Файл: modules/forum/add_topic.php
Строк: 112
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_forum';
$cat_id = @abs(intval($_GET['id']));
if(!User::logged() || !isset($cat_id))
{
redirect('/');
}
if($db->query("SELECT * FROM `forum_c` WHERE `id` = '". $cat_id ."'")->rowCount() == 0)
{
header('Location:/forum/');
exit;
}
$err = false;
if(isset($_POST['create']) && $_GET['act'] == 'create')
{
if(!empty($_POST['name']))
{
$name = substr(input($_POST['name']), 0, 100);
}
else
{
$err = 'Name is empty';
}
if(!empty($_POST['text']))
{
$text = substr(input($_POST['text']), 0, 10000);
}
else
{
$err = 'Message is empty';
}
if(isset($_POST['pin']))
{
$pin = 1;
}
else
{
$pin = 0;
}
if($err == false && antiflood('forum_pt', 'text', $text) == false)
{
$db->query("INSERT INTO `forum_t`(`name`, `cat_id`, `time_last_post`, `user_last_post`, `attach`, `closed`) VALUES('".$name."','". abs(intval($cat_id)) ."', '". time() ."', '". User::Id() ."', '0', '0')");
// print_r($db->errorInfo());
$last_id = $db->lastInsertId();
$db->query("INSERT INTO `forum_pt`(`name`, `text`, `time`, `user_id`, `cat_id`, `topic_id`, `file`, `file_size`, `edit_time`, `edit_user_id`, `count_edit`, `pin`) VALUES('".$name."', '". $text ."', '". time() ."', '". User::Id() ."', '". abs(intval($cat_id))."', '". $last_id ."', '', 0, 0, 0, 0, {$pin})");
// print_r($db->errorInfo());
$lastPostId = $db->lastInsertId();
$file_dir = ROOT .'/files/forum/';
if(isset($_FILES['file']) && $_FILES['file']['tmp_name'])
{
$patch = pathinfo($_FILES['file']['name']);
$extension = strtolower($patch['extension']);
if (!in_array($extension, explode(';', $system['files_types']))) { $err = 'File extention not allowed.<br />'; }
$name_start = input(cyrlat($patch['filename']));
$name_end = mb_convert_encoding($name_start, "UTF-8");
$name = $name_end.'_'.substr(md5(time().$name_end), 0, 8).'.'. $extension;
if (file_exists($file_dir . $name)) $err = 'This file exists<br />';
if($err === false)
{
move_uploaded_file($_FILES['file']['tmp_name'], $file_dir . $name);
$db->query("UPDATE `forum_pt` SET `file` = '". input($name) ."', `file_size` = '". $_FILES['file']['size'] ."' WHERE `id` = '".$lastPostId."'");
$db->query("UPDATE `users` SET `balance` = '".(User::profile('balance')+1)."' WHERE `id` = '". User::Id() ."'");
// print_r($db->errorInfo());
}
}
header('Location:/forum/topic/'. $last_id);
exit;
// print_r($db->errorInfo());
}
}
$title = _t('create_topic');
include_header($title);
$tpl->div('title', _t('create_topic'));
if($err != false) dispaly_error($err);
echo '<form action="/forum/add_topic/'. $cat_id .'/?act=create" method="post" enctype="multipart/form-data">
<div class="menu">
<b>'. _t('name') .'</b>:<br/>
<input name="name" type="text" /><br/>
<b>'. _t('message') .'</b>:<br/>
<textarea name="text" rows="5" cols="26"></textarea><br/>
<b>'._t('add_file').'</b><br/>
<input type="file" name="file"><br/>
<b>'. _t('Pin post') .'</b>:<br/>
<input type="checkbox" name="pin" /> <input name="create" type="submit" value="'. _t('create') .'" />
<br/>
</div>
</form>';
$tpl->div('block', NAV .'<a href="/forum/">'. _t('forum') .'</a><br/>' . HICO .'<a href="/">'. _t('home').'</a>');
include_footer();
?>