Файл: modules/forum/edit_topic.php
Строк: 113
<?php
/**
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) 2013, Taras Chornyi, Sergiy Mazurenko, Ivan Kotliar
* @link http://perf-engine.net
* @package PerfEngine
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
$locate = 'in_forum';
if(!isset($_GET['id']) || $db->query("SELECT * FROM `forum_pt` WHERE `topic_id` = '". abs(intval($_GET['id'])) ."'")->rowCount() == 0)
{
redirect('/forum/');
exit;
}
$edit_t = $db->query("SELECT * FROM `forum_t` WHERE `id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->fetch();
$edit_topic = $db->query("SELECT * FROM `forum_pt` WHERE `topic_id` = '". abs(intval($_GET['id'])) ."' LIMIT 1")->fetch();
if(User::level() < 5 && $edit_topic['user_id'] != User::Id()) redirect('/');
if(isset($_POST['edit']) && $_GET['act'] == 'edit')
{
$name = substr(input($_POST['name']), 0, 100);
$text = substr(input($_POST['text']), 0, 10000);
$pin = (isset($_POST['pin']) ? 1 : 0);
$file_dir = ROOT .'/files/forum/';
if (isset($_FILES['file']) && $_FILES['file']['tmp_name'])
{
$patch = pathinfo($_FILES['file']['name']);
$extension = strtolower($patch['extension']);
if (!in_array($extension, explode(';', $system['files_types']))) $err = 'File extention not allowed';
$name_start = input(cyrlat($patch['filename']));
$name_end = mb_convert_encoding($name_start, "UTF-8");
$name = $name_end.'_'.substr(md5(time().$name_end), 0, 8).'.'. $extension;
if (file_exists($file_dir . $name)) $err = 'This file exists';
if(!isset($err))
{
move_uploaded_file($_FILES['file']['tmp_name'], $file_dir . $name);
$db->query("UPDATE `forum_pt` SET `file` = '". input($name) ."', `file_size` = '". $_FILES['file']['size'] ."' WHERE `id` = '".$edit_topic['id']."'");
// print_r($db->errorInfo());
}
}
$db->query("UPDATE `forum_pt` SET `name` = '".$name."', `text` = '". $text ."', `pin` = '$pin', `edit_time` = '". time() ."', `edit_user_id` = '". User::Id() ."', `count_edit` = '". ($edit_topic['count_edit']+1) ."' WHERE `topic_id` = '". abs(intval($_GET['id'])) ."' LIMIT 1");
$db->query("UPDATE `forum_t` SET `name` = '".$name."' WHERE `id` = '". abs(intval($_GET['id'])) ."'");
redirect('/forum/topic/'. abs(intval($_GET['id'])).'?page=end');
// print_r($db->errorInfo());
}
elseif(isset($_GET['act']) && $_GET['act'] == 'deleteFile')
{
unlink(ROOT.'/files/forum/'.$edit_topic['file']);
$db->query("UPDATE `forum_pt` SET `file` = '', `file_size` = '0' WHERE `id` = '". $edit_topic['id'] ."'");
redirect('/forum/edit_post/'.num($_GET['id']).'?topic_id='.abs(intval($_GET['topic_id'])));
}
$title = _t('edit_topic');
include_header($title);
$tpl->div('title', _t('edit_topic'));
echo '<form action="/forum/edit_topic/'. abs(intval($_GET['id'])) .'/?act=edit" method="post">
<div class="menu">
<b>'. _t('name') .'</b>:<br/>
<input name="name" type="text" value="'. $edit_t['name'] .'" /><br/>
<b>'. _t('message') .'</b>:<br/>
<textarea name="text" rows="5" cols="20">'. $edit_topic['text'] .'</textarea><br/>
'.(!empty($edit_topic['file']) ? '<a href="/forum/edit_post/'.num($_GET['id']).'?topic_id='.abs(intval($_GET['topic_id'])).'&act=deleteFile">'._t('delete').' <b>'.$edit_topic['file'].'</b></a><br/>' : '<b>'._t('add_file').'</b><br/>
<input type="file" name="file" /><br/>').'
<b>'. _t('Pin post') .'</b> <input type="checkbox" name="pin"'.($edit_topic['pin'] == 1 ? ' checked="checked"' : null).' /> <br/>
<input name="edit" type="submit" value="'. _t('edit') .'" /><br/>
</div>
</form>';
$tpl->div('block', NAV .'<a href="/forum/">'. _t('forum') .'</a><br/>' . HICO .'<a href="/">'. _t('home').'</a>');
include_footer();
?>