Файл: ubiznes.mobi/inc/firms/forum.php
Строк: 342
<?
if(isset($_GET['firms']) && isset($_GET['forum'])){
$sum_num=1;
if(isset($_GET['razdel']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_firms_name` WHERE `id` = '".(intval($_GET['razdel']))."' AND `id_firm` = '$firm[id]'"),0)>0){
$razdel=mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_firms_name` WHERE `id` = '".(intval($_GET['razdel']))."' LIMIT 1"));
if(isset($_GET['topic']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_firms` WHERE `id` = '".(intval($_GET['topic']))."' AND `id_firm` = '$firm[id]' "),0)>0){
$topic=mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_firms` WHERE `id` = '".(intval($_GET['topic']))."' AND `type` = 'tema' LIMIT 1"));
$visit=mysql_fetch_array(mysql_query("SELECT * FROM forum_firms WHERE id='".$topic['id']."'"));
$visit_array=explode(',',$visit['visit']);
$visit_num=count($visit_array)+$sum_num;
if(!in_array($user['id'],$visit_array)){
$visit_array[$visit_num]=$user['id'];
mysql_query("UPDATE forum_firms SET visit='".implode(',',$visit_array)."' WHERE id='".$topic['id']."'");
}
if(isset($_GET['edit']) && ($topic['id_user']==$user['id'] OR $fr_us['status']<=2)){
$edit=hsc($_GET['edit']);
if($edit=="edit"){
if(isset($_POST['create'])){
$name=mysql_real_escape_string($_POST['name']);
$msg=mysql_real_escape_string($_POST['msg']);
if($name==null){ err_game("Пустое название темы"); $err=1; }
if($msg==null){ err_game("Пустое описание темы"); $err=1; }
if(empty($err)){
mysql_query("UPDATE `forum_firms` SET `name` = '$name', `msg` = '$msg', `time` = '$time' WHERE `id` = '$topic[id]'");
$_SESSION['msg']="Тема успешно создана";
header("location:/?firms&forum&razdel=$razdel[id]&topic=$topic[id]");
}
}
echo'<div class="menu"><h2>Редактирование</h2>
<form method="post"><center>
Введите название темы:</br> <input type="text" name="name" value="'.hsc($topic['name']).'"></br>
Описание:</br>
<textarea name="msg" class="wide" rows="3">'.hsc($topic['msg']).'</textarea></br>
<input type="submit" name="create" value="Редактировать"></center></form></div>';
back("/?firms&forum&razdel=$razdel[id]&topic=$topic[id]");
include_once'sys/foot.php';
}elseif($edit=="close"){
mysql_query("UPDATE `forum_firms` SET `lock` = '".($topic['lock']==0?1:0)."' WHERE `id` = '$topic[id]'");
header("location:/?firms&forum&razdel=$razdel[id]&topic=$topic[id]");
}else{
echo'<div class="block event"> <h3> <a href=/?firms&forum&razdel='.$razdel['id'].'> '.hsc($razdel['name']).' </a> / '.hsc($topic['name']).' </h3> </div>';
if(isset($_GET['ok'])){
mysql_query("DELETE FROM `forum_firms` WHERE `id_razdel` = '$topic[id]'");
mysql_query("DELETE FROM `forum_firms` WHERE `id` = '$topic[id]'");
$_SESSION['msg']="Тема успешно удалена";
header("location:/?firms&forum&razdel=$razdel[id]"); exit;
}
echo'<div class="block"> Вы действительно хотите удалить данную тему? </div>';
podtv("/?firms&forum&razdel=$razdel[id]&topic=$topic[id]&edit=".hsc($edit)."&ok","/?firms&forum&razdel=$razdel[id]&topic=$topic[id]");
include_once'sys/foot.php';
}
}
$q=mysql_query("SELECT * FROM `forum_firms` WHERE `id_razdel` = '$topic[id]' AND `type` = 'komm' AND `id_firm` = '$firm[id]' ORDER BY `id` ASC LIMIT 10");
echo'<div class="menu"> <h2> <a href=/?firms&forum&razdel='.$razdel['id'].'> '.hsc($razdel['name']).' </a> / '.hsc($topic['name']).' </h2>';
?>
<div class="textarea">
<div class="pan-4" align="center">
<a href="/?profile=<?php echo $topic['id_user']; ?> "> <font color="lime"> <?php echo nc($topic['id_user']); ?>
</a>
</div>
<p>
<font color="lime">
Сообщение:<br> <?php echo output_text($topic['msg'],$topic['id_user']); ?>
</font>
</p>
<table style="width:100%" cellspacing="0" cellpadding="0" valign="top">
<tbody><tr>
<td width="8%">
<a href="?"><div class="kn"><img src="/images/style/reload.png" width="24" height="24"></div></a>
</td>
<td width="15%" align="center">
</td>
<td width="40%" align="center">
смс: <span><?php echo mysql_num_rows($q); ?></span></td>
<td width="25%" align="center">
<a class="tdn nshd" href="/forum/topic/3/1/?to&id=1">[ответить]</a>
</td>
</tr></tbody>
</table>
</div>
<?php
/*echo'
'.nc($topic['id_user']).' <span class="small minor"> '.vremja($topic['time']).' </span></br>
'.output_text($topic['msg'],$topic['id_user']).' </div>';*/
if($topic['id_user']==$user['id'] OR $user['status']>0){
echo '
<a href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$topic['id'].'&edit=edit>
<div class="pan-1">
<img src="/images/icons/refresh.png" width="16" height="16"/>
Изменить топик
</div>
</a>
<a href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$topic['id'].'&edit=close>
<div class="pan-1">
<img src="/images/icons/clip.png" width="16" height="16"/>
'.($topic['lock']==0?'Закрыть':'Открыть').' топик
</div>
</a>
<a href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$topic['id'].'&edit=delete>
<div class="pan-1">
<img src="/images/icons/delete.png" width="16" height="16"/>
Удалить топик
</div>
</a>';
}
if($topic['lock']==1){
echo '<div class="pan-3"><center>Тема закрыта</center></div>';
}
if(isset($_GET['delete']) && $user['status']==3){
mysql_query("DELETE FROM `forum_firms` WHERE `id` = '".intval($_GET['delete'])."' LIMIT 1");
header("location:/?firms&forum&razdel=$razdel[id]&topic=$topic[id]"); exit;
}
if(mysql_num_rows($q)==0){ echo'<div class="pan-3"><center>Список комментариев пуст</center></div>'; }
else{
echo'<div class="textarea">';
while($post=mysql_fetch_assoc($q)){
echo''.nc($post['id_user']).''.vremja($post['time']).'</br>
'.($post['otvet']>0?nc($post['otvet']).', ':null).output_text($post['msg'],$post['id_user']).'<div class="line-2"></div>
'.($post['id_user']!=$user['id']?'
<a class="small minor" href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$topic['id'].'&otvet='.$post['id_user'].'> [ответить] </a>
<a class="small minor" href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$topic['id'].'&jalob='.$post['id'].'> [жалоба] </a> </span></br>
':null).($user['status']>0?'<a class="small minor" href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$topic['id'].'&delete='.$post['id'].'> [удалить] </a> </span></br>':null).'';
}
echo'</div>';
}
if($topic['lock']==0){
if(isset($_GET['msg_go']) && !$ban_act){
$msg=mysql_real_escape_string($_POST['msg']);
$otvet=intval($_POST['otvet']);
if($msg!=null){
mysql_query("INSERT INTO `forum_firms` SET `id_firm` = '$firm[id]',`otvet` = '$otvet',`type` = 'komm', `id_razdel` = '$topic[id]', `msg` = '$msg', `time` = '$time',`id_user` = '$user[id]'");
mysql_query("UPDATE `forum_firms` SET `visit` = '' WHERE `id` = '".$topic['id']."'");
mysql_query("UPDATE `forum_firms_name` SET `visit` = '' WHERE `id` = '".$razdel['id']."'");
header("location:/?firms&forum&razdel=$razdel[id]&topic=$topic[id]"); exit;
}else{err_game("Пустое поле сообщения");}
}
if(isset($ban_act)){
echo' <center> <div class="pan-3">У Вас активен обет молчания, Вы не можете писать</div> </center>';
}else{
?>
<form method="POST" action="/?firms&forum&razdel=<?php echo $razdel['id'];?>&topic=<?php echo $topic['id'];?>&msg_go" id="myform">
<div class="textarea">
<textarea style="width:93%;" rows="2" id="msg" name="msg"></textarea>
<input type="hidden" value="<?php echo $ank['nick']; ?>" name="nick">
<input type="hidden" value="<?php echo $ank['id']; ?>" name="d">
<input type="hidden" name="otvet" value="<?=$otvet;?>">
<table style="width:100%" cellspacing="0" cellpadding="0" valign="top">
<tbody><tr>
<td width="8%">
<a href="/?firms&forum&razdel=<?php echo $razdel['id'];?>&topic=<?php echo $topic['id'];?>"><div class="kn"><img src="/images/style/reload.png" width="24" height="24"></div></a>
</td>
<td width="25%">
</td>
<td width="20%" align="center">
<input type="submit" name="send" value="Написать">
</td>
<td width="9%" align="center">
<a onclick="smiles();return false;" class="flr m5" href="smiles">
<div class="kn">
<img src="/images/icons/5.png" width="24" height="24">
</div>
</a>
</td>
</tr>
</tbody>
</table>
</div>
</form>
<?php
echo '<script type="text/javascript" src="/js/smile.js"></script>
<div id="smiles" style="display: none; text-align: center;" class="textarea">';
$result = mysql_query('SELECT * FROM `smiles` ORDER BY `id` ASC');
while($posts=mysql_fetch_array($result)){
$exp=explode(',',$posts['name']);
?>
<span><a href="javascript:sml('msg', '<?=$exp[0];?>')"><img src="/images/smiles/<?=$posts[img];?>"></a></span>
<?
}
echo '</div>';
echo'</div>';
}
}
back("/?firms&forum&razdel=$razdel[id]"); include_once'sys/foot.php';
}
echo'<div class="menu"> <h2> <a href=/?firms&forum> Форум </a> / '.hsc($razdel['name']).' </h2></div>';
if(isset($_GET['new_topic']) && (($razdel['lock']==0) || ($razdel['lock']==1 && $fr_us['status']>=0) || ($razdel['lock']==3 && $fr_us['status']<=2))){
if(mysql_result(mysql_query("SELECT COUNT(*) FROM `ban` WHERE `id_user` = '$user[id]' AND ((`type` = 'ban' AND `time` > '$time') OR `type` = 'izgon') "),0)>0){
$ban=mysql_fetch_assoc(mysql_query("SELECT * FROM `ban` WHERE `id_user` = '$user[id]' AND ((`type` = 'ban' AND `time` > '$time') OR `type` = 'izgon') LIMIT 1"));
echo'<font color="red"> '.($ban['type']=="ban"?'Обет молчания на '.time_left($ban['time']-$time).'':'Изнание').', выдал '.nc($ban['id_who']).'('.hsc($ban['msg']).')</font><br/>';
back("/?firms&forum");
include_once'sys/foot.php';
}
if(isset($_POST['create'])){
$name=mysql_real_escape_string($_POST['name']);
$msg=mysql_real_escape_string($_POST['msg']);
if($name==null){ err_game("Пустое название темы"); $err=1; }
if($msg==null){ err_game("Пустое описание темы"); $err=1; }
if(empty($err)){
mysql_query("INSERT INTO `forum_firms` SET `id_firm` = '$firm[id]', `name` = '$name', `msg` = '$msg', `type` = 'tema', `time` = '$time',`id_user` = '$user[id]',`id_razdel` = '$razdel[id]'");
$_SESSION['msg']="Тема успешно создана";
header("location:/?firms&forum&razdel=$razdel[id]");
}
}
echo'
<form method="post"><center>
Введите название темы:</br> <input type="text" name="name"></br>
Описание:</br>
<textarea name="msg" class="wide" rows="3"></textarea></br>
<input type="submit" name="create" value="Создать тему"></center></form>';
back("/?firms&forum&razdel=$razdel[id]"); include_once'sys/foot.php';
}
$q=mysql_query("SELECT * FROM `forum_firms` WHERE `type` = 'tema' AND `id_razdel` = '$razdel[id]' AND `id_firm` = '$firm[id]' ORDER BY `id` DESC");
$visit=mysql_fetch_array(mysql_query("SELECT * FROM forum_firms_name WHERE id='".$razdel['id']."'"));
$visit_array=explode(',',$visit['visit']);
$visit_num=count($visit_array)+$sum_num;
if(!in_array($user['id'],$visit_array)){
$visit_array[$visit_num]=$user['id'];
mysql_query("UPDATE forum_firms_name SET visit='".implode(',',$visit_array)."' WHERE id='".$razdel['id']."'");
}
if(mysql_num_rows($q)==0){
echo'<center>Тем в данном разделе нет</center>';
}else{
while($post=mysql_fetch_assoc($q)){
?>
<a class="sp1 clrt1 t_norm " href="/?firms&forum&razdel=<?php echo $razdel['id']; ?>&topic=<?php echo $post['id']; ?>">
<img src="/images/style/topic.png" width="16" height="16" alt="+"> <span style="font-weight:bold;" class="link"><?php echo hsc($post['name']); ?></span>
</a>
<?php
/*$visit_array=explode(',',$post['visit']);
$visit_num=count($visit_array)+$sum_num;
echo (!in_array($user['id'],$visit_array)?'<img width="16" height="16" src="/images/icons/full-topic.png">':'<img width="16" height="16" src="/images/icons/full-topic.png">').'
<a href=/?firms&forum&razdel='.$razdel['id'].'&topic='.$post['id'].'> '.hsc($post['name']).' </a></br>';*/
}
}
if(($razdel['lock']==0) || ($razdel['lock']==1 && $fr_us['status']>=0) || ($razdel['lock']==2 && $fr_us['status']<=2)){
echo'<a href=/?firms&forum&razdel='.$razdel['id'].'&new_topic><div class="pan-1"> <img src="/images/icons/gers.png" width="16" height="16" alt="bot">Создать тему</div></a>';
}
back("/?firms&forum"); include_once'sys/foot.php';
}
echo'<div class="b-top"> <h2> <a href=/?firms> '.hsc($firm['name']).' </a> / Форум </h2> </div>';
if(isset($_GET['new']) && $fr_us['status']<=2){
if(isset($_POST['add'])){
$name=mysql_real_escape_string($_POST['razdel']);
$lock=intval($_POST['lock']); $dostup=intval($_POST['dostup']);
if($name!=null){
mysql_query("INSERT INTO `forum_firms_name` SET `name` = '$name',`lock` = '$lock', `dostup` = '$dostup', `id_firm` = '$firm[id]'");
$_SESSION['msg']="Раздел успешно создан";
header("location:/?firms&forum"); exit;
}else{err_game("Название раздела не может быть пустым");}
}
echo'<form method="post"><center>
Введите название раздела:</br><input type="text" name="razdel" value=""></br>
Темы создают:</br><select name="lock">
<option value="0"> Все пользователи </option>
<option value="1"> Только участники </option>
Доступ в раздел:</br><select name="dostup">
<option value="0"> Все пользователи </option>
<option value="1"> Только участники </option></select></br>
<input type="submit" name="add" value="Создать"></center></form>';
back("/?firms&forum");
include_once'sys/foot.php';
}
if(isset($_GET['moderate']) && isset($_GET['edit']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `forum_firms_name` WHERE `id`='".(intval($_GET['edit']))."' AND `id_firm` = '$firm[id]'"),0) && isset($_GET['type']) && $fr_us['status']<=2){
$edit=hsc($_GET['type']); $forum_firms_name=mysql_fetch_assoc(mysql_query("SELECT * FROM `forum_firms_name` WHERE `id` = '".(intval($_GET['edit']))."' LIMIT 1"));
if($edit=="edit"){
if(isset($_POST['edits'])){
$name=mysql_real_escape_string($_POST['razdel']);
$lock=intval($_POST['lock']); $dostup=intval($_POST['dostup']);
if($name!=null){
mysql_query("UPDATE `forum_firms_name` SET `name` = '$name',`lock` = '$lock', `dostup` = '$dostup' WHERE `id` = '".(intval($_GET['edit']))."'");
$_SESSION['msg']="Редактирование успешно завершено";
header("location:/?firms&forum"); exit;
}else{err_game("Название раздела не может быть пустым");}
}
echo'<div class="block"> <form method="post">
Введите название раздела:</br><input type="text" name="razdel" value="'.hsc($forum_firms_name['name']).'"></br>
Темы создают:</br><select name="lock">
<option '.($forum_firms_name['lock']==0?'selected':null).' value="0"> Все пользователи </option>
<option '.($forum_firms_name['lock']==1?'selected':null).' value="1"> Только участники </option>
Доступ в раздел:</br><select name="dostup">
<option '.($forum_firms_name['dostup']==0?'selected':null).' value="0"> Все пользователи </option>
<option '.($forum_firms_name['dostup']==1?'selected':null).' value="1"> Только участники </option></select></br>
<input type="submit" name="edits" value="Редактировать"></form></div>';
back("/?firms&forum"); include_once'sys/foot.php';
}else{
if(isset($_GET['ok'])){
mysql_query("DELETE FROM `forum_firms` WHERE `id_razdel` = '$forum_firms_name[id]'");
mysql_query("DELETE FROM `forum_firms_name` WHERE `id` = '$forum_firms_name[id]'");
$_SESSION['msg']="Раздел успешно удален";
header("location:/?firms&forum");exit;
}
echo'<div class="block"> Вы действительно хотите удалить данный раздел </div>';
podtv("/?firms&forum&moderate&edit=$forum_firms_name[id]&type=$edit&ok","/?firms&forum&moderate");
include_once'sys/foot.php'; exit;
}
}
$q=mysql_query("SELECT * FROM `forum_firms_name` WHERE `id_firm` = '$firm[id]' ORDER BY `id` ASC");
if(mysql_num_rows($q)==0){
echo'<div class="textarea"> Разделов на форуме нет </div>';
}else{
while($post=mysql_fetch_assoc($q)){
?>
<a class="sp2 clrt1 t_norm textarea" href="/?firms&forum&razdel=<?php echo $post['id']; ?>">
<img src="/images/icons/forum.png" width="16" height="16" alt="+">
<span style="font-weight:bold;" class="link"><?php echo hsc($post['name']); ?></span><br>
<?php
if(isset($_GET['moderate']) && $fr_us['status']<=2):
?>
<small>
<a href=/?firms&forum&moderate&edit=<?php echo $post['id']; ?>&type=edit> <img width="16" height="16" src="/images/icons/refresh.png"> </a>
<a href=/?firms&forum&moderate&edit=<?php echo $post['id']; ?>&type=delete> <img width="16" height="16" src="/images/icons/delete.png"> </a>
</small>
<?php
endif;
?>
</a>
<?php
/*$visit_array=explode(',',$post['visit']);
$visit_num=count($visit_array)+$sum_num;
echo (!in_array($user['id'],$visit_array)?'<img width="16" height="16" src="/images/icons/forum.png">':'<img width="16" height="16" src="/images/icons/folder.png">').'
<a href=/?firms&forum&razdel='.$post['id'].'> '.hsc($post['name']).' </a>
'.((isset($_GET['moderate']) && $fr_us['status']<=2)?'<a href=/?firms&forum&moderate&edit='.$post['id'].'&type=edit> <img width="16" height="16" src="/images/icons/refresh.png"> </a> | <a href=/?firms&forum&moderate&edit='.$post['id'].'&type=delete> <img width="16" height="16" src="/images/icons/delete.png"> </a>':null).'
</br>';*/
}
}
if($fr_us['status']<=2){
?>
<a href="/?firms&forum&new">
<div class="pan-1">
<img src="/images/icons/gers.png" width="16" height="16" alt="bot"> Создать раздел
</div>
</a>
<a href="/?firms&forum&moderate">
<div class="pan-1">
<img src="/images/icons/gers.png" width="16" height="16" alt="bot"> Управление
</div>
</a>
<div class="line-2"></div>
<?php
}
back("?firms");
include_once'sys/foot.php';
}