Файл: vsime.com/chat/inc/act_room.php
Строк: 445
<?
$room = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `type` = 'room' AND `id` = '".intval($_GET['id'])."'"));
if($room == NULL) {
$title .= ' - Ошибка!';
ex_head();
show_errors("Комната не найдена.");
ex_foot();
}
// Приход в комнату, уведомление о этом
mysqli_query($dbi, "DELETE FROM `chat_who` WHERE `time` < '".($time-120)."'");
if (isset($user) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_who` WHERE `id_user` = '$user[id]' AND `id_room` = '$room[id]'"))==0)
{
mysqli_query($dbi, "DELETE FROM `chat_who` WHERE `id_user` = '$user[id]'");
mysqli_query($dbi, "INSERT INTO `chat_who` (`id_user`, `time`, `id_room`) values('$user[id]', '$time', '$room[id]')");
$message="[b]$user[nick][/b] вош".($user['anketa']['pol']==1?'eл':'ла')." в комнату";
$lpost=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id_user` = '0' AND `id_room` = '$room[id]' AND `type` = 'post' ORDER BY `time` DESC LIMIT 1"));
if ($lpost['message']!=$message)mysqli_query($dbi, "INSERT INTO `chat` (`id_user`, `time`, `message`, `id_room`, `type`) values('0', '$time', '$message', '$room[id]', 'post')");
else mysqli_query($dbi, "UPDATE `chat` SET `time` = '$time' WHERE `id` = '$lpost[id]'");
}
elseif(isset($user))mysqli_query($dbi, "UPDATE `chat_who` SET `time` = '$time' WHERE `id_user` = '$user[id]' AND `id_room` = '$room[id]'");
// Выдаем оповещение о том, что вас киkнули
if(isset($user) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_kick` WHERE `id_room` = '$room[id]' AND `id_user` = '$user[id]' AND `time` > '$time' LIMIT 1"))==1) {
$title .= ' - Ошибка!';
ex_head();
$error[] = "Вы нарушили правила общения в Чате (комната "<a href='/chat/?act=room&id=$room[id]'>".hsc($room['name'])."</a>"), за что Вам закрыт доступ к данной комнате!";
show_errors();
ex_foot();
}
// кто здесь?
if(isset($_GET['who_there']))
{
$title .= " - ".hsc($room['name'])." - Кто здесь?";
ex_head();
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_who` WHERE `id_room` = '$room[id]'"));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
$query = mysqli_query($dbi, "SELECT * FROM `chat_who` WHERE `id_room` = '$room[id]' ORDER BY `time` DESC LIMIT $start, $config[rop]");
if ($count_results==0)
{
echo "<div class='list_empty'>n";
echo "В комнате "$room[name]" никого нет !n";
echo "</div>n";
}
while ($post = mysqli_fetch_array($query))
{
$ank = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
pages_show("?act=room&id=$room[id]&who_there&"); // Вывод страниц
echo "<div class='foot'>n";
echo image_back()." <a href='?act=room&id=$room[id]'>В комнату</a>n";
echo "</div>n";
ex_foot();
}
// ответ на сообщение
if(isset($_GET['reply']))
{
if_user('is_reg');
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['reply'])."' AND `id_room` = '$room[id]' AND `type` = 'post' LIMIT 1"));
if($komm == NULL)
{
$title .= ' - Ошибка!';
ex_head();
$error[] = "Комментарий не найденn";
show_errors();
ex_foot();
}
$ank=profile($komm['id_user']);
$title .= " - ".hsc($room['name'])." - Ответить";
ex_head();
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo "<br />n";
echo output_text($komm['message'], $ank['id']);
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
if (banned('chat', $user['id'], 1)) {
banned('chat', $user['id']);
} else {
input_bbs();
echo "<form method='post' name='form' action='?act=room&id=$room[id]' >n";
echo "Сообщение (1024 знаков)<br />n";
echo "<textarea name='message' id='textarea' rows='5' cols='17' style='width: 95%'></textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='hidden' name='uid' value='$user[id]'>n";
echo "<label><input type='checkbox' name='private' value='1' /> Приватно</label><br />n";
echo "<input type='hidden' name='reply' value='$ank[id]'>";
echo "<input type='hidden' name='komm_reply' value='$komm[id]'>";
echo "<input value='Отправить' type='submit' name='submited'/>n";
echo "</form>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=room&id=$room[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
// редактирование комментария
if(isset($_GET['edit']))
{
if_user('is_reg');
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['edit'])."' AND `id_room` = '$room[id]' AND `type` = 'post' LIMIT 1"));
if($komm == NULL)
{
$title .= " - Ошибка!";
ex_head();
$error[] = "Комментарий не найден";
show_errors();
ex_foot();
}
$ank=profile($komm['id_user']);
if($user['id']==$ank['id'] && $komm['time']>time()-600)
{
$title .= " - ".hsc($room['name'])." - Редактировать";
ex_head();
if(isset($_POST['submited']) && isset($_POST['message']))
{
if(hsc(@$_POST['mdp'])==$mdp)
{
$message=$_POST['message'];
if (strlen2($message)>1024){$error[] = 'Сообщение слишком длинное';}
if (strlen2(trim($message))<1){$error[] = 'Короткое сообщение';}
$message=my_esc($message);
if(!isset($error)){
mysqli_query($dbi, "UPDATE `chat` SET `message` = '$message' WHERE `id` = '$komm[id]' AND `type` = 'post'");
header("Location:?act=room&id=$room[id]");
exit();
}
} else hacked_by_Killer();
}
input_bbs();
echo "<form method='post' action=''>n";
echo "Сообщение (1024 знаков)<br/>n";
echo "<textarea name='message' id='textarea' rows='5' cols='17' style='width: 95%'>".input_value($komm['message'])."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='hidden' name='uid' value='$user[id]'>n";
echo "<input type='submit' name='submited' value='Сохранить'/> <a href='?act=room&id=$room[id]'>Назад</a><br />n";
echo "</form>n";
ex_foot();
}
}
// очистка kомнаты от сообщений
if(isset($_GET['clean']))
{
if (!isset($moderate_chat))access_denied();
$title .= "Чат - ".hsc($room['name'])." - Очистить";
ex_head();
if(isset($_GET['all']))
{
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `chat` WHERE `id_room` = '$room[id]' AND `type` = 'post'");
header("Location:?act=room&id=$room[id]");
exit;
}
else hacked_by_Killer();
}
else
{
echo "<form method='POST' action=''>n";
echo "<div class='freespace'>n";
echo "Очистить комнату <b>"".hsc($room['name']).""</b> от сообщений?<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Да'> <a href='?act=room&id=$room[id]'>Нет</a>";
echo "</div>n";
echo "</form>n";
ex_foot();
}
}
else
{
if(isset($_POST['submited']))
{
if(hsc(@$_POST['mdp'])==$mdp)
{
$ch=intval($_POST['ch']);
$mn=intval($_POST['mn']);
$nt=$ch*$mn*3600;
$nt=$time-$nt;
mysqli_query($dbi, "DELETE FROM `chat` WHERE `time` < '$nt' AND `id_room` = '$room[id]' AND `type` = 'post'");
header("Location:?act=room&id=$room[id]");
exit;
} else hacked_by_Killer();
}
else
{
echo "<div class='list'>n";
echo $config['code_delete']." <a href='?act=room&id=$room[id]&clean&all'>Очистить комнату полностю</a>n";
echo "<br/>n";
echo "</div>n";
echo "<form method='post' action=''>n";
echo "<div class='freespace'>n";
echo "Будут удалены посты, написаные ... тому назад<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='text' name='ch' size='3' value='1' />n";
echo "<select name='mn'>n";
echo "<option value='1' selected='selected'>Часов</option>n";
echo "<option value='24'>Дней</option>n";
echo "<option value='168'>Недель</option>n";
echo "<option value='744'>Месяцев</option>n";
echo "</select><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Очистить' type='submit' name='submited' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=room&id=$room[id]'>Назад</a>n";
echo "</div>n";
}
ex_foot();
}
}
// kикнуть пользователя
if(isset($_GET['kick']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['mid'])."' AND `id_room` = '$room[id]' AND `id_user` = '".intval($_GET['kick'])."' LIMIT 1"))!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '".intval($_GET['kick'])."' LIMIT 1"))!=0)
{
if (!isset($moderate_chat))access_denied();
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '".intval($_GET['mid'])."' AND `id_room` = '$room[id]' AND `type` = 'post' LIMIT 1"));
$ank = profile(intval($_GET['kick']));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_kick` WHERE `id_room` = '$room[id]' AND `id_user`='".intval($_GET['kick'])."' AND `time` > '$time' LIMIT 1"))==1)$kick=1;else $kick=0;
if(isset($user) && $ank['id']!=$user['id'] && $ank['id']!=0)
{
$title .= "Чат - ".hsc($room['name'])." - Кикнуть";
ex_head();
if(isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
if($kick==0) {
$msg=$_POST['msg'];
mysqli_query($dbi, "INSERT INTO `chat_kick` SET `id_room` = '$room[id]', `id_user` = '$ank[id]', `id_who` = '$user[id]', `time` = '".($time+3600)."'");
mysqli_query($dbi, "INSERT INTO `chat` SET `id_user` = '0', `time` = '$time', `message` = '[b]$user[nick][/b] кикнул пользователя [b]$ank[nick][/b].', `id_room` = '$room[id]', `type` = 'post'");
}
else {
mysqli_query($dbi, "DELETE FROM `chat_kick` WHERE `id_room` = '$room[id]' AND `id_user` = '".intval($_GET['kick'])."'");
mysqli_query($dbi, "INSERT INTO `chat` SET `id_user` = '0', `time` = '$time', `message` = '[b]$user[nick][/b] смиловался над [b]$ank[nick][/b].', `id_room` = '$room[id]', `type` = 'post'");
}
header("Location: ?act=room&id=$room[id]");
exit();
} else hacked_by_Killer();
}
if($kick==0)
{
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo "<br />n";
echo output_text($komm['message'], $ank['id']);
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
} else {
echo "<div class='list'>n";
echo "Пользователь: ";
echo profile_icon($ank['id']).profile_nock($ank['id'], 1).profile_medal($ank['id']);
echo "</div>n";
}
echo "<form method='POST'>n";
if($kick==0) {
echo "Причина (1000 симв)<br/>n";
echo "<textarea name='msg' rows='5' cols='17' style='width: 95%'></textarea><br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' value='Кикнуть' name='submited'>n";
} else {
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' value='Смиловаться и венуть в Чат' name='submited'>n";
}
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=room&id=$room[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
$title .= " - ".hsc($room['name']);
ex_head();
// удалить комментарий
if (isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id`='".intval($_GET['delete'])."' AND `id_room` = '$room[id]' AND `type` = 'post' LIMIT 1"))!=0)
{
if (!isset($moderate_chat))access_denied();
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `chat` WHERE `id` = '".intval($_GET['delete'])."' LIMIT 1");
header("Location: ?act=room&id=$room[id]&$passgen");
} else hacked_by_Killer();
}
// отправка комментария
if (isset($_POST['message']) && isset($user) && !banned('chat', $user['id'], 1))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$message=$_POST['message'];
if (strlen2($message)>1024){$error[] = 'Сообщение слишком длинное';}
if (strlen2($message)<1){$error[] = 'Короткое сообщение';}
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id_user` = '$user[id]' AND `type` = 'post' AND `message` = '".mysql_escape_string($message)."' AND `time` > '".($time-300)."' LIMIT 1"))!=0){$err='Ваше сообщение повторяет предыдущее';}
if(!isset($error)){
// для ответа!
if(isset($_POST['reply']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '".intval($_POST['reply'])."'"))!=0)
{
$reply_user=profile(intval($_POST['reply']));
$komm_reply=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id_user` = '$reply_user[id]' AND `id` = '".intval($_POST['komm_reply'])."'"));
$reply=1;
if(isset($_POST['private']) && $_POST['private']==1)$private=1;else $private=0;
}
mysqli_query($dbi, "INSERT INTO `chat` (`id_user`, `time`, `message`, `id_room`, `type`".(isset($reply)?", `reply`, `reply_msg`, `private`":null).") values('$user[id]', '$time', '".my_esc($message)."', '$room[id]', 'post'".(isset($reply)?", '$reply_user[id]', '$komm_reply[message]', '$private'":null).")");
}
}
else hacked_by_Killer();
}
if(isset($_GET['mdelete']) && isset($moderate_chat))$mdelete=1;
if(isset($mdelete) && isset($_POST['m_d_okey']))
{
if(hsc(@$_POST['mdp'])==$mdp)
{
foreach ($_POST as $key => $value)
{
if (preg_match('#^mdelelte_komm_([0-9]*)$#',$key,$kid) && $value='1')
{
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '$kid[1]' AND `id_room` = '$room[id]' AND`type` = 'post' LIMIT 1"))!=0)
{
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id` = '$kid[1]' AND `id_room` = '$room[id]' AND`type` = 'post' LIMIT 1"));
mysqli_query($dbi, "DELETE FROM `chat` WHERE `id` = '$komm[id]' AND `id_room` = '$room[id]' AND `type` = 'post'");
}
}
}
}
else hacked_by_Killer();
}
if ($room['umnik']=='1')include 'inc/umnik.php';
if ($room['shutnik']=='1')include 'inc/shutnik.php';
echo "<div class='grand_h'>n";
echo "<a href='?act=room&id=$room[id]&who_there'>Кто здесь?</a> | <a href='/smiles'>Список смайлов</a> | <a href='?act=room&id=$room[id]&rand_num=".rand(1000,9999)."'>Обновить</a>n";
echo "</div>n";
if (isset($user)) {
if (banned('chat', $user['id'], 1)) {
banned('chat', $user['id']);
} else {
input_bbs();
echo "<div class=foot><form method='POST' action=''>n";
echo "<textarea name='message' id='textarea' rows='5' cols='17' style='width: 95%'></textarea>n";
echo "<br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Отправить'>n";
echo "</form></div>n";
}
}
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id_room` = '$room[id]' AND `type` = 'post'".(isset($moderate_chat)?NULL:" AND (`private` = '1' AND (`id_user` = '$user[id]' OR `reply` = '$user[id]') OR `private` = '0')").""));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
if(isset($mdelete))
{
echo "<form method='post' class='multi'>n";
}
if (!$count_results) {
echo "<div class='list'>n";
echo "Нет сообщенийn";
echo "</div>n";
}
//if ($config['time_chat']!=0 && !isset($mdelete))header("Refresh: $config[time_chat]; url=/chat/?act=room&id=$room[id]&rand_num=".rand(1000,9999)); // автообновление
$query=mysqli_query($dbi, "SELECT * FROM `chat` WHERE `id_room` = '$room[id]' AND `type` = 'post'".(isset($moderate_chat)?NULL:" AND (`private` = '1' AND (`id_user` = '$user[id]' OR `reply` = '$user[id]') OR `private` = '0')")." ORDER BY `time` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
if ($post['umnik_st']==0 && $post['shutnik']==0)$ank=profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
if ($post['umnik_st']==0 && $post['shutnik']==0)show_avatar($ank['id'], 'small');
elseif ($post['shutnik']==1)echo "<img src='/i/site/shutnik.png' alt='' />n";
elseif ($post['umnik_st']!=0)echo "<img src='/i/site/umnik.png' alt='' />n";
echo "</div>n";
echo "<div class='overfl_hid'>n";
if ($post['umnik_st']==0 && $post['shutnik']==0)
{
echo "<a href='$config[profile_page]?id=$ank[id]'>".($ank['id']==$user['id']?'<span style="color: #209143"><b class="none">':NULL)."$ank[nick]".($ank['id']==$user['id']?'</b></span>':NULL)."</a>n";
echo " <span style='color:green'>".vremja($post['time'])."</span> ".($post['private']==1?" <span style='color: red;'>[!]</span>":NULL)."n";
}
elseif ($post['umnik_st']!=0)echo "$config[chat_umnik] <span style='color:green'>".vremja($post['time'])."</span>n";
elseif ($post['shutnik']==1)echo "$config[chat_shutnik] <span style='color:green'>".vremja($post['time'])."</span>n";
echo "<span class='right'>n";
if(isset($mdelete))
{
echo "<input type='checkbox' name='mdelelte_komm_$post[id]' value='1'>n";
} else {
if ($post['umnik_st']==0 && $post['shutnik']==0)
{
if(isset($user) && isset($moderate_chat))
{
echo " <a href='?act=room&id=$room[id]&delete=$post[id]&mdp=$mdp'>$config[code_delete]</a>n";
}
if(isset($user) && $user['id']==$ank['id'] && $post['time']>time()-600)
{
echo "<a href='?act=room&id=$room[id]&edit=$post[id]'>$config[code_edit]</a>n";
}
}
}
echo "</span>n";
echo "<br/>n";
if($post['reply']!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '$post[reply]'")))
{
$ru = profile($post['reply']);
echo "<div id='quote-$post[id]' class='quote' style='display:none;'>n";
echo output_text($post['reply_msg'], $ru['id'])."n";
echo "</div>n";
echo "<a href='#' onclick='javascript:toggle("$post[id]"); return false;'>".($post['private']==1 && ($post['id_user']==$user['id'] || $post['reply']==$user['id'])?'<span style="color: #f30000">':NULL)."$ru[nick]".($post['private']==1 && ($post['id_user']==$user['id'] || $post['reply']==$user['id'])?'</span>':NULL)."</a>, n";
}
echo ($post['private']==1 && $post['reply']==$user['id']?'<span style="color: #f30000">':NULL).output_text($post['message'], ($post['umnik_st']==0 && $post['shutnik']==0?$ank['id']:1)).($post['private']==1 && $post['reply']==$user['id']?'</span>':NULL);
echo "n<br/>n";
if ($post['umnik_st']==0 && $post['shutnik']==0)if(isset($user) && $ank['id']!=0)
{
echo "<a href='?act=room&id=$room[id]&reply=$post[id]'>Ответить</a>n";
}
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
if(isset($mdelete))
{
echo "<div class='mod_grad'>n";
echo "<input type='submit' name='m_d_okey' value='Удалить'> <a href='?act=room&id=$room[id]&page=$page'>Отмена</a>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "</div>n";
echo "</form>n";
}
pages_show("/chat/?act=room&id=$room[id]".(isset($mdelete)?"&mdelete=1":null)."&rand_num=".rand(1000,9999)."&"); // Вывод страниц
if(isset($moderate_chat))
{
echo "<div class='mod_grad'>n";
echo "$config[code_edit] <a href='?moderate=edit&id=$room[id]'>Редaктировать комнату</a><br />n";
echo "$config[code_delete] <a href='?moderate=delete&id=$room[id]'>Удалить комнату</a> | <a href='?act=room&id=$room[id]&clean'>Очистить комнату</a><br />n";
echo "$config[code_move] <a href='?act=room&id=$room[id]&page=$page&mdelete=start'>Выбрать комментарии</a><br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='/chat/'>Список комнат</a><br />n";
echo "</div>n";
ex_foot();
?>