Файл: waphero.ru/news/post/index.php
Строк: 110
<?
include_once '../../core/system.php';
echo only_reg();
echo ban();
if (isset($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."'"),0) == true){
$news = mysql_fetch_assoc(mysql_query("SELECT * FROM `news` WHERE `id` = '".intval($_GET['id'])."'"));
}else{
$_SESSION['err'] = "Нет такой новости!";
header('Location: /news/');
exit();
}
if($user['prava'] == 5){
if(isset($_GET['kommd'])){
mysql_query("DELETE FROM `news_kom` where `id` = '".abs(intval($_GET['kommd']))."' limit 1");
}
}
$header = $news[title];
include_once '../../core/head.php';
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$news[id_user]'"));
echo "<div class='player Admin'>".BBcode($news[msg])."</div>";
echo "<div class='dot-line'></div>";
echo "<div class='player grey'><span class='dgreen'>[".vremja($news[time])."]</span> Оформил(а) ";
echo online($ank[id]);
echo " <a href='/user/$news[id_user]/'>$ank[nick]</a></div>";
echo "<div class='mini-line'></div>";
//Комментарии
if(isset($_POST['msg'])){
$msg = check($_POST['msg']);
if(strlen($msg) < 3 or strlen($msg) > 400) $err = 'Длина сообщения должна быть в пределах 3 - 400 символов';
if(!isset($err)) {
mysql_query("INSERT INTO `news_kom` SET `id_user` = '$user[id]', `id_news` = '$news[id]', `msg` = '$msg', `time` = '".time()."'");
header("Location: news.php?id=$news[id]");
$_SESSION['message'] = 'Сообщение добавлено!';
exit();
}else{
header("Location: news.php?id=$news[id]");
$_SESSION['err'] = $err;
// Вывод ошибки
exit();
}
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `news_kom` WHERE `id_news` = '".intval($_GET['id'])."'"),0);
$k_page = k_page($k_post,$set['p_str']);
$page = page($k_page);
$start = $set['p_str']*$page-$set['p_str'];
if(isset($_GET['comm'])) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = $_GET[comm] LIMIT 1"));
echo '<form class="player" method="post" action="/news/post/'.$news[id].'/">
<input class="text large" value="'.$ank[nick].', " type="text" name="msg" /><br />
<span class="btn"><span class="end"><input class="label" type="submit" value="Отправить">Отправить</span></span>
</form>';
}else{
echo '<form class="player" method="post" action="/news/post/'.$news[id].'/">
<input class="text large" type="text" name="msg" /><br />
<span class="btn"><span class="end"><input class="label" type="submit" value="Отправить">Отправить</span></span>
</form>';
}
$q = mysql_query("SELECT * FROM `news_kom` WHERE `id_news` = '$news[id]' ORDER BY `id` DESC LIMIT $start, $set[p_str]");
echo "<div class='dot-line'></div>";
echo "<div class='player'>";
if($k_post == 0)echo "<span class='grey'>Нет комментарий</div>";
while($post = mysql_fetch_assoc($q)) {
$ank = mysql_fetch_assoc(mysql_query("SELECT * FROM `user` WHERE `id` = '$post[id_user]' LIMIT 1"));
if($ank[prava] == 5 )$color = 'Admin';
if($ank[prava] == 4 )$color = 'Moder';
if($ank[prava] == 0 )$color = '';
echo online($ank[id]);
echo " <a href='/user/$ank[id]/'>$ank[nick]</a> <span class='dgreen'>[".vremja($post[time])."]</span> <a href='/news/post/$news[id]/?comm=$ank[id]'>(»)</a>".($user['prava']==5?'(<a href="?kommd='.$post['id'].'">x</a>)':null).": <span class='$color'>".smiles($post['msg'])."</span><br>";
}
echo "</div>";
if ($k_page>1)str('news.php?id=' . intval($_GET['id']) . '&',$k_page,$page); // Вывод страниц
echo "<div class='mini-line'></div>";
echo "<div class='player menuList'>";
echo "<li><a href='/news/'><img src='/images/icon/arrow.png'>Новости</a></li>";
echo "</div>";
include_once '../../core/foot.php';
?>