Файл: vsime.com/comm/inc/act_chat.php
Строк: 372
<?
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'"))!=0)
{
$comm=mysqli_query($dbi, "SELECT * FROM `comm` WHERE `id` = '".intval($_GET['id'])."'");
$comm=mysqli_fetch_array($comm);
$cat=mysqli_query($dbi, "SELECT * FROM `comm_cat` WHERE `id` = '$comm[id_cat]'");
$cat=mysqli_fetch_array($cat);
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `activate` = '1' AND `invite` = '0'"))==0)$comm['id_user']=0;
$ank=profile($comm['id_user']); // sozdak
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_blist` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$user[id]'"))!=0)
{
$title .= ' - Ошибка!';
ex_head();
echo "<div class='main'>Вы находитесь в Черном списке сообщества.</div>n";
ex_foot();
}
if ($comm['chat']==0)
{
$title .= ' - Ошибка!';
ex_head();
echo "<div class='main'>n";
echo "Чат сообщества <b>".hsc($comm['name'])."</b> закрытn";
echo "</div>n";
ex_foot();
}
if ($comm['chat_rule']==2 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_users` WHERE `id_comm` = '$comm[id]' AND `id_user` = '$user[id]' AND `invite` = '0' AND `activate` = '1'"))==0)
{
$title .= ' - Ошибка!';
ex_head();
echo "<div class='main'>n";
echo "Это чат сообщества <b>".hsc($comm['name']).".</b><br />n";
echo "Чат доступен только участникам данного сообщества.<br />n";
echo "<a href='/comm/?act=comm&id=$comm[id]&in'>Вступить в сообщество</a>n";
echo "</div>n";
ex_foot();
}
$title .= ' - '.hsc($comm['name']).' / Чат'; // Заголовок страницы
ex_head();
// Приход в чат, уведомление о этом
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_comm_who` WHERE `id_user` = '$user[id]' AND `id_comm` = '$comm[id]'"))==0 && isset($user))
{
mysqli_query($dbi, "DELETE FROM `chat_comm_who` WHERE `id_user` = '$user[id]'");
mysqli_query($dbi, "INSERT INTO `chat_comm_who` (`id_user`, `time`, `id_comm`) values('$user[id]', '$time', '$comm[id]')");
$message="[b]$user[nick][/b] вош".($user['anketa']['pol']==1?'eл':'ла')." в чат";
$lpost=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id_user` = '0' AND `id_comm` = '$comm[id]' ORDER BY `time` DESC LIMIT 1"));
if ($lpost['message']!=$message)mysqli_query($dbi, "INSERT INTO `comm_chat` (`id_user`, `time`, `message`, `id_comm`) values('0', '$time', '$message', '$comm[id]')");
else mysqli_query($dbi, "UPDATE `comm_chat` SET `time` = '$time' WHERE `id` = '$lpost[id]'");
}
elseif(isset($user))mysqli_query($dbi, "UPDATE `chat_comm_who` SET `time` = '$time' WHERE `id_user` = '$user[id]' AND `id_comm` = '$comm[id]'");
$count_komm=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id_comm` = '$comm[id]'"));
if ($count_komm > 0)
{
$last_komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id_comm` = '$comm[id]' ORDER BY `time` DESC LIMIT 1"));
$creator_last_komm = profile($last_komm['id_user']);
}
// кто здесь?
if(isset($_GET['who_there']))
{
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `chat_comm_who` WHERE `id_comm` = '$comm[id]'"));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
$query = mysqli_query($dbi, "SELECT * FROM `chat_comm_who` WHERE `id_comm` = '$comm[id]' ORDER BY `time` DESC LIMIT $start, $config[rop]");
if (!$count_results)
{
echo "<div class='list_empty'>n";
echo "В чате никого нет.n";
echo "</div>n";
}
while ($ank2 = mysqli_fetch_array($query))
{
$post=profile($ank2['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($post['id'], 'small');
echo "</div>";
echo "<div class='overfl_hid'>n";
echo profile_icon($ank['id']).profile_nick($ank['id'], 1).profile_medal($ank['id']);
echo "</div>n";
echo "<div class='clear'></div>n";
echo " </div>n";
}
pages_show("?act=chat&id=$comm[id]&who_there&"); // Вывод страниц
echo "<div class='foot'>n";
echo image_back()." <a href='?act=chat&id=$comm[id]'>В чат</a>n";
echo "</div>n";
ex_foot();
}
// ответ на сообщение
if(isset($_GET['reply']))
{
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id` = '".intval($_GET['reply'])."' AND `id_comm` = '$comm[id]' LIMIT 1"));
$ank2=profile($komm['id_user']);
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id` = '".intval($_GET['reply'])."' AND `id_comm` = '$comm[id]' LIMIT 1"))==0)
{
$error[] = "Сообщение не найдено";
show_errors();
ex_foot();
}
echo "<div class='list'>n";
echo "<div class='left'>n";
echo show_avatar($ank2['id'], 'small');
if ($ank['id']==$user['id'] && isset($user) || $uinc && $uinc['access']!='user' && $ank2['id']!=$user['id'])
{
echo "<br />n";
echo "<center><a href='?act=comm_users_ban&id=$comm[id]&add=$ank2[id]&type=chat&object=$komm[id]'>Бан</a></center>n";
}
echo "</div>n";
echo "<div class='overfl_hid'>";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank2['id']);
echo "<br />n";
echo output_text($komm['message'], $ank2['id'])."n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
if (banned('comm_chat', $user['id'], 1))
{
banned('comm_chat', $user['id']);
} else {
input_bbs();
echo "<form method='POST' name='form' action='?act=chat&id=$comm[id]'>n";
echo "Сообщение (1024 знаков)<br />n";
echo "<textarea name='message' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите свой ответ...'></textarea><br />n";
echo "<input type='checkbox' id='private' name='private' value='1' /> <label for='private'>Приватно</label><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='hidden' name='reply' value='$ank2[id]'>";
echo "<input type='hidden' name='komm_reply' value='$komm[id]'>";
echo "<input value='Отправить' type='submit' name='submited'/> n";
echo "</form>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=chat&id=$comm[id]'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
// редактирование сообщения
if(isset($_GET['edit']))
{
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id` = '".intval($_GET['edit'])."' AND `id_comm` = '$comm[id]' LIMIT 1"));
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id` = '$komm[id]' LIMIT 1"))==0)
{
$error[] = "Сообщение не найдено.";
show_errors();
ex_foot();
}
$ank2=profile($komm['id_user']);
if($user['id']==$ank2['id'] && $komm['time']>time()-600)
{
if(isset($_POST['submited']) && isset($_POST['message']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$message=$_POST['message'];
if (strlen2(trim($message))<1){$error[]='Короткое сообщение';}
elseif (strlen2($message)>1024){$error[]='Сообщение слишком длинное';}
$message=my_esc($message);
if(!isset($error))
{
mysqli_query($dbi, "UPDATE `comm_chat` SET `message` = '$message' WHERE `id` = '$komm[id]'");
header("Location:?act=chat&id=$comm[id]");
exit();
}
} else hacked_by_Killer();
}
input_bbs('form', 'message');
echo "<form method='post' action='' name='form'>n";
echo "Сообщение (1024 знаков<br/><textarea name='message' rows='5' cols='17' style='width: 95%' placeholder='Введите сообщение...'>".input_value($komm['message'])."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'/><br />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=chat&id=$comm[id]'>Назад</a><br />n";
echo "</div>n";
ex_foot();
}
}
// очистка kомнаты от сообщений
if(isset($_GET['clean']) && ($ank['id']==$user['id'] && isset($user) || $uinc['access']=='adm'))
{
if(isset($_GET['all']))
{
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `comm_chat` WHERE `id_comm` = '$comm[id]'");
header("Location:?act=chat&id=$comm[id]");
exit;
} else hacked_by_Killer();
}
else
{
echo "<form method='POST' action=''>n";
echo "<div class='freespace'>n";
echo "Очистить чат от сообщений?<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Да'> <a href='?act=chat&id=$comm[id]'>Нет</a>";
echo "</div>n";
echo "</form>n";
ex_foot();
}
}
else
{
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$ch=intval($_POST['ch']);
$mn=intval($_POST['mn']);
$nt=$ch*$mn*3600;
$nt=$time-$nt;
mysqli_query($dbi, "DELETE FROM `comm_chat` WHERE `time` < '$nt' AND `id_comm` = '$comm[id]'");
header("Location:?act=chat&id=$comm[id]");
exit;
} else hacked_by_Killer();
}
else
{
echo "<div class='list'>n";
echo $config['code_delete']." <a href='?act=chat&id=$comm[id]&clean&all'>Очистить чат полностю</a>n";
echo "<br/>n";
echo "</div>n";
echo "<form method='post' action=''>n";
echo "<div class='freespace'>n";
echo "Будут удалены посты, написаные ... тому назад<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='text' name='ch' size='3' value='1' />n";
echo "<select name='mn'>n";
echo "<option value='1' selected='selected'>Часов</option>n";
echo "<option value='24'>Дней</option>n";
echo "<option value='168'>Недель</option>n";
echo "<option value='744'>Месяцев</option>n";
echo "</select><br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input value='Очистить' type='submit' name='submited' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=chat&id=$comm[id]'>Назад</a><br />n";
echo "</div>n";
}
ex_foot();
}
}
// удалить сообщение
if (($ank['id']==$user['id'] && isset($user) || $uinc && $uinc['access']!='user') && isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id`='".intval($_GET['delete'])."' AND `id_comm` = '$comm[id]' LIMIT 1"))!=0)
{
if (hsc(@$_GET['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `comm_chat` WHERE `id` = '".intval($_GET['delete'])."' LIMIT 1");
header("Location: ?act=chat&id=$comm[id]&$passgen");
} else hacked_by_Killer();
}
// отправка сообщения
if (isset($_POST['message']) && isset($user) && !banned('comm_chat', $user['id'], 1))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$message=$_POST['message'];
if (strlen2(trim($message))<1){$error[]='Короткое сообщение';}
elseif (strlen2($message)>1024){$error[]='Сообщение слишком длинное';}
elseif ($creator_last_komm['id']==$user['id'] && my_esc($message)==$last_komm['message']){$error[]='Ваше сообщение повторяет предыдущее';}
if(!isset($error)){
// для ответа!
if(isset($_POST['reply']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '".intval($_POST['reply'])."'"))!=0)
{
$reply_user=profile(intval($_POST['reply']));
$komm_reply=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id_user` = '$reply_user[id]' AND `id` = '".intval($_POST['komm_reply'])."' AND `id_comm` = '$comm[id]'"));
$reply=1;
if(isset($_POST['private']) && $_POST['private']==1)$private=1;else $private=0;
}
mysqli_query($dbi, "INSERT INTO `comm_chat` (`id_user`, `time`, `message`, `id_comm`".(isset($reply)?", `reply`, `reply_msg`, `private`":null).") values('$user[id]', '$time', '".my_esc($message)."', '$comm[id]'".(isset($reply)?", '$reply_user[id]', '$komm_reply[message]', '$private'":null).")");
}
} else hacked_by_Killer();
}
if(isset($_GET['mdelete']) && ($ank['id']==$user['id'] && isset($user) || $uinc['access']=='adm'))$mdelete=1;
if(isset($mdelete) && isset($_POST['m_d_okey']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
foreach ($_POST as $key => $value)
{
if (preg_match('#^mdelelte_komm_([0-9]*)$#',$key,$kid) && $value='1')
{
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id` = '$kid[1]' AND `id_comm` = '$comm[id]' LIMIT 1"))!=0)
{
$komm=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id` = '$kid[1]' AND `id_comm` = '$comm[id]' LIMIT 1"));
mysqli_query($dbi, "DELETE FROM `comm_chat` WHERE `id` = '$komm[id]' AND `id_comm` = '$comm[id]'");
}
}
}
} else hacked_by_Killer();
}
echo "<div class='grand_h'>n";
echo "<a href='?act=chat&id=$comm[id]&who_there'>Кто здесь?</a> | <a href='/smiles'>Список смайлов</a> | <a href='?act=chat&id=$comm[id]&rand_num=".rand(1000,9999)."'>Обновить</a>n";
echo "</div>n";
show_errors();
if(isset($user))
{
if (banned('comm_chat', $user['id'], 1))
{
banned('comm_chat', $user['id']);
} else {
input_bbs();
echo "<form method='POST' action='' name='form'>n";
echo "<textarea name='message' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите сообщение...'></textarea>n";
echo "<br/>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Отправить'>n";
echo "</form>n";
}
}
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id_comm` = '$comm[id]' AND (`private` = '1' AND (`id_user` = '$user[id]' OR `reply` = '$user[id]') OR `private` = '0')"));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
if(isset($mdelete))
{
echo "<form method='POST' class='multi'>n";
}
if ($count_results==0)
{
echo "<div class='list_empty'>n";
echo "Нет сообщений.n";
echo "</div>n";
}
//if ($config['time_chat']!=0 && !isset($mdelete))header("Refresh: $config[time_chat]; url=?act=chat&id=$comm[id]&rand_num=".rand(1000,9999)); // автообновление
$query = mysqli_query($dbi, "SELECT * FROM `comm_chat` WHERE `id_comm` = '$comm[id]' AND (`private` = '1' AND (`id_user` = '$user[id]' OR `reply` = '$user[id]') OR `private` = '0') ORDER BY `time` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
$ank2=profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank2['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
echo "<a href='$config[profile_page]?id=$ank2[id]'>".($ank2['id']==$user['id']?'<span style="color: #209143"><b class="none">':NULL)."$ank2[nick]".($ank2['id']==$user['id']?'</b></span>':NULL)."</a>n";
echo " <span style='color:green'>".vremja($post['time'])."</span> ".($post['private']==1?" <span style='color: red;'>[!]</span>":NULL)."n";
echo "<span class='right'>n";
if(isset($mdelete))
{
echo "<input type='checkbox' name='mdelelte_komm_$post[id]' value='1'>n";
} else {
if(isset($user) && ($ank['id']==$user['id'] && isset($user) || $uinc && $uinc['access']!='user'))
{
echo " <a href='?act=chat&id=$comm[id]&delete=$post[id]&mdp=$mdp'>$config[code_delete]</a>n";
}
if(isset($user) && $user['id']==$ank2['id'] && $post['time']>time()-600)
{
echo "<a href='?act=chat&id=$comm[id]&edit=$post[id]'>$config[code_edit]</a>n";
}
}
echo "</span>n";
echo "<br/>n";
if($post['reply']!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '$post[reply]'")))
{
$ru=profile($post['reply']);
echo "<div id='quote-$post[id]' style='display:none; margin:0; margin-bottom:7px; background-color: #EAEEF4; border: 1px solid #999; color: #666; padding: 6px 5px; -webkit-border-radius: 4px; border-radius: 4px;'>".output_text($post['reply_msg'], $ru['id'])."</div>n";
echo "<a href='#' onclick='javascript:toggle("$post[id]"); return false;'>".($post['private']==1 && ($post['id_user']==$user['id'] || $post['reply']==$user['id'])?'<span style="color: #f30000">':NULL)."$ru[nick]".($post['private']==1 && ($post['id_user']==$user['id'] || $post['reply']==$user['id'])?'</span>':NULL)."</a>, n";
}
echo ($post['private']==1 && $post['reply']==$user['id']?'<span style="color: #f30000">':NULL).output_text($post['message'], $ank2['id']).($post['private']==1 && $post['reply']==$user['id']?'</span>':NULL);
echo "n<br/>n";
if(isset($user) && $ank2['id']!=0)
{
echo "[<a href='?act=chat&id=$comm[id]&reply=$post[id]'>Ответить</a>]n";
}
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
if(isset($mdelete))
{
echo "<div class='mod_grad'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='m_d_okey' value='Удалить'> <a href='?act=forum&id=$comm[id]&page=$page'>Отмена</a><br />n";
echo "</div>n";
echo "</form>n";
}
pages_show("?act=chat&id=$comm[id]".(isset($mdelete)?"&mdelete=1":null)."&rand_num=".rand(1000,9999)."&",$count_pages,$page); // Вывод страниц
if($ank['id']==$user['id'] && isset($user) || $uinc['access']=='adm')
{
echo "<div class='mod_grad'>n";
echo "$config[code_delete] <a href='?act=chat&id=$comm[id]&clean'>Очистить чат</a><br />n";
echo "$config[code_move] <a href='?act=chat&id=$comm[id]&page=$page".(isset($mdelete)?NULL:"&mdelete=start")."'>".(isset($mdelete)?"Отмена":"Выбрать сообщения")."</a><br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
ex_foot();
}
else{header("Location:/index/comm");exit;}
?>