Файл: vsime.com/anekdots/index.php
Строк: 528
<?
include('../system/includes/system.php');
$navigation = "<a href='/anekdots'>Анекдоты</a>";
$title = 'Анекдоты'; // заголовок страницы
if (isset($_GET['anekdot'])) {
$anekdot = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots` WHERE `id` = '".intval(@$_GET['anekdot'])."'"));
if (!$anekdot['id']) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Анекдот не найден");
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots_cats` WHERE `id` = '$anekdot[id_cat]'"));
$title .= ' - '.hsc($cat['name']);
$navigation .= " > <a href='?cat=$cat[id]'>".hsc($cat['name'])."</a>";
ex_head();
$rating = array();
$rating['all'] = $anekdot['rating'];
$rating['up'] = mysqli_result("SELECT COUNT(*) FROM `anekdots_rating` WHERE `id_anekdot` = '$anekdot[id]' AND `type` = 'up'");
$rating['down'] = mysqli_result("SELECT COUNT(*) FROM `anekdots_rating` WHERE `id_anekdot` = '$anekdot[id]' AND `type` = 'down'");
$creator = profile($anekdot['id_user']);
$my_rating = mysqli_result("SELECT COUNT(*) FROM `anekdots_rating` WHERE `id_anekdot` = '$anekdot[id]' AND `id_user` = '$user[id]'");
if ($anekdot['moderate'] == 0 && $user['level'] < 3) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Анекдот еще не проверен администраторами");
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['rating']) && ($_GET['rating'] == 'up' || $_GET['rating'] == 'down') && !$my_rating) {
if ($_GET['rating'] == 'up')$irat = $rating['all'] + 1; else $irat = $rating['all'] - 1;
mysqli_query($dbi, "INSERT INTO `anekdots_rating` SET `id_anekdot` = '$anekdot[id]', `id_user` = '$user[id]', `type` = '".my_esc($_GET['rating'])."'");
mysqli_query($dbi, "UPDATE `anekdots` SET `rating` = '$irat' WHERE `id` = '$anekdot[id]'");
locon("?anekdot=$anekdot[id]");
exit();
}
echo "<div class='list'>n";
echo profile_icon($creator['id']).profile_nick($creator['id'], 1).profile_medal($creator['id']);
echo "</div>n";
echo " <div class='list'>n";
if ($user['level'] >= 3) {
echo "<span style='float: right;'><a href='?moderate=edit_anekdot&anekdot_id=$anekdot[id]'>$config[code_edit]</a> <a href='?moderate=delete_anekdot&anekdot_id=$anekdot[id]'>$config[code_delete]</a></span>n";
}
echo output_text($anekdot['text'], $creator['id'])."n";
echo "<br />n";
echo (!$my_rating?"<a href='?anekdot=$anekdot[id]&rating=up'>":NULL).imgsd('hand_up.png').(!$my_rating?"</a>":NULL)." ".$rating['up']." ".(!$my_rating?"<a href='?anekdot=$anekdot[id]&rating=down'>":NULL).imgsd('hand_down.png').(!$my_rating?"</a>":NULL)." ".$rating['down']."n";
echo "</div>n";
$count_results = mysqli_result("SELECT COUNT(*) FROM `anekdots_comments` WHERE `id_anekdot` = '$anekdot[id]'");
if ($count_results > 0) {
echo "<div class='list'>n";
echo imgsd('message.png')." ".sklon_text($count_results, array('комментарий', 'комментария', 'комментариев'))."<br />n";
echo "</div>n";
}
$count_pages = navi :: count_pages($count_results);
$page = navi :: page();
$start = navi :: start_pages();
if(isset($user) && isset($_GET['like']) && mysqli_result("SELECT COUNT(*) FROM `anekdots_comments` WHERE `id` = '".intval($_GET['like'])."' AND `id_anekdot` = '$anekdot[id]'"))layki(intval($_GET['like']), 'anekdots_comments');
$query = mysqli_query($dbi, "SELECT * FROM `anekdots_comments` WHERE `id_anekdot` = '$anekdot[id]' ORDER BY `id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query)) {
$like_count = 0;
$array=explode("|", $post['layki']);
foreach ($array as $key => $value)
{
if($value!=NULL)
{
$like_count++;
if($value==$user['id'] && isset($user))$like["$post[id]"] = 1;
}
}
if(isset($user))
{
$like_count=0;
$array=explode("|", $post['layki']);
foreach ($array as $key => $value)
{
if($value!=NULL)
{
$like_count++;
if($value==$user['id'])$ulike=1;
}
}
}
$ank = profile($post['id_user']);
echo " <div class='list'>n";
echo "<div class='left'>n";
echo show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo " (".vremja($post['time']).")n";
echo "<span class='right'>n";
if ($user['level'] >= 3)echo " <a href='?anekdot=$anekdot[id]&delete=$post[id]&mdp=$mdp'>$config[code_delete]</a>n";
if(isset($user) && $user['id']==$ank['id'] && $post['time']>time()-600)echo "<a href='?anekdot=$anekdot[id]&edit=$post[id]'>$config[code_edit]</a>n";
echo "</span>n";
echo "<br />n";
echo output_text($post['message'], $ank['id'])."<br />n";
echo "<span class='right like'>".(isset($user)?"<a href='?anekdot=$anekdot[id]&like=$post[id]&page=$page' class='fav_link".(isset($like["$post[id]"])?" favorited":NULL)."'></a>":"<img src='/i/site/like.png' />")." $like_count</span>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
navi :: pages_show("?anekdot=$anekdot[id]&");
if (isset($user)) {
if (isset($_POST['submited'])) {
if_user('activated');
if (hsc(@$_POST['mdp']) == $mdp) {
$message = $_POST['message'];
if (strlen2(trim($message)) < 1)$error[] = "Введите сообщение";
elseif (strlen2($message) > 1024)$error[] = "Сообщение слишком длинное";
if (!isset($error)) {
mysqli_query($dbi, "INSERT INTO `anekdots_comments` SET `id_anekdot` = '$anekdot[id]', `time` = '".time()."', `id_user` = '$user[id]', `message` = '".my_esc($message)."'");
locon("?anekdot=$anekdot[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
echo "<div class=list><form method='POST' action=''>n";
echo "Ваше сообщение:<br />n";
echo "<textarea name='message' rows='5' cols='17' style='width: 95%;'></textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Отправить' /><br />n";
echo "</form></div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots/?cat=$anekdot[id_cat]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_GET['cat'])) {
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots_cats` WHERE `id` = '".intval(@$_GET['cat'])."'"));
if (!$cat['id']) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Категория не найдена");
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
$title .= ' - '.hsc($cat['name']);
$navigation .= " > <a href='?cat=$cat[id]'>".hsc($cat['name'])."</a>";
ex_head();
if (isset($_GET['added']) && $user['level'] >= 3)$added = 1;
if (isset($added)) {
if (isset($_GET['add'])) {
$anekdot = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots` WHERE `id` = '".intval(@$_GET['add'])."'"));
if ($anekdot['id']) {
mysqli_query($dbi, "UPDATE `anekdots` SET `moderate` = '1' WHERE `id` = '$anekdot[id]'");
locon("?cat=$cat[id]&added=show");
exit();
}
}
}
$count_added = mysqli_result("SELECT COUNT(*) FROM `anekdots` WHERE `id_cat` = '$cat[id]' AND `moderate` = '0'");
echo "<div class='grand_h'>n";
echo imgsd('category_blue.png')." ".hsc($cat['name']).($count_added > 0 && $user['level'] >= 3?" <a href='?cat=$cat[id]&added=show'><span class='spared'>(+$count_added)</span></a>":NULL)."n";
echo "</b>n";
if ($user['level'] >= 3) {
echo " <a href='?moderate=edit_cat&cat_id=$cat[id]'>".imgsd('edit.png')."</a> <a href='?moderate=delete_cat&cat_id=$cat[id]'>".imgsd('delete.png')."</a>n";
}
echo " </div>n";
$count_results = mysqli_result("SELECT COUNT(*) FROM `anekdots` WHERE `id_cat` = '$cat[id]' AND `moderate` = '".(isset($added)?0:1)."'");
$count_pages = navi :: count_pages($count_results);
$page = navi :: page();
$start = navi :: start_pages();
$query = mysqli_query($dbi, "SELECT * FROM `anekdots` WHERE `id_cat` = '$cat[id]' AND `moderate` = '".(isset($added)?0:1)."' ORDER BY `id` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query)) {
$count_comments = mysqli_result("SELECT COUNT(*) FROM `anekdots_comments` WHERE `id_anekdot` = '$post[id]'");
echo " <div class='list'>n";
if (isset($added)) {
echo "<span class='right'><a href='?cat=$cat[id]&added=show&add=$post[id]'>".imgsd('add.png')."</a> <a href='?moderate=delete_anekdot&anekdot_id=$post[id]'>".imgsd('delete.png')."</a></span>n";
}
echo output_text($post['text'], $post['id_user'])."n";
echo "<br />n";
echo imgsd('message.png')." <a href='?anekdot=$post[id]'>Обсудить".($count_comments?" ($count_comments)":NULL)."</a>n";
echo " </div>n";
}
navi :: pages_show("?cat=$cat[id]".(isset($added)?"&added=show":NULL)."&");
if (!isset($added)) {
echo "<div class='mod_grad'>n";
echo imgsd('add.png')." <a href='?moderate=add_anekdot&cat_id=$cat[id]'>Добавить анекдот</a><br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='".(!isset($added)?"/anekdots":"?cat=$cat[id]")."'>Назад</a>n";
echo "</div>n";
ex_foot();
}
switch (my_esc(@$_GET['moderate'])):
case 'add_cat':
if ($user['level'] >= 3) {
$name = NULL;
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$name = $_POST['name'];
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
elseif (strlen2($name) > 128)$error[] = 'Название не должно быть длиннее 128-ми символов';
if (!isset($error)) {
mysqli_query($dbi, "INSERT INTO `anekdots_cats` SET `name` = '".my_esc($name)."'");
locon("/anekdots");
exit();
}
} else hacked_by_Killer();
}
ex_head();
show_errors();
echo "<form method='POST' action=''>n";
echo "Название категории:<br />n";
echo "<input type='text' name='name' value='".input_value($name)."'><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Добавить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
break;
case 'edit_cat':
if ($user['level'] >= 3) {
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots_cats` WHERE `id` = '".intval(@$_GET['cat_id'])."'"));
if (!$cat['id']) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Категория не найдена");
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
$name = $cat['name'];
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$name = $_POST['name'];
if (strlen2(trim($name)) < 1)$error[] = 'Введите название';
elseif (strlen2($name) > 128)$error[] = 'Название не должно быть длиннее 128-ми символов';
if (!isset($error)) {
mysqli_query($dbi, "UPDATE `anekdots_cats` SET `name` = '".my_esc($name)."' WHERE `id` = '$cat[id]'");
locon("/anekdots/?cat=$cat[id]");
exit();
}
} else hacked_by_Killer();
}
ex_head();
show_errors();
echo "<form method='POST' action=''>n";
echo "Название категории:<br />n";
echo "<input type='text' name='name' value='".input_value($name)."'><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots/?cat=$cat[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
break;
case 'delete_cat':
if ($user['level'] >= 3) {
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots_cats` WHERE `id` = '".intval(@$_GET['cat_id'])."'"));
if (!$cat['id']) {
$title .= ' - Ошибка!';
ex_head();
$error[] = "Категория не найдена";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `anekdots_cats` WHERE `id` = '$cat[id]'");
$query = mysqli_query($dbi, "SELECT * FROM `anekdots` WHERE `id_cat` = '$cat[id]'");
while ($post = mysqli_fetch_array($query)) {
mysqli_query($dbi, "DELETE FROM `anekdots` WHERE `id` = '$post[id]'");
mysqli_query($dbi, "DELETE FROM `anekdots_comments` WHERE `id_anekdot` = '$post[id]'");
mysqli_query($dbi, "DELETE FROM `anekdots_rating` WHERE `id_anekdot` = '$post[id]'");
}
locon("/anekdots");
} else hacked_by_Killer();
}
ex_head();
show_errors();
echo "<form method='POST' action=''>n";
echo "Вы действительно хотите удалить категорию и все находящиеся в ней анекдоты?<br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Да, удалить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots/?cat=$cat[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
break;
case 'edit_anekdot':
if ($user['level'] >= 3) {
$anekdot = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots` WHERE `id` = '".intval(@$_GET['anekdot_id'])."'"));
if (!$anekdot['id']) {
$title .= ' - Ошибка!';
ex_head();
$error[] = "Анекдот не найден";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
$text = $anekdot['text'];
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$text = $_POST['text'];
if (strlen2(trim($text)) < 1)$error[] = 'Введите текст';
elseif (strlen2($text) > 5120)$error[] = 'Текст не должен быть длиннее 5120-ми символов';
if (!isset($error)) {
mysqli_query($dbi, "UPDATE `anekdots` SET `text` = '".my_esc($text)."' WHERE `id` = '$anekdot[id]'");
locon("/anekdots/?anekdot=$anekdot[id]");
exit();
}
} else hacked_by_Killer();
}
ex_head();
show_errors();
echo "<form method='POST' action=''>n";
echo "Текст анекдота:<br />n";
echo "<textarea name='text' rows='5' cols='17' style='width: 95%;'>".input_value($text)."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots/?anekdot=$anekdot[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
break;
case 'delete_anekdot':
if ($user['level'] >= 3) {
$anekdot = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots` WHERE `id` = '".intval(@$_GET['anekdot_id'])."'"));
if (!$anekdot['id']) {
$title .= ' - Ошибка!';
ex_head();
$error[] = "Анекдот не найден";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots'>Назад</a>n";
echo "</div>n";
ex_foot();
}
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `anekdots` WHERE `id` = '$anekdot[id]'");
mysqli_query($dbi, "DELETE FROM `anekdots_comments` WHERE `id_anekdot` = '$anekdot[id]'");
mysqli_query($dbi, "DELETE FROM `anekdots_rating` WHERE `id_anekdot` = '$anekdot[id]'");
locon("/anekdots/?cat=$anekdot[id_cat]".($anekdot['moderate'] == 0?"&added=show":NULL)."");
exit();
} else hacked_by_Killer();
}
ex_head();
show_errors();
echo "<form method='POST' action=''>n";
echo "Вы действительно хотите удалить выбранный анекдот?<br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Да, удалить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots/".($anekdot['moderate'] == 0?"?cat=$anekdot[id_cat]&&added=show":"?anekdot=$anekdot[id]")."'>Назад</a>n";
echo "</div>n";
ex_foot();
}
break;
case 'add_anekdot':
if (isset($user)) {
$cat = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `anekdots_cats` WHERE `id` = '".intval(@$_GET['cat_id'])."'"));
if (!$cat['id']) {
$title .= ' - Ошибка!';
ex_head();
$error[] = "Категория не найдена";
show_errors();
include('../sys/inc/tfoot.php');
exit();
}
if_user('activated');
$text = NULL;
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$text = $_POST['text'];
if (strlen2(trim($text)) < 1)$error[] = 'Введите текст';
elseif (strlen2($text) > 5120)$error[] = 'Текст не должен быть длиннее 5120-ми символов';
if (!isset($error)) {
mysqli_query($dbi, "INSERT INTO `anekdots` SET `text` = '".my_esc($text)."', `id_user` = '$user[id]', `time` = '".time()."', `id_cat` = '$cat[id]'");
msg("Ваш анекдот успешно добавлен. Дождитесь пока администрация проверит его.");
msg_sess("Ваш анекдот успешно добавлен. Дождитесь пока администрация проверит его.");
locon("?cat=$cat[id]");
exit();
}
} else hacked_by_Killer();
}
ex_head();
show_errors();
echo "<form method='POST' action=''>n";
echo "Текст анекдота:<br />n";
echo "<textarea name='text' rows='5' cols='17' style='width: 95%;'>".input_value($text)."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить' /><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/anekdots/?cat=$cat[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
} else {
locon("/login");
exit();
}
break;
endswitch;
ex_head();
$query = mysqli_query($dbi, "SELECT * FROM `anekdots_cats` ORDER BY `name`");
while ($post = mysqli_fetch_array($query)) {
$count_added = mysqli_result("SELECT COUNT(*) FROM `anekdots` WHERE `id_cat` = '$post[id]' AND `moderate` = '0'");
echo " <div class='list'>n";
echo imgsd('category_blue.png')." <a href='?cat=$post[id]'>";
echo hsc($post['name'])."n";
echo " (".mysqli_result("SELECT COUNT(*) FROM `anekdots` WHERE `id_cat` = '$post[id]' AND `moderate` = '1'").") ".($count_added > 0 && $user['level'] > 3?" <span class='spared'>+$count_added</span>":NULL)."</a>n";
echo "</div>n";
}
if ($user['level'] >= 3) {
echo "<div class='foot'>n";
echo imgsd('add.png')." <a href='?moderate=add_cat'>Добавить категорию</a><br />n";
echo "</div>n";
}
ex_foot();
?>