Файл: wall.php
Строк: 24
<?
include 'connect.php';
if(!$u['id']){
header ("Location: registration.php?err=1");
exit;
}
switch($_GET['act'])
{
case 'add':
if(isset($_GET['id'])){
$id=num($_GET['id']);
$req = mysql_query("SELECT `id` FROM `users` WHERE `id` = '$id' LIMIT 1");
if (mysql_num_rows($req)) {
$user = mysql_fetch_assoc($req);
}
}
if(empty($user)){
header ("Location: index.php");
exit;
}
if(isset($_POST['message'])){
$message = check(substr($_POST['message'], 0, 10000));
}
if(empty($message) || $message == ''){
header ("Location: guestbook.php?id=".$user['id']."");
exit;
}
$flood = mysql_query("SELECT `time` FROM `wall` WHERE `user` = '".$u['id']."' AND `time` > '" . (time() - $system['wall_antiflud']) . "'");
if (mysql_num_rows($flood)) {
header ("Location: guestbook.php?id=".$user['id']."&flud=1");
exit;
}
mysql_query("INSERT INTO `wall` SET
`user` = '".$u['id']."',
`message` = '$message',
`time` = '".time()."',
`wall` = '".$user['id']."'
");
mysql_query("UPDATE `users` SET `stat_guestbook` = `stat_guestbook`+1 WHERE `id` = '".$u['id']."'");
mysql_query("UPDATE `users` SET `rating` = `rating`+1 WHERE `id` = '".$u['id']."'");
if($user['id'] != $u['id']){
if($u['sex'] == 'm'){
$action[0] = 'Оставил';
} else {
$action[0] = 'Оставила';
}
$text = $action[0].' сообщение в <a href = "guestbook.php?id='.$user['id'].'">гостевой</a>.';
mysql_query("INSERT INTO `jurnal` SET
`user` = '".$user['id']."',
`outuser` = '".$u['id']."',
`text` = '$text',
`time` = '".time()."',
`new` = '1'
");
}
header ("Location: guestbook.php?id=".$user['id']."");
break;
default:
header ("Location: index.php");
}
?>