Файл: modules/forum/edit_post.php
Строк: 68
<?php
define('R', $_SERVER['DOCUMENT_ROOT']);
define('S', R.'/system');
require_once(R.'/system/kernel.php');
$tmp->header('forum');
$tmp->title('title', Language::config('edit_blog'));
User::panel();
$id = $db->guard($_GET['edit_post']);
$p=$db->fass("SELECT * FROM `forum_message` where `id` = '".$id."' ");
$t=$db->fass("SELECT * FROM `forum_topic` where `id` = '".$p['topic']."'");
if(!User::aut()){
header('location: /');
}
if(User::aut() && $t['is_close_topic'] != 1){
$ot=$db->fass("SELECT * FROM `forum_message` where `id` = '".$id."'");
if(!$ot){
$tmp->div('error', Language::config('error'));
$tmp->div('menu', '<a href="/forum/topic'.$p['topic'].'">'.img('link.png').' '.Language::config('back').'</a>');
$tmp->footer();
exit();
}
if ($p['time'] + 60 < time() && User::level() <= 2) {
header('location: /forum/topic'.$p['topic']);
exit();
}
if($ot['kto'] == User::ID() || User::level() >= 2){
if(isset($_REQUEST['submit'])){
$message = $db->guard($_POST['messages']);
if(empty($_POST['messages']) || mb_strlen($_POST['messages'], 'UTF-8')<2) $error .= Language::config('no_message');
$filename = $db->guard($_FILES['file']['name']);
if (!empty($filename)) {
$whitelist = array('jpg','gif','png','jpeg', 'bmp','zip','rar','mp4','mp3','amr','3gp','avi','flv','apk');
$maxsize = 10;
$dir = R.'/files/forum';
$ext = strtolower(strrchr($filename, '.'));
$size = $_FILES['file']['size'];
if (!in_array(substr($ext, 1), $whitelist)) $error .= Language::config('error_ext').'<br />';
if ($size > (1048576 * $maxsize)) $error .= Language::config('max_size_zc').'. [Max. '.$maxsize.'mb.]<br />';
$file = rand(1,999).'_NOMICMS_'.rand(1,999). $ext;
}
if(!isset($error)) {
$db->query("update `forum_message` set `message` = '".$message."' where `id` = '".$id."' ");
if(!empty($filename)){
copy($_FILES['file']['tmp_name'], $dir . '/' . $file );
$db->query("insert into `forum_file` set `kto` = '".User::ID()."', `post_id` = '".$id."', `thema` = '".$p['topic']."', `name` = '".$file."' ");
}
header('location: /forum/topic'.$p['topic']);
}
}
echo '<div class="messages"><div>'.bb(smile($ot['message'])).'';
$filec = $db->n_r("select id from `forum_file` where `post_id` = '".$id."' limit 1");
if($filec){
$file = $db->query("select * from `forum_file` where `post_id` = '".$id."'");
echo '<div class="files">';
while($files = $file->fetch_assoc()){
if($files['post_id'] == $id)
echo '<a href="/files/forum/'.$files['name'].'">'.img('down_s.png').' '.$files['name'].' | '.format_filesize(R.'/files/forum/'.$files['name']).'</a><br>';
}
echo '</div>';
}
echo '</div></div>';
error($error);
bbcode();
$tmp->div('main', '<form method="POST" name = "message" action="" enctype="multipart/form-data">
'.Language::config('message').':<br/>
<textarea name="messages">'.$ot['message'].'</textarea><br />
<input name="file" type="file" id="file" onchange="uploadFile(this)">
<label id="select_file" for="file">'.img('file.png').'<label id="file-name" for="file">Выбрать файл</label></label><br />
<input type="submit" name="submit" value="'.Language::config('edit').'" /></form>');
$tmp->div('menu', '<hr><a href="/forum/topic'.$p['topic'].'">'.img('link.png').' '.Language::config('back').'</a>');
$tmp->footer();
exit();
}
} else {
header('location: /forum/topic'.$p['topic']);
}
$tmp->footer();
?>