Файл: vsime.com/comm/inc/inc_forum/include_cat.php
Строк: 277
<?
if (isset($_GET['moderate']) && $_GET['moderate']=='delete_topic') {
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['topic'])."' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'"))!=0) {
if (isset($user) && ($ank['id']==$user['id'] || $uinc['access']=='adm'))
{
$topic=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['topic'])."' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'");
$topic=mysqli_fetch_array($topic);
if (isset($_POST['submited']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
mysqli_query($dbi, "DELETE FROM `forum_poll` WHERE `id_topic` = '$topic[id]'");
mysqli_query($dbi, "DELETE FROM `forum_pollen` WHERE `id_topic` = '$topic[id]'");
mysqli_query($dbi, "DELETE FROM `forum` WHERE `id` = '$topic[id]' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'");
mysqli_query($dbi, "DELETE FROM `forum_komm` WHERE$skp `id_comm` = '$comm[id]' AND `id_topic` = '$topic[id]' LIMIT 1");
mysqli_query($dbi, "DELETE FROM `lenta` WHERE `id_object` = '$topic[id]' AND `type` = 'topic'");
locon("/index/comm?act=forum&id=$comm[id]&cat_show=$fcat[id]");
exit;
} else hacked_by_Killer();
}
echo "<form method='POST'>n";
echo "<div class='freespace'>n";
echo "Подтвердите удаление темы.<br/>n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Удалить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/index/comm/?act=forum&id=$comm[id]&cat_show=$fcat[id]&topic_show=$topic[id]'>Отмена</a>n";
echo "</div>n";
}
else echo "<div class='main'>У Вас нет прав для удаления тем в данном сообществе</div>n";
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='edit_topic')
{
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['topic'])."' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'"))!=0)
{
$topic=mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id` = '".intval($_GET['topic'])."' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'");
$topic=mysqli_fetch_array($topic);
$creator = profile($topic['id_user']);
if (isset($user) && ($ank['id']==$user['id'] || $uinc && $uinc['access']!='user' || $user['id']==$creator['id'] && $topic['time']>time()-600))
{
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['msg']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name=$_POST['name'];
$msg=$_POST['msg'];
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `name` = '$name' AND `id` != '$topic[id]' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'"))!=0)$error[]="Тема с таким названием уже есть в этом разделе";
elseif(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
elseif(strlen2($msg)>10000 || strlen2(trim($msg))<3)$error[]="Сообщение должно быть не меньше 3-х и не больше 10000 символов";
$name=my_esc($name);
$msg=my_esc($msg);
if ($ank['id']==$user['id'] || $uinc && $uinc['access']!='user')
{
$pos=intval($_POST['pos']);
if (in_array($pos, array(0,1,2,3,4,5,6,7,8,9,10)))$pos = $pos; else $pos = 0;
if (isset($_POST['locked']) && $_POST['locked']==1)$locked=1; else $locked=0;
if ($locked!=$topic['locked'] && $locked==1)
{
$locked_user = $user['id'];
$locked_time = $time;
} else {
$locked_user = $topic['locked_user'];
$locked_time = $topic['locked_time'];
}
}
else
{
$locked_user = $topic['locked_user'];
$locked_time = $topic['locked_time'];
$pos = $topic['pos'];
$locked = $topic['locked'];
}
if (!isset($error))
{
if ($locked!=$topic['locked'])mysqli_query($dbi, "INSERT INTO `forum_komm` (`id_comm`, `id_user`, `id_topic`, `time`, `msg`) values('$comm[id]', '0', '$topic[id]', '$time', 'А вот и я! Тему ".($locked==1?"закрыл":"открыл")." модератор $user[nick].')");
mysqli_query($dbi, "UPDATE `forum` SET `name` = '$name', `msg` = '$msg', `locked` = '$locked', `locked_user` = '$locked_user', `locked_time` = '$locked_time', `last_user` = '$user[id]', `last_time` = '$time', `pos` = '$pos' WHERE `id` = '$topic[id]' AND `type` = 'topic' AND `id_comm` = '$comm[id]' AND `id_cat` = '$fcat[id]'");
locon("/index/comm?act=forum&id=$comm[id]&cat_show=$fcat[id]&topic_show=$topic[id]");
exit;
}
} else hacked_by_Killer();
}
show_errors();
echo "<form method='POST' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input type='text' style='width: 95%' name='name' value='".input_value($topic['name'])."'><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Сообщение:<br/>n";
echo "<textarea name='msg' rows='5' cols='17' style='width: 95%'>".input_value($topic['msg'])."</textarea><br/>n";
echo "</div>n";
if ($ank['id']==$user['id'] || $uinc && $uinc['access']!='user')
{
echo "<div class='list'>n";
echo "Уровень (0-10): n";
echo "<input style='width: 5%' type='text' name='pos' value='$topic[pos]' /><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='checkbox' name='locked' value='1'".($topic['locked']==1?" checked='checked'":NULL)." /> Закрыть<br />n";
echo "</div>n";
}
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='submited' value='Сохранить'>n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='/index/comm?act=forum&id=$comm[id]&cat_show=$fcat[id]&topic_show=$topic[id]'>Назад</a>n";
echo "</div>n";
}
else echo "<div class='main'>У Вас нет прав для редактирования тем в данном сообществе</div>n";
ex_foot();
}
}
if (isset($_GET['moderate']) && $_GET['moderate']=='add_topic')
{
if (isset($user))
{
if ($comm['write_rule']==2 && !in_comm($user['id']))
{
echo "<div class='main'>Чтобы писать в форуме сообщества <b>".hsc($comm['name'])."</b>, Вам нужно быть участником данного сообщества.<br />
<a href='/index/comm?act=comm&id=$comm[id]&in&mdp=$mdp'>Вступить в сообщество</a></div>";
ex_foot();
}
if ((!$uinc || $uinc['access']=='user') && $user['time_comm_topic']>$time)
{
echo "<div class='main'>Можно создавать только одну тему в 10 минут.</div>n";
ex_foot();
}
if(!isset($_SESSION["comm_topic_new_$fcat[id]"]))
{
$_SESSION["comm_topic_new_$fcat[id]"]=array();
$_SESSION["comm_topic_new_$fcat[id]"]['name']=NULL;
$_SESSION["comm_topic_new_$fcat[id]"]['msg']=NULL;
}
$topic_new = $_SESSION["comm_topic_new_$fcat[id]"];
if(isset($_POST['submited']) && isset($_POST['name']) && isset($_POST['msg']) && !banned('comm_forum', $user['id'], 1))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name=$_POST['name'];
$msg=$_POST['msg'];
//if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'topic' AND `name` = '$name' AND `id_cat` = '$fcat[id]'"))!=0)$error[]="Такой раздел уже есть";
if(strlen2($name)>50 || strlen2(trim($name))<3)$error[]="Название должно быть не меньше 3-х и не больше 50-ти символов";
elseif(strlen2($msg)>10000 || strlen2(trim($msg))<3)$error[]="Сообщение должно быть не меньше 3-х и не больше 10000 символов";
$name=my_esc($name);
$msg=my_esc($msg);
if (isset($_SESSION["poll_comm_topic_new_$fcat[id]"]['oki']) && isset($user) && ($ank['id']==$user['id'] || $uinc['access']!='user'))
{
$poll=1;
$poll_text = $_SESSION["poll_comm_topic_new_$fcat[id]"]['text'];
$poll_timee = $_SESSION["poll_comm_topic_new_$fcat[id]"]['polltime'];
$poll_check = $_SESSION["poll_comm_topic_new_$fcat[id]"]['multi'];
if ($poll_timee == 'day')$poll_time_add = 3600*24; // опрос на один день
elseif ($poll_timee == '3days')$poll_time_add = 3600*24*3; // опрос на три дня
elseif ($poll_timee == 'week')$poll_time_add = 3600*24*7; // опрос на одну неделю
elseif ($poll_timee == 'month')$poll_time_add = 3600*24*31; // опрос на месяц
elseif ($poll_timee == '3months')$poll_time_add = 3600*24*31*3; // опрос на три месяца
else $poll_time_add = 3600*24*31*12*3; // опрос поумолчанию (трех лет для "бесконечности" думаю хватит)
$poll_time = $time + $poll_time_add;
}
if (!isset($error))
{
if (!$uinc || $uinc['access']=='user')mysqli_query($dbi, "UPDATE `user` SET `time_comm_topic` = '".($time+600)."' WHERE `id` = '$user[id]'");
mysqli_query($dbi, "INSERT INTO `forum` (`id_comm`, `id_user`, `id_cat`, `type`, `name`, `msg`, `time`".(isset($poll)?", `poll`, `poll_text`, `poll_time`, `poll_time_start`, `poll_timee`, `poll_check`":null).") VALUES ('$comm[id]', '$user[id]', '$fcat[id]', 'topic', '$name', '$msg', '$time'".(isset($poll)?", '1', '".my_esc($poll_text)."', '$poll_time', '$time', '$poll_timee', '$poll_check'":null).")");
$id_topic = mysqli_insert_id($dbi);
if(isset($poll)) {
$var_num = 0;
foreach ($_SESSION["poll_comm_topic_new_$fcat[id]"]['vars'] as $key => $value) {
$var_num ++;
mysqli_query($dbi, "INSERT INTO `forum_poll` (`id_topic`, `var`, `num`) VALUES ('$id_topic', '".my_esc($value)."', '$var_num')");
}
unset($_SESSION["poll_comm_topic_new_$fcat[id]"]);
}
$query = mysqli_query($dbi, "SELECT * FROM `readers` WHERE `id_ank` = '$user[id]' AND `topic` = '1'");
while ($reader = mysqli_fetch_array($query))
{
$ank_reader = profile($reader['id_user']);
mysqli_query($dbi, "INSERT INTO `lenta` (`id_user`, `id_object`, `type`, `id_ank`, `time`) VALUES ('$ank_reader[id]', '$id_topic', 'topic', '$user[id]', '".($time)."')");
}
unset($_SESSION["comm_topic_new_$fcat[id]"]);
locon("/index/comm?act=forum&id=$comm[id]&cat_show=$fcat[id]&topic_show=".$id_topic);
exit;
}
} else hacked_by_Killer();
}
show_errors();
if (banned('comm_forum', $user['id'], 1)) {
banned('comm_forum', $user['id']);
} else {
show_errors();
if(isset($_POST['poll']) && isset($user) && ($ank['id']==$user['id'] || $uinc['access']!='user'))
{
$_SESSION["comm_topic_new_$fcat[id]"]['name'] = $_POST['name'];
$_SESSION["comm_topic_new_$fcat[id]"]['msg'] = $_POST['msg'];
locon(" /polls/?act=new&case=comm_topic&comm_id=$comm[id]&cat_id=$fcat[id]");
exit;
} // Redirect to Create New Poll
if(isset($_SESSION["poll_comm_topic_new_$fcat[id]"]['oki']))
{
echo "<div class='list_dr'>Опрос прикреплён. Теперь убедитесь, что вы заполнили остальные поля.</div>n";
}
if (isset($_POST['name']))$tn = $_POST['name'];
else $tn = $topic_new['name']; // название
if (isset($_POST['msg']))$tm = $_POST['msg'];
else $tm = $topic_new['msg']; // сообщение
echo "<form method='POST' action='' class='multi'>n";
echo "<div class='list'>n";
echo "Название:<br/>n";
echo "<input style='width: 95%' type='text' name='name' size='18' maxlength='50' value='".input_value($tn)."'><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "Сообщение:<br/>n";
echo "<textarea name='msg' rows='5' cols='17' style='width: 95%'>".input_value($tm)."</textarea><br/>n";
echo "</div>n";
if (isset($user) && ($ank['id']==$user['id'] || $uinc['access']!='user')) {
echo "<div class='list'>n";
echo "Прикрепить к теме: n";
echo "<input class='trapar' type='submit' name='poll' value='Опрос'".(isset($_SESSION["poll_comm_topic_new_$fcat[id]"]['oki'])?" disabled='disabled'":NULL)."/>n";
echo "</div>n";
}
echo "<div class='list'>n";
echo "<input type='hidden' name='mdp' value='$mdp'/>n";
echo "<input type='submit' name='submited' value='Создать тему'/>n";
echo "<input type='submit' name='previewbtn' value='Предпросмотр'/>n";
echo "</div>n";
if(isset($_POST['previewbtn']) && isset($_POST['msg']) && $_POST['msg']!=NULL)
{
$_SESSION["comm_topic_new_$fcat[id]"]['name'] = $_POST['name'];
$_SESSION["comm_topic_new_$fcat[id]"]['msg'] = $_POST['msg'];
echo "<div class='quote' style='padding: 8px;margin: 0; border-radius: 0;'>n";
echo "<b>Предпросмотр:</b><br/>n";
echo output_text($_POST['msg'], $user['id'])."</div>n";
echo "</div>n";
}
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?act=forum&id=$comm[id]&cat_show=$fcat[id]'>Назад</a>n";
echo "</div>n";
}
ex_foot();
}
}
?>
<div class='grand_h'>
<?php echo hsc($fcat['name']);?>
</div>
<?
$count_results=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'topic' AND `id_cat` = '$fcat[id]'"));
$count_pages=count_pages($count_results);
$page=page();
$start=start_pages();
if (!$count_results)
{
echo "<div class='list'>n";
echo "Нет тем.n";
echo "</div>n";
}
$query = mysqli_query($dbi, "SELECT * FROM `forum` WHERE `id_comm` = '$comm[id]' AND `type` = 'topic' AND `id_cat` = '$fcat[id]' ORDER BY `pos` DESC, `time` DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query))
{
$creator=profile($post['id_user']);
$count_komm=mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `forum_komm` WHERE$skp `id_comm` = '$comm[id]' AND `id_topic` = '$post[id]'"));
echo "<div class='list'>n";
echo "<img src='/i/site/topic".($post['pos']>0?"_up":NULL).".png' /> <a href='?act=forum&id=$comm[id]&cat_show=$fcat[id]&topic_show=$post[id]'>".hsc($post['name'])."</a> ($count_komm)<br />n";
echo profile_nick($creator['id'], 0, 0)."";
if ($count_komm > 0)
{
$last_komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `forum_komm` WHERE$skp `id_comm` = '$comm[id]' AND `id_topic` = '$post[id]' ORDER BY `time` DESC LIMIT 1"));
$creator_last_komm = profile($last_komm['id_user']);
echo " / ".profile_nick($creator_last_komm['id'], 0, 0)." (".vremja($last_komm['time']).")n";
}
echo "</div>n";
}
pages_show("?act=forum&id=$comm[id]&cat_show=$fcat[id]&"); // Вывод страниц
if (isset($user) && ($comm['write_rule']==1 || $comm['write_rule']==2 && in_comm($user['id'])))
{
echo "<div class='mod_grad'>n";
echo "$config[code_add] <a href='?act=forum&id=$comm[id]&cat_show=$fcat[id]&moderate=add_topic'>Создать тему</a><br />n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='?act=forum&id=$comm[id]'>Список разделов</a> / <a href='?act=comm&id=$comm[id]'>В сообщество</a>n";
echo "</div>n";
ex_foot();
?>