Файл: vsime.com/guestbook/inc/act_index.php
Строк: 372
<?php
if (isset($_GET['id'])){
@$ank = profile(intval($_GET['id']));
if (!$ank['id']){
$title .= ' - Ошибка!';
ex_head();
$error[] = 'Пользователь не найден.';
show_errors();
ex_foot();
}
} else {
if_user('is_reg');
$ank = $user;
}
if (isset($_GET['mdelete']) && ($ank['id']==$user['id'] && isset($user) || isset($moderate_guestbook) && $user['level'] > $ank['level']))$mdelete=1;
$title .= " $ank[nick]"; // заголовок страницы
ex_head();
if (isset($_POST['password']))
{
setcookie("passgb[$ank[id]]",$_POST['password']);
if (isset($_POST['password']) && $_POST['password']==$ank['guestbook_password'])header("Location:?id=$ank[id]&enter=ok");
}
if ($ank['guestbook_access']=='only_me') {
if ($ank['id']==$user['id'] && isset($user) || isset($moderate_guestbook) && $user['level'] > $ank['level']) {
} else {
$error[] = "Доступ в гостевую открыт только автору.";
show_errors();
ex_foot();
}
} elseif ($ank['guestbook_access']=='friends') {
if ($ank['id']==$user['id'] && isset($user) || isset($moderate_guestbook) && $user['level'] > $ank['level'] || is_friend($ank['id'], $user['id'])) {
} else {
$error[] = "Доступ в гостевую открыт только друзьям автора.";
show_errors();
ex_foot();
}
} elseif ($ank['guestbook_access']=='pass') {
if (isset($_COOKIE['passgb'][$ank['id']]) && $_COOKIE['passgb'][$ank['id']]==$ank['guestbook_password'] || $ank['id']==$user['id'] && isset($user) || isset($moderate_guestbook) && $user['level'] > $ank['level']) {
} else {
if (isset($_POST['password']) && $_POST['password']!=$ank['guestbook_password'])$error[] = "Пароль неправильный.";
show_errors();
echo "<div class=list><form action='' method='POST'>n";
echo "Доступ в гостевую открыт только по паролю!<br> Чтобы пройти в гостевую, введите пароль:<br />n";
echo "<input type='text' name='password'><br />n";
echo "<input type='submit' name='submited' value='Далее'>n";
echo "</form></div>n";
ex_foot();
}
}
elseif ($ank['guestbook_access']=='auth')
{
if (isset($user)) {
} else {
$error[] = "Доступ в гостевую открыт только авторизированным пользователям.";
show_errors();
ex_foot();
}
}
if (isset($_GET['reply']) && mysqli_result("SELECT COUNT(*) FROM `guestbook` WHERE `id` = '".intval($_GET['reply'])."' AND `id_user_adm` = '$ank[id]'"))
{
if_user('is_reg');
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id` = '".intval($_GET['reply'])."' AND `id_user_adm` = '$ank[id]'"));
$ank2 = profile($komm['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank2['id'], 'small');
echo "</div>n";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank2['id']).":<br />n";
echo output_text($komm['msg'], $ank2['id']);
echo "<div class='clear'></div>n";
echo "</div>n";
if ($ank['guestbook_komm']=='all' || $ank['guestbook_komm']=='only_me' && ($user['id']==$ank['id'] || isset($moderate_guestbook) && $user['level'] > $ank['level']) || $ank['guestbook_komm']=='friends' && ($ank['id']==$user['id'] || isset($moderate_guestbook) && $user['level'] > $ank['level'] || is_friend($ank['id'], $user['id'])))
{
input_bbs();
echo "<div class=list><form method='post' name='message' action='?id=$ank[id]&$passgen'>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите свой ответ...'></textarea><br />n";
echo "<input type='hidden' name='reply' value='$ank2[id]'>";
echo "<input type='hidden' name='komm_reply' value='$komm[id]'>";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<br/><input value="Отправить" type="submit" /> <a href='?id=$ank[id]'>Назад</a>n";
echo "</form></div>n";
} else {
$error[] = 'Автор ограничил круг лиц, которые могут оставлять комментарии.';
show_errors();
}
ex_foot();
}
if (isset($_GET['edit']) && mysqli_result("SELECT COUNT(*) FROM `guestbook` WHERE `id` = '".intval($_GET['edit'])."' AND `id_user_adm` = '$ank[id]' LIMIT 1"))
{
if_user('is_reg');
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id` = '".intval($_GET['edit'])."' AND `id_user_adm` = '$ank[id]' LIMIT 1"));
if ($user['id']==$komm['id_user'] && $komm['time']>time()-600) {
if (isset($_POST['msg'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
$msg = $_POST['msg'];
if (strlen($msg)<1)$error[]='Введите coбщение';
if (strlen($msg)>1024)$error[]='Сообщение слишком длинное';
$msg = my_esc($msg);
if (!isset($error))
{
mysqli_query($dbi, "UPDATE `guestbook` SET `msg` = '$msg' WHERE `id` = '$komm[id]' LIMIT 1");
header("Location: ?id=$ank[id]");
exit();
}
} else hacked_by_Killer();
}
show_errors();
input_bbs();
echo "<form method='post' action='?id=$ank[id]&edit=$komm[id]&$passgen'>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите комментарий...'>".input_value($komm['msg'])."</textarea><br />n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Отправить' />n";
echo "</form></div>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
if (isset($_GET['clean']) && isset($user) && $user['id']==$ank['id']) {
if (isset($_GET['all'])) {
if (isset($_POST['submited'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `guestbook` WHERE `id_user_adm` = '$ank[id]'");
} else hacked_by_Killer();
} else {
echo "<div class=list><form method='POST' action=''>n";
echo "Очистить гостевую от сообщений?<br/>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input value='Да, очистить' type='submit' />n";
echo "</div>n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
} else {
if (isset($_GET['ok'])) {
if (hsc(@$_POST['mdp'])==$mdp) {
$ch=intval($_POST['ch']);
$mn=intval($_POST['mn']);
$nt=$ch*$mn*3600;
$nt=$time-$nt;
mysqli_query($dbi, "DELETE FROM `guestbook` WHERE `id_user_adm` = '$ank[id]' AND `time` < '$nt'");
} else hacked_by_Killer();
}
else
{
echo "<div class='list'>n";
echo "<img src='/i/site/cancel.png' /> <a href='?id=$ank[id]&clean&all'>Очистить гостевую полностью</a>";
echo "</div>n";
echo "<form method='post' action='?id=$ank[id]&clean&ok'>";
echo "Будут удалены посты, написанные ... тому назад:<br />n";
echo'<input type="text" name="ch" size="3" value="1" />';
echo'<select name="mn">';
echo'<option value="1" selected="selected">Часов</option>';
echo'<option value="24">Дней</option>';
echo'<option value="168">Недель</option>';
echo'<option value="744">Месяцев</option>';
echo'</select><br />';
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input value='Очистить' type='submit' />n";
echo "</form>n";
echo "<div class='foot'>n";
echo image_back()." <a href='?id=$ank[id]'>Назад</a>n";
echo "</div>n";
ex_foot();
}
}
}
if (isset($_POST['msg']) && isset($user) && ($ank['guestbook_komm']=='all' || $ank['guestbook_komm']=='only_me' && ($user['id']==$ank['id'] || isset($moderate_guestbook)) || $ank['guestbook_komm']=='friends' && ($ank['id']==$user['id'] || isset($moderate_guestbook) && $user['level'] > $ank['level'] || is_friend($ank['id'], $user['id']))))
{
if (hsc(@$_POST['mdp'])==$mdp) {
$msg = $_POST['msg'];
if (strlen($msg) > 1024){$error[] = 'Сообщение слишком длинное';}
if (strlen(trim($msg)) < 1){$error[] = 'Короткое сообщение';}
if (mysqli_result("SELECT COUNT(*) FROM `guestbook` WHERE `id_user_adm` = '$ank[id]' AND `id_user` = '$user[id]' AND `msg` = '".my_esc($msg)."' LIMIT 1")){$error[] = 'Ваше сообщение повторяет предыдущее.';}
if (!isset($error)) {
if (isset($_POST['reply']) && profile(intval($_POST['reply'], 1))) {
$reply_user = profile(intval($_POST['reply']));
$reply_komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id` = '".intval($_POST['komm_reply'])."' AND `id_user_adm` = '$ank[id]'"));
$reply=1;
}
mysqli_query($dbi, "INSERT INTO `guestbook` (`id_user_adm`, `id_user`, `time`, `msg`".(isset($reply)?", `reply`, `reply_msg`":null).") values('$ank[id]', '$user[id]', '$time', '".my_esc($msg)."'".(isset($reply)?", '$reply_user[id]', '$reply_komm[msg]'":null).")");
header("Location: ?id=$ank[id]&$passgen");
}
} else hacked_by_Killer();
}
if ((isset($moderate_guestbook) && $user['level'] > $ank['level'] || $ank['id'] == $user['id']) && isset($_GET['delete']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id`='".intval($_GET['delete'])."' AND `id_user_adm` = '$ank[id]' LIMIT 1"))!=0)
{
if (hsc(@$_GET['mdp']) == $mdp) {
mysqli_query($dbi, "DELETE FROM `guestbook` WHERE `id`='".intval($_GET['delete'])."' LIMIT 1");
header("Location: ?id=$ank[id]");
exit();
} else hacked_by_Killer();
}
if (isset($_GET['sk']) && isset($moderate_guestbook) && ($user['level'] > $ank['level'] || $ank['id'] == $user['id']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id`='".intval($_GET['sk'])."' AND `id_user_adm` = '$ank[id]' LIMIT 1"))!=0)
{
if (hsc(@$_GET['mdp']) == $mdp) {
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id`='".intval($_GET['sk'])."' AND `id_user_adm` = '$ank[id]' LIMIT 1"));
if ($komm['sk'] == 1)$sk = 0;else $sk = 1;
mysqli_query($dbi, "UPDATE `guestbook` SET `sk` = '$sk', `sk_user` = '$user[id]' WHERE `id`='".intval($_GET['sk'])."' LIMIT 1");
} else hacked_by_Killer();
}
show_errors();
if (isset($user))
{
if ($ank['guestbook_komm']=='all' || $ank['guestbook_komm']=='only_me' && ($user['id']==$ank['id'] || isset($moderate_guestbook) && $user['level'] > $ank['level']) || $ank['guestbook_komm']=='friends' && ($ank['id']==$user['id'] || isset($moderate_guestbook) && $user['level'] > $ank['level'] || is_friend($ank['id'], $user['id'])))
{
input_bbs();
echo "<div class=foot><form action='?id=$ank[id]' method='post'>n";
echo "<textarea name='msg' id='textarea' rows='5' cols='17' style='width: 95%' placeholder='Введите комментарий...'></textarea><br />n";
echo "<input type='hidden' name='mdp' value='".$mdp."'>n";
echo "<input type='submit' name='submited' value='Отправить' />n";
echo "</form></div>n";
} else {
$error[] = 'Автор ограничил круг лиц, которые могут оставлять комментарии.';
show_errors();
}
} else echo "<div class='main'>$config[code_add] <a href='/login'>Добавить комментарий</a></div>n";
if (isset($mdelete) && isset($_POST['m_d_okey'])) {
if (hsc(@$_POST['mdp']) == $mdp) {
$cd_komm=0;
foreach ($_POST as $key => $value) {
if (preg_match('#^m_d_komm_([0-9]*)$#',$key,$kid) && $value==1) {
$komm = mysqli_fetch_array(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id` = '$kid[1]' AND `id_user_adm` = '$ank[id]' LIMIT 1"));
if ($komm) {
mysqli_query($dbi, "DELETE FROM `guestbook` WHERE `id` = '$komm[id]'");
}
}
}
} else hacked_by_Killer();
}
if (isset($user) && isset($_GET['like']) && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id` = '".intval($_GET['like'])."' AND `id_user_adm` = '$ank[id]'"))!=0)layki(intval($_GET['like']), 'guestbook');
$count_results = mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id_user_adm` = '$ank[id]'".(!isset($moderate_guestbook) && $user['level'] > $ank['level']?" AND `sk` = '0'":null).""));
$count_pages = count_pages($count_results);
$page = page();
$start = start_pages();
// если есть новые коментарии
if (isset($user) && $user['id'] == $ank['id'])
{
mysqli_query($dbi, "UPDATE `user` SET `a_time_guestbook` = '$time' WHERE `id` = '$user[id]'");
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id_user_adm` = '$ank[id]' AND `id_user` != '$user[id]' AND `time` > '$user[a_time_guestbook]'"))!=0)
{
header("Location: ?id=$ank[id]&page=$page");
}
}
// если есть непрочитанные записи связаные с гостеой
if (mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `journal` WHERE `id_kont` = '$user[id]' AND `cat` = 'guestbook' AND `type` = 'komm' AND `id_object2` = '$ank[id]' AND `read` = '0'"))!=0)
{
mysql_query($dbi, "UPDATE `journal` SET `read` = '1', `last_time` = '$time' WHERE `id_kont` = '$user[id]' AND `cat` = 'guestbook' AND `type` = 'komm' AND `id_object2` = '$ank[id]' AND `read` = '0'");
header("Location: ?id=$ank[id]&page=$page");
}
if (isset($mdelete)) {
echo "<form action='' method='post' class='multi'>n";
}
if (!$count_results) {
echo "<div class='list_empty'>Нет сообщений.</div>n";
}
$like = array();
$query = mysqli_query($dbi, "SELECT * FROM `guestbook` WHERE `id_user_adm` = '$ank[id]'".(!isset($moderate_guestbook) && $user['level'] > $ank['level']?" AND `sk` = '0'":null)." ORDER BY id DESC LIMIT $start, $config[rop]");
while ($post = mysqli_fetch_array($query)){
$like_count=0;
$array=explode("|", $post['layki']);
foreach ($array as $key => $value) {
if ($value!=NULL) {
$like_count++;
if ($value==$user['id'] && isset($user))$like["$post[id]"] = 1;
}
}
$ank2 = profile($post['id_user']);
echo "<div class='list'>n";
echo "<div class='left'>n";
show_avatar($ank2['id'], 'small');
echo "</div>n";
echo "<div class='overfl_hid'>n";
if (isset($mdelete))echo "<span class='right'><input type='checkbox' name='m_d_komm_$post[id]' value='1'></span>n";
echo profile_icon($ank2['id']).profile_nick($ank2['id'], 1).profile_medal($ank2['id']);
if (isset($user))
{
echo "<span class='right'>n";
if (isset($user) && ($user['id']==$ank2['id'] && $post['time']>time()-600))echo "<a href='?id=$ank[id]&edit=$post[id]' title='Редактировать комментарий'>$config[code_edit]</a>n";
if (isset($user) && (isset($moderate_guestbook) && $user['level'] > $ank['level'] || $ank['id'] == $user['id']))echo "<a href='?id=$ank[id]&delete=$post[id]&mdp=$mdp' title='Удалить комментарий'>$config[code_delete]</a>n";
echo "</span>n";
}
echo " (".vremja($post['time']).")<br />";
if ($post['sk']==1 && $post['sk_user']!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '$post[sk_user]'")))
{
$sku=profile($post['sk_user']);
echo "<font color='red'>Скрыл ".($sku['anketa']['pol']==0?'a':null)." $sku[nick]</font><br/>";
}
if ($post['reply']!=0 && mysqli_num_rows(mysqli_query($dbi, "SELECT * FROM `user` WHERE `id` = '$post[reply]'")))
{
$ru=profile($post['reply']);
echo "$ru[nick], ";
}
echo output_text($post['msg'], $ank2['id'])."<br />n";
echo "<span class='right like'>".(isset($user)?"<a href='?id=$ank[id]&like=$post[id]' class='fav_link".(isset($like["$post[id]"])?" favorited":NULL)."'></a>":"<img src='/i/site/like.png' />")." $like_count</span>n";
if (isset($user))
{
echo "[<a href='?id=$ank[id]&reply=$post[id]' title='Ответить'>Ответить</a>]n";
}
if (isset($user) && isset($moderate_guestbook) && ($user['level'] > $ank['level'] || $ank['id'] == $user['id']))echo" <a href='?id=$ank[id]&sk=$post[id]&mdp=$mdp' title='".($post['sk']==1?"Показать":"Скрыть")." комментарий.'>".($post['sk']==1?"Показать":"Скрыть")."</a>n";
echo "</div>n";
echo "<div class='clear'></div>n";
echo "</div>n";
}
if (isset($mdelete)) {
echo "<div class='mod_grad'>n";
echo "<input type='submit' name='m_d_okey' value='Удалить'>n";
echo "<input type='hidden' name='mdp' value='".$mdp."'/>n";
echo "</div>n";
echo "</form>n";
}
pages_show("?id=$ank[id]&");
if ($ank['id']==$user['id'] && isset($user)) {
echo "<div class='mod_grad'>n";
echo "$config[code_delete]<a href='?id=$ank[id]&clean'>Очистить гостевую</a><br />n";
if ($ank['id']==$user['id']) {
echo "<img src='/i/site/settings.png'/> <a href='?act=settings'>Настройки</a><br />n";
}
echo "</div>";
}
echo "<div class='foot'>n";
echo image_back()." <a href='$config[profile_page]?id=$ank[id]'>Страница $ank[nick]</a>n";
echo "</div>n";
ex_foot();
?>