Файл: plugins/news.php
Строк: 80
<?
if (isset($_GET['delete'])) {
$delete = (int) $_GET['delete'];
$delete = $sql -> fetch("SELECT * FROM `news` WHERE `id` = '$delete' LIMIT 1");
if ($delete['id'] && $level > 1) {
if ($user['id'] != $delete['id_user']) {
admin_log($user['id'], 'Новости|Удаление новости', 'Удаление новости "' . $delete['msg'] . '"');
}
$sql -> delete("DELETE FROM `news_comments` WHERE `id_news` = '$delete[id]' ");
$sql -> delete("DELETE FROM `news` WHERE `id` = '$delete[id]' LIMIT 1");
$messages[] = 'Новость успешно удалена';
}
}
if (isset($_POST['msg']) && $level > 2) {
$msg = $sql->esc($_POST['msg']);
$name = $sql->esc($_POST['name']);
if (strlen2($msg) > 10240) {
$err[] = 'Новость слишком длинная';
} elseif (strlen2($msg) < 2) {
$err[] = 'Новость слишком короткая';
}
if (strlen2($name) > 128) {
$err[] = 'Название слишком длинное';
} elseif (strlen2($name) < 2) {
$err[] = 'Название слишком короткое';
}
if (!isset($err)) {
$sql -> insert("INSERT INTO `news` (`id_user`, `name`, `time`, `msg`) VALUES ('" . $user['id'] . "', '" . $name . "', '$time', '$msg')");
$_SESSION['message'] = 'Новость успешно создана';
header('Location: /?func=' . $func . '&sid=' . mt_rand(000, 999));
exit;
}
}
$system['title'] = 'Новости';
require SYS . 'header.php';
if ($level > 2 && isset($_GET['create'])) {
$placeholder = 'Текст новости..';
?>
<form action="/?func=<?= $func?>&sid=<?= mt_rand(000, 999)?>&create" method="POST" style="margin: 2px;">
Название:<br /><input type="text" name="name" value="" /><br />
<? if (is_file(THEME . 'php/form.textarea.php')) {
require THEME . 'php/form.textarea.php';
} else {
?><textarea style="width: 75%;" name="msg" id="msg" placeholder="Текст новости..."></textarea><br /><?
}
?>
<button type="submit" class="btn">Создать</button>
</form>
<?
} else {
$k_post = $sql -> selectCount("SELECT COUNT(*) FROM `news`");
if ($k_post == 0) {
?>
<div class="alert" style="margin: 2px;">Нет новостей</div>
<?
} else {
$k_page = k_page($k_post, $system['page_str']);
$page = page($k_page);
$start = $system['page_str'] * $page - $system['page_str'];
$array = $sql -> select("SELECT * FROM `news` where `close` = '0' ORDER BY `time` DESC LIMIT $start, $system[page_str]");
foreach ($array AS $post) {
$count_news = $sql -> fetch("
SELECT COUNT(*) AS comments,
(SELECT COUNT(*) FROM `news_comments` WHERE `time` > '" . mktime(0, 0, 0) . "' AND `id_news` = '$post[id]') AS 'comments_new'
FROM `news_comments` WHERE `id_news` = '$post[id]'");
?>
<div class="nav2" id="news-<?= $post['id']?>">
<? if ($level > 2) { ?>
<a href="/?func=<?= $func?>&delete=<?= $post['id']?>&page=<?= $page?>" class="close">×</a>
<? } ?>
<a href="/?func=news.comments&id=<?= $post['id']?>"><i class="icon-list-alt"></i> <b><?= text($post['name'])?></b></a> (<?= $count_news['comments']?>) <?= ($count_news['comments_new'] > 0 ? '<span class="off">+' . $count_news['comments_new'] . '</span>' : '')?>
</div>
<div class="nav1">
<?= text_out($post['msg'])?><br />
Опубликовал: <?= login($post['id_user'], 1)?> (<?= vremja($post['time'])?>)
</div>
<?
}
if ($k_page > 1) {
str('/news.html?', $k_page, $page);
}
}
if ($level > 2) {
?>
<div class="foot">
<a href="/?func=<?= $func?>&create"><i class="icon-plus-sign"></i> Добавить новость</a><br />
</div>
<?
}
}
?>