > 0){
$total = intval(($all - 1) / 10) + 1;
$page = intval(@$_GET['page']);
if(empty($page) or $page < 0) $page = 1;
if($page > $total) $page = $total;
$start = $page * 10 - 10;
echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-up" style="float: right; text-decoration: none;" href="#page-down"><img src = "ico/page_down.png"></a>';
}
$sort = check(@$_GET['sort']);
if($sort == 'time') {
$sortq = 'ASC';
echo '<a href = "news.php?&sort=close&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'close' || empty($sortq)) {
$sort = 'close';
$sortq = 'DESC';
echo '<b>Новые</b> | <a href = "news.php?&sort=time&page='.$page.'">Поcледние</a>';
}
echo '</div>';
$result = mysql_query("SELECT * FROM `news` ORDER BY `time` $sortq LIMIT $start, 10");
while($news = mysql_fetch_assoc($result)){
echo @$i % 2 ? '<div class="div">' : '<div class="div">';
$name = checkout($news['name']);
if (iconv_strlen($news['message'], 'UTF-8') > 25) {
$news['message'] = iconv_substr($news['message'], 0, 25, 'UTF-8');
$news['message']=''.$news['message'].'...';
}
$message = checkout($news['message']);
echo '<img src="/ico/news1.png" alt="!"/> <a href = "news.php?act=view&id='.$news['id'].'">'.$name.'</a> <small>'.vremya($news['time']).'</small>';
echo '<br>'.$message.'<br>';
echo '<small>';
if ($u['admin'] == 1 || $u['admin']==2) { echo '[<a href = "news.php?act=edit_news&id='.$news['id'].'">Изменить</a>]
[<a href = "news.php?act=delete_news&id='.$news['id'].'"><font color="red"><b>x</b></font> Удал</a>]'; }
echo '</small>';
echo '</div>';
@$i++;
}
echo '<div class="title">';
if ($page != $total) {
echo '<a name="page-down" style="float: right; text-decoration: none;" href="#page-up"><img src = "ico/page_up.png"></a>';
}
if($sort == 'time') {
$sortq = 'ASC';
echo '<a href = "news.php?&sort=close&page='.$page.'">Новые</a> | <b>Поcледние</b>';
}
if($sort == 'close' || empty($sortq)) {
$sort = 'close';
$sortq = 'DESC';
echo '<b>Новые</b> | <a href = "news.php?&sort=time&page='.$page.'">Поcледние</a>';
}
echo '</div>';
if($u['admin'] == 1 || $u['admin'] == 2) echo '<div class="nav"><img src="ico/dirnew.png" alt="!"/> <a href = "?act=add_news">Добавить новость</a></div>';
echo '</div>';
navigation($page, $total,'news.php?&sort='.$sort.'&');
}else{
echo '<div class="div"><img src="ico/error.gif" alt="Ошибка" /> Новостей не найдено!</div>';
}
echo '</div>';
include 'foot.php';
break;
}
?>