Файл: forum/newpost.php
Строк: 51
<?php
/*
------------------------------
##############################
- Загруз Центр -
- by Kemel -
- Форум -
##############################
------------------------------
*/
define('ROOT','../');
define('Loads',true);
require_once (ROOT.'system/power.php');
$maxupload = 10240 * 1024;
if ($aut) {
if ($id) {
$sql = $db -> query("SELECT `id`,`name` FROM `forum` WHERE `id` = '".$id."' AND `type` = 't' LIMIT 1");
if ($sql -> num_rows > 0) {
$razdel = $sql -> fetch_row();
if (empty($_POST['text'])) {
$diz -> head('Пишем сообщение');
$diz -> title($razdel[1]);
if (isset($_GET['cit'])) $cit = '&cit='.(int)$_GET['cit']; else $cit = '';
$value = isset($_GET['otv']) ? '[b]'.htmlentities($_GET['otv'],ENT_QUOTES,'UTF-8').'[/b], ' : '';
$page = isset($_GET['page']) ? (int)$_GET['page'] : '1';
$msg = '
<form action="newpost.php?id='.$id.$cit.'&page='.$page.'" method="post" enctype="multipart/form-data"><div>
Введите текст сообщения:<br/>
<textarea name="text" rows="3" cols="15">'.$value.'</textarea><br/>
Прикрепить файл(max.10мб):<br/>
<input type="file" name="file"/><br/>
<input type="submit" value="Написать"/>
</div></form><br/>';
$msg .= $diz -> img('folder.png').'<a href="index.php?id='.$razdel[0].'">'.$razdel[1].'</a>';
$diz -> out($msg);
} else {
$cyt = '';
if (isset($_GET['cit'])) {
$cit = abs((int)$_GET['cit']);
$sq = $db -> query("SELECT `name`,`text` FROM `forum` WHERE `id` = '".$cit."' AND `type` = 'm' AND `fid` = '".$id."'");
if ($sq -> num_rows > 0) {
$txt = $sq -> fetch_row();
$cyt = '<div class="cit"><span style="color:blue">'.$txt[0].'</span>: '.$txt[1].'</div>';
}
}
//Прикрепляем файл
if ($_FILES['file']['size'] > 0 and $_FILES['file']['size'] < $maxupload) {
$fname = $func -> check($_FILES['file']['name']);
$size = 0;
$ext = pathinfo(mb_strtolower($fname),PATHINFO_EXTENSION);
if ($ext != 'php' && $ext != 'php5' && $ext != 'php4') {
$fname = mt_rand(1000,99999).'.'.$ext;
while (file_exists(ROOT.'forum/files/'.$fname)) {
$fname = mt_rand(1000,99999).'.'.$ext;
}
if (move_uploaded_file($_FILES['file']['tmp_name'], ROOT.'forum/files/'.$fname)) {
$file = $fname;
$size = (int)$_FILES['file']['size'];
}
}
}
$text = $cyt.$func -> tags($func -> check($_POST['text']));
$db -> multi_query("INSERT INTO `forum` SET `fid` = '".$id."', `type` = 'm', `name` = '".$ya['login']."', `text` = '".$text."',
`file` = '".$file."', `size` = '".$size."',
`ip` = '".$ip."', `browser` = '".$browser."',
`time` = '".time()."'; UPDATE `forum` SET `time` = '".time()."' WHERE `id` = '".$id."'");
$page = isset($_GET['page']) ? (int)$_GET['page'] : '1';
header('location: index.php?id='.$id.'&page='.$page);
}
} else header('location: index.php?id='.$id);
} else header('location: index.php');
} else header('location: index.php');
?>