Файл: vsime.com/diary/inc/diary.php
Строк: 374
<?
if(!isset($_SESSION['diary_adult']) && !isset($_GET['passed']) && $user['anketa']['age']<18 && $diary['adult']==1)
{
if (!isset($user))
{
echo "<div class='list'>n";
echo "<div class='freespace'>n";
echo "Записи с меткой <span class='spared'>(+18)</span> доступны только для авторизированых пользователей.<br />n";
echo "Пожалуйста, пройдите процес <a href='/login'>авторизации</a> или <a href='/registration'>регистрации</a><br />n";
echo "</div>n";
echo "</div>n";
ex_foot();
}
echo "<div class='list'>n";
echo "<div class='freespace'>n";
echo "Внимание! Это содержимое только для взрослых!<br />n";
echo "Нажимая ДА, Вы подтверждаете, что Вам 18 или более лет.<br />n";
echo "Если Вам менее 18 лет - нажмите НЕТ.<br />n";
echo "<a href='?act=diary&id=$diary[id]&passed'>Да</a> <a href='/diary/?ac=user&id=$ank[id]'>Нет</a><br />n";
echo "</div>n";
echo "</div>n";
ex_foot();
}
if(!isset($_SESSION['diary_adult']) && isset($_GET['passed']) && $diary['adult']==1)$_SESSION['diary_adult']=1;
include('inc/sk_diary.php');
if(isset($_POST['mark']) && isset($user) && hsc(@$_POST['mdp'])==$mdp)
{
if(mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_rating` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"))==0)
{
$oc=intval($_POST['mark']);
if(in_array($oc,array(1,2,3,4,5)))
{
mysqli_query($dbi, "INSERT INTO `diary_rating` SET `id_diary` = '$diary[id]', `id_user` = '$user[id]', `rating` = '$oc'");
mysqli_query($dbi, "UPDATE `diary` SET `rating` = '".($diary['rating']+$oc)."' WHERE `id` = '$diary[id]'");
$diary['rating']=$diary['rating']+$oc;
//msg("Ваш отзыв принят");
}
else $error[]='Неверная оценка';
}
else $error[]='Вы уже отдали свой голос';
}
if(isset($_GET['reply']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['reply'])."' AND `id_diary` = '$diary[id]'$s"))!=0)
{
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['reply'])."' AND `id_diary` = '$diary[id]'$s"));
$ank2 = profile($komm['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank2['id'], 'small');
echo "</div>n";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank2['id']).":<br />n";
echo output_text($komm['msg'], $ank2['id']);
echo "<div class='clear'></div>n";
echo "</div>n";
if($diary['komm']=='all' || $diary['komm']=='only_me' && ($user['id']==$avtor['id'] || isset($moderate_diary)) || $diary['komm']=='friends' && ($ank['id']==$user['id'] || isset($moderate_diary) || is_friend($ank['id'], $user['id'])))
{
input_bbs();
echo "<div class=list><form method='post' name='message' action='?act=diary&id=$diary[id]&$passgen'>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите свой ответ...'></textarea>n";
echo "<input type='hidden' name='reply' value='$ank2[id]'>";
echo "<input type='hidden' name='komm_reply' value='$komm[id]'>";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<br/><input value="Отправить" name='submited' type="submit" /> <a href='?act=diary&id=$diary[id]'>Назад</a>n";
echo "</form></div>n";
} else {
$error[] = 'Автор ограничил круг лиц, которые могут оставлять комментарии.';
show_errors();
}
ex_foot();
}
if(isset($_GET['edit']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['edit'])."' AND `id_diary` = '$diary[id]' LIMIT 1"))!=0 && isset($user))
{
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['edit'])."' AND `id_diary` = '$diary[id]' LIMIT 1"));
if($user['id']==$komm['id_user'] && $komm['time']>time()-600)
{
if(isset($_POST['msg']))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$msg = $_POST['msg'];
if(strlen2(trim($msg))<1)$error[]='Введите coбщение';
if(strlen2($msg)>1024)$error[]='Сообщение слишком длинное';
$msg = my_esc($msg);
if(!isset($error))
{
mysqli_query($dbi, "UPDATE `diary_komm` SET `msg` = '$msg' WHERE `id` = '$komm[id]' LIMIT 1");
header("Location: ?act=diary&id=$diary[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
input_bbs();
echo "<form method='post' action=''>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите комментарий...'>".input_value($komm['msg'])."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Отправить' /> <a href='?act=diary&id=$diary[id]'>Назад</a>n";
echo "</form>n";
ex_foot();
}
}
if(isset($_GET['skk']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['skk'])."' AND `id_diary` = '$diary[id]'"))!=0 && isset($moderate_diary) && $_GET['mdp']==$mdp)
{
$sk=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['skk'])."' AND `id_diary` = '$diary[id]'"));
mysqli_query($dbi, "UPDATE `diary_komm` SET `sk` = '".($sk['sk']==1?0:1)."', `sk_user` = '$user[id]' WHERE `id` = '".intval($_GET['skk'])."' AND `id_diary` = '$diary[id]'");
header("Location: /diary/?act=diary&id=$diary[id]");
exit;
}
if(isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_GET['delete'])."' AND `id_diary` = '$diary[id]'"))!=0 && ($ank['id']==$user['id'] || isset($moderate_diary)) && $_GET['mdp']==$mdp)
{
mysqli_query($dbi, "DELETE FROM `diary_komm` WHERE `id` = '".intval($_GET['delete'])."' AND `id_diary` = '$diary[id]'");
header("Location: /diary/?act=diary&id=$diary[id]");
exit;
}
if(isset($_POST['voTe_ok']) && hsc(@$_POST['mdp'])==$mdp && $diary['poll_check'] == 0)
{
if_user('is_reg');
if ($diary['poll']==0)
{
$error[]='К данному дневнику опрос не прикреплён!';
}
elseif($time > $diary['poll_time'])$error[]='Опрос уже закрыт!';
$my_vote = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_pollen` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"));
if ($my_vote != 0)
{
$error[]='Вы уже принимали участие в данном опросе.';
}
if(!isset($error))
{
$count_checked_vars = 0;
foreach ($_POST as $key => $value)
{
if (str_replace("voTe", "x", $key) != $key && is_numeric($value))
{
$golos = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_poll` WHERE `id` = '$value' AND `id_diary` = '$diary[id]' LIMIT 1"));
if($golos != NULL)
{
$count_checked_vars++;
mysqli_query($dbi, "INSERT INTO `diary_pollen` (`id_user`, `id_var`, `id_diary`, `time`) values('$user[id]', '$golos[id]', '$diary[id]', '$time')");
break;
}
}
}
if ($count_checked_vars == 0)$error[] = 'Выберите хоть один вариант.';
else msg("Ваш голос принят");
}
}
if(isset($_POST['voTe_ok']) && hsc(@$_POST['mdp'])==$mdp && $diary['poll_check'] == 1)
{
if_user('is_reg');
if ($diary['poll']==0)
{
$error[]='К данному дневнику опрос не прикреплён!';
}
elseif($time > $diary['poll_time'])$error[]='Опрос уже закрыт!';
$my_vote = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_pollen` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"));
if ($my_vote != 0)
{
$error[]='Вы уже принимали участие в данном опросе.';
}
if(!isset($error))
{
$count_checked_vars = 0;
foreach ($_POST as $key => $value)
{
if (preg_match('#^voTe_([0-9]*)$#',$key,$gid) && $value==1)
{
$golos = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_poll` WHERE `id` = '$gid[1]' AND `id_diary` = '$diary[id]' LIMIT 1"));
if($golos != NULL)
{
$count_checked_vars++;
mysqli_query($dbi, "INSERT INTO `diary_pollen` (`id_user`, `id_var`, `id_diary`, `time`) values('$user[id]', '$golos[id]', '$diary[id]', '$time')");
}
}
}
if ($count_checked_vars == 0)$error[] = 'Выберите хоть один вариант.';
else msg("Ваш голос принят");
}
}
if(isset($user) && isset($_POST['msg']) && ($diary['komm']=='all' || $diary['komm']=='only_me' && ($user['id']==$avtor['id'] || isset($moderate_diary)) || $diary['komm']=='friends' && ($ank['id']==$user['id'] || isset($moderate_diary) || is_friend($ank['id'], $user['id']))))
{
if (hsc(@$_POST['mdp'])==$mdp)
{
$msg = $_POST['msg'];
if (strlen2($msg) > $max_size_text){$error[] = 'Сообщение слишком длинное';}
if (strlen2($msg) < $min_size_text){$error[] = 'Короткое сообщение';}
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]' AND `msg` = '".my_esc($msg)."' LIMIT 1"))!=0){$error[] = 'Ваше сообщение повторяет предыдущее.';}
if(!isset($error))
{
if(isset($_POST['reply']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '".intval($_POST['reply'])."'"))!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id_user` = '".intval($_POST['reply'])."' AND `id_diary` = '$diary[id]'"))!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_POST['komm_reply'])."' AND `id_diary` = '$diary[id]'"))!=0)
{
$reply_user = profile(intval($_POST['reply']));
$reply_komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '".intval($_POST['komm_reply'])."' AND `id_diary` = '$diary[id]'"));
$reply=1;
}
// journal
$array_journal = array();
$query_komm = mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id_diary` = '$diary[id]' ORDER BY `time` ASC");
while ($post_komm = mysqli_fetch_array($query_komm))
{
if ($post_komm['id_user'] != $avtor['id'] && $post_komm['id_user'] != $user['id'])$array_journal["$post_komm[id_user]"] = $post_komm['id'];
}
foreach ($array_journal as $key => $value)
{
$ank_journal = profile($key);
$komm_journal = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary_komm` WHERE `id` = '$value'"));
if (mysqli_result("SELECT COUNT(*) FROM `journal` WHERE `id_kont` = '$ank_journal[id]' AND `cat` = 'diary' AND `type` = 'komm' AND `id_object2` = '$diary[id]'")==0)mysqli_query($dbi, "INSERT INTO `journal` (`id_kont`, `time`, `cat`, `type`, `id_object`, `id_object2`) values('$ank_journal[id]', '$time', 'diary', 'komm', '$komm_journal[id]', '$diary[id]')");
else mysqli_query($dbi, "UPDATE `journal` SET `time` = '$time', `read` = '0', `id_object` = '$komm_journal[id]' WHERE `id_kont` = '$ank_journal[id]' AND `cat` = 'diary' AND `type` = 'komm' AND `id_object2` = '$diary[id]'");
}
mysqli_query($dbi, "INSERT INTO `diary_komm` (`id_diary`, `id_user`, `time`, `msg`".(isset($reply)?", `reply`, `reply_msg`":null).") values('$diary[id]', '$user[id]', '$time', '".my_esc($msg)."'".(isset($reply)?", '$reply_user[id]', '$reply_komm[msg]'":null).")");
header("Location: ?act=diary&id=$diary[id]&$passgen");
}
} else hacked_by_Killer();
}
show_errors();
// Посещения
$diary['count_visits']=0;
$array=explode("|", $diary['visits']);
foreach ($array as $key => $value)
{
if($value!=NULL){if($value==$user['id'])$no=1;$diary['count_visits']++;}
}
if(!isset($no))
{
$diary['count_visits']++;
mysqli_query($dbi, "UPDATE `diary` SET `visits` = '".($diary['visits']==NULL?$user['id']:"$diary[visits]|$user[id]")."'");
/* , `count_visits` = '".($diary['count_visits']+1)."' WHERE `id` = '$diary[id]' */
$diary=mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `diary` WHERE `id` = '$diary[id]'"));
}
if ($diary['sk']==1)
{
$sank = profile($diary['sk_user']);
echo "<div class='list_dr'>n";
echo "<div class='freespace'>n";
if ($sank['id'] == $user['id'] || $user['level'] > $sank['level'])echo "<span class='right'><a href='?act=diary&id=$diary[id]&sk=1&mdp=$mdp'><img src='/i/site/unlock_blue.png' /></a></span>n";
echo "Дневник заблокировал n";
echo profile_icon($sank['id']).profile_nick($sank['id'], 1).profile_medal($sank['id']);
echo " <span class='grey'>(".vremja($diary['sk_time']).")</span>n<br />n";
echo "</div>n";
echo "<div class='freespace'>n";
echo "Причина: ".output_text($diary['sk_msg'], $sank['id'])."<br />n";
echo "</div>n";
echo "</div>n";
}
echo "<div class='list'>n";
echo profile_icon($avtor['id']).profile_nick($avtor['id'], 1).profile_medal($avtor['id']);
echo " <span style='color:grey'>(".vremja($diary['time']).")</span>n";
if ($avtor['id']==$user['id'] || isset($moderate_diary))echo "<span class='right'><a href='/polls/?act=edit&case=diary&id_object=$diary[id]'>$config[code_poll]</a> <a href='/diary/?act=edit&id=$diary[id]'>$config[code_edit]</a> <a href='/diary/?act=delete&id=$diary[id]'>$config[code_delete]</a></span>n";
echo "</div>n";
echo "<div class='list'>n";
echo "<b class='none'>".($diary['name']!=NULL?hsc($diary['name']):hsc(str_cut($diary['text'], 5, 50)))."</b>n";
echo "<br/>n";
echo output_text($diary['text'], $avtor['id'])."<br/>n";
echo "</div>n";
if ($diary['poll']==1)
{
echo "<div class='list'>n";
echo "<span class='rad_row right' style='margin-bottom: 0; margin-top: -5px; margin-right: -5px;'>n";
echo "Опросn";
echo "</span>n";
echo output_text($diary['poll_text'], $ank['id'], array('fon' => 0, 'quote' => 0, 'url' => 0))."<br />n";
$query_var = mysqli_query($dbi, "SELECT * FROM `diary_poll` WHERE `id_diary` = '$diary[id]' ORDER BY `num` ASC");
if (mysqli_num_rows($query_var)==0)
{
echo "<div class='err'>Ошибка, не найдено ни одного варианта</div>n";
}
$query_leader = mysqli_query($dbi, "SELECT * FROM `diary_poll` WHERE `id_diary` = '$diary[id]' ORDER BY `num` ASC");
$leader = array();
while ($post_leader = mysqli_fetch_array($query_leader))
{
$count_votes = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_pollen` WHERE `id_diary` = '$diary[id]' AND `id_var` = '$post_leader[id]' "));
if (!isset($leader[0]) || $count_votes > $leader[0])
{
$leader[0] = $count_votes;
$leader[1] = $post_leader['id'];
}
}
$my_vote = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_pollen` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"));
if(isset($user) && $my_vote == 0 && $diary['poll_time']>$time) {
echo "<form method='post' action='' class='multi'>n";
}
while ($post_var = mysqli_fetch_array($query_var)) {
$all_votes = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_pollen` WHERE `id_diary` = '$diary[id]' "));
$this_votes = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_pollen` WHERE `id_diary` = '$diary[id]' AND `id_var` = '$post_var[id]' "));
if($all_votes == 0)$p = 0;
elseif($this_votes == 0)$p = 0;
else {
$p = ($this_votes/$all_votes)*100;
$p = round($p, 2);
}
echo "<div class='freespace'>n";
echo (isset($user) && $my_vote==0 && $diary['poll_time']>$time?($diary['poll_check'] == 1?"<input type='checkbox' id='voTe_$post_var[id]' name='voTe_$post_var[id]' value='1'>":"<input type='radio' name='voTe' id='voTe_$post_var[id]' value='$post_var[id]'>")." <label for='voTe_$post_var[id]'>":null).hsc($post_var['var']).(isset($user) && $my_vote==0 && $diary['poll_time']>$time?"</label>":NULL).($my_vote != 0 || !isset($user)?"<span class='right' style='font-size:0.7em;'>$p% ($this_votes)</span>":null)."n";
if ($my_vote != 0 || !isset($user))echo "<div style='".(isset($leader[0]) && $leader[1] == $post_var['id']?" background: green; ":"background: grey; ")."height:4px; width: $p%; min-width: 5px'></div>n";
echo "</div>n";
}
if(isset($user) && !$my_vote && $diary['poll_time']>$time) {
echo "</div>n";
echo "<div class='mod_grad'>n";
echo "<input type='hidden' name='mdp' value='$mdp'>n";
echo "<input type='submit' name='voTe_ok' value='Проголосовать!'>n";
echo "</form>n";
}
echo "<div class='freespace'>n";
echo "<span class='alert'>Опрос начался ".vremja($diary['poll_time_start'])."n";
if ($diary['poll_timee']!='infin')
{
if ($diary['poll_time']>$time)echo " и закончится ".vremja($diary['poll_time'])."n";
else echo " и закончился ".vremja($diary['poll_time'])."n";
}
echo "</span>n";
echo "</div>n";
echo "</div>n";
}
echo "<div class='main'>n";
if ($config['web'] == true)
{
if (isset($user) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_rating` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"))==0)
{
echo "<div class='right'>nОцените запись:<br />n";
?>
<form action='' class='multi' method='post'>
<button name='mark' class='mark' value='1'>1</button>
<button name='mark' class='mark' value='2'>2</button>
<button name='mark' class='mark' value='3'>3</button>
<button name='mark' class='mark' value='4'>4</button>
<button name='mark' class='mark' value='5'>5</button>
<?
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
?>
</form>
<?
echo "</div>n";
}
}
if(isset($user) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_rating` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"))!=0)echo "<img src='/i/site/star.png'/> Рейтинг: $diary[rating]<br/>n";
echo "<img src='/i/site/tag.png'/> Метки: n";
$count_tags=0;
$array_tags=explode(",", $diary['tags']);
$tags=NULL;
foreach ($array_tags as $key => $tag) {
if($tag!=NULL) {
$count_tags++;
if($count_tags==1)echo "<a href='/diary/?act=search&text=".hsc($tag)."&tag'>".hsc($tag)."</a>n";
else echo ", <a href='/diary/tag/?act=search&text=".hsc($tag)."&tag'>".hsc($tag)."</a>n";
}
}
if($count_tags==0)echo "Нету метокn";
echo "<br/>n";
echo "<img src='/i/site/key.png'/> ";
if($diary['access']=='only_me')echo "Закрытая записьn";
elseif($diary['access']=='friends')echo "Только для друзейn";
elseif($diary['access']=='pass')echo "Расширенные настройкиn";
elseif($diary['access']=='access')echo "Только авторизированнымn";
else echo "Всемn";
if($diary['adult']==1)echo " <span style='color:red'>(+18)</span>n";
if ($config['web'] == false)
{
if(isset($user) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `diary_rating` WHERE `id_diary` = '$diary[id]' AND `id_user` = '$user[id]'"))==0)
{
?>
<form action='' class='multi' method='post'>
<button name='mark' class='mark' value='1'>1</button>
<button name='mark' class='mark' value='2'>2</button>
<button name='mark' class='mark' value='3'>3</button>
<button name='mark' class='mark' value='4'>4</button>
<button name='mark' class='mark' value='5'>5</button>
<?
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
?>
</form>
<?
}
}
echo "</div>n";
include('inc/komments.php');
if (isset($moderate_diary) && $diary['sk'] == 0) {
echo "<div class='mod_grad'>n";
echo "<img src='/i/site/lock_blue.png' /> <a href='?act=diary&id=$diary[id]&sk=1&mdp=$mdp'>Заблокировать</a>n";
echo "</div>n";
}
echo "<div class='foot'>".image_back()." <a href='/diary'>Дневники</a> | <a href='/diary/?act=user&id=$avtor[id]'>Все записи автора</a></div>n";
ex_foot();
?>