Файл: vxas.ru/microblog/reply.php
Строк: 87
<?
include_once '../sys/inc/start.php';
include_once '../sys/inc/compress.php';
include_once '../sys/inc/sess.php';
include_once '../sys/inc/home.php';
include_once '../sys/inc/settings.php';
include_once '../sys/inc/db_connect.php';
include_once '../sys/inc/ipua.php';
include_once '../sys/inc/fnc.php';
include_once '../sys/inc/user.php';
$set['title']='Ответ на сообщение';
include_once '../sys/inc/thead.php';
title();
if (!isset($_GET['id']) || !is_numeric($_GET['id']))
{
header("Location: /index.php?");
}
$id=intval($_GET['id']);
if (isset($_GET['ok']))
{
$id=intval($_GET['ok']);
$post=mysql_fetch_array(mysql_query("SELECT * FROM `microblog_komm` WHERE `id`= '".mysql_real_escape_string($id)."' LIMIT 1"));
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($post[uid])."' LIMIT 1"));
$repl=mysql_real_escape_string(htmlspecialchars($_POST['reply']));
$reply=mysql_real_escape_string($repl);
$msg2="[b]$user[nick][/b] oтветил(a) на ваше сообщениe в [url=http://delove.ru/microblog/microblog.php?id=$post[id_blog]] микроблоге [/url]";
mysql_query("INSERT INTO `jurnal` (`id_user`, `id_kont`, `msg`, `time`) values('0', '".mysql_real_escape_string($ank[id])."', '".mysql_real_escape_string($msg2)."', '".mysql_real_escape_string($time)."')");
mysql_query("UPDATE `microblog_komm` SET `reply` = '".mysql_real_escape_string($reply)."', `who_reply` = '".mysql_real_escape_string($user[id])."' WHERE `id` = '".mysql_real_escape_string($post[id])."' LIMIT 1");
$q = mysql_query("SELECT * FROM `frends` WHERE `user` = '".mysql_real_escape_string($user[id])."'");
while ($f = mysql_fetch_array($q))
{
$a = mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($f[frend])."' LIMIT 1"));
$msg_lenta="Ваш(а) друг [b]$user[nick][/b] ответил на комментарий в [url=http://delove.ru/microblog/microblog.php?id=$post[id_blog]] микроблоге [/url] у пользователя [b]$ank[nick][/b]";
mysql_query("INSERT INTO `lenta` (`id_user`, `id_kont`, `msg`, `time`) values('".mysql_real_escape_string($user[id])."', '".mysql_real_escape_string($a[id])."', '".mysql_real_escape_string($msg_lenta)."', '".mysql_real_escape_string($time)."')");
}
header("Location: microblog.php?id=$post[id_blog]");
exit;
}
$id=intval($_GET['id']);
$post=mysql_fetch_array(mysql_query("SELECT * FROM `microblog_komm` WHERE `id` = '".mysql_real_escape_string($id)."' LIMIT 1"));
$ank=mysql_fetch_array(mysql_query("SELECT * FROM `user` WHERE `id` = '".mysql_real_escape_string($post[uid])."' LIMIT 1"));
echo "<div class='rowup'>";
echo "$ank[nick] пишет: <br />";
echo "".esc(trim(br(bbcode(smiles(links(stripcslashes(htmlspecialchars($post['msg']))))))))."</div>";
echo '<form method="post" action="reply.php?ok='.htmlspecialchars($id).'">';
echo '<div class="forma">Ответ: | <a href="/smiles/">Смайлы</a><br /><textarea name="reply">'.htmlspecialchars($ank['nick']).', </textarea><br/>';
echo '<input type="submit" value="Ответить"/>';
echo '</form></div>';
echo "- <a href='microblog.php?id=$post[id_blog]'>Назад</a><br />n";
include_once '../sys/inc/tfoot.php';
?>