Файл: vsime.com/diary/inc/act_edit.php
Строк: 155
<?
if_user('is_reg');
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary` WHERE `id` = '".intval($_GET['id'])."'"))==0)
{
$title .= ' - Ошибка'; //заголовок
ex_head();
show_errors("Запись с указаным ID не найдена! Возможно она была удалена ранее или Вы ошиблись при вводе URL'а");
ex_foot();
}
$diary = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary` WHERE `id` = '".intval($_GET['id'])."'"));
$ank = profile($diary['id_user']);
$avtor = $ank;
if($ank['id'] != $user['id'] && !isset($moderate_diary))
{
$title .= ' - Ошибка'; //заголовок
ex_head();
$error[] = "Вы не являетесь автором этой записи.";
ex_foot();
}
$ank = profile($diary['id_user']);
$title .= ' - Редактирование записи';
ex_head();
$array_access = array('all' => 'всем', 'only_me' => 'только мне', 'friends' => 'моим друзьям', 'pass' => 'только по паролю', 'auth' => 'только авторизированным');
if(!isset($_SESSION["diary_edit_$diary[id]"]))
{
$_SESSION["diary_edit_$diary[id]"]=array();
$_SESSION["diary_edit_$diary[id]"]['id']=$diary['id'];
$_SESSION["diary_edit_$diary[id]"]['text']=$diary['text'];
$_SESSION["diary_edit_$diary[id]"]['name']=$diary['name'];
$_SESSION["diary_edit_$diary[id]"]['tags']=$diary['tags'];
$_SESSION["diary_edit_$diary[id]"]['adult']=$diary['adult'];
$_SESSION["diary_edit_$diary[id]"]['access']=$diary['access'];
$_SESSION["diary_edit_$diary[id]"]['komm']=$diary['komm'];
$_SESSION["diary_edit_$diary[id]"]['password']=$diary['password'];
}
$diary_edit=$_SESSION["diary_edit_$diary[id]"];
if(isset($_GET['access']))
{
if(isset($_POST['submited']))
{
if($_POST['access']=='pass') {
if(strlen($_POST['password'])<$min_size_pass)$error[] = 'Введите пароль!';
if(strlen($_POST['password'])>$max_size_pass)$error[] = 'Пароль слишком длинный!';
$pass = $_POST['password'];
} else $pass = NULL;
if(!isset($error))
{
if(in_array($_POST['access'], array('all', 'only_me', 'friends', 'pass', 'auth')))
{
$_SESSION["diary_edit_$diary[id]"]['password'] = $pass;
$_SESSION["diary_edit_$diary[id]"]['access'] = $_POST['access'];
}
header("Location:/diary/?act=edit&id=$diary[id]");
exit;
}
}
show_errors();
echo "<form method='post' action=''>n";
echo "Запись доступна:<br />n";
foreach ($array_access AS $key => $value)
{
echo "<input type='radio' name='access' id='$key' value='$key'".($diary_edit['access']==$key?" CHECKED":null)."/> <label for='$key'>".$config["code_status_$key"]." $array_access[$key]</label>".($key == 'pass'?": <input name='password' size='16' maxlength='$max_size_pass' type='text' value='".($diary_edit['access']=='pass'?$diary_edit['password']:null)."'/>":NULL)."<br />n";
}
echo "<input type='submit' name='submited' value='OK'/>n";
echo "</form>n";
ex_foot();
}
elseif(isset($_GET['komm']))
{
if(isset($_POST['submited']))
{
if(in_array($_POST['komm'],array('all','only_me','friends')))$_SESSION["diary_edit_$diary[id]"]['komm']=$_POST['komm'];
header("Location:/diary/?act=edit&id=$diary[id]");
exit;
}
echo "<form method='post' action=''>n";
echo "Комментирование разрешено:<br />n";
foreach ($array_access AS $key => $value)
{
if ($key != 'pass' && $key != 'auth')echo "<input type='radio' name='komm' id='$key' value='$key'".($diary_edit['komm']==$key?" CHECKED":null)."/><label for='$key'>".$config["code_status_$key"]." $array_access[$key]</label><br />n";
}
echo "<input type='submit' name='submited' value='OK'/>n";
echo "</form>n";
ex_foot();
}
//-------SAVE DIARY-------\
if(isset($_POST['submited']) && isset($_POST['text']) && isset($_POST['name']) && isset($_POST['tags']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$name = $_POST['name'];
$text = $_POST['text'];
$tags = $_POST['tags'];
if (strlen($name) > $max_size_name)$error[] = 'Тема слишком длинная.';
if (strlen(trim($text)) < $min_size_text)$error[] = 'Введит текст записи.';
if (strlen($text) > $max_size_text)$error[] = 'Текст записи слишком длинный.';
$count_tags = 0;
$array_tags = explode(",", $tags);
foreach ($array_tags as $key => $tag) {
if ($tag)$count_tags++;
}
if ($count_tags > $max_size_tags)$error[] = 'Слишком много меток.';
$count_t = 0;
$array_tags = explode(",", $tags);
$tags = NULL;
foreach ($array_tags as $key => $tag) {
if ($tag) {
$count_t++;
if (!$tags)$tags = $tag; else $tags = "$tags, $tag";
}
}
if (isset($_POST['adult']) && $_POST['adult']==1)$adult=1;else $adult=0;
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `diary` SET `name` = '".my_esc($name)."', `text` = '".my_esc($text)."', `tags` = '".my_esc($tags)."', `adult` = '$adult' WHERE `id` = '$diary[id]'");
mysqli_query($dbi, "UPDATE `diary` SET `access` = '$diary_edit[access]', `password` = '$diary_edit[password]' WHERE `id` = '$diary[id]'");
mysqli_query($dbi, "UPDATE `diary` SET `komm` = '$diary_edit[komm]' WHERE `id` = '$diary[id]'");
unset($_SESSION["diary_edit_$diary[id]"]);
header("Location: /diary/?act=diary&id=$diary[id]");
exit;
}
} else hacked_by_Killer();
}
if(isset($_POST['access']))
{
if(isset($_POST['adult']) && $_POST['adult']==1)$_SESSION["diary_edit_$diary[id]"]['adult']=1;else $_SESSION["diary_edit_$diary[id]"]['adult']=0;
$_SESSION["diary_edit_$diary[id]"]['name']=$_POST['name'];
$_SESSION["diary_edit_$diary[id]"]['text']=$_POST['text'];
$_SESSION["diary_edit_$diary[id]"]['tags']=$_POST['tags'];
header("Location: ?act=edit&id=$diary[id]&access");
exit;
} // Redirect to edit Access
if(isset($_POST['komm']))
{
if(isset($_POST['adult']) && $_POST['adult']==1)$_SESSION["diary_edit_$diary[id]"]['adult']=1;else $_SESSION["diary_edit_$diary[id]"]['adult']=0;
$_SESSION["diary_edit_$diary[id]"]['name']=$_POST['name'];
$_SESSION["diary_edit_$diary[id]"]['text']=$_POST['text'];
$_SESSION["diary_edit_$diary[id]"]['tags']=$_POST['tags'];
header("Location: ?act=edit&id=$diary[id]&komm");
exit;
} // Redirect to edit type of Komming
if(isset($_POST['name']))$dn=$_POST['name'];
else $dn=$diary_edit['name'];
show_errors();
echo "<form action='' method='post' class='multi'>n";
echo "<div class='list'>n";
echo "Тема (".sklon_text($max_size_name,array('знак','знака','знаков')).")<br />n";
echo "<input style='width: 95%' type='text' name='name' size='18' maxlength='50' value='".input_value($dn)."' /><br/>n";
echo "</div>n";
input_bbs();
echo "<div class='list'>n";
echo "Запись (".sklon_text($max_size_text,array('знак','знака','знаков')).")<br/>n";
if(isset($_POST['text']))$dt=$_POST['text'];
else $dt=$diary_edit['text'];
echo "<textarea id='textarea' name='text' rows='5' cols='17' style='width: 95%'>".input_value($dt)."</textarea><br/>n";
echo "</div>n";
echo "<div class='list'>n";
if(isset($_POST['adult']) && $_POST['adult']==1 || $diary_edit['adult']==1)$adult=1;
echo "<input type='checkbox' name='adult' id='adult_1' value='1'".(isset($adult)?" checked='checked'":null)."/> <label for='adult_1'>Только для взрослых</label>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<label for='access'>Запись доступна:</label> <input type='submit' name='access' id='access' value='".$array_access["$diary_edit[access]"]."' class='trapar'/><br />n";
echo "</div>n";
echo "<div class='list'>n";
echo "<label for='komm'>Комментирование разрешено:</label> <input type='submit' name='komm' id='komm' value='".$array_access["$diary_edit[komm]"]."' class='trapar'/><br />n";
echo "</div>n";
echo "<div class='list'>n";
if(isset($_POST['tags']))$dt=$_POST['tags'];
else $dt=$diary_edit['tags'];
echo "Добавить метки (через запятую):<br/>n";
echo "<input name='tags' value='".input_value($dt)."' style='width:80%'/><br/>n";
echo "<span class='alert'>Всего можно добавить не более ".sklon_text($max_size_tags,array('метки','метки','меток'))."</span><br/>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<input type='submit' name='submited' value='Сохранить'/>n";
echo "<input type='submit' name='previewbtn' value='Предпросмотр'/>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'/>n";
echo "</div>n";
echo "</form>n";
if(isset($_POST['previewbtn']) && isset($_POST['text']) && $_POST['text']!=NULL)
{
if(isset($_POST['adult']) && $_POST['adult']==1)$_SESSION["diary_edit_$diary[id]"]['adult']=1;else $_SESSION["diary_edit_$diary[id]"]['adult']=0;
$_SESSION["diary_edit_$diary[id]"]['name']=$_POST['name'];
$_SESSION["diary_edit_$diary[id]"]['text']=$_POST['text'];
$_SESSION["diary_edit_$diary[id]"]['tags']=$_POST['tags'];
echo "<div class='quote' style='padding: 8px;margin: 0; border-radius: 0;'>n";
echo "<b>Предпросмотр:</b><br/>n";
echo output_text($_POST['text'], $user['id'])."</div>n";
echo "</div>n";
}
echo "<div class='foot'>n";
echo image_back()." <a href='/diary/?act=diary&id=$diary[id]'>Назад</a>n";
echo "</div>";
ex_foot();
?>