Файл: stalkerus.tk/addcomments.php
Строк: 106
<?php
//*******************************************************************//
//**///////////////////////Автор: Андрей Наумов////////////////////**//
//**//////Двиг был написан мною и никаких соавторов не имеется/////**//
//**////////////////////////VK: vk.com/linux8//////////////////////**//
//**/////Устроюсь как на временную, так и на постоянную работу/////**//
//**//////////Знаю: Php, MySQL, CSS, xhtml, photoshop//////////////**//
//**/////Цена договорная, зависит от сложности и объёма работы/////**//
//**///////////////////////////////////////////////////////////////**//
//**////////////Спасибо за использование моего движка//////////////**//
//**/////Буду рад радовать вас новыми и интересными движками///////**//
//*******************************************************************//
require_once('conf/dbc.php');
require_once('conf/session_start.php');
require_once('conf/ban.php');
if ((!isset($_SESSION['id'])) and (!isset($_SESSION['nick']))) {
?>
<script type="text/javascript">
document.location.href = "reg.php?err_login=1";
</script>
<?php
}
$H=getenv("HTTP_REFERER");
if (empty($H)) {
?>
<script type="text/javascript">
document.location.href = "index.php";
</script>
<?php
exit();
}
$user_id = $_SESSION['id'];
$topic = $_GET['topic'];
$text = $_POST['text'];
$page = $_GET['page'];
$page = htmlentities($page, ENT_QUOTES);
if (empty($topic)) {
?>
<script type="text/javascript">
document.location.href = "index.php";
</script>
<?php
exit();
}
if (empty($text)) {
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>&err=1&page=<?php echo "$page";?>";
</script>
<?php
exit();
}
$topic = mysqli_real_escape_string($dbc, trim($topic));
/////////////////////////////Существует ли топик
$query_isset = "Select close, id_subf, fix from topics where id_top='$topic' limit 1";
$result_isset = mysqli_query($dbc, $query_isset) or die ('Ошибка передачи запроса к БД');
$row_isset = mysqli_num_rows($result_isset);
$row_isset = mysqli_fetch_array($result_isset);
$id_subf = $row_isset['id_subf'];
if (empty($row_isset)) {
?>
<script type="text/javascript">
document.location.href = "index.php";
</script>
<?php
exit();
}
/////////////
//////////////////////////Закрыт ли топик
if ($row_isset['close'] == 1) {
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>&page=<?php echo "$page";?>";
</script>
<?php
exit();
}
//////////////////////////////////////
$query_sub = "Select clan, rangs_read, rangs_com, rangs_cre, main from subforums where id_subf='$id_subf' limit 1";
$result_sub = mysqli_query($dbc, $query_sub) or die ('Ошибка передачи запроса к БД');
$row_sub = mysqli_fetch_array($result_sub);
$query_user = "Select gruppa, lvl, clan, clan_rang, admin, f_ban from users where id='$user_id' limit 1";
$result_user = mysqli_query($dbc, $query_user) or die ('Ошибка передачи запроса к БД');
$row_user = mysqli_fetch_array($result_user);
if ($row_user['admin'] <> 1) {
if ($row_sub['main'] == 0) {
if ($row_user['clan'] == $row_sub['clan']) {
if ($row_user['clan_rang'] < $row_sub['rang_com']) {
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>";
</script>
<?php
exit();
}
}
else {
if ($row_sub['rang_com'] <> 0) {
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>&page=<?php echo "$page";?>";
</script>
<?php
exit();
}
}
}
else {
if ($row_user['lvl'] < 10) {
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>&page=<?php echo "$page";?>";
</script>
<?php
exit();
}
if($row_user['gruppa'] == $row_sub['gruppa'] or $row_sub['gruppa'] == 'all' and $row_user['f_ban'] <> 0) {
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>&page=<?php echo "$page";?>";
</script>
<?php
exit();
}
}
$text = str_replace('<','<', $text);
$text = str_replace('>','>', $text);
$text = str_replace('"','"', $text);
}
$text = preg_replace('/(rn)+/', "rn", $text);
$text = preg_replace('/(r)+/', "r", $text);
$text = preg_replace('/(n)+/', "n", $text);
$text = strtr($text, array("rn" => '<br />', "r" => '<br />', "n" => '<br />', "[url]" => '<a href="', "[/url]" => '">', '=D' => '<img src="img/smiles/D.gif" />', ':-D' => '<img src="img/smiles/D.gif" />', ':D' => '<img src="img/smiles/D.gif" />','mobstalker' => '<img src="img/smiles/smile.gif" />', '.net' => '<img src="img/smiles/smile.gif" />', '.com' => '<img src="img/smiles/smile.gif" />', '.tk' => '<img src="img/smiles/smile.gif" />', '.su' => '<img src="img/smiles/smile.gif" />', '.ru' => '<img src="img/smiles/smile.gif" />', 'sta1ker' => '<img src="img/smiles/smile.gif" />',':-)' => '<img src="img/smiles/smile.gif" />', '=)' => '<img src="img/smiles/smile.gif" />',':)' => '<img src="img/smiles/smile.gif" />',':(' => '<img src="img/smiles/sad.gif" />', ':собака' => '<img src="img/monsters/3.png" width="30" height="30" border="0"/>', "[b]" => '<b>', "[/b]" => '</b>',':зло' => '<img src="img/smiles/zlo.gif" />', ":хмм" =>'<img src="img/smiles/xmm.gif" />', ":пишу" =>'<img src="img/smiles/mail.gif" />', ":хаха" => '<img src="img/smiles/xaxa.gif" />', ":ого" => '<img src="img/smiles/vau.gif" />', ":тихо" => '<img src="img/smiles/tiho.gif" />', ":смерть" => '<img src="img/smiles/smert.gif" />', ":поиск" => '<img src="img/smiles/poisk.gif" />', ":накрыло" => '<img src="img/smiles/pizdec.gif" />', ":оу" => '<img src="img/smiles/oy.gif" />', ":упс" => '<img src="img/smiles/oops.gif" />', ":ням" => '<img src="img/smiles/nyam.gif" />', ":ноно" => '<img src="img/smiles/nono.gif" />', ":нет" => '<img src="img/smiles/no.gif" />', ":ниндзя" => '<img src="img/smiles/ninja.gif" />', ":незнаю" => '<img src="img/smiles/neznaju.gif" />', ":неа" => '<img src="img/smiles/nea.gif" />', ":муз" => '<img src="img/smiles/music.gif" />', ":мистер" => '<img src="img/smiles/mister.gif" />', ":ламер" => '<img src="img/smiles/lamer.gif" />', ":кыш" => '<img src="img/smiles/kulak.gif" />', ":крут" => '<img src="img/smiles/krut.gif" />', ":кул" => '<img src="img/smiles/klass.gif" />', ":класс" => '<img src="img/smiles/klass.gif" />', ":супер" => '<img src="img/smiles/klass.gif" />', ":пока" => '<img src="img/smiles/hello.gif" />', ":фак" => '<img src="img/smiles/fuck.gif" />', ":флуд" => '<img src="img/smiles/flood.gif" />', ":фингал" => '<img src="img/smiles/fingal.gif" />', ":холодно" => '<img src="img/smiles/cold.gif" />', ":бомба" => '<img src="img/smiles/bomba.gif" />', ":блин" => '<img src="img/smiles/blin.gif" />', ":бан" => '<img src="img/smiles/ban.gif" />', ":атлет" => '<img src="img/smiles/atlet.gif" />', ":ааа" => '<img src="img/smiles/aaa.gif" />', ":8" => '<img src="img/smiles/8.gif" />', "[i]" => '<i>', "[/i]" => '</i>', "[big]" => '<big>', "[/big]" => '</big>', "[small]" => '<small>', "[/small]" => '</small>', "[s]" => '<s>', "[/s]" => '</S>', "[u]" => '<u>', "[/u]" => '</u>', "[pre]" => '<pre>', "[/pre]" => '</pre>', "[green]" => '<font color="gren">', "[/green]" => '</font>',"[grey]" => '<font color="grey">', "[/grey]" => '</font>',"[blue]" => '<font color="blue">', "[/blue]" => '</font>')); $text=stripslashes("$text");
$text=stripslashes("$text");
$text = mysqli_real_escape_string($dbc, trim($text));
$query = "insert into comments (`id_top`, `avtor`, `text`, `time_cre`) values ('$topic', '$user_id', '$text', NOW())";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
if ($row_isset['fix'] == 1) {
$query = "update topics set time_up = NOW()+1000000 where id_top='$topic'";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
}
else {
$query = "update topics set time_up = NOW() where id_top='$topic'";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
}
$query = "select time_up from intopics where user_id='$user_id' and topic='$topic' limit 1";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
$number = mysqli_num_rows($result);
if ($number == 0) {
$query = "insert into intopics (`user_id`, `topic`, `time_up`) values ( '$user_id', '$topic', NOW())";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
}
else {
$query = "update intopics set time_up = NOW() where topic='$topic' and user_id='$user_id'";
$result = mysqli_query($dbc, $query) or die ('Ошибка передачи запроса к БД');
}
?>
<script type="text/javascript">
document.location.href = "topic.php?topic=<?php echo "$topic";?>&page=<?php echo "$page";?>";
</script>
<?php
mysqli_close($dbc);
?>