Файл: modules/news_comm.php
Строк: 81
<?
////////////////////////////////////////
///// Основа ApiCMS //////
///// Автор биллинга - IvanDanilov /////
///// Автор биллинга - IvanDanilov /////
///// ICQ 936545, mail: KyberID@ya.ru //
////////////////////////////////////////
/////////////////////////////////////////
$title = 'Комментарии к новости';
require_once '../api_core/apicms_system.php';
if (!isset($_GET['id']) && !is_numeric($_GET['id'])){header("Location: index.php");exit;}
if (mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1"), 0)==0){header("Location: index.php");exit;}
$id_news = intval($_GET['id']);
require_once '../api_core/head.php';
/////////////////////////////////////////
if (isset($_POST['txt'])){
$text = mysql_real_escape_string($_POST['txt']);
if (strlen($text)>1024)$err = '<div class="content"><center>Очень длинное сообщение</center></div>';
if (strlen($text)<10)$err = '<div class="content"><center>Короткое сообщение</center></div>';
if (!isset($err)){
mysql_query("INSERT INTO `news_comm` (`id_news`, `txt`, `id_user`, `time`) VALUES ('$id_news', '$text', '$user[id]', '$time')");
////////////////////////////////////
$plus_fishka = $user['fishka'] + $api_settings['fishka_n_comm'];
mysql_query("UPDATE `users` SET `fishka` = '".intval($plus_fishka)."' WHERE `id` = '$user[id]' LIMIT 1");
echo '<div class="content"><center>Комментарий успешно добавлен</center></div>';
}else{
apicms_error($err);
}
}
/////////////////////////////////////////
$k_post=mysql_result(mysql_query("SELECT COUNT(*) FROM `news_comm`"),0);
$k_page=k_page($k_post,$api_settings['on_page']);
$page=page($k_page);
$start=$api_settings['on_page']*$page-$api_settings['on_page'];
if ($k_post==0)echo "<div class='content'><center>Комментариев к новости не найдено!</center></div>";
/////////////////////////////////////////
$qii=mysql_query("SELECT * FROM `news_comm` WHERE `id_news` = '$id_news' ORDER BY id DESC LIMIT $start, $api_settings[on_page]");
while ($post_comm = mysql_fetch_assoc($qii)){
$ank2=mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE `id` = $post_comm[id_user] LIMIT 1"));
echo '<div class="subhead"><table width="100%" ><tr><td width="20%"><center>';
echo apicms_ava32($ank2['id']);
echo "</center></td><td width='80%'><a href='/profile.php?id=$ank2[id]'>".$ank2['login']."</a> ";
echo "<span style='float:right'> ".apicms_data($post_comm['time'])." ";
if ($user['level']==1) echo ' | <a href="delete_n_comm.php?id='.$post_comm['id'].'">DEL</a> ';
echo " </span>";
echo '</br> <b>'.apicms_smiles(apicms_bb_code(apicms_br(htmlspecialchars($post_comm['txt'])))).'</b></td></tr></table></div>';
}
/////////////////////////////////////////
if ($user['id']){
echo "<form action="/modules/news_comm.php?id=".$id_news."&ok" method="post">n";
echo "<div class='content'><center><textarea name="txt"></textarea><br />n";
echo "<input type='submit' value='Добавить'/></form></center></div>n";
}else{
echo "<div class='content'>Извините вы неможете добавлять комментарии</div>n";
}
/////////////////////////////////////////
if ($k_page > 1){
echo '<div class="subhead"><center>';
str('?id='.$id_news.'&',$k_page,$page); // генерируем постраничную навигацию
echo '</center></div>';
}
apicms_foot();
?>