Файл: modules/forum/edit_post.php
Строк: 96
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_forum';
$edit_post = $db->query("SELECT * FROM `forum_pt` WHERE `id` = '".abs(intval($_GET['id']))."'")->fetch();
if((User::Id() != $edit_post['user_id'] || $edit_post['time'] < (time()-300)) && User::level() < 2 && User::level() < 5 || !isset($_GET['id']))
{
redirect('/forum/topic/'.$edit_post['topic_id'].'?page=end'); exit;
}
if($db->query("SELECT * FROM `forum_pt` WHERE `id` = '".abs(intval($_GET['id']))."'")->rowCount() == 0)
{
redirect('/forum/');
exit;
}
if($db->query("SELECT id FROM `forum_pt` WHERE `topic_id` = '{$edit_post['topic_id']}' ORDER BY time ASC")->fetchColumn() == $edit_post['id'])
{
redirect('/forum/edit_topic/'.$edit_post['topic_id']);
}
if(isset($_POST['edit']) && $_GET['act'] == 'edit')
{
$text = substr(input($_POST['text']), 0, 10000);
if(!empty($text))
{
$file_dir = ROOT .'/files/forum/';
if (isset($_FILES['file']) && $_FILES['file']['tmp_name'])
{
$patch = pathinfo($_FILES['file']['name']);
$extension = strtolower($patch['extension']);
if (!in_array($extension, explode(';', $system['files_types']))) $err = 'File extention not allowed.<br />';
$name_start = input(cyrlat($patch['filename']));
$name_end = mb_convert_encoding($name_start, "UTF-8");
$name = $name_end.'_'.substr(md5(time().$name_end), 0, 8).'.'. $extension;
if (file_exists($file_dir . $name)) $err = 'This file exists';
if(!isset($err))
{
move_uploaded_file($_FILES['file']['tmp_name'], $file_dir . $name);
$db->query("UPDATE `forum_pt` SET `file` = '". input($name) ."', `file_size` = '". $_FILES['file']['size'] ."' WHERE `id` = '".abs(intval($_GET['id']))."'");
// print_r($db->errorInfo());
}
}
$db->query("UPDATE `forum_pt` SET `text` = '". $text ."', `edit_time` = '". time() ."', `edit_user_id` = '". User::Id() ."', `count_edit` = '". ($edit_post['count_edit']+1) ."' WHERE `id` = '".abs(intval($_GET['id']))."'");
redirect('/forum/topic/'.abs(intval($_GET['topic_id'])).'?page=end');
// print_r($db->errorInfo());
}
}
elseif(isset($_GET['act']) && $_GET['act'] == 'deleteFile')
{
unlink(ROOT.'/files/forum/'.$edit_post['file']);
$db->query("UPDATE `forum_pt` SET `file` = '', `file_size` = '0' WHERE `id` = '". $edit_post['id'] ."'");
redirect('/forum/edit_post/'.num($_GET['id']).'?topic_id='.abs(intval($_GET['topic_id'])));
}
$title = _t('edit_post');
include_header($title);
$tpl->div('title', _t('edit_post'));
echo '<form action="/forum/edit_post/'.abs(intval($_GET['id'])).'?topic_id='.abs(intval($_GET['topic_id'])).'&act=edit" method="post" enctype="multipart/form-data">
<div class="menu">
<b>'. _t('message') .'</b>:<br/>
<textarea name="text" rows="5" cols="26">'. $edit_post['text'] .'</textarea><br/>
'.(!empty($edit_post['file']) ? '<a href="/forum/edit_post/'.num($_GET['id']).'?topic_id='.abs(intval($_GET['topic_id'])).'&act=deleteFile">'._t('delete').' <b>'.$edit_post['file'].'</b></a><br/>' : '<b>'._t('add_file').'</b><br/>
<input type="file" name="file" /><br/>').'
<input name="edit" type="submit" value="'. _t('edit') .'" /><br/>
</div>
</form>';
$tpl->div('block', NAV .'<a href="/forum/topic/'.num($_GET['topic_id']).'?page=end">'. _t('back').'</a><br/>'
. NAV .'<a href="/forum/">'. _t('forum') .'</a><br/>'
. HICO .'<a href="/">'. _t('home').'</a>');
include_footer();
?>