Файл: gazeta.php
Строк: 124
<?
require'shaxty.php'; // waphp.ru - закрытый клуб вап мастеров!
check_login();
$title='ГАЗЕТА.MASTERAM.US';
$align = 'left';
include_once (H.'shaxty/head.php');
if ($user['gazeta']==0)header('Location: /');
$action = isset ($_REQUEST['action']) ? trim($_REQUEST['action']) : '';
$id1 = isset ($_REQUEST['id1']) ? trim($_REQUEST['id1']) : '';
switch($mod) {
default:
echo "$div1<b>Разделы:</b>$div9<br />";
$q = mysql_query("select * from gazetar order by pos;");
if (mysql_affected_rows() == 0)echo "Разделов нет!!!<br/>";
while($arr=mysql_fetch_array($q)) {
$g = mysql_fetch_array(mysql_query ("select count(id) as num from gazeta where idr='$arr[id]' and user='$user[id]';"));
$numg = $g["num"];
echo "$div2 <a href="?mod=razdel&id=".$arr['id'].""><b>".$arr['name']."</b></a> (".$numg.") $div9";
}
break;
case 'razdel':
echo "<a href="?mod=add">Добавить статью</a><br />";
echo '<br />';
$q = mysql_query("select * from gazeta where idr='$id' and user='$user[id]' order by id desc;");
if (mysql_affected_rows() == 0) {
echo "Статей нет!!!<br/>";
} else {
if(empty($action)) {
$max = 5;$k_post=mysql_result(mysql_query("select COUNT(*) from gazeta WHERE idr='$id' and `user` = '".$user['id']."';"),0);
$k_page=k_page($k_post,$max);
$page=page($k_page);
$start=$max*$page-$max;
echo "$div1<b>Ваших cтатей: $k_post</b>$div9<br />";
$q2 = mysql_query("select * from `gazeta` WHERE idr='$id' and `user` = '".$user['id']."' order by id desc limit $start, $max;");
while($a = mysql_fetch_array($q2)){
$a['text']=substr($a['text'], 0, 500);
$kol=strlen($a['text']);
$a['text']=preg_replace('#^(?:[x00-x7F]|[xC0-xFF][x80-xBF]+){0,0}'.'((?:[x00-x7F]|[xC0-xFF][x80-xBF]+){0,500}).*#s','$1',$a['text']);
echo "$div2 <b><a href="?mod=read&id=".$a['id']."">".$a['name']."</a></b> (".times($a['time']).") <a href="?mod=razdel&id=".$id."&action=del&id1=".$a['id']."">[удал]</a>|<a href="?mod=razdel&id=".$id."&action=edit&id1=".$a['id']."">[изм]</a>$div9".text($a['text'])."<br/><dt></dt>";
echo '<dl></dl>';
}
if ($k_page>1){
echo '<br /><dl><dt></dt></dl>';
str("?mod=razdel&id=".$id."&",$k_page,$page); // Вывод страниц
echo '<br /><dl><dt></dt></dl>';
}
} else if($action=='del'){
$a=mysql_fetch_array(mysql_query("select * from gazeta where user='$user[id]' and id = '".$id1."';"));
$fil = mysql_query("select * from `forum_file` where `t_id`='".$a['tema']."';");
if (mysql_affected_rows() != 0){
while($file = mysql_fetch_array($fil)){
if(unlink ('files/forum/'.$file['file'])){
mysql_query("DELETE FROM `forum_file` where id = '".$file['id']."'");
}
}
}
mysql_query("DELETE FROM `forum_msg` where t_id = '".$a['tema']."'");
mysql_query("DELETE FROM `forum_t` where id = '".$a['tema']."'");
mysql_query("delete from gazeta where user='$user[id]' and id='".$id1."' limit 1;");
header("Location: ?");
}else if($action=='edit'){
$a=mysql_fetch_array(mysql_query("select * from gazeta where user='$user[id]' and id = '".$id1."';"));
if(empty($act)) {
echo "<form method="post" action="?mod=razdel&id=".$id."&action=edit&id1=".$a['id']."&act=act" name="auth">";
echo'Название:<br/><textarea cols="20" rows="3" name="name" >'.br($a['name']).'</textarea><br />';
echo'Статья:<br/><textarea cols="50" rows="10"" name="text" >'.br($a['text']).'</textarea><br />';
echo "<input type="submit" class="ibutton" value="Изменить" name="enter"/></form><br/>";
} else {
$name = check($_POST['name']);
$text = check($_POST['text']);
$fid = check(intval($_POST['fid']));
if (mysql_query("update `gazeta` set `name`='".$name."', `text`='".$text."' where `id` = '".$a['id']."' LIMIT 1;")){
$mess = $text.'<br />- - - <br />Статья http://masteram.us/'.$a['tema'].'';
mysql_query("update forum_msg set msg='".$mess."' where `time` = '".$a['time']."' and `t_id`='".$a['tema']."' LIMIT 1");
//$tem = @mysql_fetch_array(mysql_query("select * from `forum_t` where `name` = '".$a['name']."'" ));
mysql_query("UPDATE `forum_msg` SET `msg` = '$mess' where `id`='".$m."' LIMIT 1");
mysql_query("UPDATE `forum_t` SET `name` = '$name' where `id`='".$a['tema']."' LIMIT 1");
header("Location: ?");
}else{
echo "<b>Ошибка записи статьи!</b><br/>";
}}}}
break;
case 'read':
$a = mysql_fetch_array(mysql_query("select * from `gazeta` WHERE id='$id'"));
if (!$a['id']) header("Location: ?");
$b=mysql_fetch_array(mysql_query("select * from gazetar where id='".$a['idr']."';"));
echo "$div1 <a href="./">Разделы</a>|<a href="?mod=razdel&id=".$a['idr']."">".$b['name']."</a>|<b>".$a['name']."</b>$div9<br />";
echo "Статья: <b>".$a['name']."</b><br />Добавлена:".times($a['time'])."<br /><dt></dt>".text($a['text'])."...<br/><dt></dt><a href="http://masteram.us/forum/tema/".$a['tema']."">Обсудить на форуме</a>(".mysql_result(mysql_query("select count(*) as num from forum_msg where `t_id` = '".$a['tema']."'"),0).")<br />Автор статьи: <a href="http://masteram.us/".$a['user']."">".nik($a['user'])."</a><br />";
echo '<dl></dl>';
break;
case 'add':
if(empty($act)) {
echo '<form action="?mod='.$mod.'" method="post" enctype="multipart/form-data">';
echo'Название:<br/><textarea cols="20" rows="3" name="name" ></textarea><br />';
echo'Статья:<br/><textarea cols="50" rows="10"" name="text" ></textarea><br />';
echo 'Или из файла (txt):<br><input name="file" type="file"><br>';
echo 'Раздел:<br>';
echo '<select name="fid">';
$q = @mysql_query("select * from `gazetar` order by pos" );
while ($cat = @mysql_fetch_array($q))
{
echo'<option value="'.$cat['id'].'">'.$cat['name'].'</option>';
}
echo '</select><br>';
echo "<input type="hidden" name="act" value="add"/>";
echo "<br /><input type="submit" class="ibutton" value="Добавить" name="enter"><br/>";
} else {
$name = check($_POST['name']);
$text = check($_POST['text']);
$fid = check(intval($_POST['fid']));
if(!empty($_FILES['file']['name'])){
$namefile = $_FILES['file']['name'];
$ex = pathinfo($namefile);
$ext = strtolower($ex['extension']);
$to = $namefile;
if($ext=='php' or $ext=='php3' or $ext=='php4' or $ext=='php5' or $ext=='php6' or $ext=='phtml' or $ext=='cgi' or $ext=='asp' or $ext=='js' or $ext=='phtm' or $ext=='py' or $ext=='pl') die ('Ошибка!');
if($ext!='txt') die ('Разрешен только txt формат!');
$text = check(implode(file($_FILES["file"]["tmp_name"])));
}
if(empty($name)) $error=$error."<u>Пустое название новости!</u><br/>";
if(empty($text)) $error=$error."<u>Пустое содержание новости!</u><br/>";
if(empty($error)) {
$p = @mysql_fetch_array(mysql_query(@"select * from `gazeta` where text='$text' limit 1;"));
if ($text != $p['text']) {
$cat = @mysql_fetch_array(mysql_query("select * from `gazetar` where `id` = '".$fid."'" ));
$cat2 = @mysql_fetch_array(mysql_query("select * from `forum_r` where `name` = '".$cat['name']."' and f_id = '".$set['gazeta_f']."'" ));
$add = "Insert into forum_t set f_id='".$set['gazeta_f']."', user_id ='".$user['id']."', name='".$name."', close=0, time='".$time."', r_id = '".$cat2['id']."', privat = '0'";
if (mysql_query($add)){
$idt=mysql_insert_id();
mysql_query("insert into gazeta values(0,'".$fid."','".$user['id']."','".$name."','".$text."','".$time."','".$idt."');");
$ids=mysql_insert_id();
$mess = $text.'<br />- - - <br />Статья http://masteram.us/gazeta/'.$ids.'';@mysql_query("Insert into forum_msg set t_id='".$idt."', user_id ='".$user['id']."', msg='".$mess."',time='".$time."', f_id='".$set['gazeta_f']."', r_id = '".$cat2['id']."', `from` = '".$login."'");
posts_add('forum'); // Значкния: forum, komm, guest, chat
//DB :: $dbh -> query("UPDATE `forum_t` SET `time` = '".$time."', `files` = '".$tem['files']."', `sps` = '".$tem['sps']."', `posts`=`posts`+1, `last_id_us` = '$user[id]' WHERE `id`=? ", array($id));
DB :: $dbh -> query("UPDATE `forum_r` SET `last_time` = '".$time."', `topics`=`topics`+1, `posts`=`posts`+1, `last_id_t` = '$tem[id]', `last_name_t` = '$tem[name]', `last_id_us` = '$user[id]' WHERE `id`=? ", array($cat2['id']));
DB :: $dbh -> query("UPDATE `forum_f` SET `last_time` = '".$time."', `topics`=`topics`+1, `posts`=`posts`+1, `last_id_t` = '$tem[id]', `last_name_t` = '$tem[name]', `last_id_us` = '$user[id]', `last_id_r` = '$razd[id]', `last_name_r` = '$razd[name]' WHERE `id`=? ", array($set['gazeta_f']));
$rss0 = mysql_query("select * from `gazeta_rss` where (`razd`='".$fid."') or (`razd`='0');");
$q = mysql_query("select * from gazeta_rss where (`razd`='".$fid."') or (`razd`='0') order by id;");
while($arr=mysql_fetch_array($q)) {
$text=substr($text, 0, 500);
$text=preg_replace('#^(?:[x00-x7F]|[xC0-xFF][x80-xBF]+){0,0}'.'((?:[x00-x7F]|[xC0-xFF][x80-xBF]+){0,500}).*#s','$1',$text);
$regmail = "" . $name . "nn" . $text . "...nnПродолжение читайте здесь: http://masteram.us/".$ids."nnС уважением администрация сайта http://".$_SERVER['HTTP_HOST']."nЕсли это письмо попало к вам по ошибке, то просто проигнорируйте его";
addmail($arr['meil'], "Рассылка новостей ГАЗЕТА.MASTERAM.US", $regmail);
}
}
echo "<b>Ваша статья успешно добавлена!</b><br/>";
//header("Location: ?");
} else {
echo "<b>Такая статья уже добавлена!</b><br/>";
}
} else {
echo $error;
}
}
break;
}
echo '<br />';
include_once (H.'shaxty/foot.php');
/* by -=ШАХТЕР=- (waphp.ru - качай только тут) */ ?>