Файл: ubiznes.mobi/inc/firms/chat.php
Строк: 78
<?
if(isset($_GET['firms']) && isset($_GET['chat'])){
echo'<div class="menu"><a href=/?firms> '.hsc($firm['name']).' </a> / Чат фирмы </div>';
if(isset($ban_act)){
echo' <center> <div class=""> <font color="red"> У Вас активен обет молчания, Вы не можете писать </font></div> </center>';
}else{
if(isset($_GET['go_msg'])){
$msg=mysql_real_escape_string($_POST['msg']);
$otvet=(intval($_POST['otvet']));
if(isset($ban_act)){$err=1; err_game("У Вас бан");}
if($msg==null){$err=1; err_game("Пустое сообщение");}
if(empty($err)){
mysql_query("INSERT INTO `firms_chat` SET `time` = '$time', `msg` = '$msg', `id_user` = '$user[id]', `id_firm` = '$firm[id]', `otvet` = '$otvet'");
header('location:/?firms&chat');exit;
}
}
if(isset($_GET['jalob']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `firms_chat` WHERE `id` = '".intval($_GET['jalob'])."'"),0)>0){
$msg=mysql_fetch_assoc(mysql_query("SELECT * FROM `firms_chat` WHERE `id` = '".intval($_GET['jalob'])."' LIMIT 1"));
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `jalob` WHERE `id_who` = '$msg[id_user]' AND `msg` = '".mysql_real_escape_string($msg['msg'])."'"),0)==0){
mysql_query("INSERT INTO `jalob` SET `id_user` = '$user[id]', `id_who` = '$msg[id_user]', `time` = '$time', `msg` = '".mysql_real_escape_string($msg['msg'])."',
`url` = '/?firm=$msg[id_firm]', `url_name` = 'Чат фирмы ".mysql_real_escape_string($firm['name'])."'");
$_SESSION['msg']="Жалоба на сообщение успешно отправленa";
header("location:/?firms&chat");
}else{ err_game("Жалоба на данное сообщение уже была отправлена");}
}
if(isset($_GET['delete']) && $fr_us['status']<=2 && mysql_result(mysql_query("SELECT COUNT(*) FROM `firms_chat` WHERE `id` = '".intval($_GET['delete'])."' AND `id_firm` = '$firm[id]'"),0)>0){
mysql_query("DELETE FROM `firms_chat` WHERE `id` = '".intval($_GET['delete'])."' LIMIT 1");
header('location:/?firms&chat');exit;
}
?>
<form method="POST" action="/?firms&chat&go_msg" id="myform">
<div class="textarea">
<textarea style="width:93%;" rows="2" id="msg" name="msg"></textarea>
<input type="hidden" value="<?=$otvet;?>" name="otvet">
<input type="hidden" value="<?php echo $ank['id']; ?>" name="d">
<input type="hidden" value="<?php echo $ank['nick']; ?>" name="nick">
<table style="width:100%" cellspacing="0" cellpadding="0" valign="top">
<tbody><tr>
<td width="8%">
<a href="/?firms&chat&go_msg"><div class="kn"><img src="/images/style/reload.png" width="24" height="24"></div></a>
</td>
<td width="25%">
</td>
<td width="20%" align="center">
<input type="submit" name="send" value="Написать">
</td>
<td width="9%" align="center">
<a onclick="smiles();return false;" class="flr m5" href="smiles">
<div class="kn">
<img src="/images/icons/ulibka.gif" width="24" height="24">
</div>
</a>
</td>
</tr>
</tbody>
</table>
</div>
</form>
<?php
echo '<script type="text/javascript" src="/js/smile.js"></script>';
echo'<div id="smiles" style="display: none; text-align: center;" class="textarea">';
$result = mysql_query('SELECT * FROM `smiles` ORDER BY `id` ASC');
while($posts=mysql_fetch_array($result)){
$exp=explode(',',$posts['name']);
?>
<span><a href="javascript:sml('msg', '<?=$exp[0];?>')"><img src="/images/smiles/<?=$posts[img];?>"></a></span>
<?
}
echo '</div>';
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `firms_chat` WHERE `id_firm` = '$firm[id]' ".(isset($_GET['me'])?"AND `otvet` = '$user[id]'":null).""),0);$pages=10;
if($k_post==0){echo'<div class="textarea">Сообщений в чате нет </div>';}
$k_page=k_page($k_post,$pages);
$page=page($k_page);
$start=$pages*$page-$pages;
$q=mysql_query("SELECT * FROM `firms_chat` WHERE `id_firm` = '$firm[id]' ".(isset($_GET['me'])?"AND `otvet` = '$user[id]'":null)." ORDER BY `id` DESC LIMIT $start, 10");
while($post=mysql_fetch_assoc($q)){
if($post['otvet']>0)
$ank=mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '".$post['otvet']."' LIMIT 1"));
echo '<div class="textarea">';
echo user_icon($post['id_user']);
echo nc($post['id_user']);
echo '<font color="lime"><small>' . vremja($post['time']) . '</small></font><br/>';
echo $post['otvet'] > 0 ? ($post['otvet']==$user['id']?'<font color="yellow"><b>':null).hsc($ank['nick']).($post['otvet']==$user['id']?'</b></font>':null).', ' : '';
echo output_text($post['msg'], $post['id_user']);
echo '<div class="line"></div>';
if($post['id_user'] != $user['id']) {
echo '<a href=/?firms&chat&otvet='.$post['id_user'].'>[ответить] </a>';
echo '<a href=/?firms&chat&jalob='.$post['id'].'> [жалоба] </a>';
}
if($fr_us['status'] > 0) {
echo '<a href=/?firms&chat&delete='.$post['id'].'> [удалить] </a>';
}
echo '</div>';
}
back("?firms");
include_once'sys/foot.php';
}