Файл: forum/topic-post.php
Строк: 127
<?
include_once('../apahe/ini.php');
$forum_m = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum-m` WHERE `id` = '".int($_GET['id'])."'"));
$urlup='/forum/index';
$inc['title'] = 'Форум - постим';
include_once('../apahe/top.php');
if (!isset($apache)){
header ('location: /input.dll');
exit;
}
if (!$forum_m){
header ('location: /forum/index.dll');
exit;
}
$forum = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum` WHERE `id` = '".int($forum_m['id-forum'])."'"));
$forum_r = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum-r` WHERE `id` = '".int($forum_m['id-forum-r'])."'"));
$forum_u = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum-u` WHERE `id` = '".int($forum_m['id-forum-u'])."'"));
if ($forum_u['act']!=0){
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
exit;
}
switch ($_GET['selest']){
default:
if ($apache['level']>=1){
if (isset($_POST['edit-post-ok'])){
$message = txt($_POST['message']);
if (empty($message)) $err .= 'Не введёно сообщение.</br>';
if (!empty($message) && (strlen($message) < 2 || strlen($message) > 1024)) $err .= 'Неверная длина сообщения.</br>';
if (!isset($err)){
mysql_query("UPDATE `forum-m` SET `message` = '".$message."' WHERE `id` = '".int($forum_m['id'])."'");
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}}
error($err);
echo '<div class="main-text">';
echo '<a href="index.dll" title="Форум">Форум</a> | ';
echo '<a href="forum-'.int($forum['id']).'.dll" title="'.$forum['name'].'">'.$forum['name'].'</a> | ';
echo '<a href="topic-'.int($forum_u['id']).'.dll" title="'.$forum_u['name'].'">'.$forum_u['name'].'</a>';
echo '</div>';
echo '<div class="main-href"><form method="post" action="topic-post-'.int($forum_m['id']).'.dll">';
echo 'Сообщение: <a href="/module/infomation.dll?selest=smiles" title="Список смайлов">Смайлы</a> | ';
echo '<a href="/module/infomation.dll?selest=bb-code" title="Список ББ-кодов">ББ-коды</a></br>';
echo '<textarea placeholder="Мах 1024 символов" name="message" maxlength="1024">'.$forum_m['message'].'</textarea></br>';
echo '<input type="submit" name="edit-post-ok" title="Изменить" value="Изменить">';
echo '</form></div>';
}else{
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}
break;
case 'otvet':
if ($apache['id']!=$forum_m['id-apache']){
if (isset($_POST['otvet-post-ok'])){
$message = txt($_POST['message']);
$posts = int($forum_m['id-apache']);
$posts_name = name($forum_m['id-apache']);
$apa = int($apache['id']);
if (empty($message)) $err .= 'Не введёно сообщение.</br>';
if (!empty($message) && (strlen($message) < 2 || strlen($message) > 1024)) $err .= 'Неверная длина сообщения.</br>';
if (!isset($err)){
if ($apache['pol']==1)$mess_t='Ответил вам в';
if ($apache['pol']==2)$mess_t='Ответила вам в';
mysql_query("INSERT INTO `apache-j` SET `id-apache` = '".$posts."', `id-apach` = '".$apa."', `message` = '".$mess_t."', `url` = '/forum/topic-".int($forum_u['id'])."', `name-url` = 'в теме на форуме', `read` = '1', `date` = '".time()."'");
mysql_query("INSERT INTO `forum-m` SET `id-forum` = '".int($forum['id'])."', `id-forum-r` = '".int($forum_r['id'])."', `id-forum-u` = '".int($forum_u['id'])."', `id-apache` = '".$apa."', `message` = '[b]".$posts_name."[/b], ".$message."', `date` = '".time()."'");
mysql_query("UPDATE `apache` SET `rub` = `rub`+1 WHERE `id` = '".$apa."'");
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}}
error($err);
echo '<div class="main-text">';
echo '<a href="index.dll" title="Форум">Форум</a> | ';
echo '<a href="forum-'.int($forum['id']).'.dll" title="'.$forum['name'].'">'.$forum['name'].'</a> | ';
echo '<a href="topic-'.int($forum_u['id']).'.dll" title="'.$forum_u['name'].'">'.$forum_u['name'].'</a>';
echo '</div>';
echo '<div class="main-href"><form method="post" action="topic-post-'.int($forum_m['id']).'.dll?selest=otvet">';
echo 'Сообщение: <a href="/module/infomation.dll?selest=smiles" title="Список смайлов">Смайлы</a> | ';
echo '<a href="/module/infomation.dll?selest=bb-code" title="Список ББ-кодов">ББ-коды</a></br>';
echo '<textarea placeholder="Мах 1024 символов" name="message" maxlength="1024"></textarea></br>';
echo '<input type="submit" name="otvet-post-ok" title="Ответить" value="Ответить">';
echo '</form></div>';
}else{
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}
break;
case 'files':
$forum_f_t = mysql_result(mysql_query("SELECT COUNT(*) FROM `forum-f` WHERE `id-forum-m` = '".int($forum_m['id'])."'"), 0);
if ($apache['id']!=$forum_m['id-apache'] && $forum_f_t<=2){
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}else{
if (isset($_POST['post-newfile-ok'])){
$file = txt(basename($_FILES['file']['name']));
if (empty($_FILES['file']['name'])) $err .= 'Не выбран файл.</br>';
if (!isset($err)){
mysql_query("INSERT INTO `forum-f` SET `id-forum` = '".int($forum['id'])."', `id-forum-r` = '".int($forum_r['id'])."', `id-forum-u` = '".int($forum_u['id'])."', `id-forum-m` = '".int($forum_m['id'])."', `file` = '".$file."', `date` = '".time()."'");
$forum_f['id']=mysql_insert_id();
copy($_FILES['file']['tmp_name'], 'file/f'.$forum_f['id'].'_'.$file);
mysql_query("UPDATE `apache` SET `rub` = `rub`+1 WHERE `id` = '".$apache."'");
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}}
error($err);
echo '<div class="main-text">';
echo '<a href="index.dll" title="Форум">Форум</a> | ';
echo '<a href="forum-'.int($forum['id']).'.dll" title="'.$forum['name'].'">'.$forum['name'].'</a> | ';
echo '<a href="forum-r-'.int($forum_r['id']).'.dll" title="'.$forum_r['name'].'">'.$forum_r['name'].'</a> | ';
echo '<a href="topic-'.int($forum_u['id']).'.dll" title="'.$forum_u['name'].'">'.$forum_u['name'].'</a>';
echo '</div>';
echo '<div class="main-href"><form method="post" enctype="multipart/form-data" action="topic-post-'.int($forum_m['id']).'.dll?selest=files">';
echo 'Выберите файл:</br><input name="file" type="file" size="file"/></br>';
echo '<input type="submit" name="post-newfile-ok" title="Прикрепить файл" value="Прикрепить файл">';
echo '</form></div>';
}
break;
case 'delete':
$forum_m_t = mysql_fetch_assoc(mysql_query("SELECT * FROM `forum-m` WHERE `id-forum-u` = '".int($forum_u['id'])."' ORDER BY `id` LIMIT 1"));
if ($apache['level']>=1 && $forum_m_t['id']!=$forum_m['id']){
$forum_f_c = mysql_query("SELECT * FROM `forum-f` WHERE `id-forum-m` = '".int($forum_m['id'])."' ORDER BY `date` LIMIT 3");
while ($forum_f = mysql_fetch_assoc($forum_f_c)){
unlink('file/f'.int($forum_f['id']).'_'.$forum_f['file']);
}
mysql_query("DELETE FROM `forum-m` WHERE `id` = '".int($forum_m['id'])."'");
mysql_query("DELETE FROM `forum-f` WHERE `id-forum-m` = '".int($forum_m['id'])."'");
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}else{
header('Location: /forum/topic-'.int($forum_u['id']).'.dll');
}
break;
}
include_once('../apahe/bottom.php');
?>