Файл: news/comes.php
Строк: 94
<?php
define('ROOT','../');
define('GCMS',true);
require_once (ROOT.'system/power.php');
if ($aut) {
if ($id) {
$type = $db -> query("SELECT * FROM `news` WHERE `id` = '".(int)$id."'");
if ($type -> num_rows > 0) $the = $type -> fetch_assoc(); else $the = false;
} else $the = false;
if($the['onf']==2){
switch($mode) {
case 'write':
if ($ya['balls']>=$nastr['obcom']) {
$page = isset($_GET['page']) ? (int)$_GET['page'] : '1';
$text = shit($_POST['text']);
$te = $db -> query("SELECT * FROM `comes` WHERE `where`='news' and `idwh` = '".(int)$id."' and `user` = '".(int)$ya['id']."' LIMIT 1");
if (mb_strlen($text) < 3) {
$diz -> head('Ошибка');
$diz -> title('Ошибка');
echo '<div class="fon">Короткий комментарий!</div>';
header('refresh: 3; url=comments'.$id.'');
$diz -> out($msg);
}else{
$mtime = $db -> query("SELECT * FROM `comes` WHERE `user` = '".$ya['id']."' order by `time` DESC")->fetch_assoc();
if($mtime['time']+$nastr['floodkom']<=time()){
$db -> query("UPDATE `users` SET `balls` = balls+'".$nastr['bcoms']."' WHERE `id` = '".$ya['id']."'");
$db -> multi_query("INSERT INTO `comes` SET `where`='news', `user` = '".(int)$ya['id']."', `idwh` = '".$id."',`text` = '".$text."',`time` = '".time()."'");
$page = isset($_GET['page']) ? (int)$_GET['page'] : '1';
header('location: comes.php?id='.(int)$id.'&page='.(int)$page);
}else{
$diz -> head('Ошибка');
$diz -> title('Ошибка');
echo '<div class="fon">Следующий комментарий можно оставить через '.$nastr['floodkom'].' сек.</div>';
header('refresh: 3; url=comments'.$id.'');
$diz -> out($msg);
}
}
}else{
$diz -> head('Ошибка');
$diz -> title('Ошибка');
echo '<div class="fon">Изфините,но вы пока не можете оставлять комментарии!</div>';
header('refresh: 3; url=comments'.$id.'');
$diz -> out($msg);
}
break;
case 'del':
$page = isset($_GET['page']) ? $_GET['page'] : '1';
if ($aut == true and $id != false) {
$sql = $db -> query("SELECT * FROM `comes` WHERE `id` = '".$sid."' LIMIT 1");
if ($sql -> num_rows > 0) {
$ass = $sql -> fetch_assoc();
if ($ya['level']>4) {
$db -> query("DELETE FROM `comes` WHERE `id` = '".$sid."' LIMIT 1");
header('location: comes.php?id='.(int)$ass['idwh'].'&page='.(int)$page);
} else header('location: comes.php?id='.(int)$ass['idwh'].'&page='.(int)$page);
} else header('location: comes.php?id='.(int)$ass['idwh'].'&page='.(int)$page);
} else header('location: comes.php?id='.(int)$ass['idwh'].'&page='.(int)$page);
break;
default:
$diz -> head('Комментарии');
$new = $db -> query("SELECT `id`,`name` FROM `news` WHERE `id` = '".$id."' LIMIT 1")-> fetch_assoc();
$diz -> title("<a href='./new$new[id]'>".$new['name']."</a>/<b>Комментарии</b>");
$count = $db -> dbcount('COUNT(`id`)','comes',"`idwh` = '".(int)$id."' and `where`='news'");
if ($count>0){
$num = isset($ya['num']) ? $ya['num'] : 10;
$total = intval(($count - 1) / $num) + 1;
if (!isset($_GET['page']) || !is_numeric($_GET['page']) || $_GET['page'] < 1 )
{
$page = 1;
} elseif($_GET['page'] > $total)
{ $page = $total;
} else $page = (int)$_GET['page'];
$start = $page * $num - $num;
$for = $db -> query("SELECT * FROM `comes` WHERE `idwh` = '".(int)$id."' and `where`='news' ORDER BY `id` DESC LIMIT ".$start.",".$num);
while ($assoc = $for -> fetch_assoc()) {
$dop = null;
if ($aut) {
if ((int)$ya['level'] > 4) {
$dop = ' | <a href="comes.php?id='.$id.'&sid='.$assoc['id'].'&mode=del&page='.$page.'">[Удалить]</a>';
}
}
echo '<div class="fon">
<table><tr valign="top"><td>'.$func->avatar($assoc['user']).'</td>
<td style="padding-left:5px;">'.$func->user($assoc['user']).'</br>
'.$func -> tags($func -> smiles($assoc['text'])).'<br/>
'.$func -> times(date('d m Y в H:i',$assoc['time'])).'<br/>'.$dop.'</td>
</tr></table></div>';
}
$act = 'comes.php?id='.(int)$id;
echo ''.$func -> pagenav($act,$page,$total).'';
}else echo '<div class="fon">Комментариев пока нет!</div>';
if ($aut == true) {
echo '<form action="comes.php?id='.$id.'&mode=write&page='.$page.'" method="post">
<div class="fon">Комментарий:<br/>
<textarea name="text" rows="3" cols="15"></textarea><br/>
<input type="submit" value="Написать!"/>
</form></div>';
}
echo '<div class="levo"><a href="/" class="levo_tuch">'.$diz -> img('home.png').' На главную</a></div>';
#####Копирайт#######
$diz -> out($msg);
}
}else{header('location: index.php');}
} else header('location: '.ROOT.'aut.php');
?>